Скачать презентацию Assembly Language Intel and AMD 32 -bit Architecture Скачать презентацию Assembly Language Intel and AMD 32 -bit Architecture

3a7ffcf1ce6a7fecded0120294f6af82.ppt

  • Количество слайдов: 26

Assembly Language Intel and AMD 32 -bit Architecture (x 86) Assembly Language Intel and AMD 32 -bit Architecture (x 86)

Things I don’t intend to cover • Yeah…sorry, folks, don’t have a lot of Things I don’t intend to cover • Yeah…sorry, folks, don’t have a lot of time. • Privileged instructions • Standalone source files and PWB • Vector instructions (MMX, SSE[2], 3 DNow!) • Instruction encodings • How to write code for processors prior to 386

A Brief History of VLSI • 4004 (’ 71), 8008 (’ 72) • 8086 A Brief History of VLSI • 4004 (’ 71), 8008 (’ 72) • 8086 (’ 78), 8088 (’ 79) • 80186/88 (’ 82) • 80286 (’ 82), 80386 (’ 85) • 80486 (’ 89) • Pentium class/586 (’ 93)

The Daily Register 8/16 bits 32 bits EAX AH EBX BH ECX CH EDX The Daily Register 8/16 bits 32 bits EAX AH EBX BH ECX CH EDX DH ESI EDI ESP EBP | AL | BL | CL | DL SI DI SP BP SS CS DS ES FS GS EIP IP EFLAGS

Moving On • • mov mov <dest>, <src> eax, dw. My. Var eax, 65 Moving On • • mov mov , eax, dw. My. Var eax, 65 h eax, 0 FFFFh eax, [ebx] eax, [eax+4] dw. My. Var, esi

The Meaning of Brackets • On a variable, brackets have no effect moveax, [dw. The Meaning of Brackets • On a variable, brackets have no effect moveax, [dw. My. Var] • On a register, brackets dereference a pointer moveax, [eax] • A displacement can be indicated in two ways moveax, [eax+8] mov eax, [eax]8 • There are more things that can be done with brackets which I’ll illustrate when we get to the instruction LEA (Load Effective Address)

’rithmetic • add eax, ebx eax += ebx; • subeax, ebx eax -= ebx; ’rithmetic • add eax, ebx eax += ebx; • subeax, ebx eax -= ebx; • mul edx eax *= edx; imul edx (signed version) • inc eax++; deceax eax--; • adc, sbb, neg

A House Divided • [i]div <divisor> • Dividend Divisor Remainder • AX 8 bits. A House Divided • [i]div • Dividend Divisor Remainder • AX 8 bits. AL • DX: AX 16 bits AX • EDX: EAX 32 bits Quotient AH DX EAX EDX

A Lil’ Bit of Bit Manipulation • • and eax, ebx eax&=ebx; or eax, A Lil’ Bit of Bit Manipulation • • and eax, ebx eax&=ebx; or eax, 3 eax|=3; xorecx, 69 h ecx^=0 x 69; not ebx=~ebx; • or ah, ah jz lbl_AHIs. Zero

Shifting Things Around • • shl/sal eax, 8 eax<<=8; shr eax, 6 eax>>=6; sar Shifting Things Around • • shl/sal eax, 8 eax<<=8; shr eax, 6 eax>>=6; sar ecx, 7 replicate sign bit rol esi, 11 esi=(esi>>21)|(esi<<11) ror esi, 21 esi=(esi>>21)|(esi<<11) rcl, rcr rotate through CF shl eax, cl eax<<=cl;

Being Effective • lea eax, My. Ptr (mov eax, OFFSET My. Ptr) • lea Being Effective • lea eax, My. Ptr (mov eax, OFFSET My. Ptr) • lea edi, [ebx+edi] • lea eax, [esp+10] • lea ecx, [eax*2+eax+6] • lea eax, My. Ptr[eax+4][esi*2] • [base[*scale]][+displacement][+index]

Sizing Things Up • • • movzx/movsx eax, bh mov ax, WORD PTR [My. Sizing Things Up • • • movzx/movsx eax, bh mov ax, WORD PTR [My. Ptr+6] inc BYTE PTR [eax] cbw (al->ax) cwd, cwde (ax->dx: ax, ax->eax) cdq (eax->edx: eax)

Flags • • sub, and cmp, test ; just without changing dest There are Flags • • sub, and cmp, test ; just without changing dest There are dozens of flags; you only need to know a few. Carry if there’s a carry or borrow Parity if low-order bits have even parity Zero if result is zero Sign if result is negative Overflow if result is too large or small Direction string operations should go down

Getting Around • Unconditional: JMP dest • Conditional (165) : JCXZ, JECXZ, LOOP JC/JB/JNAE, Getting Around • Unconditional: JMP dest • Conditional (165) : JCXZ, JECXZ, LOOP JC/JB/JNAE, JNC/JNB/JAE, JBE/JNA, JA/JNBE JE/JZ, JNE/JNZ, JS, JNS JL/JNGE, JGE/JNL, JLE/JNG, JG/JNLE JO, JNO, JP/JPE, JNP/JPO • Interrupts: int 2 Eh into

Addressing Modes • • • Segment overrides and related issues will be ignored Register: Addressing Modes • • • Segment overrides and related issues will be ignored Register: eax, ecx, ebp Immediate: 5, 0 x 78 Direct memory: My. Var, [My. Var+2] Indirect memory: [eax], [eax+esi+7] Direct: jmp label Register Indirect: jmp ebx Memory Indirect: jmp [ebx] Relative: jmp short $+2

Stacking Up • esp, ebp, ss are used to reference the stack • esp Stacking Up • esp, ebp, ss are used to reference the stack • esp points to the top of the stack (last pushed value), while ebp points to whatever you want, but usually the frame pointer • The stack grows downwards in memory • The call instruction automatically pushes the return address • ret alone pops the return address and jumps to it • ret with an immediate operand also pops X bytes of arguments

The Stack Continues to Grow • push and pop perform the typical ADT operations The Stack Continues to Grow • push and pop perform the typical ADT operations • In 32 -bit code, push and pop always change esp by 4 bytes, regardless of the size of the operand. • pushfd and popfd will push and pop the eflags register; this is very useful for directly manipulating flags • (you can use lahf and sahf to transfer directly between AH and the low byte of eflags, if that’s all you want) • pushad and popad will save and restore the 8 GP registers • The stack can be used to effectively mov between segment registers

Calling Conventions • Today, arguments are almost universally pushed last-argument-first; this accommodates varargs. (If Calling Conventions • Today, arguments are almost universally pushed last-argument-first; this accommodates varargs. (If you remember Windows 3. 1, the PASCAL calling convention was first-argument-pushed-first. ) • Return values are in eax for most data types • _stdcall and _thiscall (except with varargs) let the called function clean up the stack at the end of a call • _cdecl lets the caller clean up the stack after a function call returns • _fastcall is something that’s used to mimic the speed of pure assembly programs, and therefore is generally irrelevant to real assembly programs. I don’t have any details on it. • All calling conventions engage in some degree of name-mangling when going from source code to object code.

Prologue and Epilogue • • • Typical prologue: push ebp mov ebp, esp sub Prologue and Epilogue • • • Typical prologue: push ebp mov ebp, esp sub esp, LOCALSIZE Typical epilogue: pop ebp ret ret x, where x is an immediate specifying bytes to pop In MS VC++, you can tell the compiler to omit prologue and epilogue code (almost always because you want to write it yourself in assembly) by specifying the attribute _declspec(_naked) Generally, temporary registers are saved and restored in these areas too If you omit the frame pointer, a lot of this goes away SEH adds a bunch of additional lines, but I’m still researching it.

String Instructions • • • stosb/stosw/stosd stores identical data to a buffer cmps{b/w/d} compares String Instructions • • • stosb/stosw/stosd stores identical data to a buffer cmps{b/w/d} compares two buffers scas{b/w/d} scans a buffer for a particular byte movs{b/w/d} copies a buffer ins{b/w/d} and outs{b/w/d} involve I/O ports and are only listed here because they’re considered string instructions lods{b/w/d} loads data from memory All string instructions except lods* can, and usually are, used with repeat prefixes. The direction flag determines which way the pointers are moved. edi is always the destination pointer and esi is always the source pointer eax/ax/al are used with stos*, lods*, and scas* for single data items flags can be set by cmps*, of course

Prefixes • lock is useful for multiprocessor systems, but will not be discussed here. Prefixes • lock is useful for multiprocessor systems, but will not be discussed here. • rep* is generally used with string instructions, to repeat an instruction a maximum of ecx times • rep is unconditional • repe/repz and repnz/repne are conditional, based, of course, on the zero flag • stos*, movs*, ins*, and outs* can use unconditional repeats • scas* and cmps* can use conditional repeats

Instruction Set – 8086/88 AAA CBW CWD IMUL JB JLEJMP JNG JO LEA LOOPNZ Instruction Set – 8086/88 AAA CBW CWD IMUL JB JLEJMP JNG JO LEA LOOPNZ NOT RCR ROR SHR XCHG AAD CLC DAA IN JBE JNA JNGE JP LES LOOPZ OR REP SAHF STC XLAT AAM CLD DAS INC JC JNAE JNL JPE LOCK MOV OUT REPE SAL STD XOR AAS CLI DEC INT JCXZ JNB JNLE JPO LODSB MOVSB POP REPNE SAR STOSB ADC CMC DIV INTO JE JNBE JNO JS LODSW MOVSW POPF REPNZ SBB STOSW ADD CMP ESC IRET JG JNC JNP JZ LOOP MUL PUSH REPZ SCASB SUB AND CMPSB HLT JA JGE JNS LAHF LOOPE NEG PUSHF RET SCASW TEST CALL CMPSW IDIV JAE JL JNZ LDS LOOPNE NOP RCL ROL SHL WAIT

Instruction Set (p. 2) 80186/88: BOUND ENTER OUTSW POPA INS PUSHA INSB INSW LEAVE Instruction Set (p. 2) 80186/88: BOUND ENTER OUTSW POPA INS PUSHA INSB INSW LEAVE OUTSB LAR SIDT LGDT SLDT LIDT SMSW LLDT STR LMSW VERR LSL VERW 80286: ARPL LTR CLTS SGDT

Instruction Set – 80386 BSF CWDE MOVSX SETA SETL SETNG SETO STOSD BSR INSD Instruction Set – 80386 BSF CWDE MOVSX SETA SETL SETNG SETO STOSD BSR INSD MOVZX SETAE SETLE SETNGE SETP BT JECXZ OUTSD SETB SETNA SETNL SETPE BTC LFS POPAD SETBE SETNAE SETNLE SETPO BTR LGS POPFD SETC SETNB SETNO SETS BTS LODSD PUSHAD SETE SETNBE SETNP SETZ CDQ LSS PUSHFD SETG SETNC SETNS SHLD CMPSD MOVSD SCASD SETGE SETNZ SHRD

Instruction Set (p. 4) 80486: BSWAP CMPXCHG INVD INVLPG WBINVD XADD RDMSR RDTSC Pentium Instruction Set (p. 4) 80486: BSWAP CMPXCHG INVD INVLPG WBINVD XADD RDMSR RDTSC Pentium I: CMPXCHG 8 B CPUID RSM WRMSR Other Stuff: CLFLUSH CMOV* CR 0 CR 2 CR 3 CR 4 DR 0 -7 LMXCSR LFENCE MFENCE PAUSE PREFETCH* STMXCSR SYSENTER SYSEXIT UD 2 SFENCE

The Road Ahead • • • Floating-point instructions Vector instructions Standalone assembly file directives? The Road Ahead • • • Floating-point instructions Vector instructions Standalone assembly file directives? Structured exception handling? Disassembly techniques?