25
Beginning Assembly, Part 2 The Assembling! Poorly Presented by Gleep
Beginning Assembly, Part 2The Assembling!
Poorly Presented byGleep
Dicks
• How does Dicks work?• Zenity dependancy• Pushes text params onto the stack• Stores mem addresses of params in registers• Calls execve to start Zenity and passes regs to
Zenity with params for pop-up text box
Binary Coded Decimal
• Represents a decimal number by coding each digit in binary
• Unpacked BCD is one byte per digit• 00000011 00000100 00001001• 3 4 9• Packed BCD is one byte per two digits• 00100100 10010001• 2 4 9 1
Floating Point Maths
• Floating point ops use special registers ST(0) thru ST(7)… 80 bit registers for data
• 1 - 16 bit control register• 1 - 16 bit status register• 1 - 16 bit tag register to describe contents of data
regs• 1 - 48 bit FIP register for next floating point op• 1 - 48 bit FDP FPU data pointer• 1 - 11 bit Opcode register
Floating Point Reg Ops
• The floating point registers act as a stack. ST(0) is top of stack.
• Fld src – loads 80 bit src onto FP stack• Fst dst – moves top of FP stack into dst• Info all will show all FP and SSE registers
Floating Point Maths
((55.24 / 31) + (83.11 * 2.4)) / ((14.35 * 9) – (251.5 / 77.62)) = OMGLOLWUT?!?!
Single Instruction Multiple Data
• Aka – MMX, SSE, 3DNow!• MMX aliases the 8 FPU data regs as MM0-7
for 64 bit packed integers• SSE includes 8 new 128 bit regs XMM0-7 for
128 bit packed integers and floating point data• Useful for processing large amounts of data
with one instruction
SIMD Continued
• MMX regs can store 8x8 bit byte ints, 4x16 bit word ints, or 2x32 bit double word ints
• Movq src, dst – where dst is %mm0-7• SSE regs can store 16x8 bit byte packed ints, 8x16 bit
word packed ints, 4x32 bit double word packed ints, or 2x64 bit quad word ints
• Movdqu src, dst – moves unaligned data into %xmm0-7
• Movdqa src, dst – moves aligned data. Using this with unaligned data will throw an error.
SIMD Continued
• This was supposed to be a meaningful slide but then I got bored with SIMD.
• Research it yourself if you need to code it in natively.
C structures in ASM
• For Loops• If/Then• While• Switch
Using C Libraries in Asm
• When using C functions in asm, need to link in C libraries containing the functions
• Ld –dynamic-linker /lib/ld-linux.so.2 –o <exe> -lx <obj file> - where x is /lib/libx.so
• /lib/ld-linux.so.2 is a dynamic loader• -lc option would link to /lib/libc.so
Compiling Asm with GCC
• Gcc –o <exe> <asmfile>• Automagically links everything• Must change _start label to main
Unconditional Branching• JMP <operand>– 3 types… Short, Near, Far– Equivalent of Goto:– Short JMP is less that 128 bytes– Far JMP is to another code segment– Near JMP is everything else– Takes one memory label as a parameter
• Call <operand>– Equivalent to function call in C– Call pushes EIP to stack– Call returns to main with the RET command
Unconditional Branching Cont’d
• Interrupt– Hardware – used for I/O functions– Software
• Used for accessing kernel functions• In Linux, uses Interrupt 0x80• In Windows, uses Interrupt 0x21• Parameters in registers determine which function is being
called with what parameters• Ex: MOVL $1, %EAX
– MOVL $0, %EBX– INT $0x80
Conditional JMPs
• JZ <label> – JMP if ZF is set• JNZ <label> – JMP if ZF is not set• JGE <label> – JMP if equal or greater• JLE <label> - JMP if less than or equal
• There’s a bunch of em… use the Googles
Function Calls• .type <function label>, @function• <function label>:• Ret
• Call <function label>
• Functions can be defined anywhere within asm file• Return values can be returned in regs or global vars• Can put functions in separate file, just add .globl <function
label> statement after .type statement, and add function object file to linker statement
Function Prologue and Epilogue
Prologue
– Function:• Pushl %ebp• Movl %esp, %ebp• Subl $8, %esp
• Epilogue
• Movl %ebp, %esp• Popl %ebp• Ret
Enter and Leave
• Enter #bytes – used to perform function call prologue
• Leave – used to perform function call epilogue
Main Process Stack Frame Base
Main Process Variable 1
Main Process Return Address
Main Process Old EBP Address
New Function Variable 1
New Function Variable 2
EBP
ESPMain Process executesMain Process calls New FunctionCall places RET addr on stackPrologue pushes EBP to stackPrologue sets EBP to ESPPrologue decrements ESP to make room for variablesNew Function loads variablesNew Function executesEpilogue sets ESP to EBPEpilogue pops old EBP from stackRET pops old RET address to EIPMain Process resumes
System Calls
• Can be found in /usr/include/asm/unistd.h• Look up the needed input and return values in
man 2 <syscall>• Can use strace to see background syscalls
when running a program• Strace –p <PID> will attach strace to a running
process• Use man 3 <c lib func> to see C function calls
Inline Assembly• You can embed assembly within C programs• Asm ( “code goes here”);• Must enclose the code in quotes• Can use the “volatile” keyword to tell compiler not to
optimize it• Must use \n newline char if embedding more than one
command• If coding ANSI C, use __asm__ instead• Asm ( “movl $1, %eax\n\t”
“movl $0, %ebx\n\t”“int $0x80”);
Calling Libraries
• If using asm libraries in C code, add the asm files onto compile statement
• Gcc –o testprog testprog.c func1.s func2.s• Can also assemble code into object file then
add the object file to gcc
Making Libraries
• Can create a static library using the Ar command to add object files into an archive
• Static library name syntax Libx.a• Ar r libmyfunc.a func1.o func2.o func3.o• Can see what is contained in a library using nm
command• Nm –s libmyfunc.a• Compile by including the libx.a file on gcc
command
Making shared libraries
• Shared library name syntax libx.so.<version>• Create shared library with –shared option on
gcc• Gcc –shared –o libmyfunc.so.1 func1.o func2.o
func3.o• To compile using shared library, in same dir as
program file use –L. option• Gcc –o testfunc –L. –lmyfunc testfunc.c
Using shared libraries
• The dynamic loader must know where to find any libraries needed for program function
• Change LD_LIBRARY_PATH environment variable• Export LD_LIBRARY_PATH=
“$LD_LIBRARY_PATH:.”• Or change the /etc/ld.so.conf file• After adding path to ld.so.conf, must run
ldconfig as root
