a. mov esi,wVal

Download Report

Transcript a. mov esi,wVal 

Outline





Data Transfer Instructions
Arithmetic Instructions
Data-Related Operations and Directives
Indirect Addressing
JMP and LOOP Instructions
Data Transfer Instructions

MOV is for moving data between:




Memory
Register
Immediate (constant)
Almost all combinations, except:

Memory to Memory!
MOV Instruction
• Move from source to destination. Syntax:
MOV destination,source
• No more than one memory operand permitted
• CS, EIP, and IP cannot be the destination
• No immediate to segment moves
.data
count BYTE 100
wVal WORD 2
.code
mov bl,count
mov ax,wVal
mov count,al
mov al,wVal
mov ax,count
mov eax,count
; error
; error
; error
Your turn . . .
Explain why each of the following MOV statements are invalid:
.data
bVal BYTE
100
bVal2 BYTE
?
wVal WORD
2
dVal DWORD 5
.code
mov ds,45
mov esi,wVal
mov eip,dVal
mov 25,bVal
mov bVal2,bVal
;
;
;
;
;
a.
b.
c.
d.
e.
Memory to Memory?

Must go through a register…
.data
Var1 WORD?
Var2 WORD ?
.code
MOV AX, var1
MOV var2, AX
MOV Instruction Format
Instruction Operand Notation
Zero or Sign Extension

What happens to ECX if –1 is moved from CX?



Are the higher 16 bits of ECX all 0?
What number does ECX represent now?
The solution: MOVZX and MOVSX


MOVZX always fills higher bits with 0.
MOVSX fills higher bits by “sign extension”.
Zero Extension
When you copy a smaller value into a larger destination, the
MOVZX instruction fills (extends) the upper half of the destination
with zeros.
0
10001111
Source
00000000
10001111
Destination
mov bl,10001111b
movzx ax,bl
; zero-extension
The destination must be a register.
MOVZX Instruction Format
Sign Extension
The MOVSX instruction fills the upper half of the destination
with a copy of the source operand's sign bit.
11111111
10001111
Source
10001111
Destination
mov bl,10001111b
movsx ax,bl
; sign extension
The destination must be a register.
MOVSX Instruction Format
XCHG

XCHG for exchange data between:
Register, register
 Register, memory
 Memory, register
(again, no memory to memory)

Direct-Offset Operands

Adding a displacement (or offset) to a
variable name:
arrayB BYTE 10h, 20h, 30, 40h, 50h
…
MOV AL, arrayB
; AL=10h
MOV AL, [arrayB+1] ; AL=20h
MOV AL, arrayB+1 ; Is it valid?
Your turn. . .
Write a program that rearranges the values of three doubleword
values in the following array as: 3, 1, 2.
.data
arrayD DWORD 1,2,3
• Step1: copy the first value into EAX and exchange it with the
value in the second position.
mov eax,arrayD
xchg eax,[arrayD+4]
• Step 2: Exchange EAX with the third array value and copy the
value in EAX to the first array position.
xchg eax,[arrayD+8]
mov arrayD,eax
Evaluate this
.data
myBytes BYTE 80h,66h,0A5h
• How about the following code. Is anything missing?
movzx
mov
add
mov
add
ax,myBytes
bl,[myBytes+1]
ax,bx
bl,[myBytes+2]
ax,bx
; AX = sum
Yes: Move zero to BX before the MOVZX instruction.
Addition and Subtraction

ADD X, Y
X := X + Y

SUB X, Y
X := X – Y
INC, DEC, NEG

INC X
X := X + 1 or X++

DEC X
X := X – 1 or X--

NEG X
X := –X
Expression

Example: X=(A + B) * (D – E)
MOV
ADD
MOV
SUB
IMUL
MOV
EAX, A
EAX, B
ECX, D
ECX, E
EAX, ECX
X, EAX
Flags Affected

Flags (register) tell us whether any of the
following conditions occur:




Overflow,
Carry,
Zero, Sign…etc.
Used for decision in branch.


Loop (discussed next)
If…then…else
Zero and Sign

Zero Flag ZF=1 if the instruction produce 0.
MOV CX, 1
SUB CX, 1

; CX=0, ZF=1
Sign Flag SF=1 if the instruction produce a
negative number.
MOV CX, 0
SUB CX, 1
ADD CX, 2
; CX=-1, SF=1
; CX=1, SF=0
Carry (Unsigned Arithmetic)


The Carry flag is set when the result of an
operation generates an unsigned value that is
out of range (too big or too small for the
destination operand).
Example:
MOV
ADD
MOV
ADD
AL, 0FFh
AL, 1
; CF = 1, AL=00
AX, 00FFh
AX, 1
; CF = 0, AX=0100h
Overflow (Signed Arithmetic)


The Overflow flag is set when the signed
result of an operation is invalid or out of
range.
Example:
MOV
ADD
MOV
SUB
AL, +127
AL, 1
AL, -128
AL, 1
; OF = 1
; OF = 1
Detecting Carry

Detecting Carry is easy.


Example:
+
1

Adding two N-bit numbers result in an (N+1)-bit
number.
00000100
11111111
00000011
CF is ignored for signed arithmetic. For
example, the above is 4 + (-1) in decimal
Detecting Overflow


Carry isn’t meaningful for signed arithmetic.
For example, adding any two negative
numbers always produces carry.
Detecting Overflow:

Compare CF and the bit carried into MSB (Most
Significant Bit).
Overflow in Positive Numbers



Carry never happens.
Overflow occurs if MSB becomes 1
01111111 (127) 00000001 (1)
+ 01111111 (127) 00000001 (1)
Observation:


MSB=1 indicates a negative number.
But, we’re adding two positive numbers…?!
Overflow in Negative Numbers



Carry always happens.
Overflow occurs if MSB becomes 0
10000000 (-128) 11111111 (-1)
+ 11111111 (-1)
11111111 (-1)
Observation:


MSB=0 indicates a positive number.
But, we’re adding two negative numbers…?!
Detecting Overflow

Overflow: CF  MSB ?



Overflow: (CF  MSB) and not the case of
(positive+negavive)
positive+negavive:



Doesn’t work if adding a positive number to a
negative number (or vice versa)!
Overflow never happens.
Carry happens when carry-in to MSB
Overflow: CF  (carry-in to MSB)
Flags Affect in ADD, SUB
•
•
•
•
•
•
Carry: unsigned arithmetic out of range
Overflow: signed arithmetic out of range
Sign: result is negative
Zero: result is zero
Auxiliary Carry: carry from bit 3 to bit 4
Parity: sum of 1 bits is an even number
LAHF/SAHF


LAHF: load the low byte of EFLAGS register
into AH.
SAHF: store the low byte of EFLAGS register
into AH.
Data Related Operators

Who are they?



OFFSET, PTR, TYPE, LENGTHOF, SIZEOF
They are only understood by the assembler.
They are not instructions!
Operand Sizes


Operands may have the size of 1 byte, 2
bytes, or 4 bytes.
Most of time, we can tell the size from the
register names or the variable definition. For
examples:
Var1
BYTE “Hello”
MOV ECX, 13
MOV AL, Var1
PTR


But sometimes we want to override the
default.
myDouble
DWORD 12345678h
MOV AL, myDouble ; error
MOV AL, BYTE PTR myDouble
MOV AX, WORD PTR myDouble
MOV AX, WORD PTR [myDouble+2]
MOV EAX, myDouble
OFFSET

OFFSET returns the distance in bytes, of a label from the
beginning of its enclosing segment
Assume that the data segment begins at 00404000h:
.data
bVal BYTE ?
wVal WORD ?
dVal DWORD ?
dVal2 DWORD ?

.code
mov esi,OFFSET bVal ; ESI = 00404000
mov esi,OFFSET wVal ; ESI = 00404001
mov esi,OFFSET dVal ; ESI = 00404003
mov esi,OFFSET dVal2 ; ESI = 00404007
TYPE

TYPE returns the size (in bytes) of each element.
.data
var1 BYTE ?
var2 WORD ?
var3 DWORD ?
var4 QWORD ?
.code
mov eax,TYPE var1
mov eax,TYPE var2
mov eax,TYPE var3
mov eax,TYPE var4
;1
;2
;4
;8
LENGTHOF

LENGTHOF returns the number of elements.
.data
byte1 BYTE 10,20,30 ; 3
array1 WORD 30 DUP(?),0,0 ; 32
array2 WORD 5 DUP(3 DUP(?))
array3 DWORD 1,2,3,4 ; 4
digitStr BYTE "12345678",0
;9
.code
mov ecx,LENGTHOF array1
; 32
; 15
SIZEOF

SIZEOF returns the size of the variable (the whole
array).
 SIZEOF = LENGTHOF * TYPE
.data SIZEOF
byte1 BYTE 10,20,30 ; 3
array1 WORD 30 DUP(?),0,0 ; 64
array2 WORD 5 DUP(3 DUP(?))
array3 DWORD 1,2,3,4 ; 16
digitStr BYTE "12345678",0
;9
.code
mov ecx,SIZEOF array1 ; 64
; 30
Indirect Operands

An indirect operand holds the address of a variable,
usually an array or string. It can be dereferenced
(just like a pointer).
.data
val1 BYTE 10h,20h,30h
.code
mov esi,OFFSET val1
mov al,[esi] ; dereference ESI (AL = 10h)
inc esi
mov al,[esi] ; AL = 20h
inc esi
mov al,[esi] ; AL = 30h
Array Sum Example
.data
arrayW WORD 1000h,2000h,3000h
.code
mov esi,OFFSET arrayW
mov ax,[esi]
add esi,2 ; or: add esi,TYPE arrayW
add ax,[esi]
add esi,2 ; increment ESI by 2
add ax,[esi]
; AX = sum of the array
Indexed Operands
arrayW WORD 1000h,2000h,3000h
.code
mov esi,0
mov ax,[arrayW + esi]
; AX = 1000h
mov ax,arrayW[esi]
; alternate format
add esi,2
add ax,[arrayW + esi]
Pointers
.data
arrayW WORD 1000h,2000h,3000h
ptrW DWORD arrayW
.code
mov esi,ptrW
mov ax,[esi] ; AX = 1000h
Implementation of Loops


JMP instruction: Unconditional Branch.
LOOP instruction:



Step 1: Set ECX to n for a loop of n iterations.
Step 2: Use LOOP instruction at the end of loop.
Hidden action: DEC ECX
Example: Summation

For I := 10 downto 1 {Sum := Sum+I}
L1:
MOV ECX, 10
MOV EAX, 0
ADD EAX, ECX
LOOP L1
Your turn
What will be the final value of
AX?
10
How many times will the
loop execute?
4,294,967,296
(=232)
mov ax,6
mov ecx,4
L1:
inc ax
loop L1
mov ecx,0
X2:
inc ax
loop X2
Copying a String
.data
source BYTE "This is the source string",0
target BYTE SIZEOF source DUP(0),0
.code
mov esi,0
; index register
mov ecx,SIZEOF source
; loop counter
L1:
mov al,source[esi]
; get char from source
mov target[esi],al
; store it in the target
inc esi
; move to next character
loop L1
; repeat for entire string
Nested Loop
.data
count DWORD ?
.code
mov ecx,100
L1:
mov count,ecx
mov ecx,20
L2:
.
loop L2
mov ecx,count
loop L1
; set outer loop count
; save outer loop count
; set inner loop count
.
; repeat the inner loop
; restore outer loop count
; repeat the outer loop