Practical Session 3

1
Practical Session 3
2
Clarification about Little Endian

• When writing numeric values into the memory, they
  are stored in Little Endian manner.
• When writing numeric values into a register, they
  are not reversed. If we write the contents of the
  register into the memory, it will be stored in
  the memory using Little Endian notation.
• When writing string values into the memory, they
  are not reversed and are stored in the same order
  as they are entered.
• When writing character values into a register,
  they are stored in Little Endian manner, so that
  if we write the contents of the register into the
  memory, it will be stored in the correct order
  (which is the order of the characters).

3
The Stack

• The stack is an area in memory that its purpose
  is to provide a space for temporary storage of
  addresses and data items.
• Every cell in the stack is of size 4 bytes.
• The register ESP holds the address of the next
  available free cell in the stack . i.e. a pointer
  to the top of the stack.
• We use ESP as pointer and every cell is 4 bytes.
  stack in size of 232 bits.

00000000
4 bytes
ESP FFFFFFF7h
5
3
FFFFFFFFh
4
Fucntion Call - Stack Frame

• Calling a function
• Backup registers (optional)
• Push arguments in reverse order.
• Use the call instruction to call the function.
  The return address will be pushed automatically
  onto the stack.
• Start of function
• Backup the EBP (Base Pointer).
• Reset the EBP to the current ESP.
• Backup registers that are used in the function.

5
Fucntion Call - Stack Frame

• End of function
• Restore backed up registers.
• Put return value in EAX (optional).
• Move EBP to ESP.
• Restore old EBP (by using pop).
• Use the ret instruction to return.
• When returned from function
• Retrieve return value from EAX.
• Pop all arguments from the stack (or just add
  their size to ESP).
• Restore old registers (optional).

6
Stack Operations

• PUSH
• This instruction push data on stack. It
  decrements the stack pointer ESP by 2 or 4, and
  then stores the given value at ESP.
• The data pushed into the highest address of
  the stack, in little endian order.
• The size of the operand determine which
  register to use as stack pointer and whether the
  stack pointer is decremented by 2 or 4.
• Example
• push the content of ax to stack in little
  endian order
• move eax, C23212AFh
• push eax

ESP
AF1232C2
7

• PUSHAx
• This instruction Push All General-Purpose
  Registers.
• PUSHAD pushes, in succession, EAX, ECX, EDX, EBX,
  ESP, EBP, ESI and EDI on the stack, decrementing
  the stack pointer by a total of 32.
• In both cases, the value of ESP pushed is its
  original value, as it had before the instruction
  was executed.
• PUSHA is an alias mnemonic for PUSHAD.
• Note that the registers are pushed in order
  of their numeric values in opcodes.
• PUSHFx
• PUSHFD pushes the entire flags register onto the
  stack.
• PUSHF is an alias for PUSHFD.

8

• POP
• POP loads a value from the stack (from ESP)
  and then increments the stack pointer (by 2 or
  4).
• The size of the operand determine which
  register to use as stack pointer and whether the
  stack pointer is incremented by 2 or 4.
• Example
• mov ax, 3
• push ax
• mov bx,12AFh
• push bx
• pop ax ax 12AFh
• pop bx bx 3

9

• POPAx
• Pop All General-Purpose Registers.
• POPAD pops a dword from the stack into each of,
  successively, EDI, ESI, EBP, nothing (placeholder
  for ESP), EBX, EDX, ECX and EAX. It reverses the
  operation of PUSHAD.
• POPA is an alias for POPAD.
• POPFx
• Pop Flags Register.
• POPFD pops a dword and stores it in the entire
  flags register.
• POPF is an alias for POPFD.

10

• JMPJumps to a given address.
• Jcc Conditional Branch
• JE/JZ Jumps if ZF 1 (Zero Flag 1)
• JNE/JNZ Jumps if ZF 0
• JLE/JNG (Jump Less Equal, Jump Not Greater)
  Jumps if either the zero flag is set, or exactly
  one of the sign and overflow flags is set
• JG/JNLE (Jump Greater/Jump Not Less Equal)
• JL/JNGE (Jump Less/Jump Not Greater Equal)
  Jumps if exactly one of the sign and overflow
  flags is set
• JGE/JNL (Jump Greater Equal/Jump Not Less)
• JS Jumps if SF 1 (Sign Flag 1)
• JNS Jumps if SF 0

11
Reading a string - Example
Suppose ECX points to the first byte of a string.
We wish to read the string character by
character read_string mov al, byteecx
Read a single byte from the string. Store into a
byte size register Do whatever processing
you want on the character. inc ecx Increase
the pointer address by one, moving it to the next
character in the string mov ah, byteecx
Read the next character in the string cmp ah,
10 Compare AH to line_feed character jne
read_string If not the end of the string, jump
back to the beginning of the loop to
continue reading the string Finishing code
12
Running NASM - reminder
To assemble a file, you issue a command of the
form gt nasm -f ltformatgt ltfilenamegt -o
ltoutputgt Example gt nasm -f elf mytry.s -o
myelf.o It would create myelf.o file that has elf
format (executable and linkable format).We use
main.c file (that is written in C language) to
start our program, and sometimes also for input /
output from a user. So to compile main.c with our
assembly file we should execute the following
command gt gcc main.c myelf.o -o myexe.out It
would create executable file myexe.out.In order
to run it you should write its name on the
command line gt myexe.out
13
Producing a listing file

• If you supply the -l option to NASM, followed
  (with the usual optional space) by a file name,
  NASM will generate a source-listing file for you,
  in which addresses and generated code are listed
  on the left, and the actual source code, with
  expansions of multi-line macros
• For example
• nasm -f elf asm0.s -l asm.lst

14
Example of a listing file

• 1 section
  .rodata
• 2 LC0
• 3 00000000 46726F6D2061736D2E- DB
  "From asm.s the result is d", 10, 0
• 4 00000009 733A20746865207265-
• 5 00000012 73756C742069733A20-
• 6 0000001B 2025640A00
• 7 section
  .text
• 8
  align 16
• 9
  global my_func
• 10
  extern printf
• 11 my_func
• 12 00000000 55
  push ebp
• 13 00000001 89E5
  mov ebp, esp
• 14
• 15 00000003 8B5D0C
  mov ebx, dword ebp12 get m
• 16 00000006 8B4D08
  mov ecx, dword ebp8 get n
• 17 00000009 B800000000
  mov eax, 0
• 18 my_loop
• 19 0000000E 01D8
  add eax, ebx

15
Task 1
In this task we would use task1.s assembly file
and main1.c - C file. Write a program that gets a
string and prints it in binary
16
Task 2

• Practice parameters passing from assembly to C
  and vice versa.
• You are to write a C program that performs
• Gets an integer from the user. (In the same
  manner as in the previous task)
• Call to the Assembly function calc_square with
  the integer as a parameter.
• An assembly function 'calc_square' that performs
  
• Call to C square function (defined below) to
  find the square of the integer.
• Call to printf to print the result.
• The C function 'square' performs
• Gets 1 parameters an integer x
• Compute and return the square of the integer x2

17
main1.c file
include ltstdio.hgt define BUFFER_SIZE (128) ext
ern int my_func(char buf) int main(int argc,
char argv) char bufBUFFER_SIZE
printf("Enter string ") fflush(stdout)
fgets(buf, BUFFER_SIZE, stdin) printf("Got
string s\n", buf) my_func(buf) return
0
1. Include stdio.h library (standard I/O) 2. Get
online parameters (from the user) 3. Call to an
assembly function my_func Note It can contain
other functions that we can call from an assembly
file
18
Task1.s file
section .rodata LC0 DB "The result is s",
10, 0 section .text align 16 global
my_func extern printf my_func push ebp mov eb
p, esp push ecx mov ecx, dword ebp8
Your code should be here... push ecx push LC0
call printf add esp, 8 pop ecx mov esp,
ebp pop ebp ret
1. Has two sections .rodata .text.rodata
contains all read-only data declarations, .text
contains a code 2. Align 16 means that all data
and instruction should be at an address that is
divided by 16 (bits) (in another words, an
address should be even) 3. my_func is a function
that we define it should be global so that
main.c file would be able to call to it 4. We use
printf function of stdlib.h C library so we
should declare it as an external function because
it isnt defined in our assembly file (if we use
any function that is not in our file, we should
declare it as external) 5. The purpose of my_func
is to call printf with the string it got from
main as an argument.
19
The structure of programs in the tasks
section .rodata LC0 DB "The result is s",
10, 0 Format string section .text align
16 global my_func extern printf my_func push
ebp mov ebp, esp Entry code - set up ebp and
esp pusha Save registers mov ecx, dword
ebp8 Get argument (pointer to string)
Your code should be here... push ecx Call
printf with 2 arguments pointer to
str push LC0 and pointer to format
string. call printf add esp, 8 Clean up
stack after call popa Restore
registers mov esp, ebp Function exit
code pop ebp ret
20
Parameters passing

• To see an example for the C calling convention
  and parameters passing example, take the C
  program main0.c and assembly it as follows
• gcc S main0.c
• Observe parameters pass in C, compare to material
  given in class.