1 / 22

Practical Session 3

Practical Session 3. Advanced Instructions. DIV r/m - unsigned integer multiplication DIV r/m8 mov ax,0083h ; dividend mov bl, 2h ; divisor DIV bl ; al = 41h, ah = 01h ; quotient is 41h, remainder is 1 DIV r/m16 mov dx,0 ; clear dividend, high

zelia
Download Presentation

Practical Session 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical Session 3

  2. Advanced Instructions DIV r/m - unsigned integer multiplication DIV r/m8 mov ax,0083h ; dividendmov bl, 2h ; divisorDIV bl ; al = 41h, ah = 01h ; quotient is 41h, remainder is 1 DIV r/m16 mov dx,0 ; clear dividend, high mov ax, 8003h ; dividend, low mov cx, 100h ; divisor DIV cx ; ax = 0080h, dx = 0003h ; quotient = 80h, remainder = 3

  3. Advanced Instructions SHL, SHR – Bitwise Logical Shifts on the first operand • number of bits to shift by is given by the second operand • vacated bits are filled with zero • shifted bit enters the Carry Flag SHL r/m8/m16/m32 1/CL/imm8 SHR r/m8/m16/m32 1/CL/imm8 Example: mov CL , 3 mov AL ,10110111b ; AL = 10110111 shr AL, 1 ; shift right 1 AL = 01011011, CF = 1 shr AL, CL ; shift right 3 AL = 00001011, CF = 0 Note: that shift indeed performs division/multiplication by 2

  4. Advanced Instructions SAL, SAR – Bitwise Arithmetic Shifts on the first operand • vacated bits are filled with zero for SAL • vacated bits are filledwith copies of the original high bit of the source operand for SAR SAL r/m8/m16/m32 1/CL/imm8 SAR r/m8/m16/m32 1/CL/imm8 Example: mov CL , 3 mov AL ,10110111b ; AL = 10110111 sar AL, 1 ; shift right 1 AL = 11011011 sar AL, CL ; shift right 3 AL = 11111011 SAL 10000001b ; the result is 00000010b and this is right result! How? The below explains this. 10000001b = -127 11111111b = -1 (-127) + (-1) = 10000001b + 11111111b = 10000000b = -128 (-128) + (-1) = 10000000b + 11111111b = 01111111b = 127 Since the range of 8 bit signed arithmetic is -128 : 127 it is natural that -128-1 = 127 and that 127 + 1 = -128.  SAL 10000001b = SAL -127 = -127 * 2 = -127 -127 = -128 – 1 – 125 = 127 – 125 = 2 = 00000010b

  5. Advanced Instructions ROL, ROR – Bitwise Rotate (i.e. moves round) on the first operand ROL r/m8/m16/m32 1/CL/imm8 ROR r/m8/m16/m32 1/CL/imm8 Example: mov CL, 3 mov BH ,10110111b ; BH = 10110111 rol BH, 01 ; rotate left 1 bit BH = 01101111 rol BH, CL ; rotate left 3 bits BH = 01111011

  6. Advanced Instructions RCL, RCR – Bitwise Rotate through Carry Bit on the first operand and Carry Flag RCL r/m8/m16/m32 1/CL/imm8 RCR r/m8/m16/m32 1/CL/imm8 Example: mov BH ,10110111b ; BH = 10110111 , CF = 0 rcl BH, 01 ; rotate left 1 bit BH = 01101110 , CF = 1

  7. Advanced Instructions LOOP, LOOPE, LOOPZ, LOOPNE, LOOPNZ – loop with counter (CX or ECX*) Example:mov ax, 1 mov cx, 3 my_ loop: add ax, axLOOP my_ loop, cx 1. decrements its counter register (in this case it is CX register) 2. if the counter does not become zero as a result of this operation, it jumps to the given label Note: LOOP instruction does not set any flags LOOPE ≡ LOOPZ: jumps if the counter is nonzero andZero Flag = 1 LOOPNE ≡ LOOPNZ: jumps if the counter is nonzero and Zero Flag = 0 * If a counter is not specified explicitly, the BITS** setting dictates which is used.** The BITS directive specifies whether NASM should generate code designed to run on a processor operating in 16-bit mode, or code designed to run on a processor operating in 32-bit mode. The syntax is BITS 16 or BITS 32.

  8. The Stack ESP • The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items • Every cell in the stack is of size 2 or 4 bytes • The register ESP holds the address that points to the top of the stack .bss .data Read-only Data Segment .text .rodata

  9. Stack Operations • PUSH Push data on stack. • It decrements the stack pointer ESP, and then stores the given value at ESP (in little endian order) • The size of the operand determine whether the stack pointer is decremented by 2 or 4 Example mov ax, 0x21AB push ax stack stack stack ESP dec ESP by 2 bytes (size of ax) store ax value in little endian manner ESP ESP

  10. PUSHAD(also PUSHA) Push All General-Purpose Registers into stack. • PUSHAD pushes, in succession, EAX, ECX, EDX, EBX, ESP, EBP, ESI and EDI on the stack, decrementing the stack pointer by a total of 32 • the value of ESP pushed is its original value, as it had before the instruction was executed. Note that the registers are pushed in order of their numeric values in opcodes. • PUSHFD(also PUSHF) Push the entire flags register onto the stack stack stack stack ESP PUSHAD PUSHFD ESP ESP

  11. POP Load a value from the stack. • starting from [ESP] address, and then increments the stack pointer by 2 or 4 • The size of the operand determine whether the stack pointer is incremented by 2 or 4 Example mov ax, 3 mov bx, 0x12AF push ax push bx pop ax ; ax = 0x12AF pop bx ; bx = 3 stack stack stack stack ESP ESP push ax push bx pop ax pop bx ESP ESP

  12. POPAD(also POPA) Pop All General-Purpose Registers. • POPAD pops a dword from the stack into each of, successively, EDI, ESI, EBP, nothing (placeholder for ESP), EBX, EDX, ECX and EAX • POPFD(also POPF) Pop Flags Register. • POPFD pops a dword and stores it in the entire flags register. stack stack ESP POPFD ESP

  13. Function calls - Stack Frame • main: ; caller code • pushad ; backup registers • push dword 2 ; push argument #2 • push dword 1 ; push argument #1 • CALL myFunc ; call the function  the address of the next instruction of caller • ; (i.e. return address) is pushed automatically onto the stack • mov [answer], eax ; retrieve return value from EAX • add esp, argumentsSize ; "delete" function arguments (in our case argumentsSize = 2 * dword = 8 bytes) • popad ; restore registers • myFunc: ; callee code • push ebp ; backup EBP • mov ebp, esp ; reset EBP to the current ESP • sub esp, localsSize ; allocate space for locals • mov ebx, [ebp+12] ; get second argument • mov ecx, [ebp+8] ; get first argument • mov [ebp-4], ebx ; initialize c local • ... ; function code • mov eax, ... ; put return value into EAX • mov esp, ebp ; move EBP to ESP • pop ebp ; restore old EBP • RET ; return from the function stack EBP + 12 EBP + 8 EBP local variables space EBP - 4 ESP

  14. Command Line Arguments In Linux, we receive command-line arguments on the stack as execution starts:- the first argument is number of arguments (i.e. argc) - the rest of the arguments – each one is a pointer to an argument string (i.e. argv[0], argv[1], argv[2] and so on)

  15. Gdb-GNU Debugger • Run Gdb from the console by typing gdbexecuteFileName • Adding a breaking point by typing: break label • Start debugging by typing: run parameters (for argv)

  16. Gdb syntax • si – one step forward • c – continue to run the code until the next break point. • q – quit gdb • p $eax – prints the value in eax • x $esp+4 – prints the address in esp + 4 hexadecimal and the value (dword) that stores in this address. It is possible to use label instead of esp. Type x again will print the next dword in memory.

  17. Task 1 In this task we would use task1.s assembly file and main1.c - C file. Write a program that gets a string containing hexadecimal digits and convert it to an unsigned ternary (3 base) number. You can get up to 8 hexadecimal digits. Example: Input: 2ABC  Output: 120000012 *This time you are to ignore the input character ‘\n’. (loop’s stop rule accordingly) You have to convert the output number to a string.

  18. Task 2 Practice parameters passing from assembly to C and vice versa. You are to write a C program that performs: • Prompts for and reads a integer (32 bit) x (decimal) from the user . • Calls a function isDivisibleBy3(int x) written in ASSEMBLY. An assembly function ‘isDivisibleBy3' that performs: • Sum the even bits of x. • Sum the odd bits of x. • Call C function 'check' as defined below. • If check returns 1: calls printf to print: "the number is divisible by 3", and returns. • If check returns -1: calls printf to print: "the number is not divisible by 3" and returns. • Otherwise does not print anything, and returns.

  19. Task 2 The C function ‘check(intevenBits, intoddBits)’performs: • Gets 2 arguments: integers evenBits and oddBits • Calculate the absolute value of evenBits-oddBits • If the result is zero  returns 1. • If the result is 1 or 2  returns -1. • Otherwise call 'isDivisibleBy3(int y)' where y = absolute value of evenBits-oddBits * • Returns 0. * This manner of programming is called mutual recursion We suggest to backup your parameters on the stack!

  20. #include <stdio.h> #defineBUFFER_SIZE (128) extern int my_func(char* buf); int main(int argc, char** argv){ char buf[BUFFER_SIZE]; printf("Enter string: "); fflush(stdout); fgets(buf, BUFFER_SIZE, stdin); printf("Got string: %s\n", buf); my_func(buf); return 0; } 1. Include stdio.h library (standard I/O) 2. Get online parameters (from the user) 3. Call to an assembly function “my_func” Note: It can contain other functions that we can call from an assembly file main1.c file

  21. section .rodata LC0: DB "The result is: %s, 10, 0 Section .bss LC1: resb 32 section .text align 16 global my_func extern printf my_func: push ebp mov ebp, esp push ecx mov ecx, dword [ebp+8] ; Your code should be here... push LC1 push LC0 call printf add esp, 8 pop ecx mov esp, ebp pop ebp ret 1. Has 3 sections: .rodata , .text, .bss.2. Align 16 means that all data and instruction should be at an address that is divided by 16 (bits) (in another words, an address should be even) 3. my_func is a function that we define; it should be global so that main.c file would be able to call to it 4. We use printf function of stdio.h C library; so we should declare it as an external function because it isn’t defined in our assembly file (if we use any function that is not in our file, we should declare it as external) 5. The purpose of my_func is to call printf with the string it got from main as an argument. Task1.s file

  22. section .rodata LC0: DB "The result is: %s", 10, 0 ; Format string Section .bss LC1: resb 32 section .text align 16 global my_func extern printf my_func: push ebp mov ebp, esp ; Entry code - set up ebp and esp pusha ; Save registers mov ecx, dword [ebp+8] ; Get argument (pointer to string) ; Your code should be here... push LC1 ; Call printf with 2 arguments: a number push LC0 ; and pointer to format string. call printf add esp, 8 ; Clean up stack after call popa ; Restore registers mov esp, ebp ; Function exit code pop ebp ret The structure of programs in the tasks

More Related