practical session 2
DESCRIPTION
Practical Session 2. A flag is a single bit of information whose meaning is independent from any other bit. Flags Register (Status Register). Each flag has a two-letter symbol. CF - Carry Flag - PowerPoint PPT PresentationTRANSCRIPT
Practical Session 2
Flags Register (Status Register)
• A flag is a single bit of information whose meaning is independent from any other bit
• Each flag has a two-letter symbol
CF - Carry Flag
1. If the result of an arithmetic or shift operation "carries out" a bit from the operand, CF becomes set
11111111 + 00000001 = 100000000 CF = 1
2. The carry (borrow) flag is also set if the subtraction of two numbers requires a borrow into MSB subtracted
00000000 - 00000001 = 11111111 CF = 1
• In unsigned arithmetic, watch the carry flag to detect errors. • In signed arithmetic, the carry flag tells you nothing interesting.
00000000 - 00000001 = 11111111 • unsigned arithmetic => 11111111 = 255 (decimal) => got the wrong answer• signed arithmetic => 11111111 = -1 (decimal) => got right answer, do not care about
value of CF
OF – Overflow Flag
1. If the sum of two numbers with the sign bits off yields a result number with the sign bit on, the "overflow" flag is turned on.
0100 + 0100 = 1000 OF = 1
2. If the sum of two numbers with the sign bits on yields a result number with the sign bit off, the "overflow" flag is turned on.
1000 + 1000 = 0000 OF = 1
3. Otherwise, the overflow flag is turned off.
0100 + 0001 = 0101 OF = 00110 + 1001 = 1111 OF = 01000 + 0001 = 1001 OF = 01100 + 1100 = 1000 OF = 0
• In signed arithmetic, overflow flag on means the answer is wrong - you added two positive numbers and got a negative, or you added two negative numbers and got a positive.
• In unsigned arithmetic, the overflow flag tells you nothing interesting.
ZF – Zero Flag - set if result is zero; cleared otherwise
add 0, 0 ZF = 1
SF – Sign Flag becomes set when the result of an operation is negative (i.e. MSB of the result is 1)•all arithmetic operations except multiplication and division•compare instructions - CMP•logical instructions - XOR, AND, OR•TEST instructions (equivalent to AND instructions without storing the result)
sub 00000000, 00000001 11111111 SF = 1
PF – Parity Flag - set if low-order eight bits of result contain an even number of "1" bits; cleared otherwise
add 11010, 1 (result is 11011 4 bits are ‘1’ PF = 1)add 11000, 1 (result is 11001 3 bits are ‘1’ PF = 0)
AF – Auxiliary Carry Flag (or Adjust Flag) is set if there is a carry from low nibble (4 bits) to high nibble or a borrow from a high nibble to low nibble
1111 + 0001 = 10000 AF = 1
first nibble second nibble
ZF, SF, PF, and AF Flags
InstructionDescriptionFlagsJOJump if overflowOF = 1JNOJump if not overflowOF = 0JSJump if signSF = 1JNSJump if not signSF = 0JE JZ
Jump if equal Jump if zero
ZF = 1
JNE JNZ
Jump if not equal Jump if not zero
ZF = 0
JB JNAE JC
Jump if below Jump if not above or equal Jump if carry
CF = 1
JNB JAE JNC
Jump if not below Jump if above or equal Jump if not carry
CF = 0
JBE JNA
Jump if below or equal Jump if not above
CF = 1 or ZF = 1
JA JNBE
Jump if above Jump if not below or equal
CF = 0 and ZF = 0
JL JNGE
Jump if less Jump if not greater or equal
SF <> OF
JGE JNL
Jump if greater or equal Jump if not less
SF = OF
JLE JNG
Jump if less or equal Jump if not greater
ZF = 1 or SF <> OF
JG JNLE
Jump if greater Jump if not less or equal
ZF = 0 and SF = OF
JP JPE
Jump if parity Jump if parity even
PF = 1
JNP JPO
Jump if not parity Jump if parity odd
PF = 0
JCXZ JECXZ
Jump if CX register is 0 Jump if ECX register is 0
CX = 0 ECX = 0
Jcc: Conditional Branch
Sections
• Every process consists of sections that are accessible to the process when it is running
• Each sections holds the bulk of object file information
Data
.bss - holds uninitialized data; occupies no file space
.data and .data1 - hold initialized data
.rodata and .rodata1 - hold read-only data
Text
.text - holds the ‘‘text’’ (executable instructions) of a program
Stack - is used for local variables, information that is saved each time a function is called
Heap - contains the dynamically allocated memory
Example
int a,b,c = 1; ----> .data char *str; ----> .bss const int i = 10; ----> .rodatamain() {
int ii,a=1,b=2,c; ----> local variables on Stack char * ptr = malloc(4); ----> allocated memory in Heap c= a+b+i; ----> .text
}
• program (.exe file) creates its own memory
space in the RAM process
• 4GB of virtual address space on 32-bit architecture
• 3GB is accessible to the user space • 1GB is accessible to the kernel space
(kernel code, data, heap and stack)
Memory layout for Linux
Read-only Data Segment
.bss
.data
.text .rodata
USER Space Virtual Addresses
loaded from .exe
file
Pseudo-instructionsRESB, RESW, RESD, RESQ and rest:
declaring uninitialized storage space
Examples:
1. buffer: resb 64 ; reserve 64 bytes
2. wordVar: resw 1 ; reserve a word
3. realArray: resq 10 ; array of ten real numbers
Note: you can not make any assumption about values of a storage space cells.
Pseudo-instructionsTIMES:
Repeating Instructions or Data
• TIMES prefix causes the instruction to be assembled multiple times
zeroBuf: times 64 db 0 ; 64 bytes initialized to 0
• TIMES can be applied to ordinary instructions, so you can code trivial loopsmov EAX, 0times 100 inc EAX ; EAX =100 => loop
• the argument to TIMES is not just a numeric constant, but a numeric expression
buffer: db ‘go’
times 64-$+buffer db ‘!’ ; (64 - $ + buffer = 64 – 35 + 33 = 64 – 2 = 62)
00…0
!
…
!
!
o
g
…$$ (start of the current section) - start of section .data
buffer
$ (current position in section)
buffer + 64
RAM
96
…
36
35
34
33
…
20
Pseudo-instructionsEQU:
defining constants
• EQU defines a symbol to a given constant value
– when EQU is used, the source line must contain a label
– this definition cannot changed later.
Example:
Foo: EQU 1 ; Foo = 1
Byte Order - Little Endian
If the hardware is built so that the lowest, least significant byte of a multi-byte scalar is stored "first", at the lowest memory address, then the hardware is said to be "little-endian.
•numeric into memory reversed orderdd 0x12345678 ; 0x78 0x56 0x34 0x12
•numeric into register source order mov EAX, 0x12345678 ; 0x12 0x34 0x56 0x78
•characters into memory source orderdw ‘ab’ ; 0x61 0x62dw ‘abc’ ; 0x61 0x62 0x63 0x00
•characters into register reversed ordermov eax, ‘abc’ ; 0x00 0x63 0x62 0x61
•memory into register reversed ordermov [buffer], eax ; 0x61 0x62 0x63 0x64
•register into memory reversed ordermov eax, [buffer] ; 0x64 0x63 0x62 0x61
Effective Addresses
• Effective address is any operand to an instruction which references memory.
• Effective address syntax: consists of an expression evaluating to the desired address, enclosed in square brackets.
Example
wordvar: dw 0x5A, 0x39 ; a request for two words 0x005A and 0x0039
mov ax, [wordvar] ; ax = 0x005A (in little-endian format)
mov ax, [wordvar+1] ; ax = 0x3900
In memory we get the following:
0x5A0x000x390x00
]wordvar [ ]wordvar+1 [ ]wordvar+2 [ ]wordvar+3 [
Constants
NASM understands four different types of constant: numeric, character, string and floating points.
1. Numeric Constants A numeric constant is simply a number. NASM allows to specify numbers in a
variety of number bases, in a variety of ways: suffix H, Q and B for hex, octal and binary, etc.
Examples:
mov ax,100 ; decimal mov ax,0A2h ; hex mov ax,777q ; octal mov ax,10010011b ; binary
2. Character Constants
• A character constant consists of up to 4 characters enclosed in either single or double quotes.
• A character constant with more than one character will be arranged with little-endian order in mind.
Examples:
• mov eax,'abcd'
The constant generated is not 0x61626364, but 0x64636261, so that if you were then to store the value into memory, it would read ‘abcd’ rather than ‘dcba’. That way, it is stored “backwards” in eax.
Constants
3. String Constants
• A string constants are only acceptable to some pseudo-instructions, like DB family.
Examples:
db 'hello’ ; string constant db 'h','e','l','l','o’ ; equivalent character constantsdw 'abc' ; 0x61 0x62 0x63 0x00
Constants
Advanced Instructions
MUL r/m - unsigned integer multiplication
IMUL r/m - signed integer multiplication
MUL r/m8mov bl,5 ; multipliermov al,9 ; multiplicandmul bl ; => ax = 2Dh
MUL r/m16mov bx, 8000h mov ax, 2000h mul bx ; => dx:ax = 1000:0000h
MUL r/m32mov ebx, 80008000h mov eax, 20002000h mul ebx ; => edx:eax = 10002000:10000000h
MultiplicandMultiplierProduct
ALr/m8AX
AXr/m16DX:AX
EAXr/m32EDX:EAX
SHL, SHR – Bitwise Logical Shifts on the first operand– number of bits to shift by is given by the second operand
– vacated bits are filled with zero
– shifted bit enters the Carry Flag
SHL r/m8/m16/m32 1/CL/imm8SHR r/m8/m16/m32 1/CL/imm8
Example:
mov CL , 3
mov AL ,10110111b ; AL = 10110111
shr AL, 1 ; shift right 1 AL = 01011011, CF = 1
shr AL, CL ; shift right 3 AL = 00001011, CF = 0
Note: that shift indeed performs division/multiplication by 2
Advanced Instructions
SAL, SAR – Bitwise Arithmetic Shifts on the first operand– vacated bits are filled with zero for SAL– vacated bits are filled with copies of the original high bit of the source operand for SAR
SAL r/m8/m16/m32 1/CL/imm8SAR r/m8/m16/m32 1/CL/imm8
Example:
mov CL , 3
mov AL ,10110111b ; AL = 10110111
sar AL, 1 ; shift right 1 AL = 11011011
sar AL, CL ; shift right 3 AL = 11111011
Advanced Instructions
ROL, ROR – Bitwise Rotate (i.e. moves round) on the first operand
ROL r/m8/m16/m32 1/CL/imm8ROR r/m8/m16/m32 1/CL/imm8
Example:
mov CL, 3
mov BH ,10110111b ; BH = 10110111
rol BH, 01 ; rotate left 1 bit BH = 01101111
rol BH, CL ; rotate left 3 bits BH = 01111011
Advanced Instructions
RCL, RCR – Bitwise Rotate through Carry Bit on the first operand and Carry Flag
RCL r/m8/m16/m32 1/CL/imm8RCR r/m8/m16/m32 1/CL/imm8
Example:
mov BH ,10110111b ; BH = 10110111 , CF = 0
rcl BH, 01 ; rotate left 1 bit BH = 01101110 , CF = 1
Advanced Instructions
LOOP, LOOPE, LOOPZ, LOOPNE, LOOPNZ – loop with counter (CX or ECX*)
Example: mov ax, 1 mov cx, 3 my_ loop: add ax, ax loop my_ loop, cx
1. decrements its counter register (in this case it is CX register)
2. if the counter does not become zero as a result of this operation, it jumps to the given label
Note: if a counter is not specified explicitly, the BITS** setting dictates which is used.** The BITS directive specifies whether NASM should generate code designed to run on a processor operating in 16-bit mode, or code designed to run on a processor operating in 32-bit mode. The syntax is BITS 16 or BITS 32.
LOOPE ≡ LOOPZ: jumps if the counter is nonzero and Zero Flag = 1
LOOPNE ≡ LOOPNZ: jumps if the counter is nonzero and Zero Flag = 0
Advanced Instructions