Beginning assembly part 2 the assembling
1 / 25

Beginning Assembly, Part 2 The Assembling! - PowerPoint PPT Presentation

  • Uploaded on

Beginning Assembly, Part 2 The Assembling!. Poorly Presented by Gleep. Dicks. How does Dicks work? Zenity dependancy Pushes text params onto the stack Stores mem addresses of params in registers

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Beginning Assembly, Part 2 The Assembling!' - damien

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Beginning assembly part 2 the assembling

Beginning Assembly, Part 2The Assembling!

Poorly Presented by



  • How does Dicks work?

  • Zenitydependancy

  • Pushes text params onto the stack

  • Stores mem addresses of params in registers

  • Calls execve to start Zenity and passes regs to Zenity with params for pop-up text box

Binary coded decimal
Binary Coded Decimal

  • Represents a decimal number by coding each digit in binary

  • Unpacked BCD is one byte per digit

  • 00000011 00000100 00001001

  • 3 4 9

  • Packed BCD is one byte per two digits

  • 00100100 10010001

  • 2 4 9 1

Floating point maths
Floating Point Maths

  • Floating point ops use special registers ST(0) thru ST(7)… 80 bit registers for data

  • 1 - 16 bit control register

  • 1 - 16 bit status register

  • 1 - 16 bit tag register to describe contents of data regs

  • 1 - 48 bit FIP register for next floating point op

  • 1 - 48 bit FDP FPU data pointer

  • 1 - 11 bit Opcode register

Floating point reg ops
Floating Point Reg Ops

  • The floating point registers act as a stack. ST(0) is top of stack.

  • Fldsrc – loads 80 bit src onto FP stack

  • Fstdst – moves top of FP stack into dst

  • Info all will show all FP and SSE registers

Floating point maths1
Floating Point Maths

((55.24 / 31) + (83.11 * 2.4)) / ((14.35 * 9) – (251.5 / 77.62)) = OMGLOLWUT?!?!

Single instruction multiple data
Single Instruction Multiple Data

  • Aka – MMX, SSE, 3DNow!

  • MMX aliases the 8 FPU data regs as MM0-7 for 64 bit packed integers

  • SSE includes 8 new 128 bit regs XMM0-7 for 128 bit packed integers and floating point data

  • Useful for processing large amounts of data with one instruction

Simd continued
SIMD Continued

  • MMX regs can store 8x8 bit byte ints, 4x16 bit word ints, or 2x32 bit double word ints

  • Movqsrc, dst – where dst is %mm0-7

  • SSE regs can store 16x8 bit byte packed ints, 8x16 bit word packed ints, 4x32 bit double word packed ints, or 2x64 bit quad word ints

  • Movdqusrc, dst – moves unaligned data into %xmm0-7

  • Movdqasrc, dst – moves aligned data. Using this with unaligned data will throw an error.

Simd continued1
SIMD Continued

  • This was supposed to be a meaningful slide but then I got bored with SIMD.

  • Research it yourself if you need to code it in natively.

C structures in asm
C structures in ASM

  • For Loops

  • If/Then

  • While

  • Switch

Using c libraries in asm
Using C Libraries in Asm

  • When using C functions in asm, need to link in C libraries containing the functions

  • Ld –dynamic-linker /lib/ –o <exe> -lx <obj file> - where x is /lib/

  • /lib/ is a dynamic loader

  • -lc option would link to /lib/

Compiling asm with gcc
Compiling Asm with GCC

  • Gcc –o <exe> <asmfile>

  • Automagically links everything

  • Must change _start label to main

Unconditional branching
Unconditional Branching

  • JMP <operand>

    • 3 types… Short, Near, Far

    • Equivalent of Goto:

    • Short JMP is less that 128 bytes

    • Far JMP is to another code segment

    • Near JMP is everything else

    • Takes one memory label as a parameter

  • Call <operand>

    • Equivalent to function call in C

    • Call pushes EIP to stack

    • Call returns to main with the RET command

Unconditional branching cont d
Unconditional Branching Cont’d

  • Interrupt

    • Hardware – used for I/O functions

    • Software

      • Used for accessing kernel functions

      • In Linux, uses Interrupt 0x80

      • In Windows, uses Interrupt 0x21

      • Parameters in registers determine which function is being called with what parameters

      • Ex: MOVL $1, %EAX

        • MOVL $0, %EBX

        • INT $0x80

Conditional jmps
Conditional JMPs

  • JZ <label> – JMP if ZF is set

  • JNZ <label> – JMP if ZF is not set

  • JGE <label> – JMP if equal or greater

  • JLE <label> -JMP if less than or equal

  • There’s a bunch of em… use the Googles

Function calls
Function Calls

  • .type <function label>, @function

  • <function label>:

  • Ret

  • Call <function label>

  • Functions can be defined anywhere within asm file

  • Return values can be returned in regs or global vars

  • Can put functions in separate file, just add .globl <function label> statement after .type statement, and add function object file to linker statement

Function prologue and epilogue
Function Prologue and Epilogue


  • Function:

    • Pushl %ebp

    • Movl %esp, %ebp

    • Subl $8, %esp

  • Epilogue

    • Movl %ebp, %esp

    • Popl %ebp

    • Ret

  • Enter and leave
    Enter and Leave

    • Enter #bytes – used to perform function call prologue

    • Leave – used to perform function call epilogue


    • Main Process executes


    • Main Process calls New Function

    • Call places RET addr on stack

    • Prologue pushes EBP to stack

    • Prologue sets EBP to ESP

    • Prologue decrements ESP to make room for variables

    • New Function loads variables

    • New Function executes

    • Epilogue sets ESP to EBP

    • Epilogue pops old EBP from stack

    • RET pops old RET address to EIP

    • Main Process resumes

    System calls
    System Calls

    • Can be found in /usr/include/asm/unistd.h

    • Look up the needed input and return values in man 2 <syscall>

    • Can use strace to see background syscalls when running a program

    • Strace –p <PID> will attach strace to a running process

    • Use man 3 <c lib func> to see C function calls

    Inline assembly
    Inline Assembly

    • You can embed assembly within C programs

    • Asm ( “code goes here”);

    • Must enclose the code in quotes

    • Can use the “volatile” keyword to tell compiler not to optimize it

    • Must use \n newline char if embedding more than one command

    • If coding ANSI C, use __asm__ instead

    • Asm ( “movl $1, %eax\n\t”

      “movl $0, %ebx\n\t”

      “int $0x80”);

    Calling libraries
    Calling Libraries

    • If using asm libraries in C code, add the asm files onto compile statement

    • Gcc –o testprogtestprog.c func1.s func2.s

    • Can also assemble code into object file then add the object file to gcc

    Making libraries
    Making Libraries

    • Can create a static library using the Ar command to add object files into an archive

    • Static library name syntax Libx.a

    • Ar r libmyfunc.a func1.o func2.o func3.o

    • Can see what is contained in a library using nm command

    • Nm –s libmyfunc.a

    • Compile by including the libx.a file on gcc command

    Making shared libraries
    Making shared libraries

    • Shared library name syntax<version>

    • Create shared library with –shared option on gcc

    • Gcc –shared –o func1.o func2.o func3.o

    • To compile using shared library, in same dir as program file use –L. option

    • Gcc –o testfunc –L. –lmyfunctestfunc.c

    Using shared libraries
    Using shared libraries

    • The dynamic loader must know where to find any libraries needed for program function

    • Change LD_LIBRARY_PATH environment variable


    • Or change the /etc/ file

    • After adding path to, must run ldconfig as root