2

Lectures schedule

When ? Topic Lecture

October 20, 2013 Introduction to C Programming in Unix Environment - I

1

October 27, 2013 Introduction to C Programming in Unix Environment - II

2

November 3, 2013 Introduction to Assembly 3

November 17, 2013November 10, 2013

Functions and System Calls (Assembly) 4

Midterm A

December 8, 2013 Unix Processes 5

December 15, 2013 Programs Execution 6

December 22, 2013 Introduction to script languages (Python) 7

January 5, 2014 Web programming 8

Midterm B

3

From last lab...

msg is a pointer that points to memory which is in the data segment (read only part)

Abed Asi - ESPL3

char msg2[]= “text”;msg2[0] = ‘n’;

char* msg = “text”;msg[0] = ‘n’;

msg2 is an array of chars that are on the stack

4

A User’s View of Computer Systems

Abed Asi - ESPLCourtesy: Guide to Assembly Language Programming in Linux,  Sivarama P. Dandamudi, 2005

5

What is Assembly Language ?

Low-level programming language Influenced by:

The architecture of the processor The instruction set

Two basic types of processors CISC (Complex Instruction Set Computers) RISC (Reduced Instruction Set Computers)

Pentium is an example of a CISC processor Assembler translates assembly to machine code NASM is a popular assembler for Pentium processors

Abed Asi - ESPL

6

Advantage of High-Level Languages

Program development is faster

Programs are easier to maintain

Programs are portable

Abed Asi - ESPL

so, why to program in the Assembly language ?

7

Why to program in Assembly ?

Efficiency Time efficiency Space efficiency

Direct hardware control

Abed Asi - ESPL

Programmer productivity ? Write code Debug

8

Why to Learn Assembly ?

Educational purposes

Practical purposes (embedded systems)

Cracking

Abed Asi - ESPL

Personal Satisfaction

9

Today

IA – 32 architecture Registers Fetch-decode-execute cycle

Addressing Modes Registers Immediate Direct Indirect

Logical and Arithmetic instructions

Abed Asi - ESPL

10

Fetch-decode-execute

A processor acts as a controller

Executing the following cycle forever: Fetch an instruction from the memory Decode the instruction Execute the instruction

Who provides the instructions to the processor ? Who places these instructions in the main memory ?

Abed Asi - ESPL

11

Registers

Abed Asi - ESPL

Pentium has 10 32-bit and 6 16-bit registers

Registers are grouped into: General registers Control registers Segment registers

General registers Data registers Pointer registers Index registers

12

General Registers - Data Data registers

Four 32-bit registers (EAX, EBX, ECX,EDX) Four 16-bit registers (AX, BX, CX, DX) Eight 8-bit registers (AH,AL,BL,BH,CL,CH,DL,DH)

Data registers can be used in arithmetic and logical instructions

Special functions for specific instructions EAX – Accumulator (mul) ECX – Counter (loop)

Abed Asi - ESPL

13

General Registers – Pointer and Index

String Registers (could be used as general-purpose) ESI EDI

Pointer Registers (could be used as general-purpose) Mainly used to maintain the stack ESP EBP

Abed Asi - ESPL

14

Control Registers

Instruction Pointer (EIP) Tracks the next instr. Updated once an instr.

is executed, jump, etc.

Flag register Affected by logical

and arithmetic inst. Affects conditional jump

operations

Abed Asi - ESPL

15

Flags

It’s meaning is independent from any other bit

OF— The Overflow flag is set when the result of an operation becomes too large to fit in the operand it originally occupied.

SF— The Sign flag becomes set when the result of an operation forces the operand to become negative.

ZF— The Zero flag becomes set when the results of an operation become zero

CF— The Carry Flag becomes set when an arithmetic or shift operation "carries out" a bit from the operand

Abed Asi - ESPL

16

Segment Registers

A program is logically divided into two segments: Code segment (CS) Data segment (DS)

The SS register points to the program’s stack segment

Abed Asi - ESPL

17

Overview of Assembly Language

The classes of statements Executable Directive/pesudo-instructions - constants and more Macros – naming a group of statements

All three classes use the same format [label] mnemonic [operands] [;comment] Fields in [ ] are optional

Examples repeat: inc result ;executable CR: EQU 0DH ; directive

Abed Asi - ESPL

18

Data Allocation

Storage allocation statement variable-name define-directive initial-value [,initial-value], …

Define directive takes one of this basic forms DB Define Byte ; allocates 1 byte DW Define Word ;allocates 2 bytes DD Define Doubleword ;allocates 4 bytes DQ Define Quadword ;allocates 8 bytes DT Define Ten Bytes ;allocates 10 bytes

Examples …

Abed Asi - ESPL

19

Data Allocation – Examples

Abed Asi - ESPL

sorted DB ‘y’ sorted DB ‘79H’ sorted DB 1111001B

Allocate two bytes of contiguous storage and initialized it to 25159 value DW 25159 automatically converted to its 16-bit hex. equivalent (6247H) address: x x+1

47 62

sorted DB ‘y ’

Pentium uses little-endian

20

Uninitialized Data

Reserve space for uninitialized data

Reserve directives RESB Reserve a byte RESW Reserve a Word RESD Reserve a Doubleword RESQ Reserve a Quadword REST Reserve Ten bytes

response RESB 1 buffer RESW 100 total RESD 1

Abed Asi - ESPL

21

Multiple Definitions

A string

message DB ‘H’DB ‘E’DB ‘L’DB ‘L’DB ‘O’

more compactly:

message DB ‘HELLO’

Abed Asi - ESPL

Array with 8 elements

message DW 0DW 0DW 0DW 0DW 0

can be abbreviated:

marks DW 0,0,0,0,0marks TIMES 8 DW 0

22

Addressing Modes

Assembly language instructions require operands

Possible locations of the operands (addressing mode): in a register internal to the processor in the instruction itself in the main memory (usually in the data segment)

mov instruction copies the content of the source register into the dest. register syntax: mov destination, source ;example: mov EAX, EBX works with 16-bit and 8-bit registers memory-to-memory transfer is not supported!

Abed Asi - ESPL

23

Register Addressing Mode

Using processor’s internal registers Very efficient. Why ?

mov EAX, EBXmov BX, CXmov AL, CL

Abed Asi - ESPL

24

Immediate Addressing Mode Data is part of the instruction Data is located in the code segment not in the data

segment The immediate data is always a constant

mov AL, 75

Abed Asi - ESPL

25

Direct Addressing Mode

response DB ‘Y’ ;allocates a byte, initializes to Ytable1 TIMES 20 DD 0 ;allocates 80 bytes, initializes to 0name1 DB ‘Jim Ray’ ; 7 bytes -----------------------------------------------------------------------------------mov AL, [response] ; copies Y into AL registermov [response], ‘N’ ; N is written into responsemov [name1], ‘K’ ; writes K as the first character of name1move [table1],56 ; 56 is written in the first element – table1[0] = 56

mov EBX, table1 copies the address of table1 into EBX

mov EBX, [table1] what is the difference ?

Abed Asi - ESPL

26

Indirect Addressing Mode

How to access second element of table1 ? This mode is required for variable with several elements

mov EBX, [table1]mov [EBX], 100 ;table[0] = 100add EBX, 4 ; EBX = EBX + 4mov [EBX], 99; table[1] = 99

lea EBX,[table1+ESI] VS. mov EBX,[table1+ESI] Assembly time and run time

Abed Asi - ESPL

27

Ambiguous Moves

Moving immediate value into memory sometimes causes ambiguity

mov EBX, table1mov ESI, name1mov [EBX], 100mov [ESI], 100

Word equivalent of 100 ? maybe a byte equivalent of 100 ? Clarify this by using a type specifier

mov WORD [EBX], 100 mov [EBX], WORD 100mov BYTE [EBX], 100 mov [EBX], BYTE 100

Abed Asi - ESPL

28

Type Specifiers

Abed Asi - ESPL

Bytes addressed Type Specifier

1 BYTE

2 WORD

4 DWORD

8 QWORD

10 TBYTE

29

Arithmetic Instructions – INC and DEC

increment/decrement the operand by 1

The operand can be either in register or in memory

inc destination ;might be 8-, 16-, 32-bitdec destination ;might be 8-, 16-, 32-bit

Abed Asi - ESPL

30

ADD

Used to add 8-, 16-, 32-bit operands

add destination, source ;dest = dest + source

inc EAX is preffered to add EAX,1

Less memory, same speed

Abed Asi - ESPL

31

SUB and CMP

SUB used to subtract 8-, 16-, 32-bit operands

sub destination, source ;dest = dest - source

CMP compares two operands (equal, not equal, ..)

CMP behavior is similar to SUB except that the result is not saved So, how can we retrieve the comparison result ?

CMP is typically used with a conditional JUMP inst.

Abed Asi - ESPL

32

Unconditional Jump

mov EAX, 1inc again:

inc EAXjmp inc_againmov EBX, EAX…

When to stop ?

Abed Asi - ESPL

33

Conditional Jump Jump if the specified condition is satisfied

j<cond> label ;identifies the condition

The condition being tested is the result of the last arithmetic or logic operation

read_char:mov DL,0. . . (code for reading a character into AL). . .cmp AL,0DH ;compares the character to CRje CR_received ; if equal, jump to CR_receivedinc CL ;otherwise, increment CL andjmp read_char ; go back to read another char.

CR_received:mov DL, AL

Abed Asi - ESPL

but, the CMP doesn’t save the result, so what really happens ?!!

34

Conditional Jump

Abed Asi - ESPL

Meaning Mnemonic

jump if equaljump if zero

jejz

jump if not equaljump if not zero

jnejnz

jump if greaterjump if not less of equal

jgjnle

jump if greater or equaljump if not less

jgejnl

jump if lessjump if not greater or equal

jljnge

jump if less or equaljump if not greater

jlejng

jump if carry (i.e. if CF = 1) jc

35

Multiplication

Two multiplication instr. : mul and imul

mul source

The source operand can be in a register or in memory

Immediate operands are not allowed

Where is the second operand ?

Abed Asi - ESPL

36

Division

Two Division instr. : div and idiv

div source

The source operand is the divisor

Abed Asi - ESPL

37

Iteration Instruction

mov CL,50repeat1:<loop body>dec CLjnz repeat1. . .. . .

Abed Asi - ESPL

mov ECX,50repeat1:

<loop body>loop repeat1. . . . . .

38

Logical Instructions

and destination, sourceor destination, sourcexor destination, sourcenot destination, sourcetestdestination, source

. . .and AL, 01Hje bit_is_zero

<code to be executed when the bit is one>

jmp skip1

bit_is_zero:<code to be executed when bit is zero>

skip1:<rest of the code>Abed Asi - ESPL

39

Logical Instructions

Shift SHL SHR

Rotate ROL ROR

Abed Asi - ESPL

40

section .text

global _start ;must be declared for linker (ld)  

section .data  

msg db 'Hello world!',0xa ;our dear string len equ $ - msg ;length of our dear string

_start: ;tell linker entry point  

mov edx,len ;message length mov ecx,msg ;message to write mov ebx,1 ;file descriptor (stdout) mov eax,4 ;system call number (sys_write) int 0x80 ;call kernel

  mov eax,1 ;system call number (sys_exit) int 0x80 ;call kernel  

Example 1 – Hello World

Abed Asi - ESPL

41

; Data section begins section .data var1 dd 40 var2 dd 20 var3 dd 30    

section .text global _start

  _start:

mov ecx, [var1] cmp ecx, [var2] jg check_third_var mov ecx, [var2]

  check_third_var:

cmp ecx, [var3] jg _exit

mov ecx, [var3]   _exit:

mov ebx, ecx mov eax, 1 int 80h

Example 2 – Max. among 3 numbers

Abed Asi - ESPL