Saturday, October 16, 2010

ShellCoder's Chapter ONE: Basic understanding of Assembly language.

If you are using the 32 bits operating system, the registers are used will be
%EBP: Base pointer; which is used to reference all the function parameters and local variables in the current stack frame
%ESP: Stack pointer; Always point to the last element on the stack;
%EIP: Instruction pointer; This holds the address of the next CPU instruction to be executed, and it's saved onto the stack as part of the CALL instruction. As well, any of the "jump" instructions modify the %EIP directly.

Accordingly, for the 64 bits operating system, the registers will be:
%RBP, %RSP, %RIP;

[sourcecode language="cpp" collapse="true"]
//Sat Oct 16 12:28:31 CDT 2010
#include <stdio.h>

int triangle(int width, int height)
{
int array[5] = {0,1,2,3,4};
int area;
area = width * height/2;
return (area);
}

int main(int argc, char** argv)
{
printf("%d\n", triangle(1.0, 2.0));
return 0;
}
[/sourcecode]

[AT&T syntax:]

[sourcecode collapse="true"]
0000000000400524<triangle>:
400524: 55                      push %rbp
400525: 48 89 e5 mov %rsp,%rbp
400528: 89 7d dc mov %edi,-0x24(%rbp)
40052b: 89 75 d8 mov %esi,-0x28(%rbp)
40052e: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%rbp)
400535: c7 45 e4 01 00 00 00 movl $0x1,-0x1c(%rbp)
40053c: c7 45 e8 02 00 00 00 movl $0x2,-0x18(%rbp)
400543: c7 45 ec 03 00 00 00 movl $0x3,-0x14(%rbp)
40054a: c7 45 f0 04 00 00 00 movl $0x4,-0x10(%rbp)
400551: 8b 45 dc mov -0x24(%rbp),%eax
400554: 0f af 45 d8 imul -0x28(%rbp),%eax
400558: 89 c2                   mov %eax,%edx
40055a: c1 ea 1f shr $0x1f,%edx
40055d: 8d 04 02 lea (%rdx,%rax,1),%eax
400560: d1 f8                   sar %eax
400562: 89 45 fc mov %eax,-0x4(%rbp)
400565: 8b 45 fc mov -0x4(%rbp),%eax
400568: c9 leaveq
400569: c3 retq
[/sourcecode]

When entering into the new function,

  1. Need to restore the current value (address) that %RBP pointed to by using Push %RBP; Thus, the function will run LOCALLY;

  2. Assign the top of the stack frame's value to the %RBP: Mov %rsp, %rbp;

  3. Then, restore those two arguments:

    • mov    %edi,-0x24(%rbp);

    • mov    %esi,-0x28(%rbp)



  4. Then assign those five values to the array:

    • movl $0x0,-0x20(%rbp)

    • movl $0x1,-0x1c(%rbp)

    • movl $0x2,-0x18(%rbp)

    • movl $0x3,-0x14(%rbp)

    • movl $0x4,-0x10(%rbp)



  5. ...

The following figure will better illustrate the memory management of the program:

No comments :