Beginning Assembly, Part 2 The Assembling! Poorly Presented by

Download Report

Transcript Beginning Assembly, Part 2 The Assembling! Poorly Presented by

Beginning Assembly, Part 2
The Assembling!
Poorly Presented by
Gleep
Dicks
•
•
•
•
•
How does Dicks work?
Zenity dependancy
Pushes text params onto the stack
Stores mem addresses of params in registers
Calls execve to start Zenity and passes regs to
Zenity with params for pop-up text box
Binary Coded Decimal
• Represents a decimal number by coding each
digit in binary
• Unpacked BCD is one byte per digit
• 00000011 00000100 00001001
• 3
4
9
• Packed BCD is one byte per two digits
• 00100100 10010001
• 2
4
9
1
Floating Point Maths
• Floating point ops use special registers ST(0) thru
ST(7)… 80 bit registers for data
• 1 - 16 bit control register
• 1 - 16 bit status register
• 1 - 16 bit tag register to describe contents of data
regs
• 1 - 48 bit FIP register for next floating point op
• 1 - 48 bit FDP FPU data pointer
• 1 - 11 bit Opcode register
Floating Point Reg Ops
• The floating point registers act as a stack.
ST(0) is top of stack.
• Fld src – loads 80 bit src onto FP stack
• Fst dst – moves top of FP stack into dst
• Info all will show all FP and SSE registers
Floating Point Maths
((55.24 / 31) + (83.11 * 2.4)) / ((14.35 * 9) –
(251.5 / 77.62)) = OMGLOLWUT?!?!
Single Instruction Multiple Data
• Aka – MMX, SSE, 3DNow!
• MMX aliases the 8 FPU data regs as MM0-7
for 64 bit packed integers
• SSE includes 8 new 128 bit regs XMM0-7 for
128 bit packed integers and floating point data
• Useful for processing large amounts of data
with one instruction
SIMD Continued
• MMX regs can store 8x8 bit byte ints, 4x16 bit
word ints, or 2x32 bit double word ints
• Movq src, dst – where dst is %mm0-7
• SSE regs can store 16x8 bit byte packed ints, 8x16
bit word packed ints, 4x32 bit double word
packed ints, or 2x64 bit quad word ints
• Movdqu src, dst – moves unaligned data into
%xmm0-7
• Movdqa src, dst – moves aligned data. Using this
with unaligned data will throw an error.
SIMD Continued
• This was supposed to be a meaningful slide
but then I got bored with SIMD.
• Research it yourself if you need to code it in
natively.
C structures in ASM
•
•
•
•
For Loops
If/Then
While
Switch
Using C Libraries in Asm
• When using C functions in asm, need to link in
C libraries containing the functions
• Ld –dynamic-linker /lib/ld-linux.so.2 –o <exe>
-lx <obj file> - where x is /lib/libx.so
• /lib/ld-linux.so.2 is a dynamic loader
• -lc option would link to /lib/libc.so
Compiling Asm with GCC
• Gcc –o <exe> <asmfile>
• Automagically links everything
• Must change _start label to main
Unconditional Branching
• JMP <operand>
–
–
–
–
–
–
3 types… Short, Near, Far
Equivalent of Goto:
Short JMP is less that 128 bytes
Far JMP is to another code segment
Near JMP is everything else
Takes one memory label as a parameter
• Call <operand>
– Equivalent to function call in C
– Call pushes EIP to stack
– Call returns to main with the RET command
Unconditional Branching Cont’d
• Interrupt
– Hardware – used for I/O functions
– Software
•
•
•
•
Used for accessing kernel functions
In Linux, uses Interrupt 0x80
In Windows, uses Interrupt 0x21
Parameters in registers determine which function is
being called with what parameters
• Ex: MOVL $1, %EAX
– MOVL $0, %EBX
– INT $0x80
Conditional JMPs
•
•
•
•
JZ <label> – JMP if ZF is set
JNZ <label> – JMP if ZF is not set
JGE <label> – JMP if equal or greater
JLE <label> - JMP if less than or equal
• There’s a bunch of em… use the Googles
Function Calls
• .type <function label>, @function
• <function label>:
• Ret
• Call <function label>
• Functions can be defined anywhere within asm file
• Return values can be returned in regs or global vars
• Can put functions in separate file, just add .globl
<function label> statement after .type statement, and
add function object file to linker statement
Function Prologue and Epilogue
Prologue
– Function:
• Pushl %ebp
• Movl %esp, %ebp
• Subl $8, %esp
• Epilogue
• Movl %ebp, %esp
• Popl %ebp
• Ret
Enter and Leave
• Enter #bytes – used to perform function call
prologue
• Leave – used to perform function call epilogue
Main Process Stack Frame Base
Main Process executes
Main Process calls New Function
Call places RET addr on stack
Prologue pushes EBP to stack
Prologue sets EBP to ESP
Prologue decrements ESP to make
room for variables
New Function loads variables
New Function executes
Epilogue sets ESP to EBP
Epilogue pops old EBP from stack
RET pops old RET address to EIP
Main Process resumes
EBP
Main Process Variable 1
Main Process Return Address
Main Process Old EBP Address
New Function Variable 1
New Function Variable 2
ESP
System Calls
• Can be found in /usr/include/asm/unistd.h
• Look up the needed input and return values in
man 2 <syscall>
• Can use strace to see background syscalls
when running a program
• Strace –p <PID> will attach strace to a running
process
• Use man 3 <c lib func> to see C function calls
Inline Assembly
•
•
•
•
You can embed assembly within C programs
Asm ( “code goes here”);
Must enclose the code in quotes
Can use the “volatile” keyword to tell compiler
not to optimize it
• Must use \n newline char if embedding more
than one command
• If coding ANSI C, use __asm__ instead
• Asm ( “movl $1, %eax\n\t”
“movl $0, %ebx\n\t”
“int $0x80”);
Calling Libraries
• If using asm libraries in C code, add the asm
files onto compile statement
• Gcc –o testprog testprog.c func1.s func2.s
• Can also assemble code into object file then
add the object file to gcc
Making Libraries
• Can create a static library using the Ar command
to add object files into an archive
• Static library name syntax Libx.a
• Ar r libmyfunc.a func1.o func2.o func3.o
• Can see what is contained in a library using nm
command
• Nm –s libmyfunc.a
• Compile by including the libx.a file on gcc
command
Making shared libraries
• Shared library name syntax libx.so.<version>
• Create shared library with –shared option on
gcc
• Gcc –shared –o libmyfunc.so.1 func1.o
func2.o func3.o
• To compile using shared library, in same dir as
program file use –L. option
• Gcc –o testfunc –L. –lmyfunc testfunc.c
Using shared libraries
• The dynamic loader must know where to find
any libraries needed for program function
• Change LD_LIBRARY_PATH environment
variable
• Export LD_LIBRARY_PATH=
“$LD_LIBRARY_PATH:.”
• Or change the /etc/ld.so.conf file
• After adding path to ld.so.conf, must run
ldconfig as root