CPEG421/621 Tutorial

Similar documents
Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Assembly Language: Function Calls" Goals of this Lecture"

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

AS08-C++ and Assembly Calling and Returning. CS220 Logic Design AS08-C++ and Assembly. AS08-C++ and Assembly Calling Conventions

X86 Stack Calling Function POV

Process Layout and Function Calls

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Assembly III: Procedures. Jo, Heeseung

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

X86 Review Process Layout, ISA, etc. CS642: Computer Security. Drew Davidson

Machine-level Programming (3)

Machine Programming 3: Procedures

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CSE 351: Week 4. Tom Bergan, TA

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

CS241 Computer Organization Spring 2015 IA

x86 assembly CS449 Fall 2017

Implementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p

Intel assembly language using gcc

Assembly I: Basic Operations. Jo, Heeseung

CS642: Computer Security

ASSEMBLY I: BASIC OPERATIONS. Jo, Heeseung

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

CS213. Machine-Level Programming III: Procedures

CMSC 313 Lecture 12 [draft] How C functions pass parameters

W4118: PC Hardware and x86. Junfeng Yang

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

x86 assembly CS449 Spring 2016

Assembly I: Basic Operations. Computer Systems Laboratory Sungkyunkwan University

CPSC W Term 2 Problem Set #3 - Solution

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

Access. Young W. Lim Sat. Young W. Lim Access Sat 1 / 19

Systems I. Machine-Level Programming V: Procedures

Homework. In-line Assembly Code Machine Language Program Efficiency Tricks Reading PAL, pp 3-6, Practice Exam 1

Register Allocation, iii. Bringing in functions & using spilling & coalescing

Access. Young W. Lim Fri. Young W. Lim Access Fri 1 / 18

CAS CS Computer Systems Spring 2015 Solutions to Problem Set #2 (Intel Instructions) Due: Friday, March 20, 1:00 pm

CS61, Fall 2012 Midterm Review Section

Machine-Level Programming III: Procedures

Credits and Disclaimers

CSC 2400: Computing Systems. X86 Assembly: Function Calls

X86 Assembly -Procedure II:1

ANITA S SUPER AWESOME RECITATION SLIDES

x86 architecture et similia

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING PREVIEW SLIDES 16, SPRING 2013

CS , Fall 2004 Exam 1

Lab 10: Introduction to x86 Assembly

Instruction Set Architecture

Instruction Set Architectures

Function Calls and Stack

CMSC 313 Fall2009 Midterm Exam 2 Section 01 Nov 11, 2009

Lecture 4 CIS 341: COMPILERS

University of Washington

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

COMP 210 Example Question Exam 2 (Solutions at the bottom)

Assembly level Programming. 198:211 Computer Architecture. (recall) Von Neumann Architecture. Simplified hardware view. Lecture 10 Fall 2012

CS , Fall 2002 Exam 1

CS429: Computer Organization and Architecture

Reverse Engineering II: The Basics

CPS104 Recitation: Assembly Programming

Systems I. Machine-Level Programming I: Introduction

Sungkyunkwan University

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

MACHINE-LEVEL PROGRAMMING I: BASICS COMPUTER ARCHITECTURE AND ORGANIZATION

CS 3843 Final Exam Fall 2012

CISC 360. Machine-Level Programming I: Introduction Sept. 18, 2008

1 /* file cpuid2.s */ 4.asciz "The processor Vendor ID is %s \n" 5.section.bss. 6.lcomm buffer, section.text. 8.globl _start.

CS61 Section Solutions 3

UW CSE 351, Winter 2013 Midterm Exam

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Program Exploitation Intro

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Process Layout, Function Calls, and the Heap

Data Representa/ons: IA32 + x86-64

CSE2421 FINAL EXAM SPRING Name KEY. Instructions: Signature

Instruction Set Architecture

Instruction Set Architecture

Meet & Greet! Come hang out with your TAs and Fellow Students (& eat free insomnia cookies) When : TODAY!! 5-6 pm Where : 3rd Floor Atrium, CIT

Lecture #16: Introduction to Runtime Organization. Last modified: Fri Mar 19 00:17: CS164: Lecture #16 1

How Software Executes

Buffer Overflow Attack

Machine-Level Programming I: Introduction Jan. 30, 2001

ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017

4) C = 96 * B 5) 1 and 3 only 6) 2 and 4 only

Assignment 11: functions, calling conventions, and the stack

Giving credit where credit is due

Instruction Set Architectures

Computer Labs: Profiling and Optimization

CS165 Computer Security. Understanding low-level program execution Oct 1 st, 2015

Processes (Intro) Yannis Smaragdakis, U. Athens

Transcription:

CPEG421/621 Tutorial

Compiler data representation system call interface calling convention Assembler object file format object code model Linker program initialization exception handling relocation model Loader 4/2/2012 Juergen Ributzka 2

ia32 ia64 8 x 32bit General Purpose Registers 16 x 64bit General Purpose Registers 6 x 16bit Segment Registers 6 x 16bit Segment Registers 8 x 80bit Floating-Point Registers 8 x 80bit Floating-Point Registers 8 x 64bit MMX Registers 8 x 64bit MMX Registers 8 x 128bit XMM Registers 16 x 128bit XMM Registers 32bit address space 64bit address space 4/2/2012 Juergen Ributzka 5

Data representation Specifies the size and alignment of the different data types Calling Convention Specifies how to pass arguments to a function Register Convention Specifies who has to save and restore the registers 4/2/2012 Juergen Ributzka 6

32 bit 64 bit Type Size Alignment Size Alignment _Bool 1 1 1 1 char 1 1 1 1 Short 2 2 2 2 int 4 4 4 4 enum 4 4 4 4 long 4 4 8 8 long long 8 4 8 8 pointer 4 4 8 8 float 4 4 4 4 double 8 4 8 8 long double 12 4 16 16 4/2/2012 Juergen Ributzka 7

struct { char c; }; c 0 Size: 1 byte Alignment: 1 byte 4/2/2012 Juergen Ributzka 8

struct { char a; short b; }; b 2 pad 1 a 0 Size: 4 byte Alignment: 2 byte 4/2/2012 Juergen Ributzka 9

struct { char a; char b; short c; long d; }; c Size: 8 byte Alignment: 4 byte ia32 ABI 2 d b 1 a 0 4 4/2/2012 Juergen Ributzka 10

struct { char a; char b; short c; long d; }; c Size: 16 byte Alignment: 8 byte ia64 ABI 2 pad d d b 1 a 0 4 8 12 4/2/2012 Juergen Ributzka 11

struct { char a; double b; short c; }; pad pad Size: 16 byte Alignment: 4 byte ia32 ABI b b 14 1 c a 0 4 8 12 4/2/2012 Juergen Ributzka 12

struct { char a; double b; short c; }; pad ia64 ABI pad pad b b 18 1 c a 0 4 8 12 16 pad 20 Size: 24 byte Alignment: 8 byte 4/2/2012 Juergen Ributzka 13

union { char a; short b; int c; }; pad pad 2 Size: 4 byte Alignment: 4 byte c 1 b a 0 0 0 4/2/2012 Juergen Ributzka 14

struct { short a:5; int b:6; int c:7; }; 31 pad 1817 Size: 4 byte Alignment: 4 byte c 1110 b 5 4 a 0 0 4/2/2012 Juergen Ributzka 15

struct { short a:9; int b:9; char c; short d:9; short e:9; char f; }; 3 c 23 pad 1817 b 6 15 pad 9 8 e 0 pad 15 pad Size: 12 byte Alignment: 4 byte 9 8 9 8 9 a d c 0 0 4 0 8 4/2/2012 Juergen Ributzka 16

struct { char a; int :0; char b; short :9; char c; char :0; }; 15 pad 9 8 :0 :9 6 0 Size: 9 byte Alignment: 1 byte 1 pad 5 a b c 0 0 40 0 80 0 4/2/2012 Juergen Ributzka 17

Caller The calling function Callee The called function Caller Saved Registers Registers that are not preserved during a function call and need to be saved by the caller Callee Saved Registers Registers that are preserved during a function call and don t need to be saved by the caller. The callee needs to save and restore them. 4/2/2012 Juergen Ributzka 18

Register Description Save site %eax Return value Caller %edx Dividend register Caller %ecx Count register Caller %ebx Global Offset Table Base Register / Local register variable Callee %ebp Stack frame pointer (optional) Callee %esi Local register variable Callee %edi Local register variable Callee %esp Stack pointer Callee %st(0) Floating point stack - top %st(7) Floating point stack - bottom 4/2/2012 Juergen Ributzka 19

All arguments are passed on the stack The stack is always aligned to 4 bytes Arguments are promoted to 4 bytes Arguments are passed from right to left on the stack void foo( char c, short s, int i, long l, float f, double d); foo(1,2,3,4,5.0,6.0); Offset Stack 24 6.0 (higher 4 byte) 20 6.0 (lower 4 byte) 16 5.0 12 4 8 3 4 2 0 1 4/2/2012 Juergen Ributzka 20

Base Offset Content %ebp 4n+8 argument word n High Address 8 argument word 0 4 urn address %ebp 0 caller s %ebp %ebp %ebp -4-4x x words local space local variables, etc %esp 8 caller s %edi %esp 4 caller s %esi %esp 0 caller s %ebx Low Address 4/2/2012 Juergen Ributzka 21

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address SP 4/2/2012 Juergen Ributzka 22

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 23

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 24

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 25

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 SP 4/2/2012 Juergen Ributzka 26

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 Return Address SP 4/2/2012 Juergen Ributzka 27

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 28

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 29

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave +8 BP Stack Return Address (%ebp) 5 Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 30

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 Return Address (%ebp) SP 4/2/2012 Juergen Ributzka 31

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 Return Address SP 4/2/2012 Juergen Ributzka 32

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address (%ebp) 5 SP 4/2/2012 Juergen Ributzka 33

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack Return Address SP 4/2/2012 Juergen Ributzka 34

IP... subl $4, %esp movl $5, (%esp) call foo movl 8(%ebp), %eax addl $1, %eax popl %ebp leave BP Stack SP 4/2/2012 Juergen Ributzka 35

Caller needs to allocate memory for urn value Passes address as hidden first argument to the function Callee needs to remove hidden argument from the stack upon completion Also urns address in %eax After call 4n+4(%esp) argument word n 8(%esp) argument word 1 4(%esp) value address 0(%esp) urn address After urn argument word n argument word 1 undefined 4n-4(%esp) 0(%esp) 4/2/2012 Juergen Ributzka 36

0(%ebp) 12(%esp) 0(%esp) Original Intermediate Final arguments and automatic variables save area 3 words arguments and automatic variables save area 3 words arguments and automatic variables old save area 3 words 0(%ebp) undefined new space undefined new space 12(%esp) new save area 3 words 0(%esp) 4/2/2012 Juergen Ributzka 37

Object Code Models: Absolute Code Instructions hold absolute virtual addresses. The code has to be loaded at a specific address Position-independent Code All addresses are relative. Code can be loaded at any address. 4/2/2012 Juergen Ributzka 38

printf foo printf main printf bar 4/2/2012 Juergen Ributzka 39

printf foo static linked programs have a copy of the library functions they use included in the binary printf main printf bar 4/2/2012 Juergen Ributzka 40

foo main printf bar 4/2/2012 Juergen Ributzka 41

dynamic linked programs point to the same code of the library function foo main printf bar 4/2/2012 Juergen Ributzka 42

C CODE extern int src; extern int dst; extern int *ptr; ptr = &dst; *ptr = src; ABSOLUTE CODE.globl src, dst, ptr movl $dst, ptr movl ptr, %eax movl src, %edx movl %edx, (%eax 4/2/2012 Juergen Ributzka 43

C CODE extern int src; extern int dst; extern int *ptr; ptr = &dst; *ptr = src; POSITION-INDEPENDENT CODE.globl src, dst, ptr movl ptr@got(%ebx), %eax movl dst@got(%ebx), %edx movl %edx, (%eax) movl ptr@got(%ebx), %eax movl (%eax), %eax movl src@got(%ebx), %edx movl (%edx), %edx movl %edx, (%eax) 4/2/2012 Juergen Ributzka 44

shared library printf: &pushl $offset_printf scanf: &pushl $offset_scanf GOT PLT program main dynamic linker.plt0: pushl got_plus_4 jmp *got_plus_8 nop; nop nop; nop.plt1: jmp *printf pushl $offset_printf jmp.plt0@pc.plt2: jmp *scanf pushl $offset_scanf jmp.plt0@pc 4/2/2012 Juergen Ributzka 45

shared library printf: &printf scanf: &pushl $offset_scanf GOT PLT program main dynamic linker.plt0: pushl got_plus_4 jmp *got_plus_8 nop; nop nop; nop.plt1: jmp *printf pushl $offset_printf jmp.plt0@pc.plt2: jmp *scanf pushl $offset_scanf jmp.plt0@pc 4/2/2012 Juergen Ributzka 46

File Offset File Virtual Address 0 ELF Header Table 0x100 0x2bf00 0x30d00 Pogramm Header Table Text Segment 0x2be00 bytes Data Segment 0x4e00 bytes Section Header Table 0x8048100 0x8073eff 0x8074f00 0x8079cff 4/2/2012 Juergen Ributzka 47

Text Data Type Load Load Offset 0x100 0x2bf00 Virtual Address 0x8048100 0x8074f00 File Size 0x2be00 0x4e00 Memory Size 0x2be00 0x5e24 Alignment 0x1000 0x1000 4/2/2012 Juergen Ributzka 48

0x8048000 0x8048100 0x8073f00 0x8073fff ELF Header (padding) Text Data padding 0x100 bytes Text padding 0xf00 bytes Data Uninitialized Data Page padding 0x8074000 0x8074f00 0x8079d00 0x807ad24 0x807b000 4/2/2012 Juergen Ributzka 49

0xffffffff 0x80000000 0x7fffffff Dynamic Segment Data Segment 0x8048000 0x8047fff 0x0000000 Text Segment Stack Segment 4/2/2012 Juergen Ributzka 50

Linkers & Loaders free draft at http://www.iecc.com/linker/ SYSTEM V APPLICATION BINARY INTERFACE Intel386 Architecture Processor Supplement, Fourth Edition System V Application Binary Interface AMD64 Architecture Processor Supplement, Draft Version 0.99.5 4/2/2012 Juergen Ributzka 51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback