jmp and loops memory operand move instruction array data related operation and directives

Sahar Mosleh California State University San Marcos

JMP and LoopsMemory OperandMove Instruction

Array Data Related Operation and Directives


JMP and Loop

• The CPU automatically loads and executes programs sequentially. As each instruction decoded and executed, the CPU has already incremented the instruction pointer to the offset of the next intrusion; it has also loaded the instruction in to its internal queue.

• But real life program are not that simple. What about IF statement, goto, and loops? They clearly require programs to transfer control to different locations within the programs.

• A transfer of the control, or branch is a way of alternating the order in which statements are executed. All program languages contain statements to do this. We divide such statement into two categories:


• Unconditional Transfer: The program branches to a new location in all cases; a new value is loaded into the instruction pointer, causing execution to continue at the new address. The JMP instruction is a good example.

• Conditional Transfer: The program branches if a certain condition is true. Intel provides a wide range of conditional transfer instructions that can be combined to make up conditional logic structures. The CPU interprets True/ False conditions based on content of the ECX and Flags register. Loop is a good example.


JMP Instruction

• The JMP instruction causes an unconditional transfer to a target location inside the code segment. The location must be Identified by a code label, which is translated by the assembler into an address.

JMP targetLabel

• When the CPU executes this instruction, the offset of targetLable is moved into the instruction pointer, causing execution to immediately continue at the new location.


Loop

• The JMP instruction provides an easy way to create a loop, Simply by jumping to a label at the top of the loop:

top:..Jmp top ; Repeat the endless Loop

• JMP is unconditional, so the loop will continue endlessly unless some other way is found to exit the loop


LOOP Instruction

• The LOOP instruction provides a simple way to repeat a block of statements a specific number of times.

• ECX is automatically used as a counter and is decremented each time the loop repeats.

• The Loop instruction involves two steps:

• First, it subtracts 1 from ECX. • Next it compares ECX to zero. If ECX is not equal to zero, a

jump is taken to the label identified instruction following the loop.


• Example:

• In the following example, we add 1 to EAX each time the loop repeats. When the loop ends, EAX = 5 and ECX = 0

move eax,0move ecx,5

L1:Inc eaxLoop L1

• A common programming error is to inadvertently initialize ecx to zero before beginning of the a loop.

• If this happens, the Loop instruction decrements ECX to FFFFFFFFh, and the loop repeats 4,294,967,296 times.


• The loop destination must be with in -128 and +127 bytes which assuming most instructions takes 3 bytes, so a loop might contain, on average a maximum of 42 instructions.

• Following is an example of an error message generated by MASM , because the target label of the loop instruction was too far away:

Error A2075: jump destination too far : by 14 bytes.

• If you modify ECX inside the loop , the LOOP instruction may not work properly.


• In the next example, ECX is incremented within the loop. It never reaches Zero, and the loop never sops:

Top: :Inc ecxLoop Top

• If you run out of registers and must use ECX for some other purpose, save it in a variable at the beginning of the loop and restore it just before the loop instruction:

.dataCount Dword ?

.codeMov ecx,100

Top:Mov count,ecx:Mov ecx, 20:mov ecx,countLoop Top


Nested loops• When You must create a loop inside another loop, the problem

arises of what to do with the counter in ECX. Saving the counter loop count in a variable is a good solution:

.datacount Dword ?

.codeMov ecx,100 ;set outer loop counter

L1:Mov count,ecx ;save outer loop counterMov ecx,20 ;set inner loop counter

L2:::Loop L2 ;repeat the inner loop count

Mov ecx, count ;restore outer loop countloopL1 ;repeat the outer loop


Operands

• There Three type of instruction operands: Immediate, Register, and Memory.

• We have gone through Immediate and Register operands.

• There two type of memory operands:

•Direct memory operand•Indirect memory operand


Direct memory operand

• Example:

.dataVar1 Dword 100h::.codeMov eax var1


Indirect operand• An indirect operand can be any 32-bit general purpose register

( EAX,EBX,ECX,EDX,ESI,EDI,EBP, and ESP) surrounded by brackets. The register is assumed to contain the offset of some data. For example ESI contains the offset of variable 1:

.data Val1 byte 10 h.codeMov esi, offset val1

• If a move instruction uses the indirect operand as the source, the pointer in ESI is dereferenced and a byte is moved to EAX

Mov EAX [esi] Eax = 10 h

• Or if the indirect operand is the destination operand, a new value is placed in memory at the location pointed to by the register:

Mov [esi] EBX


Array

• Indirect operands are practically useful when dealing with arrays because an indirect operand’s value can easily be modified.

• Similar to an array subscript, an indirect operand can point to different array elements.

• For example, ArrayB contain three bytes. We can increment ESI and make it to point each byte, in order:

.dataArrayB Byte 10h, 20h, 30h

.codeMov esi, offset ArrayBMov a1, [esi]

inc esiMov a1, [esi]Inc esiMov a1, [esi]


• If we use an array of 16-bit hex numbers, we add 2 to ESI to address each subsequent array element:

• Example:

.dataArrayw word 1000h,2000h,3000h

.codeMov esi, offset ArraywMov ax, [esi] ax = 1000hAdd esi, 2Mov ax,[esi] ax = 2000hAdd esi,2Mov ax, [esi] ax = 3000h

3000h

2000h

1000hValue 0ffset (address)

10200

10202

10204


• If we use an array of 32-bit integers, we add 4 to ESI to address each subsequent array element:

• Example:

.dataArrayDw Dword 1000,2000,3000

.codeMov esi, offset ArrayDwMov eax, [esi] eax = 1000Add esi, 4Mov eax,[esi] eax = 2000Add esi,4Mov eax, [esi] eax = 3000

3000

2000

1000Value 0ffset (address)

10200

10204

10208


Data related operators and Directives

• Operators and directives, as we said earlier, are not part of the Intel instruction set. They are only understood by the assembler

( in this case, Microsoft MASM).

• Various assemblers have differing syntaxes for operators and directives.

• because there is no single defined standard. The various assembler makers often seem to be competing with each other, in fact, by providing more and more sophisticated features.


• MASM has a number of operators that are effective tools for describing and addressing variables:

• The Offset operator returns the distance of a variable from the beginning of it’s enclosing segment

• The DUP operator generates a repeated storage allocation.

• The TYPE operator returns the size ( in bytes ) of each element in an array

• LENGHTOF operator returns the number of elements in an array

• The SIZEOF operator returns the number of bytes used by an array initializer.

• These operators are only a small subset of the operators supported by MASM. You may want to view the complete list in Appendix D.


Offset Operator

• The offset operator returns the offset of a data label. The offset represents the distance, in bytes, of the label from the beginning of the data segment.

• In protected mode, an offset is always 32 bits long .The following figure shows a variable named myByte inside the data segment

offset

Data segment

myBte


• Example: we declare three different types of variables:.data

bval BYTE ?wval word ?dVal Dword ?dval2 Dword ?

• If bval were located at offset 0040400h, the OFFSET operator would return the following values:

Mov esi, OFFSET bval ; ESI = 00404000Mov esi, OFFSET wval ; ESI = 00404001 Mov esi, OFFSET dval ; ESI = 00404003Mov esi, OFFSET dval2 ; ESI = 00404007


DUP operator

• The DUP operator generates a repeated storage allocation. It is useful when allocating space for a string or array, and can be used with both initialized and uninitialized data definition.

• Example.data

Array1 Dword 20 DUP(?) ; 20 uninitialized DwordArray2 word 10 DUP(0) ; 10 word initialized with

0Array3 Byte 4 DUP (“Stack”) ; 20 bytes:

“StackStackStackStack”


TYPE operator

• The TYPE operator return the size, in bytes, of a single element of a variables.

• For example, the TYPE of a byte equals 1, the type of a word equals 2, the TYPE of a doubleword is 4, Here are example of each:

.data Var1 BYTE ? Var2 word ? Var3 Dword ?

Expression ValueTYPE var1 1TYPE var2 2TYPE var3 4


LENGHTOF Operator

• The LENGTHOF operator count the number of element in array, defined by the values appearing on the same line as its label. We will use the following data as an example:

• .data• Digitstr Byte “123456789”,0• Array3 Dword 1,2,3,4

Expression Value

LENGHTOF Digitstr 9

Array3 4


SIZEOF operator

• The SIZOF operator returns a value that is equivalent to multiplying LENGTHOF by TYPE.

• For example, intArray has TYPE = 4 and LENGHTOF = 32, therefore, SIZEOF intArray is:

• intArray Dword 32 DUP(0) ; SIZEOF = 128 (4*32)

jmp and loops memory operand move instruction array data related operation and directives

Documents