CSC 2400: Computer Systems. Using the Stack for Function Calls

Similar documents
CSC 8400: Computer Systems. Using the Stack for Function Calls

CSC 2400: Computer Systems. Using the Stack for Function Calls

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

CSC 2400: Computing Systems. X86 Assembly: Function Calls

Assembly Language: Function Calls

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Assembly Language: Function Calls" Goals of this Lecture"

Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Systems I. Machine-Level Programming V: Procedures

Assembly Language: Function Calls

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Function Calls

Program Exploitation Intro

143A: Principles of Operating Systems. Lecture 4: Calling conventions. Anton Burtsev October, 2017

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

Function Call Convention

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution

238P: Operating Systems. Lecture 3: Calling conventions. Anton Burtsev October, 2018

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

CSC 8400: Computer Systems. Machine-Level Representation of Programs

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

CIT Week13 Lecture

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

Lecture 4 CIS 341: COMPILERS

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

16.317: Microprocessor Systems Design I Fall 2013

x86 assembly CS449 Fall 2017

X86 Stack Calling Function POV

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

Subprograms: Local Variables

Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 10. Advanced Procedures

Subprograms: Arguments

CS213. Machine-Level Programming III: Procedures

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Machine Program: Procedure. Zhaoguo Wang

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Assembly III: Procedures. Jo, Heeseung

Stacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

16.317: Microprocessor Systems Design I Fall 2014

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

W4118: PC Hardware and x86. Junfeng Yang

CMSC 313 Lecture 12 [draft] How C functions pass parameters

Arguments and Return Values. EE 109 Unit 16 Stack Frames. Assembly & HLL s. Arguments and Return Values

Chapter 14 Functions

Sungkyunkwan University

System Software Assignment 1 Runtime Support for Procedures

CS356: Discussion #6 Assembly Procedures and Arrays. Marco Paolieri

Part 7. Stacks. Stack. Stack. Examples of Stacks. Stack Operation: Push. Piles of Data. The Stack

Compiler construction. x86 architecture. This lecture. Lecture 6: Code generation for x86. x86: assembly for a real machine.

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

CSE 351: Week 4. Tom Bergan, TA

Assembly Language Programming: Procedures. EECE416 uc. Charles Kim Howard University. Fall

CPS104 Recitation: Assembly Programming

CS429: Computer Organization and Architecture

Instructor: Alvin R. Lebeck

CSCI 334: Principles of Programming Languages. Computer Architecture (a really really fast introduction) Lecture 11: Control Structures II

Procedure-Calling Conventions October 30

Implementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Assembler Programming. Lecture 10

IA32 Stack. Lecture 5 Machine-Level Programming III: Procedures. IA32 Stack Popping. IA32 Stack Pushing. Topics. Pushing. Popping

Machine-level Programming (3)

Machine Programming 3: Procedures

Lab 10: Introduction to x86 Assembly

Lecture 5. Announcements: Today: Finish up functions in MIPS

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 4

CSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1

Subprograms, Subroutines, and Functions

Digital Forensics Lecture 3 - Reverse Engineering

Functions in MIPS. Functions in MIPS 1

Giving credit where credit is due

16.317: Microprocessor Systems Design I Fall 2015

Mechanisms in Procedures. CS429: Computer Organization and Architecture. x86-64 Stack. x86-64 Stack Pushing

6.1. CS356 Unit 6. x86 Procedures Basic Stack Frames

Intel assembly language using gcc

Buffer Overflow Attack (AskCypert CLaaS)

Practical Malware Analysis

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08

Procedure Call. Procedure Call CS 217. Involves following actions

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

IA32 Stack. Stack BoDom. Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address

University of Washington

x86 Assembly Tutorial COS 318: Fall 2017

SRC Assembly Language Programming - III

Stack Frames. Compilers use the stack: to store the to to a subroutine for storage of declared in the subroutine and a place to

%r8 %r8d. %r9 %r9d. %r10 %r10d. %r11 %r11d. %r12 %r12d. %r13 %r13d. %r14 %r14d %rbp. %r15 %r15d. Sean Barker

Course Administration

Assembly Programmer s View Lecture 4A Machine-Level Programming I: Introduction

Towards the Hardware"

IA32 Stack The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, IA32 Stack Popping. IA32 Stack Pushing

Segmentation in Assembly Language Programming

Stack Discipline Jan. 19, 2018

Wednesday, October 15, 14. Functions

Secure Programming Lecture 3: Memory Corruption I (Stack Overflows)

Transcription:

CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing the calling function to continue where it left off Return address and contents of registers Stack: last-in-first-out data structure! Stack frame: args, local vars, return address, registers! Stack pointer: pointing to the current top of the stack Calling functions! CALL and instructions! PUSH into and POP from the stack frame! Using the base pointer EBP as a reference point 1

Function Calls main calls add! Push arguments on the stack! Push return address on stack! Jump to add! Allocate local variables on stack, etc. Returning to main! Clear the stack frame for add! Pop return address from stack int add(int a, int b, int c) { int d; } d = a + b + c; return d; int main() { int sum, avg; } sum = add(, 4, 5); avg = sum / ; return avg Stack Frame for add Return Address 4 5 Stack Frames High-Level Picture main begins executing main calls P (Extended Stack Pointer) Always points to the top element of the stack Bottom main s Stack Frame 2

High-Level Picture main begins executing main calls P P calls Q Bottom P s Stack Frame main s Stack Frame High-Level Picture main begins executing main calls P P calls Q Q returns Bottom Q s Stack Frame P s Stack Frame main s Stack Frame

High-Level Picture main begins executing main calls P P calls Q Q returns P returns Bottom P s Stack Frame main s Stack Frame High-Level Picture main begins executing main calls P P calls Q Q returns P returns main returns Bottom main s Stack Frame 4

High-Level Picture main begins executing main calls P P calls Q Q returns P returns main returns Bottom Function Call Details Call and Return instructions! call: push EIP on the stack, and jump to function! ret: pop the stack into the EIP to go back Argument passing between procedures! Calling function pushes arguments on to the stack! Called function reads/writes on the stack Local variables! Called function creates and manipulates on the stack Register saving conventions! Either calling or called function saves all of the registers before use 5

Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP before CALL Note: can t really access EIP directly, but this is implicitly what call and ret are doing. Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP after CALL Old EIP 6

Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP before Old EIP Return instruction assumes that the return address is at the top of the stack Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP after 7

Input Arguments Caller pushes input arguments before executing the CALL Parameters are pushed in the reverse order! Push N th argument first! Push 1 st argument last! So that first argument is at the top of the stack at the time of the Call before pushing arguments Input Arguments Caller pushes input parameters before executing the CALL Parameters are pushed in the reverse order! Push N th argument first! Push 1 st argument last! So that first argument is at top of the stack at the time of the CALL before CALL Arg 1 Arg Arg N 8

CALL Called function can address arguments relative to : Arg 1 as [+4] before CALL Arg 1 Arg Arg N after CALL Old EIP Arg 1 Arg Arg N : Returning to Caller before Old EIP Arg 1 Arg Arg N after Arg 1 Arg Arg N 9

Base Pointer: EBP As Callee executes, may change! E.g., preparing to call another function Use EBP as fixed reference point! E.g., to access arguments and other local variables Need to save old value of EBP! Before overwriting EBP register Callee begins by executing prolog MOV EBP, after CALL Old EIP Arg 1 Arg Arg N EBP Base Pointer: EBP As Callee executes, may change! E.g., preparing to call another function Use EBP as fixed reference point! E.g., to access arguments and other local variables Need to save old value of EBP! Before overwriting EBP register Callee begins by executing prolog MOV EBP,, EBP Old EBP Old EIP Arg 1 Arg Arg N Regardless of, Callee can address Arg 1 as [EBP+8] 1

Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP EBP Old EBP Old EIP Arg 1 Arg Arg N Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP, EBP Old EBP Old EIP Arg 1 Arg Arg N 11

Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP Old EIP Arg 1 Arg Arg N EBP Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP Arg 1 Arg Arg N EBP 12

Allocation for Local Variables Local variables of the Callee are also allocated on the stack Allocation done by moving the stack pointer Example: allocate two integers! SUB, 4! SUB, 4! (or equivalently, SUB, 8) Reference local variables using the base pointer! [EBP-4]! [EBP-8] EBP Var 2 Var 1 Old EBP Old EIP Arg 1 Arg Arg N Use of Registers Problem: Callee may use a register that the caller is also using! When callee returns control to caller, old register contents may be lost! Caller cannot continue where it left off Solution: save the registers on the stack! Callee must push register contents before altering! Callee must pop register contents before returning 1

A Simple Example int sum(int x, int y) { return x+y; } int main () { int result; } result = sum(1, 2); printf("%d\n", result); return ; Compile: gcc masm=intel sum.c Debug: gdb./a.out disas main Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Recall that:! The stack grows from high addresses towards low addresses EBP 14

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Recall that:! The stack grows from high addresses towards low addresses EBP Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 15

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 2 16

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] 17

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 EBP(sum) <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] 18

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 EBP(sum) <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] EAX 2 Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 EBP(sum) <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] EAX 19

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] EAX Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 2 EAX 2

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 2 EAX Example.section.data.LC STRING "%d\n".lc MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 21

Example.section.data.LC STRING "%d\n".lc MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Address of % Skipping the details of Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Address of % 22

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Address of % Prepare to: leave EAX Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 EAX 2

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 EAX Summary Invoking a function! CALL: call the function! : return from the instruction Stack Frame for a function call includes! Function arguments! Return address! Local variables! Saved registers Base pointer EBP! Fixed reference point in the Stack Frame! Useful for referencing arguments and local variables 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback