CSC 8400: Computer Systems. Using the Stack for Function Calls

Similar documents
CSC 2400: Computer Systems. Using the Stack for Function Calls

CSC 2400: Computer Systems. Using the Stack for Function Calls

CSC 2400: Computing Systems. X86 Assembly: Function Calls"

CSC 2400: Computing Systems. X86 Assembly: Function Calls

Assembly Language: Function Calls

Assembly Language: Function Calls" Goals of this Lecture"

Assembly Language: Function Calls. Goals of this Lecture. Function Call Problems

Assembly Language: Function Calls" Goals of this Lecture"

Function Calls COS 217. Reading: Chapter 4 of Programming From the Ground Up (available online from the course Web site)

Stack -- Memory which holds register contents. Will keep the EIP of the next address after the call

Systems I. Machine-Level Programming V: Procedures

Assembly Language: Function Calls

Princeton University Computer Science 217: Introduction to Programming Systems. Assembly Language: Function Calls

143A: Principles of Operating Systems. Lecture 4: Calling conventions. Anton Burtsev October, 2017

Program Exploitation Intro

143A: Principles of Operating Systems. Lecture 5: Calling conventions. Anton Burtsev January, 2017

The IA-32 Stack and Function Calls. CS4379/5375 Software Reverse Engineering Dr. Jaime C. Acosta

238P: Operating Systems. Lecture 3: Calling conventions. Anton Burtsev October, 2018

Function Call Convention

Procedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27

EECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution

CMSC 313 Lecture 12. Project 3 Questions. How C functions pass parameters. UMBC, CMSC313, Richard Chang

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

CSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs

CIT Week13 Lecture

CSC 8400: Computer Systems. Machine-Level Representation of Programs

Procedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29

x86 assembly CS449 Fall 2017

CNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux

CS 33: Week 3 Discussion. x86 Assembly (v1.0) Section 1G

System Software Assignment 1 Runtime Support for Procedures

CS213. Machine-Level Programming III: Procedures

Assembly III: Procedures. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Lecture 4 CIS 341: COMPILERS

16.317: Microprocessor Systems Design I Fall 2013

X86 Stack Calling Function POV

ASSEMBLY III: PROCEDURES. Jo, Heeseung

Question 4.2 2: (Solution, p 5) Suppose that the HYMN CPU begins with the following in memory. addr data (translation) LOAD 11110

Assembly III: Procedures. Jo, Heeseung

CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING

Subprograms: Local Variables

Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 10. Advanced Procedures

Subprograms: Arguments

Chapter 14 Functions

CMSC 313 Lecture 12 [draft] How C functions pass parameters

CS356: Discussion #6 Assembly Procedures and Arrays. Marco Paolieri

Arguments and Return Values. EE 109 Unit 16 Stack Frames. Assembly & HLL s. Arguments and Return Values

Machine Program: Procedure. Zhaoguo Wang

Stacks and Frames Demystified. CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han

Sungkyunkwan University

16.317: Microprocessor Systems Design I Fall 2014

administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?

CSCI 334: Principles of Programming Languages. Computer Architecture (a really really fast introduction) Lecture 11: Control Structures II

W4118: PC Hardware and x86. Junfeng Yang

Course Administration

CS429: Computer Organization and Architecture

Implementing Threads. Operating Systems In Depth II 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Instructor: Alvin R. Lebeck

IA32 Stack. Lecture 5 Machine-Level Programming III: Procedures. IA32 Stack Popping. IA32 Stack Pushing. Topics. Pushing. Popping

Machine-level Programming (3)

Machine Programming 3: Procedures

The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, 2002

Part 7. Stacks. Stack. Stack. Examples of Stacks. Stack Operation: Push. Piles of Data. The Stack

Compiler construction. x86 architecture. This lecture. Lecture 6: Code generation for x86. x86: assembly for a real machine.

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

Subprograms, Subroutines, and Functions

Giving credit where credit is due

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 4

Mechanisms in Procedures. CS429: Computer Organization and Architecture. x86-64 Stack. x86-64 Stack Pushing

CSE 351: Week 4. Tom Bergan, TA

Assembly Language Programming: Procedures. EECE416 uc. Charles Kim Howard University. Fall

CSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1

CPS104 Recitation: Assembly Programming

Procedure-Calling Conventions October 30

Procedure Call. Procedure Call CS 217. Involves following actions

6.1. CS356 Unit 6. x86 Procedures Basic Stack Frames

Implementing Functions at the Machine Level

Assembler Programming. Lecture 10

Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address = address of top element

IA32 Stack. Stack BoDom. Region of memory managed with stack discipline Grows toward lower addresses. Register %esp contains lowest stack address

Lab 10: Introduction to x86 Assembly

Lecture 5. Announcements: Today: Finish up functions in MIPS

IA32 Stack The course that gives CMU its Zip! Machine-Level Programming III: Procedures Sept. 17, IA32 Stack Popping. IA32 Stack Pushing

x86 Assembly Tutorial COS 318: Fall 2017

University of Washington

Lectures 5. Announcements: Today: Oops in Strings/pointers (example from last time) Functions in MIPS

Digital Forensics Lecture 3 - Reverse Engineering

Functions in MIPS. Functions in MIPS 1

Compiling Code, Procedures and Stacks

Towards the Hardware"

16.317: Microprocessor Systems Design I Fall 2015

Machine-level Programs Procedure

Intel assembly language using gcc

Buffer Overflow Attack (AskCypert CLaaS)

Stack Discipline Jan. 19, 2018

Practical Malware Analysis

What the CPU Sees Basic Flow Control Conditional Flow Control Structured Flow Control Functions and Scope. C Flow Control.

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08

Machine-Level Programming III: Procedures

Calling Conventions. See P&H 2.8 and Hakim Weatherspoon CS 3410, Spring 2013 Computer Science Cornell University

Transcription:

CSC 84: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing the calling function to continue where it left off Return address and contents of registers Stack: last-in-first-out data structure! Stack frame: args, local vars, return address, registers! Stack pointer: pointing to the current top of the stack Calling functions! CALL and instructions! PUSH into and POP from the stack frame! Using the base pointer EBP as a reference point 1

Function Calls main calls add! Push arguments on the stack! Push return address on stack! Jump to add! Allocate local variables on stack, etc. Returning to main! Clear the stack frame for add! Pop return address from stack int add(int a, int b, int c) { int d; } d = a + b + c; return d; int main() { int sum, avg; } sum = add(, 4, 5); avg = sum / ; return avg Stack Frame for add Return Address 4 5 Stack Frames Use stack for all temporary data related to each active function invocation! Input parameters! Return address! Local variables of function! Saving registers across invocations Stack Frame Stack has one Stack Frame per active function invocation 2

High-Level Picture main begins executing main calls P (Extended Stack Pointer) Always points to the top element of the stack Bottom main s Stack Frame High-Level Picture main begins executing main calls P P calls Q Bottom P s Stack Frame main s Stack Frame

High-Level Picture main begins executing main calls P P calls Q Q returns Bottom Q s Stack Frame P s Stack Frame main s Stack Frame High-Level Picture main begins executing main calls P P calls Q Q returns P returns Bottom P s Stack Frame main s Stack Frame 4

High-Level Picture main begins executing main calls P P calls Q Q returns P returns main returns Bottom main s Stack Frame High-Level Picture main begins executing main calls P P calls Q Q returns P returns main returns Bottom 5

Function Call Details Call and Return instructions! call: push EIP on the stack, and jump to function! ret: pop the stack into the EIP to go back Argument passing between procedures! Calling function pushes arguments on to the stack! Called function reads/writes on the stack Local variables! Called function creates and manipulates on the stack Register saving conventions! Either calling or called function saves all of the registers before use Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP before CALL Note: can t really access EIP directly, but this is implicitly what call and ret are doing. 6

Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP after CALL Old EIP Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP before Old EIP Return instruction assumes that the return address is at the top of the stack 7

Call and Return Instructions Instruction Effective Operations PUSH Src SUB, 4 POP Dest CALL Addr MOV [], Src MOV Dest, [] ADD, 4 PUSH EIP JMP Addr POP EIP after Input Arguments Caller pushes input arguments before executing the CALL Parameters are pushed in the reverse order! Push N th argument first! Push 1 st argument last! So that first argument is at the top of the stack at the time of the Call before pushing arguments 8

Input Arguments Caller pushes input parameters before executing the CALL Parameters are pushed in the reverse order! Push N th argument first! Push 1 st argument last! So that first argument is at top of the stack at the time of the CALL before CALL Arg 1 Arg Arg N CALL Called function can address arguments relative to : Arg 1 as [+4] before CALL Arg 1 Arg Arg N after CALL Old EIP Arg 1 Arg Arg N 9

: Returning to Caller before Old EIP Arg 1 Arg Arg N after Arg 1 Arg Arg N Base Pointer: EBP As Callee executes, may change! E.g., preparing to call another function Use EBP as fixed reference point! E.g., to access arguments and other local variables Need to save old value of EBP! Before overwriting EBP register Callee begins by executing prolog MOV EBP, after CALL Old EIP Arg 1 Arg Arg N EBP 1

Base Pointer: EBP As Callee executes, may change! E.g., preparing to call another function Use EBP as fixed reference point! E.g., to access arguments and other local variables Need to save old value of EBP! Before overwriting EBP register Callee begins by executing prolog MOV EBP,, EBP Old EBP Old EIP Arg 1 Arg Arg N Regardless of, Callee can address Arg 1 as [EBP+8] Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP EBP Old EBP Old EIP Arg 1 Arg Arg N 11

Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP, EBP Old EBP Old EIP Arg 1 Arg Arg N Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP Old EIP Arg 1 Arg Arg N EBP 12

Base Pointer: EBP Before returning, Callee must restore EBP to its old value Executes MOV, EBP Arg 1 Arg Arg N EBP Allocation for Local Variables Local variables of the Callee are also allocated on the stack Allocation done by moving the stack pointer Example: allocate two integers! SUB, 4! SUB, 4! (or equivalently, SUB, 8) Reference local variables using the base pointer! [EBP-4]! [EBP-8] EBP Var 2 Var 1 Old EBP Old EIP Arg 1 Arg Arg N 1

Use of Registers Problem: Callee may use a register that the caller is also using! When callee returns control to caller, old register contents may be lost! Caller cannot continue where it left off Solution: save the registers on the stack! Callee must push register contents before altering! Callee must pop register contents before returning A Simple Example int sum(int x, int y) { return x+y; } int main () { int result; } result = sum(1, 2); printf("%d\n", result); return ; Compile: gcc masm=intel sum.c Debug: gdb./a.out disas main 14

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Recall that:! The stack grows from high addresses towards low addresses EBP Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Recall that:! The stack grows from high addresses towards low addresses EBP 15

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 16

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 2 Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] 17

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] 18

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 EBP(sum) <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 EBP(sum) <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] EAX 2 19

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 EBP(sum) <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] EAX Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 RA(main) 1 2 <sum>: MOV EBP, MOV EAX, DWORD PTR [EBP+12] ADD EAX, DWORD PTR [EBP+8] EAX 2

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 2 EAX Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 2 EAX 21

Example.section.data.LC STRING "%d\n".lc MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 1 Example.section.data.LC STRING "%d\n".lc MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Address of % Skipping the details of 22

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Address of % Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 Address of % Prepare to: leave EAX 2

Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 EAX Example.LC MOV EBP, SUB, 16 MOV DWORD PTR [+4],2 MOV DWORD PTR [],1 MOV DWORD PTR [+4],EAX MOV DWORD PTR [], OFFSET:.LC MOV EAX, ADD, 16 EAX 24

Summary Invoking a function! CALL: call the function! : return from the instruction Stack Frame for a function call includes! Function arguments! Return address! Local variables! Saved registers Base pointer EBP! Fixed reference point in the Stack Frame! Useful for referencing arguments and local variables 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback