/* personal notes of renzo diomedi */

~ 00011001 ~



For each operation that is performed in the processor, there must be a mechanism to determine whether the operation was successful or not. The processor flags are used to perform this function.

The control bus is used to synchronize the functions between the processor and the individual system elements.

C7 45 FC 01 00 00 00

defines the opcode C7, which is the instruction to move a value to a memory location.

The memory location is defined by the 45 FC modifier (which defines –4 bytes (the FC value) from the memory location pointed to by the value in the EBP register (the 45 value).

The final 4 bytes define the integer value that is placed in that memory location (in this case, the value 1).

the value 1 was written as the 4-byte hexadecimal value 01 00 00 00. The order of the bytes in the data stream depends on the type of processor used. The IA-32 platform processors use “little-endian” notation, whereby the lower-value bytes appear first in order (when reading left to right).

Then the blocks of 4 bytes ( ia32) or 8 byte ( ia64 or amd64) are placed from low address to high address.
Instead, exceptionally not so in Stack memory, where this order is reversed ( the first block 32 or 62 block is inserted on the higher address , then it flows to the lower address)

Other processors use “big-endian” order, whereby the higher-value bytes appear first in order.


x &var

print $reg

cpuid0.s , cpuidc.s

When the value of zero is placed in the EAX register, and the CPUID instruction is executed, the processor returns the Vendor ID string in the EBX, EDX , and ECX registers as follows:
❑ EBX contains the low 4 bytes of the string.
❑ EDX contains the middle 4 bytes of the string.
❑ ECX contains the last 4 bytes of the string.
The string values are placed in the registers in LITTLE ENDIAN format; thus, the first part of the string is placed in the lower bits of the register.

cpuid0 , cpuid1 , cpuid3

c.s , c

ph.c , ph.exe , c.as.c , c.as.exe , exa.c , exa.exe

The STACK consists of memory locations reserved at the end of the memory area allocated to the program. The ESP register is used to point to the top of the stack in memory. Data can be placed only on the top of the stack, and it can be removed only from the top of the stack.

Data is usually placed on the stack using the PUSH instruction. This places the data on the bottom of the memory area reserved for the stack and decreases the value in the stack pointer (the ESP register) to the location of the new data.

To retrieve data from the stack, the POP instruction is used. This moves the data to a register or memory location and increases the ESP register value to point to the previous stack data value. Passing function parameters on the stack

Before a function call is made, the main program places the required input parameters for the function on the top of the stack. Of course, the programmer must know the order in which the function is expecting the data values to be placed on the stack, but that is usually part of the function documentation. The C style requires placing parameters on the stack in reverse order from the prototype for the function. When the CALL instruction is executed, it places the return address from the calling program onto the top of the stack as well, so the function knows where to return.

The stack pointer (ESP) points to the top of the stack, where the return address is located. All of the input parameters for the function are located “underneath” the return address on the stack. Popping values off of the stack to retrieve the input parameters would cause a problem, as the return address might be lost in the process. Instead, a different method is used to retrieve the input parameters from the stack. This technique provides a method of accessing locations in memory based on the index value in a register. Because the ESP pointer points to the top of the stack (which contains the return address for the function), the function can use indirect addressing with the ESP register to access the input parameters without having to pop the values off of the stack. Each parameter can be indirectly accessed via the offset from the ESP register, without having to POP values off of the stack.

There is a problem with this technique, however. While in the function, it is possible that part of the function process will include pushing data onto the stack. If this happens, it would change the location of the ESP stack pointer and throw off the indirect addressing values for accessing the parameters in the stack. To avoid this problem, it is common practice to copy the ESP register value to the EBP register when entering the function. This ensures that there is a register that always contains the correct pointer to the top of the stack when the function is called. Any data pushed onto the stack during the function would not affect the EBP register value. To avoid corrupting the original EBP register if it is used in the main program, before the ESP register value is copied, the EBP register value is also placed on the stack.
Now the EBP register contains the location of the start of the stack (which is now the old EBP register value).

The first input parameter from the main program is located at the indirect addressing location 8(%ebp), the second parameter is located at the location 12(%ebp), and so on. These values can be used throughout the function without worrying about what other values are placed onto or taken off of the stack.

pushq %rbp # original value of BP to the top of the Stack

movq %rsp, %rbp # current SP to the BP

/*at the start of the function code another line is added */
/*to reserve a set amount of stack space for local variables*/
/* by subtracting the value from the ESP register*/

subq $16 , %rsp # INTO THE FUNCTION

# This code reserves 16 bytes to be used for local variables
# This space can be used by 1 quadword

if you place two 8-byte integer values onto the stack and then call a function, you must add 16 to the RSP register to CLEAN the DATA off of the stack:

pushq %rax
pushq %rbx
call func
addq $16, %rsp # IN MAIN PROGRAM

movq %rbp, %rsp # retrieve the original value stored in BP in SP
# otherwise RET could return to the wrong memory location

popq %rbp # restore the original BP register value
ret # program control is returned to the main program
# at the instruction immediately following where the function
# was called with the CALL instruction.

.type area, @function # in linux

.def @function # in windows

area_c.s , X

area64.s , f64.s

ld -o f64(.exe in Windows) f64.o area64.o exe

Home Page