X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize" 1

Arithmetic Instructions (1)! Two Operand Instructions" ADD Dest, Src Dest = Dest + Src SUB Dest, Src Dest = Dest - Src MUL Dest, Src Dest = Dest * Src SAL Dest, Src Dest = Dest << Src SAR Dest, Src Dest = Dest >> Src Arithmetic SHR Dest, Src Dest = Dest >> Src Logical XOR Dest, Src Dest = Dest ^ Src AND Dest, Src Dest = Dest & Src OR Dest, Src Dest = Dest Src Arithmetic Instructions (2)! One Operand Instructions" INC Dest Dest = Dest + 1 DEC Dest Dest = Dest 1 NEG Dest Dest = -Dest NOT Dest Dest = ~Dest 2

Compare and Test Instructions! CMP Dest, Src Compute Dest - Src without setting Dest TEST Dest, Src Compute Dest & Src without setting Dest Jump Instructions! Jump depending on the result of the previous arithmetic instruction:" Jump Description jmp je jne js jns jg jge jl jle ja jb Unconditional Equal / Zero Not Equal / Not Zero Negative Nonnegative Greater (Signed) Greater or Equal (Signed) Less (Signed) Less or Equal (Signed) Above (unsigned) Below (unsigned) 3

Loading and Storing Data! IA-32 Architecture! CPU! Registers! EIP! EAX EBX ECX Addresses" Data" EDX Instructions" ESI EDI ESP EBP Memory! Object Code" Program Data" Stack! Condition Codes! CF ZF SF OF EFLAGS! EIP!!Instruction Pointer! ESP, EBP!Reserved for special use! EAX!!Always contains return value! 4

IA-32 General Purpose Registers! 31 15 8 7 0 AH AL BH BL CH CL DH DL SI DI General-purpose registers 16-bit 32-bit AX EAX BX EBX CX ECX DX EDX ESI EDI Byte Order in Multi-Byte Entities! Intel is a little endian architecture" Least significant byte of multi-byte entity is stored at lowest memory address" Little end goes first " The int 5 at address 1000:" Some other systems use big endian" Most significant byte of multi-byte entity is stored at lowest memory address" Big end goes first " The int 5 at address 1000:" 1000 1001 1002 1003 1000 1001 1002 1003 00000101 00000000 00000000 00000000 00000000 00000000 00000000 00000101 5

Little Endian Example! int main(void) { int i=0x003377ff, j; unsigned char *p = (unsigned char *) &i; for (j=0; j<4; j++) printf("byte %d: %x\n", j, p[j]); } Output on a little-endian machine Byte 0: ff! Byte 1: 77! Byte 2: 33! Byte 3: 0! C Example: One-Byte Data! Global char variable i is in AL, the lower byte of the A register. char i; if (i > 5) { i++; else i--; } CMP AL, 5 JLE else INC AL jmp endif else: DEC AL endif: 6

C Example: Four-Byte Data! Global int variable i is in EAX, the full 32 bits of the A register. int i; if (i > 5) { i++; else i--; } CMP EAX, 5 JLE else INC EAX JMP endif else: DEC EAX endif: Loading and Storing Data! Processors have many ways to access data" Known as addressing modes " Two simple ways seen in previous examples" Addressing Modes" Register" Immediate" Direct Memory" Base Memory" (Base or Index) plus Displacement Memory" (Base and Index) plus Displacement Memory" 7

Register Addressing! Registers embedded in the instruction" Examples" XOR EAX, EAX MOV EBX, ECX INC BH Immediate Addressing! Data embedded in the instruction" Examples" ADD EAX, 3 MOV AX, -40 8

Direct Memory Addressing! Memory address embedded in the instruction" Examples" MOV AL, [2000] Read the byte from memory address 2000" Load the byte value in the register AL" Note that 2000 refers to the constant value 2000 [2000] refers to the memory location at address 2000" (Indirect) Base Memory Addressing! 9

Indirect Memory Addressing! Load or store from a previously-computed address" Register with the base address is in the instruction" Examples" MOV AX, [BX] (register addressing)" CMP DL, [BX+8] (base+displacement addressing)" MOV EAX,[EBX+ESI*4+8] (base+index+displacement)" Indexed Addressing Example! int a[20]; int i, sum=0; for (i=0; i<20; i++) sum += a[i]; EAX: i EBX: sum ECX: address of a[0] sumloop: global variable MOV EAX, 0 MOV EBX, 0 MOV ECX, OFFSET FLAT:a ADD EBX, [ECX+EAX*4] INC EAX CMP EAX, 20 jne sumloop 26 10

LEA: Load Effective Address! LEA Dest, Src" Src is address mode expression" Set Dest to address denoted by expression" Example" LEA EAX, [EBX+4*ESI] " Load into EAX the value EBX+4*ESI Compare to" MOV EAX, [EBX+4*ESI] " Load into EAX the value stored in memory at address EBX+4*ESI Using LEA for Arithmetic Expressions! int arith (int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } arith: PUSH EBP MOV EBP,ESP MOV ECX, DWORD PTR [EBP+8] MOV EDX, DWORD PTR [EBP+12] LEA EAX, [EDX+EDX*2] SAL EDX, 4 LEA EAX, [ECX+4+EAX] ADD EDX, ECX ADD EDX, DWORD PTR [EBP+16] IMUL EAX,EDX POP EBP RET Setup! Body! Finish! 11

Understanding arith! int arith (int x, int y, int z) { int t1 = x+y; int t2 = z+t1; int t3 = x+4; int t4 = y * 48; int t5 = t3 + t4; int rval = t2 * t5; return rval; } x is at address ebp+8 y is at address ebp+12 z is at address ebp+16 To be explained in next lecture MOV ECX, DWORD PTR [EBP+8] ; ECX = MOV EDX, DWORD PTR [EBP+12] ; EDX = LEA EAX, [EDX+EDX*2] ; EAX = SAL EAX, 4 ; EAX = LEA EAX, [ECX+4+EAX] ; EAX = ADD EDX, ECX ; EDX = ADD EDX, DWORD PTR [EBP+16] ; EDX = IMUL EAX,EDX ; EAX = Data Access Methods: Summary! Immediate addressing: data stored in the instruction itself" MOV ECX, 10! Register addressing: data stored in a register" MOV ECX, EAX! Direct addressing: address stored in instruction" MOV ECX, [200]! Indirect addressing: address stored in a register" MOV ECX, [EAX]! MOV ECX, [EAX+4]! MOV ECX, [EAX + ESI*4 + 12]! 12

Data Transfer Instructions (Chapter 5)! MOV Dest, Src General move instruction" EBX 17 PUSH Src PUSH EBX ESP # equivalent instructions" SUB ESP, 4 MOV [ESP], EBX ESP! 17 POP Dest POP ECX # equivalent instructions MOV ECX, [ESP] ADD ESP, 4 ESP 44 ESP ECX 44 13