introduction to assembly language programmingkyoungsoo/ee209_2010/... · ffffffff 00000000 the...
TRANSCRIPT
Introduction to Assembly
Language Programming
argcargv[0]argv[1]
Env VarsPgm Name
0
argv[n]
FFFFFFFF
00000000
The ProgramBreak
…
Text
Rodata
Data
BSS
Heap
Stack
.text CODE SECTION
.rodata DATA SECTION
.data DATA SECTION
.bss DATA SECTION
.rodata holds read-only global data
(string literals e.g. “Hello World!\n”)
.data global read/write data
(e.g. int i = 0;)
.bss uninitialized global variables and
uninitialized global static variables
(all set to zero)
2
Sections
• All global variables are stored in DATA
section
• Stack is used to store local variables
• Let‟s look at hello.s
3
hello.s
4
.section “.text” ## make .text the current section
.globl main ## declare main
.type main,@function ## mark main function for linker
main:
## Initializing main
pushl %ebp
movl %esp, %ebp
## Calling printf
pushl $cGreeting
call printf
addl $4, %esp
## Exiting main
movl $0, %eax
movl %ebp, %esp
popl %ebp
ret
hello.s
5
.section “.text”
.globl main
.type main,@function
main:
## Initializing main
pushl %ebp ## stack init for main()
movl %esp, %ebp ## Same as above
## Calling printf
pushl $cGreeting
call printf
addl $4, %esp
## Exiting main
movl $0, %eax
movl %ebp, %esp
popl %ebp
ret
hello.s
6
.section “.text”
.globl main
.type main,@function
main:
## Initializing main
pushl %ebp
movl %esp, %ebp
## Calling printf
pushl $cGreeting ## „push‟ argument in reverse order
call printf
addl $4, %esp ## „pop argument out of printf
## read eax for return value of printf (if required)
## Exiting main
movl $0, %eax
movl %ebp, %esp
popl %ebp
ret
hello.s
7
.section “.text”
.globl main
.type main,@function
main:
## Initializing main
pushl %ebp
movl %esp, %ebp
## Calling printf
pushl $cGreeting
call printf
addl $4, %esp
## Exiting main
movl $0, %eax ## setting eax to 0 (return 0)
movl %ebp, %esp ## Stack „unrolled‟
popl %ebp ## Stack „unrolled‟
ret
How to compile…• Compile hello.c to hello.s using gcc209
$ gcc209 hello.c –S
• Compare both hello.s files
• Now use as to make object files$ as hello.s –o hello.o
• Use gcc209 to link the binary$ gcc209 hello.o –o hello
• Compile hello.c with debugging symbols. Compare both hello.s files again$ gcc209 hello.c –g –S
8
uppercase.s
• Let‟s look at uppercase.s file
• Modify the program so that it only prints out
capitalized characters in the range of „a‟ and „z‟
• Solution will be shown in next precept
9
After Tuesday‟s Class
• Now we know how functions work
• Let‟s revisit hello.s and see if the lines we
skipped make sense.
10
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
FAKE
ADDRS
eip
ebp1
esp
11
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp1
espebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
12
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
espebp1
“MAIN’S
STACK
BASE”
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip FAKE
ADDRS
13
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
esp
ebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
cGre...
14
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
esp
ebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
cGre...
call =
reg[esp] = reg[esp] – 4
mem[reg[esp]] = reg[eip]
reg[eip] = “printf”
ARG1
15
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
esp
ebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
cGre...
call =
reg[esp] = reg[esp] – 4
mem[reg[esp]] = reg[eip]
reg[eip] = “printf”
0x0565
RET
ADDR
ARG1
16
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
esp
ebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
FAKE
ADDRS
cGre...
call =
reg[esp] = reg[esp] – 4
mem[reg[esp]] = reg[eip]
reg[eip] = “printf”
0x0565
RET
ADDR
ARG1
printf:
...
...
eip
17
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
esp
ebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
cGre...
ret =
reg[eip] = mem[reg[esp]]
reg[esp] = reg[esp] + 4
0x0565
RET
ADDR
ARG1
18
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
esp
ebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
cGre...
ret =
reg[eip] = mem[reg[esp]]
reg[esp] = reg[esp] + 4
ARG1
19
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
espebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
20
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
ebp2
espebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
eax should hold the return value of main()
21
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
espebp1
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575
eip
FAKE
ADDRS
ebp1
22
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
esp
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575eip
FAKE
ADDRS
ebp1
23
FFFFFFFF
00000000
Text
Rodata
Data
BSS
Stack
main:
pushl %ebp 0x0555
movl %esp, %ebp 0x0559
pushl $cGreeting 0x055D
call printf 0x0561
addl $4, %esp 0x0565
movl $0, %eax 0x0569
movl %ebp, %esp 0x056D
popl %ebp 0x0571
ret 0x0575eip
FAKE
ADDRS
ret =
reg[eip] = mem[reg[esp]]
reg[esp] = reg[esp] + 4
24
Control Unit
Arithmetic Logic Unit (ALU)
Registers
EIP
EFLAGS
ESP
EBP
EDI
ESI
EDX
ECX
EBX
EAX
CPU CHIP