/* personal notes of renzo diomedi */
~ 00011001 ~
IA32
processor
For each operation that is performed in the processor, there must be a mechanism to determine whether
the operation was successful or not. The processor flags are used to perform this function.
The control bus is used to synchronize the functions between the processor and the individual system
elements.
C7 45 FC 01 00 00 00
defines the opcode C7, which is the instruction to move a value to a memory location.
The memory location
is defined by the 45 FC modifier (which defines –4 bytes (the FC value) from the memory location
pointed to by the value in the EBP register (the 45 value).
The final 4 bytes define the integer value that is
placed in that memory location (in this case, the value 1).
the value 1 was written as the 4-byte hexadecimal value 01 00 00 00.
The order of the bytes in the data stream depends on the type of processor used. The IA-32 platform processors
use “little-endian” notation, whereby the lower-value bytes appear first in order (when reading
left to right).
Then the blocks of 4 bytes ( ia32) or 8 byte ( ia64 or amd64) are placed from low address to high address.
Instead, exceptionally not so in Stack memory, where this order is reversed ( the first block 32 or 62 block is inserted on the higher address , then it flows to the lower address)
Other processors use “big-endian” order, whereby the higher-value bytes appear first in
order.
OPCODE
DATA
DIRECTIVES
x &var
print $reg
cpuid0.s , cpuidc.s
When the value of zero is placed in the EAX register, and the CPUID instruction
is executed, the processor returns the Vendor ID string in the EBX, EDX , and ECX registers as follows:
❑ EBX contains the low 4 bytes of the string.
❑ EDX contains the middle 4 bytes of the string.
❑ ECX contains the last 4 bytes of the string.
The string values are placed in the registers in LITTLE ENDIAN format; thus, the first part of the string is
placed in the lower bits of the register.
cpuid0 , cpuid1 , cpuid3
c.s , c
ph.c , ph.exe , c.as.c , c.as.exe ,
exa.c , exa.exe
The STACK consists of memory locations reserved at the end of the memory area allocated to the program. The ESP register
is used to point to the top of the stack in memory. Data can be placed only on the top of the stack, and it
can be removed only from the top of the stack.
Data is usually placed on the stack using the PUSH instruction. This places the data on the bottom of the
memory area reserved for the stack and decreases the value in the stack pointer (the ESP register) to the
location of the new data.
To retrieve data from the stack, the POP instruction is used. This moves the data to a register or memory
location and increases the ESP register value to point to the previous stack data value.
Passing function parameters on the stack
Before a function call is made, the main program places the required input parameters for the function
on the top of the stack. Of course, the programmer must know the order in which the function is expecting
the data values to be placed on the stack, but that is usually part of the function documentation. The
C style requires placing parameters on the stack in reverse order from the prototype for the function.
When the CALL instruction is executed, it places the return address from the calling program onto the
top of the stack as well, so the function knows where to return.
The stack pointer (ESP) points to the top of the stack, where the return address is located. All of the input
parameters for the function are located “underneath” the return address on the stack. Popping values off
of the stack to retrieve the input parameters would cause a problem, as the return address might be lost
in the process. Instead, a different method is used to retrieve the input parameters from the stack.
This technique provides a method of accessing locations in memory based on the index value in a register.
Because the ESP pointer points to
the top of the stack (which contains the return address for the function), the function can use indirect
addressing with the ESP register to access the input parameters without having to pop the values off
of the stack. Each parameter can be indirectly accessed via the offset from the ESP register, without having to POP values
off of the stack.
There is a problem with this technique, however. While in the function, it is possible that part of the function
process will include pushing data onto the stack. If this happens, it would change the location of the
ESP stack pointer and throw off the indirect addressing values for accessing the parameters in the stack.
To avoid this problem, it is common practice to copy the ESP register value to the EBP register when
entering the function. This ensures that there is a register that always contains the correct pointer to the
top of the stack when the function is called. Any data pushed onto the stack during the function would
not affect the EBP register value. To avoid corrupting the original EBP register if it is used in the main
program, before the ESP register value is copied, the EBP register value is also placed on the stack.
Now the EBP register contains the location of the start of the stack (which is now the old EBP register
value).
The first input parameter from the main program is located at the indirect addressing location
8(%ebp), the second parameter is located at the location 12(%ebp), and so on. These values can be used
throughout the function without worrying about what other values are placed onto or taken off of the
stack.
pushq %rbp # original value of BP to the top of the Stack
movq %rsp, %rbp # current SP to the BP
/*at the start of the function code another line is added */
/*to reserve a set amount of stack space for local variables*/
/* by subtracting the value from the ESP register*/
subq $16 , %rsp # INTO THE FUNCTION
# This code reserves 16 bytes to be used for local variables
# This space can be used by 1 quadword
.
code
.
if you place two 8-byte integer values onto the stack and then call a function, you must add 16
to the RSP register to CLEAN the DATA off of the stack:
pushq %rax
pushq %rbx
call func
addq $16, %rsp # IN MAIN PROGRAM
movq %rbp, %rsp # retrieve the original value stored in BP in SP
# otherwise RET could return to the wrong memory location
popq %rbp # restore the original BP register value
ret # program control is returned to the main program
# at the instruction immediately following where the function
# was called with the CALL instruction.
.type area, @function # in linux
.def @function # in windows
area_c.s , X
area64.s , f64.s
ld -o f64(.exe in Windows) f64.o area64.o exe
Home Page