Transcript PS04_142

Practical Session 4
Labels Definition - advanced
label:
(pseudo) instruction
operands
; comment
•valid characters in labels are: letters, numbers, _, $, #, @, ~, ., and ?
•first character can be: letter, _, ? and . ( . has a special meaning)
•label can be prefixed with a $ to indicate that it is intended to be read as an identifier and
not a reserved word
Example:
$eax: mov eax, 2
Local Labels Definition
A label beginning with a single period (.) is treated as a local label, which means
that it is associated with the previous non-local label.
Example:
label1:
mov eax, 3
.loop:
dec eax
jne .loop
ret
(this is indeed label1.loop)
label2:
mov eax, 5
.loop:
dec eax
jne .loop
ret
(this is indeed label2.loop)
Each JNE instruction jumps to the closest .loop, because the two definitions of .loop
are kept separate.
How to run Linux from Window

Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Run the following executable

Use “lvs.cs.bgu.ac.il” or “lace.cs.bgu.ac.il” host name
and click ‘Open’

Use your Linux username and password to login lace server

Go to http://www.cs.bgu.ac.il/facilities/labs.html


Choose any free Linux computer

Connect to the chosen computer by using “ssh –X cs302six1-4”
(maybe you would be asked for your password again)
cd (change directory) to your working directory
Assembly program with no .c file usage – sample.s
section .data
numeric:
string:
answer:
DD 0x12345678
DB 'abc'
DD
0
section .text
global _start
;entry point (main)
_start:
pushad
push dword 2
push dword 1
CALL myFunc
returnAddress:
mov [answer], eax
add esp, 8
popad
mov ebx,0
mov eax,1
int 0x80
myFunc:
push ebp
mov ebp, esp
mov eax, dword [ebp+8]
mov ebx, dword [ebp+12]
; backup registers
; push argument #2
; push argument #1
; call the function myFunc
; retrieve return value from EAX
; "delete" function arguments
; exit program
; myFunc gets two parameters a and b returns a+b
; save previous value of ebp
; set ebp to point to myFunc frame
; get function argument #1
; get function argument #2
myFunc_code:
add eax, ebx
; eax = 3
returnFrom_myFunc:
mov esp, ebp
pop dword ebp
ret
; "delete" local variables of myFunc
; restore previous value of ebp
; return to the caller
GNU Linker
ld links together compiled assembly without using .c main file
> nasm –f elf sample.s –o sample.o
> ld -m elf_i386 sample.o –o sample
> sample
or with gdb debugger
> gdb sample
section .data
numeric:
string:
answer:
DD 0x12345678
DB 'abc'
DD
0
section .text
global _start
_start:
print ‘numeric’ global variable
numeric into memory – little endian
print ‘string’ global variable
string into memory – little endian
pushad
0xffffd640 – 0xffffd620= 0x20 = 32
bytes = 8 registers * 4 bytes
push function’s arguments
into stack
CALL myFunc
return address
pushad
push dword 2
push dword 1
CALL myFunc
returnAddress:
mov [answer], eax
add esp, 8
popad
mov ebx,0
mov eax,1
int 0x80
myFunc:
push ebp
mov ebp, esp
mov eax, dword [ebp+8]
mov ebx, dword [ebp+12]
myFunc_code:
add eax, ebx
returnFrom_myFunc:
mov esp, ebp
pop dword ebp
ret
Command-line arguments
In Linux, we receive command-line arguments on the stack as execution
starts:
•
•
The first argument is number of arguments (i.e. argc)
Each one of the rest of arguments is a pointer to an argument string
(i.e. argv[0] (this is the name of the program), argv[1] argv[2], and so on)
ld(_start)
stack
vs.
gcc (main)
This is just like C’s
main(int argc, char** argv)
argv[2]
argv[1]
argv[0]
ESP
argc
stack
&{argv[0],argv[1],argv[2],…}
ESP
argc
Producing an assembly file for .c file
• -S (capital letter) to gcc compiler generates an assembly code
to .c program.
> gcc –m32 –S main.c
Compile the following c code with –S option to observe parameters pass in C, compare to material given in class.
#include <stdio.h>
extern int atoi(char*);
void main(int argc, char ** argv) {
int m, n;
if (argc < 3 ) {
printf("use : %s num1 num2\n",argv[0]);
return 0; }
m = atoi(argv[1]);
n = atoi(argv[2]);
return;
}
Producing a listing file

-l option to NASM will generates a source-listing file, in which
addresses and generated binary code are listed on the left,
and the actual source code is listed on the right
> nasm -f elf sample.s -l sample.lst
Producing a listing file – example 1
The first column (from the left) is simply
the line number in the listing and is
otherwise meaningless
•
The second column is the relative
address, in hex, of where the code will be
placed in memory
•
The third column is the actual compiled
code
•
Labels (i.e. names suffixed with colons)
do not create code, they are simply a way to
tell the assembler that those locations have
symbolic names.
•
For the normal type of call in 32-bit mode
(relative near call), the binary code for
‘CALL myFunc’ is the opcode E8 followed
by a 4-byte value that specifies the target
address, relative to the next instruction after
the call.
 Address of myFunc label = 0x1F
 Address of the next instruction after the
call (i.e. ‘mov [answer], eax’) is 0xA
 0x1F-0xA=0x15, and we get exactly the
binary code written here ‘E815000000’
•
Producing a listing file – example 2
main.c file:
#include <stdio.h>
extern void myFunc (void);
int main(void) {
myFunc (); // Your assembly code function
}
func.s file
section .rodata
STR1: DB "Assembly %s", 10, 0
STR2: DB "code"
section .text
global myFunc
extern printf
myFunc:
push ebp
mov ebp, esp
push STR2
push STR1
CALL printf
mov esp, ebp
pop ebp
ret
note that relative address of label of another
section (.rodata) is put in “[…]”
note that relative address of external function
(printf) is not resolved in assembler step (would
be resolved after linking by gcc with main.c file)
func.lst listing file
> gdb func.out
Producing a listing file – example 2
func.lst listing file
gdb run with executable func.out
print EIP register to examine binary code