background knowledge
One. The three working modes of the 80x86 processor: real mode, protection mode, virtual 86 mode.
1. Three models
2. The respective features of the three modes (addressing space, memory usage, register usage, priority, interrupt protection, privileged directive, etc.)
two. Windows Memory Management
1. Can I use 4G memory in each program in Win32 assembly?
2. Why can't I see CS, DS, ES, and SS segment registers in Win32 assembly code?
3. What is the famous "640KB Limit" under DOS?
three. 80386 memory paging mechanism
1. In the protection mode, the segment selector offset address is referred to as a linear address, then the linear address is the physical address?
2. Implementation of virtual memory.
3. The Windows operating system has set the correct descriptor for the code segment, data segment, and stack segment of the user program, and the user does not have to care about the segment register.
four. Personal protection of Windows
1.80386 exception and interrupt treatment.
Why didn't I INT instructions in Win32? In fact, calling the API is interrupted.
2.80386 protection mechanism
A. Type check. Readable can be written
B. Page type check. Readable writable
C. Access the level check when data. Access priority
D. Control the inspection of the transfer. Priority problem
E. The inspection of the instruction set. Privileges and sensitive instructions
F. Protection of I / O operations.
Programming environment
One. Knife and gun
Code Writing Tools: Masm32 Package and ASM for Editplus
Resource Editor: VC Resource Editor
two. Usage of ml.exe, link.exe and nmake
three. Set the batch file for environment variables
@echo off
Set include = x: / masm32 / include
SET lib = x: / masm32 / lib
SET PATH = x: / masm32 / bin;% PATH%
Echo on
Understand Win32 assembler structure
One. Mode definition:
.386 // instruction set
.Model flat, stacall // mode
Option Casemap: None // Format
two. Definition of the paragraph: There are several paragraphs in Win32 assembly for use.
Data segment
.DATA defined data variable
.DATA? Unesented data variable (can allocate space as situation, save program size)
.const constant
Code segment
.code
three. The end of the program and the entrance address
Say, I still remember that Zhang Yue once asked me when I started learning Win32 compilation: "Is there a main () function in the design of WINDOWS assembly program?" I didn't agree with: "Yes". Now think about it is cold. I don't know how to learn more, I'm being put ~!
In fact, there is no main () function in the C language in Win32 assembly, and the compiler in C is the default to put the main () function as the entry address of the program and execute. But in the assembly, this situation is not, you need to specify the entrance address, which is made by the last sentence in the program: End start is done. The identifier behind the end is the entrance address of the program!
four. Note and wrap
A strict programmer is a good habit.
The comments in the assembly source are ";" start. When a line also displays the code that is not a sever program, use "/" to indicate the wrap.
Attached: a simple Hello World! Program
.386
.MODEL FLAT
Option CaseMAP: NONE
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>
Include file definition
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>
INCLUDE Windows.inc
INCLUDE User32.inc
INCLUDELIB USER32.LIB
INCLUDE KERNEL32.INC
IncludeLib kernel32.lib
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>
Data segment
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>
.DATA
SZCAPTION DB 'A Messagebox!', 0
Sztext DB 'Hello World!', 0
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>
Code segment
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>
Start:
Invoke Messagebox, Null, Offset Sztext, Offset Szcaption, MB_OK
Invoke EXITPROCESS, NULL
; >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>
End Start
Fives. Call API
Use Invoke. The Invoke directive is not a 386 processing instruction, but a pseudo command of the MASM compiler. The API function has a return value, and the return value type is only one for assemblers: DWORD, it is always in Eax.
There are two API functions associated with string: one is to process the ANSI character set, and one is to process Unicode character sets.
Number, variable and data structure
One. Numeral: When you want to jump to another location, you need to have a logo to indicate a new location, this is the label. By placing a label in front of the destination address, you can use the label in the instruction instead of direct use of the address. @@usage of
two. Global variables and local variables: global variables are placed in .DATA and .DATA? The use of local variables is conducive to program module packages in the big project. The local variable is placed in the stack. Masm provides support for local variables in local variables in the MASM. RTLZEROMEMORY This API function initializes local variables.
three. Data Structure: The Assume Demograph preserves the register as a structural pointer.
Mov ESI, Offset STWNDCLASS
Assume ESI
Tr WNDClass
MOV EAX, [ESI] .lpfnwndproc
...
Assume ESI: Nothing
four. Get the address of the variable. Global variable: OFFSET Pseudo Directive; Local Variable: Lea, Note: Use AddR! And the ADDR instruction can only be used in Invoke. And can't make it before addr
