X86 assembly language learning notes (2)

xiaoxiao2021-03-06 62

X86 assembly language learning Notes (2) Author: BadcoffeeEmail: blog.oliver@gmail.com2004年 November ORIGINAL: http://blog.9cbs.net/yayong

Copyright: Please be sure to indicate the original source of the article in hyperlink, author information and this statement in the form of the author. The author will modify the error at any time and publish the new version on its own Blog site. Strictly speaking, this document is more focused on the knowledge of C language and C compiler. If it involves basic assembly language, you can refer to the relevant document. from

X86 assembly language learning incoming (1)

Since the author's blog, I have received a lot of netizens' affirmation and encouragement, and there is also a enthusiastic netizen pointed out that the error has been updated on Blog after the error has been discovered in the document. Previous article leads the following concepts by analyzing a simplex C program:

Stack frame stack frame and sfp stack frame pointer stack aligned stack

Calling convention call agreement and ABI (

Application Binary Interface Application Binary Interface This chapter will learn more about these concepts through further experiments. If you still don't understand these concepts, you can refer to

X86 assembly language learning incoming (1)

. 1. Stack allocation of local variables The upper article has been analyzed with the simplest C program. Here we analyze how the C compiler handles the allocation of local variables, give this, give this procedure: #vi test2.c Int Main ) {INT i; int J = 2; i = 3; i = i; Return i j;} Compiles the program, generates binary files, and uses MDB to observe the status of Stack in the run:

#gcc test2.c -o test2 # mdb test2 loading modules: [libc.so.1]> main :: dis be: pushl% EBP

Main 1: MOVL% ESP,% EBP; Main to Main 1, create Stack Frame Main 3: Subl $ 8,% ESP; for local variable I, J assign stack space, and ensure that the stack 16 bytes MAIN 6 : Andl $ 0xF0,% ESP

Main 9: MOVL $ 0,% EAX

Main 0xe: Subl% EAX,% ESP

Main 6 to main 0xe, again guarantee the 16-byte alignment main 0x10: MOVL $ 2, -8 (% EBP); initializing the local variable J is 2 main 0x17: MOVL $ 3, -4 (% EBP) ); Assigning a local variable I to 3 main 0x1e: LEAL-4 (% EBP),% EAX; put the address of the local variable i into the EAX register main 0x21: Incl (% EAX); i main 0x23 : MOVL-8 (% EBP),% EAX; loads j's value into Eax Main 0x26: addl -4 (% EBP),% Eax; i j stores Eax, as return value main 0x29 : Leave; Undo STACK FRAME Main 0x2a: Ret; main function returns

>> Main 0x10: b; at address main 0x10

Set breakpoint> main 0x1e: b; in main 0x1e set breakpoint> main 0x29: b; in main 0x1e set breakpoint> main 0x2a: b; set breakpoint in Main 0x1e

The four commands of the following MDB are entered in one line, and the intermediate semicolon spaced apart, the meaning of the command is given in the comment:>: r;

The value of EAX, current 0>: C; : C;

Continue to run the program, print 16 bytes stack and EBP, EAX content MDB: Stop at main 0x29 mdb: target stopped at: main 0x29: Leave; run to the breakpoint main 0x29 stop, calculation has been completed, will revoke Stack frame 0x8047db0: 0x8047db0: 2; this is the variable J, 4 bytes, the value of 2, here is the top of the stack, the value of the ESP is 0x8047db0 0x8047db4: 4; this is the variable I, 4 bytes after I , value is 3 0x8047db8: 0x8047dd8; this is _start of SFP, 4 bytes 0x8047dbc: _start 0x5d; EIP after it is returned _start 0x8047dc0: 1 0x8047dc4: 0x8047de4 0x8047dc8: 0x8047dec 0x8047dcc: _start 0x35 0x8047dd0: _fini 0x8047dd4: ld. SO.1 `atexit_fini 0x8047dd8: 0 0x8047ddc: 0 0x8047de0: 1 0x8047de4: 0x8047eb4 0x8047de8: 0 0x8047dec: 0x8047eba 8047db8; this is the value of the main EBP register, the SFP 6 of Main The value of EAX, that is, the return value of the function, currently 6

>: C;

>: s;

Observation and analysis of registers and stacks at rules when MDB can derive access and allocation and release methods in the stack: 1. Allocation of local variables, can minus the number of bytes of bytes from the ESP SUBL $ 8 ,% ESP 2. Local variable, can be accessed through the Leave instruction Leave 3. Access to the partial variable, can minus the offset MOVL-8 (% EBP),% EBP),% EAX

AddL -4 (% EBP),% EAX problem: How to make a stack when there is more than 2 local variables?

In the last article, mention SUBL $ 8,% ESP statement except for the assignment stack space, there is still a role to the stack. So in this case, since I and J are 8 bytes, if there is more than 2 local variables, how to meet spatial allocation and stacks at the same time? 2. The stack assignment of more than two local variables In the previous C program, increase the local variable definition K, the program is as follows:

# vi test3.c int main () {INT i, j = 2, k = 4; i = 3; i = i; k = i j k; return k;} After compiling the program, use MDB The following results: # gcc test3.c -o test3 # mdb test3 loading modules: [libc.so.1]> main :: dis be: pushl% EBP main 1: movl% ESP,% EBP; main To main 1, create Stack Frame Main 3: Subl $ 0x18,% ESP; for local variables I, J, K assigns stack space, and ensure that the stack 16 bytes aligned main 6: Andl $ 0xf0,% ESP main 9: MOVL $ 0,% EAX Main 0xe: Subl% EAX,% ESP; Main 6 to Main 0xe, Keep Stack 16 bytes MAIN 0x10: MOVL $ 2, -8 (% EBP); J = 2 Main 0x17: MOVL $ 4, -0xc (% EBP); k = 4 main 0x1e: MOVL $ 3, -4 (% EBP); i = 3 main 0x25: Leal -4 (% EBP),% EAX; i's address is loaded into Eax Main 0x28: incl (% EAX); i main 0x2a: MOVL-8 (% EBP),% EAX; load J to Eax Main 0x2d: MOVL-4 (% EBP),% EDX; load i into EDX Main 0x30: addl% EAX,% EDX; J i, the result is stored in EDX Main 0x32: Leal -0xc (% EBP),% EAX; load K's address Go to EAX Main 0x35: addl% EDX, (% EAX); i j k, the result is stored in the address EBP-0XC k, MAIN 0x37: MOVL-0XC (% EBP),% EAX; the value of K Load Eax, as return value main 0x3a: Leave; revoked Stack frame main 0x3b: return; main function returned> Quality: Why is 3 variables allocated 0x18 bytes of stack space? When 2 variables are, the instructions of the stack space are:

Subl $ 8,% ESP, when three local variables, the commands that allocate stack spaces are: Subl $ 0x18,% ESP 3 integer variables only need 0xc bytes, why do 0x18 bytes actually assigned? The answer is: Keep the 16-byte stack alignment. In

X86 assembly language learning incoming (1)

In the case, it has shown that the default compilation of GCC is to be 16-bytes stack alignment, SUBL $ 8,% ESP will make the stack 16 bytes, while 8-byte space can only meet 2 local variables, if the 4-byte is allocated If you meet the third local variable, the stack address is no longer 16-byte alignment, while the closer to the space needs and keep the 16-byte stack alignment is 0x18. If each, each define a 50-byte and 100-byte character array, in this case, how many stack space actually assigned? The answer is 0x8 0x40 0x70, which is 184 bytes. Let's verify the following: # vi test4.c int main () {char str1 [50]; char str2 [100]; return 0;} # mdb test4 loading modules: [libc.so.1]> main :: disgu : Pushl% EBP Main 1: MOVL% ESP,% EBP Main 3: Subl $ 0xB8,% ESP; for two character array assignment stack space, while guarantees 16 bytes Align Main 9: Andl $ 0xF0,% ESP Main 0xc: MOVL $ 0,% EAX Main 0x11: Subl% EAX,% ESP Main 0x13: MOVL $ 0,% EAX Main 0x18: Leave Main 0x19: RET> 0xB8 = D; 16 Encorptor 10 184> 0x40 0x70 0x8 = x; expression calculation, result designation as 16 credit B8>

Question: What is the stack assignment order when defining multiple local variables? The order in which the local variable stack assignment is in the order of the variable declaration, the variables declared in the same line are in the order from left to right, in Test2.c, the variable declaration is as follows: INT I, J = 2, k = 4; MoVL $ 2, -8 (% EBP); J = 2 MOVL $ 4, -0xc (% EBP); K = 4 MOVL $ 3, -4 (% EBP)

i = 3 It is not difficult to see that the position in the stack of I, J, and K is shown below:

-------------------------- ------> High Address | EIP (_Start Function Return Address) | ---------------------------- | EBP (EBP of _start function EBP) | <------ Main function EBP pointer (Ie SFP frame pointer) ---------------------------- | i (EBP-4) | ----- ----------------------- | J (EBP-8) | ----------------- ----------- | K (EBP-0XC) | ---------------------------- ------> Low address Figure 2-13. Summary This time passed several test procedures, further understanding the distribution and release and location of local variables in the stack, and reviewing the following in the last article Concept: SFP Stack Frame Pointer Stack Aligned Stack The MDB tools provided by Solaris, intuitive observations in the MDB tools provided by Solaris, and the creation and revoking of the Stack Frame, according to the content given (Figure 2) -1 and Fig. 1-1), you can more clearly understand the Stack Layer in the IA32 architecture.

9cbs

New Post(0)