Beginning Assembly, Part 2 The Assembling!. Poorly Presented by Gleep. Dicks. How does Dicks work? Zenity dependancy Pushes text params onto the stack Stores mem addresses of params in registers

## Beginning Assembly, Part 2The Assembling!

Poorly Presented by

Gleep

### Dicks

• How does Dicks work?

• Zenitydependancy

• Pushes text params onto the stack

• Stores mem addresses of params in registers

• Calls execve to start Zenity and passes regs to Zenity with params for pop-up text box

### Binary Coded Decimal

• Represents a decimal number by coding each digit in binary

• Unpacked BCD is one byte per digit

• 000000110000010000001001

• 349

• Packed BCD is one byte per two digits

• 0010010010010001

• 2491

### Floating Point Maths

• Floating point ops use special registers ST(0) thru ST(7)… 80 bit registers for data

• 1 - 16 bit control register

• 1 - 16 bit status register

• 1 - 16 bit tag register to describe contents of data regs

• 1 - 48 bit FIP register for next floating point op

• 1 - 48 bit FDP FPU data pointer

• 1 - 11 bit Opcode register

### Floating Point Reg Ops

• The floating point registers act as a stack. ST(0) is top of stack.

• Fldsrc – loads 80 bit src onto FP stack

• Fstdst – moves top of FP stack into dst

• Info all will show all FP and SSE registers

### Floating Point Maths

((55.24 / 31) + (83.11 * 2.4)) / ((14.35 * 9) – (251.5 / 77.62)) = OMGLOLWUT?!?!

### Single Instruction Multiple Data

• Aka – MMX, SSE, 3DNow!

• MMX aliases the 8 FPU data regs as MM0-7 for 64 bit packed integers

• SSE includes 8 new 128 bit regs XMM0-7 for 128 bit packed integers and floating point data

• Useful for processing large amounts of data with one instruction

### SIMD Continued

• MMX regs can store 8x8 bit byte ints, 4x16 bit word ints, or 2x32 bit double word ints

• Movqsrc, dst – where dst is %mm0-7

• SSE regs can store 16x8 bit byte packed ints, 8x16 bit word packed ints, 4x32 bit double word packed ints, or 2x64 bit quad word ints

• Movdqusrc, dst – moves unaligned data into %xmm0-7

• Movdqasrc, dst – moves aligned data. Using this with unaligned data will throw an error.

### SIMD Continued

• This was supposed to be a meaningful slide but then I got bored with SIMD.

• Research it yourself if you need to code it in natively.

• For Loops

• If/Then

• While

• Switch

### Using C Libraries in Asm

• When using C functions in asm, need to link in C libraries containing the functions

• Ld –dynamic-linker /lib/ld-linux.so.2 –o <exe> -lx <obj file> - where x is /lib/libx.so

• /lib/ld-linux.so.2 is a dynamic loader

• -lc option would link to /lib/libc.so

### Compiling Asm with GCC

• Gcc –o <exe> <asmfile>

• Must change _start label to main

### Unconditional Branching

• JMP <operand>

• 3 types… Short, Near, Far

• Equivalent of Goto:

• Short JMP is less that 128 bytes

• Far JMP is to another code segment

• Near JMP is everything else

• Takes one memory label as a parameter

• Call <operand>

• Equivalent to function call in C

• Call pushes EIP to stack

• Call returns to main with the RET command

### Unconditional Branching Cont’d

• Interrupt

• Hardware – used for I/O functions

• Software

• Used for accessing kernel functions

• In Linux, uses Interrupt 0x80

• In Windows, uses Interrupt 0x21

• Parameters in registers determine which function is being called with what parameters

• Ex: MOVL \$1, %EAX

• MOVL \$0, %EBX

• INT \$0x80

### Conditional JMPs

• JZ <label> – JMP if ZF is set

• JNZ <label> – JMP if ZF is not set

• JGE <label> – JMP if equal or greater

• JLE <label> -JMP if less than or equal

• There’s a bunch of em… use the Googles

### Function Calls

• .type <function label>, @function

• <function label>:

• Ret

• Call <function label>

• Functions can be defined anywhere within asm file

• Return values can be returned in regs or global vars

• Can put functions in separate file, just add .globl <function label> statement after .type statement, and add function object file to linker statement

### Function Prologue and Epilogue

Prologue

• Function:

• Pushl %ebp

• Movl %esp, %ebp

• Subl \$8, %esp

• Epilogue

• Movl %ebp, %esp

• Popl %ebp

• Ret

• ### Enter and Leave

• Enter #bytes – used to perform function call prologue

• Leave – used to perform function call epilogue

EBP

• Main Process executes

ESP

• Main Process calls New Function

• Call places RET addr on stack

• Prologue pushes EBP to stack

• Prologue sets EBP to ESP

• Prologue decrements ESP to make room for variables

• New Function executes

• Epilogue sets ESP to EBP

• Epilogue pops old EBP from stack

• RET pops old RET address to EIP

• Main Process resumes

### System Calls

• Can be found in /usr/include/asm/unistd.h

• Look up the needed input and return values in man 2 <syscall>

• Can use strace to see background syscalls when running a program

• Strace –p <PID> will attach strace to a running process

• Use man 3 <c lib func> to see C function calls

### Inline Assembly

• You can embed assembly within C programs

• Asm ( “code goes here”);

• Must enclose the code in quotes

• Can use the “volatile” keyword to tell compiler not to optimize it

• Must use \n newline char if embedding more than one command

• If coding ANSI C, use __asm__ instead

• Asm ( “movl \$1, %eax\n\t”

“movl \$0, %ebx\n\t”

“int \$0x80”);

### Calling Libraries

• If using asm libraries in C code, add the asm files onto compile statement

• Gcc –o testprogtestprog.c func1.s func2.s

• Can also assemble code into object file then add the object file to gcc

### Making Libraries

• Can create a static library using the Ar command to add object files into an archive

• Static library name syntax Libx.a

• Ar r libmyfunc.a func1.o func2.o func3.o

• Can see what is contained in a library using nm command

• Nm –s libmyfunc.a

• Compile by including the libx.a file on gcc command

### Making shared libraries

• Shared library name syntax libx.so.<version>

• Create shared library with –shared option on gcc

• Gcc –shared –o libmyfunc.so.1 func1.o func2.o func3.o

• To compile using shared library, in same dir as program file use –L. option

• Gcc –o testfunc –L. –lmyfunctestfunc.c

### Using shared libraries

• The dynamic loader must know where to find any libraries needed for program function

• Change LD_LIBRARY_PATH environment variable

• Export LD_LIBRARY_PATH= “\$LD_LIBRARY_PATH:.”

• Or change the /etc/ld.so.conf file

• After adding path to ld.so.conf, must run ldconfig as root