Download IA-32 Assembly Language Reference

IA-32 Assembly Language
Reference
NASM style
March 15, 2016
Prepared by:
Dr. Nicholas M. Boers
[email protected]
AX
AL
32 bits
EBX
BH
BX
BL
ECX
CH
CX
CL
EDX
DH
DX
DL
ESI
EDI
general-purpose registers
AH
Declare symbols with initialized data in this section.
byteval
shortval
longval
strval
shortarr
floatval
pi
array
section .data
db 1
; 1 byte
dw 256
; 2-byte word
dd 65536
; 4-byte double word
db "hello", 10 ; byte array: "hello n"
dw 256,257,258 ; 3 × word (array)
dq 1.e-9
; uad word: 0.000000001
dt 3.141592653589793238462
times 10 dd 0 ; 10 × dbl. word (array); init 0
db: declare byte (integer)
dw: declare word (2 bytes, integer)
dd: declare double word (4 bytes, integer or single-precision float)
dq: declare quad word (8 bytes, integer or double-precision float)
dt: declare ten bytes (extended precision float)
times x y : equivalent to y1 ; y2 ; . . . ; yx
Registers
EAX
.data declarations
ESP: stack pointer
EBP: base pointer
Status register/condition codes
Flags:
CF: carry: instruction caused carry out of MSB
ZF: zero: instruction yielded 0
SF: sign: instruction yielded negative value
OF: overflow: instruction caused a 2’s complement overflow
Importing/exporting symbols
To export symbols so that they are accessible from other .o files,
declare them as global.
global symbol1 ,symbol2 ,. . .,symboln
To gain access to the exported symbols defined in another .o file,
declare them as external.
extern symbol1 ,symbol2 ,. . .,symboln
.bss declarations
Declare symbols with uninitialized data (reserved memory) in this
section.
jmp lbl
je lbl
jne lbl
js lbl
jns lbl
jg lbl
jge lbl
jl lbl
jle lbl
ja lbl
jb lbl
reserve x bytes
reserve x words
reserve x double words
reserve x quad words
reserve x ten-byte blocks
IA-32 instructions (selected)
sal dst, src
sar dst, src
shr dst, src
xor dst, src
and dst, src
or dst, src
inc dst
dec dst
neg dst
not dst
lea dst, src
cdq
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
equ const
; define symbol to const
mov dst, src
add dst, src
sub dst, src
imul op
dst = src
dst = dst + src
dst = dst - src
byte op → ax = al × op
word op → dx:ax = ax × op
dword op → edx:eax = eax × op
dst = dst
shift1
dst = dst
shift (arith.)1
dst = dst
shift (logic.)1
dst = dst ⊕ src
dst = dst & src
dst = dst | src
dst = dst + 1
dst = dst - 1
dst = -dst
dst = ∼dst
dst = addr. of src
edx = sign extension of eax
cmp src1 , src2 ; set CC based on src1 - src2
test src1 , src2 ; set CC based on src1 & src2
enter m, n
leave
; reserve m bytes for level n
; reverse last enter
jump
jump
jump
jump
jump
jump
jump
jump
jump
jump
jump
unconditional
e ual
not e ual
negative
non-negative
greater (signed)
greater/e ual (signed)
less (signed)
less/e ual (signed)
above (unsigned)
below (unsigned)
sete/setz dst
; set dst (byte) if e ual/zero2
setne/setnz dst ; set dst (byte) if not e ual/not zero2
push src
pop dst
; sub esp, 4 (or 2); mov [esp] = src
; mov dst, [esp]; add esp, 4 (or 2)
call lbl
ret
; push addr. of next inst.; jmp lbl
; eip = [esp]; add esp, 4
Note that $, useful with equ, evaluates to the position at the beginning of the line containing the expression.
Addressing modes (select)
• val
(immediate)
constant integer value
• [R ]
(normal)
value at address in register R
• [ R + d]
(displacement)
value at address R + constant offset d
• [Rb + s ∗ Ri + d]
(indexed)
value at address base register Rb + scale factor (1, 2, 4, or 8)
s × index register Ri (̸= esp) + constant offset d
section .bss
bytevals resb 64
; byte array (64 bytes)
wordvals resw 1
; word (1 word)
dwordvals resd 2
; double word array (2 dwords)
realvals resq 10
; dbl. prec. float array (10 reals)
resb:
resw:
resd:
resq:
rest:
;
;
;
;
;
;
;
;
;
;
;
Examples:
mov
mov
mov
mov
mov
mov
eax, 10
eax, [ebx]
[var], ebx
eax, [esi-4]
[esi+eax], cl
edx, [esi+4*ebx]
;
;
;
;
;
;
eax = 10
eax = *ebx
*var = ebx (var holds ptr.)
eax = *(esi-4)
*(esi+eax) = cl
edx = *(esi+4*ebx)
Operand sizes
Register size typically implies the desired width (8-, 16-, or 32-bits).
For ambiguous cases, use size directives: byte, word, and dword for
1-, 2-, and 4-byte values, respectively.
Examples:
mov byte [ebx], 2
mov word [ebx], 2
mov dword [ebx], 2
1 For
; 1-byte value
; 2-byte value
; 4-byte value
these instructions, the shift amount must be an immediate
value or be in register cl. 2 There are many similar instructions, e.g.,
seta, setbne, ….
Calling system calls
Source layout
Legacy procedure:
sample-bare.s: if linking with ld:
1. store identifier and arguments in registers,
2. execute int 0x80, which generates software interrupt 0x80
and causes the program to request a service from the kernel,
and
3. retrieve the return value from eax.
Example: read:
mov
mov
mov
mov
int
edx,
ecx,
ebx,
eax,
0x80
5
buf
0
3
;
;
;
;
;
argument 4: 5 bytes
argument 3: pointer to buf
srgument 2: stdin (0)
argument 1: read syscall ( 3)
execute syscall
;; sample-bare.s: skeleton code (ld)
section .data
;; data declarations go here
section .text
global _start
_start: ;; instructions go here
mov ebx, 0 ; 0 exit status
mov eax, 1 ; exit (syscall
int 0x80
; syscall
sample-io.s: if linking with ld via gcc:
;; sample-io.s: skeleton code (gcc)
section .data
;; data declarations go here
Calling C functions
In the cdecl calling convention,
main:
•
•
•
•
caller saves eax, ecx, and edx (if necessary),
caller pushes arguments on the stack (reverse order),
call to callee,
callee will save integer/pointer return values in register eax,
and
• caller cleans up the stack.
extern printf
; declare printf
section .data
db "hello, ɚ %s",10,0
db "world",0
; message with n 0
; argument with 0
section .text
...
push msgArg
push msg
call printf
add esp, 8
...
section .text
global main
;; instructions go here
mov eax, 0
; 0 return value
ret
; return
Using assembly with GNU Make
Linking with ld:
AS=nasm
ASFLAGS=-f elf
Example (link with ld via gcc):
msg
msgArg
1)
; push argument
; push argument
2
1
; clean up the stack
Writing functions
Code at the beginning (prologue):
push ebp
; save caller s stack frame (ebp)
mov ebp, esp
; make a new stack frame
;;; save caller-save registers (if necessary)
sub esp, X
; allocate X bytes for local variables
using ld to link: assembled .o must have global _start
LD=ld
LDFLAGS=-m elf_i386 -e _start
prog: prog.o
$(LD) $(LDFLAGS) -o $@ $^
prog.o: prog.s
Linking with ld via gcc:
write
0x04
open
0x05
close
0x06
waitpid
0x07
creat
0x08
link
0x09
unlink
execve
0x0a
0x0b
chdir
time
chmod
0x0c
0x0d
0x0f
stat
0x12
lseek
0x13
getpid
fstat
0x14
0x1c
kill
brk
0x25
0x2D
b:
c:
d:
b:
c:
b:
unsigned int fd
const char *buf
size_t count
const char *filename
int flags, d: int mode
unsigned int fd
b:
d:
b:
c:
b:
c:
pid_t pid, c: int *stat_addr
int options
const char *pathname
int mode
const char *oldname
const char *newname
b: const char *pathname
b: char *, c: char **
d: char **
esi: struct pt_regs *
b: const char *filename
b: time_t *tloc
b: const char *filename
c: mode_t mode
b: char *filename
c: struct __old_kernel_stat *
statbuf
b: unsigned int fd
c: off_t offset
d: unsigned int origin
b: unsigned int fd
c: struct __old_kernel_stat *
statbuf
b: int pid, c: int sig
b: unsigned long brk
Tools
readelf: display information about ELF files
AS=nasm
ASFLAGS=-f elf
readelf -a ./file
using ld via gcc to link
CC=gcc
LDFLAGS=-m32
prog: prog.o
prog.o: prog.s
objdump: display information from object files
objdump -M intel-mnemonic -D ./file
nm: list symbols from object files
System calls (selected)
Code at the end (epilogue):
Name
eax
e[bcd]x, esi, edi
;;; restore caller-save registers (if necessary)
mov esp, ebp
; reset stack to start of frame
pop ebp
; restore caller s stack frame (ebp)
exit
fork
read
0x01
0x02
0x03
b:
b:
b:
c:
int errcode
struct pt_regs *
unsigned int fd
char *buf, d: size_t
size: list section sizes and total size
gdb: the GNU debugger
Create the file ~/.gdbinit containing the following:
set disassembly-flavor intel
Run your program in GDB using the command line:
gdb ./file
Some of the sources: “A Tiny Guide to Programming in 32-bit x86 Assembly Language”, www.cs.
virginia.edu/~cs216/Fall2005/notes/x86- doc.pdf; “IA32 Reference Sheet (GNU assembler format)” https://web.stanford.edu/class/cs107/IA32_Cheat_Sheet.pdf