View
1
Download
0
Category
Preview:
Citation preview
Copyright, 2017 © Multimedia Lab., UOS
시스템프로그래밍
(Assembly Code and Calling Convention)
Seong Jong Choi
chois@uos.ac.kr
Multimedia Lab.
Dept. of Electrical and Computer Eng.
University of Seoul
Seoul, Korea
2017-09-15 Seong Jong Choi Assembly Language-2
MS VS++
• Integrated Development Environment– Language Sensitive Text Editor
– Preprocessor
– Compiler
– Linker
– Wizard
• Project (.dsp)– A collection of all the necessary information to build a binary
excutibles (.exe .dll)
– Files (source, header)
– Compile options
– Link options
• Work Space (.dsw)– A collection of projects
2017-09-15 Seong Jong Choi Assembly Language-3
Build Process
Makefile Header filesSource
Editor
Preprocessor
Compiler
Object file
Object files Linker Libraries
Debug Ver. Release Ver
iostream.hhello.cpp
hello.obj
hello.exe hello.exe
mlibcewq.lib
개발 툴By MS VC++
사용자 정의
2017-09-15 Seong Jong Choi Assembly Language-4
Assembly Code
• Project Setting -> C/C++ -> Category -> Listing files -> Listing file type -> Assembly, Machine Code, and Source
• Then, compile
• You’ll see xxx.cod file in the debug directory
2017-09-15 Seong Jong Choi Assembly Language-5
Intel 80386 Registers
2017-09-15 Seong Jong Choi Assembly Language-6
Intel Fundamental Data Type
2017-09-15 Seong Jong Choi Assembly Language-7
Assembly code
• Instruction := operation [operand] [, operand]
• Examples– Data movement: mov destaddr, eax
– Stack operation: pop eax
– Arithmetic, logic, comparison, etc
2017-09-15 Seong Jong Choi Assembly Language-8
Operand: Addressing Mode
• Immediate: Instruction에 포함
• Register Direct: Register의 내용
• Register indirect: Register 내용을 메모리 주소로 사용
• Memory Direct: Memory의 내용
• Memory indirect: Memory 내용을 주소로 사용
• Index: address +-
2017-09-15 Seong Jong Choi Assembly Language-9
Data Movement Instruction
• mov destination, source
_a$ = -4
…
mov dword ptr _a$[ebp], OAh
Above two lines are equivalent to:
mov dword ptr [ebp-4], 0Ah
operation
Operand: index + register indirect addressing
Operand: Immediate addressing
2017-09-15 Seong Jong Choi Assembly Language-10
Stack Instructions
• PUSH1. Decrement the stack pointer (ESP)2. Then, transfer source to the stack indicated by ESP– Ex) Push eax
• POP1. Transfer data at the current top of stack (ESP)2. Then, increment ESP– Ex) Pop eax
• Stack Pointer(ESP) == POP할 데이터를 가리킨다.
FF…F번지
0번지
2017-09-15 Seong Jong Choi Assembly Language-11
Stack Instructions
2017-09-15 Seong Jong Choi Assembly Language-12
Assembly Debugging
• View -> Debug windows에서– Register
– Memory
– Disassembly
2017-09-15 Seong Jong Choi Assembly Language-13
An Example
/* simple.cppdemonstrating assembly language code generated by the compiler
*/#include <windows.h>int sum(int x, int y);int WINAPI wsum(int x, int y);
void main() {int a, b, c;a = 10;b = 20;c = a + b;c = sum(a,b);c = wsum(a,b);
}
int sum(int x, int y) {int z;z = x + y;return z;
}
int WINAPI wsum(int x, int y) { //모든 Windows API는 WINAPI 형식의 함수이다.int z;z = x + y;return z;
}
2017-09-15 Seong Jong Choi Assembly Language-14
Simple.cod File: 0번지부터 시작
; 11 : a = 10;
00018 c7 45 fc 0a 00 00 00
mov DWORD PTR _a$[ebp], 10; 0000000aH
C source code
Translated machine code
Memory address for machine code
Translated assembly code
2017-09-15 Seong Jong Choi Assembly Language-15
Disassembly Window: 실행 시 기계어의 위치(relocated)
11: a = 10;
00401048 mov dword ptr [ebp-4],0Ah
C source code
Memory address for machine code (Relocated)
Translated assembly code (Disassemble)
2017-09-15 Seong Jong Choi Assembly Language-16
Function Call
Caller; 14 : c = sum(a,b);
mov ecx, DWORD PTR _b$[ebp]
push ecx
mov edx, DWORD PTR _a$[ebp]
push edx
call ?sum@@YAHHH@Z ; sum
add esp, 8
mov DWORD PTR _c$[ebp], eax
Callee; COMDAT ?sum@@YAHHH@Z_TEXT SEGMENT_x$ = 8_y$ = 12_z$ = -4?sum@@YAHHH@Z PROC NEAR ; sum, COMDAT
; 19 : int sum(int x, int y) {
push ebpmov ebp, espsub esp, 68 ; 00000044Hpush ebxpush esipush edilea edi, DWORD PTR [ebp-68]mov ecx, 17 ; 00000011Hmov eax, -858993460 ; ccccccccHrep stosd
; 20 : int z;; 21 : z = x + y;
mov eax, DWORD PTR _x$[ebp]add eax, DWORD PTR _y$[ebp]mov DWORD PTR _z$[ebp], eax
; 22 : return z;
mov eax, DWORD PTR _z$[ebp]
; 23 : }
pop edipop esipop ebxmov esp, ebppop ebpret 0
?sum@@YAHHH@Z ENDP ; sum_TEXT ENDS
2017-09-15 Seong Jong Choi Assembly Language-17
Before Function Call
• Assume:– esp = n + 4
– ebp = bbpp
– edi = ddii
– esi = ssii
– ebx = bbxx
• The above registers are used in the callee.
2017-09-15 Seong Jong Choi Assembly Language-18
Function Call – Caller
; 14 : c = sum(a,b); //esp = n+4
mov ecx, DWORD PTR _b$[ebp]
push ecx
mov edx, DWORD PTR _a$[ebp]
push edx
call ?sum@@YAHHH@Z ; sum
add esp, 8
mov DWORD PTR _c$[ebp], eax
2번째매개변수를Stack에저장
b n
n-4
n-8
n-12
ESP
2017-09-15 Seong Jong Choi Assembly Language-19
Function Call - Caller
; 14 : c = sum(a,b);
mov ecx, DWORD PTR _b$[ebp]
push ecx
mov edx, DWORD PTR _a$[ebp]
push edx
call ?sum@@YAHHH@Z ; sum
add esp, 8
mov DWORD PTR _c$[ebp], eax
1번째매개변수를Stack에저장
b n
a n-4
n-8
n-12
ESP
2017-09-15 Seong Jong Choi Assembly Language-20
Function Call - Caller
; 14 : c = sum(a,b);
mov ecx, DWORD PTR _b$[ebp]
push ecx
mov edx, DWORD PTR _a$[ebp]
push edx
call ?sum@@YAHHH@Z ; sum
add esp, 8
mov DWORD PTR _c$[ebp], eax
Return address를Stack에저장1. Push returnaddr:2. eip ?sum@@YAHH@Z
b n
a n-4
return addr n-8
n-12
ESP
return addr:
2017-09-15 Seong Jong Choi Assembly Language-21
Function Call - Callee
; 19 : int sum(int x, int y) {
push ebp; [ebp] = bbpp
mov ebp, esp
sub esp, 68 ;00000044H
push ebx
push esi
push edi
lea edi, DWORD PTR [ebp-68]
movecx, 17 ; 00000011H
moveax, -858993460; ccccccccH
rep stosd
함수안에서 ebp를사용하기때문에,우선ebp를 Stack에저장
b n
a n-4
return addr n-8
bbpp n-12ESP
2017-09-15 Seong Jong Choi Assembly Language-22
Function Call - Callee
; 19 : int sum(int x, int y) {
push ebp; [ebp] = bbpp
mov ebp, esp
sub esp, 68 ;00000044H
push ebx
push esi
push edi
lea edi, DWORD PTR [ebp-68]
mov ecx, 17 ; 00000011H
mov eax, -858993460; ccccccccH
rep stosd
Ebp의값을현재의esp값으로지정ebp = n-12
b n
a n-4
return addr n-8
bbpp n-12ESPEBP
2017-09-15 Seong Jong Choi Assembly Language-23
Function Call - Callee
; 19 : int sum(int x, int y) {
push ebp; [ebp] = bbpp
mov ebp, esp
sub esp, 68 ;00000044H
push ebx
push esi
push edi
lea edi, DWORD PTR [ebp-68]
mov ecx, 17 ; 00000011H
mov eax, -858993460; ccccccccH
rep stosd
함수내의지역변수를위한공간(17 DWORD)을stack에마련esp = n-80
b n
a n-4
return addr n-8
bbpp n-12
ESP
…
n-80
EBP
n-16
2017-09-15 Seong Jong Choi Assembly Language-24
Function Call - Callee
; 19 : int sum(int x, int y) {
push ebp; [ebp] = bbpp
mov ebp, esp
sub esp, 68 ;00000044H
push ebx
push esi
push edi
lea edi, DWORD PTR [ebp-68]
mov ecx, 17 ; 00000011H
mov eax, -858993460; ccccccccH
rep stosd
함수에서사용할 Register의내용을 Stack에저장
b n
a n-4
return addr n-8
bbpp n-12
ESP
…
n-80
EBP
n-16
bbxx n-84
ssii n-88
ddii n-92
2017-09-15 Seong Jong Choi Assembly Language-25
Function Call - Callee
; 19 : int sum(int x, int y) {
push ebp; [ebp] = bbpp
move bp, esp
sub esp, 68 ;00000044H
push ebx
push esi
push edi
lea edi, DWORD PTR [ebp-68]
mov ecx, 17 ; 00000011H
mov eax, -858993460; ccccccccH
rep stosd
지역변수를위해확보한Stack의내용을모두cccccccch로저장4 x 17 = 68
b n
a n-4
return addr n-8
bbpp n-12
ESP
cccccccch…
cccccccch n-80
EBP
cccccccch n-16
bbxx n-84
ssii n-88
ddii n-92
EDI
for(i=0; i<ecx; i++) mov [edi + 4*i], eax
for(i=0; i<17; i++) mov[(n-80) + 4*i], ccccccccH
2017-09-15 Seong Jong Choi Assembly Language-26
Function Call - Callee
_x$ = 8
_y$ = 12
_z$ = -4
; 21 : z = x + y;
mov eax, DWORD PTR _x$[ebp]
add eax, DWORD PTR _y$[ebp]
mov DWORD PTR _z$[ebp], eax
a와 b를더해[ebp-4]에저장
b n
a n-4
return addr n-8
bbpp n-12
ESP
cccccccch…
cccccccch n-80
EBP
z = a+b n-16
bbxx n-84
ssii n-88
ddii n-92
EBP-4
EBP+8
EBP+12
2017-09-15 Seong Jong Choi Assembly Language-27
Function Call - Callee
; 22 : return z;
mov eax, DWORD PTR _z$[ebp]
Return할값을 eax에저장eax = a+b
b n
a n-4
return addr n-8
bbpp n-12
ESP
cccccccch…
cccccccch n-80
EBP
z = a+b n-16
bbxx n-84
ssii n-88
ddii n-92
EBP-4
EBP+8
EBP+12
2017-09-15 Seong Jong Choi Assembly Language-28
Function Call - Callee
; 23 : }
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0
함수에서사용하기전Register값복원
b n
a n-4
return addr n-8
bbpp n-12
ESP
cccccccch…
cccccccch n-80
EBP
z = ssssssssh n-16
bbxx n-84
ssii n-88
ddii n-92
2017-09-15 Seong Jong Choi Assembly Language-29
Function Call - Callee
; 23 : }
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0
지역변수를위해확보한공간을소멸esp = ebp
b n
a n-4
return addr n-8
bbpp n-12ESP
cccccccch…
cccccccch n-80
EBP
z = ssssssssh n-16
bbxx n-84
ssii n-88
ddii n-92
2017-09-15 Seong Jong Choi Assembly Language-30
Function Call - Callee
; 23 : }
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0
ebp값을복원ebp = bbpp
b n
a n-4
return addr n-8
bbpp n-12
ESP
cccccccch…
cccccccch n-80
z = ssssssssh n-16
bbxx n-84
ssii n-88
ddii n-92
2017-09-15 Seong Jong Choi Assembly Language-31
Function Call - Callee
; 23 : }
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0
caller로다시가기위해 eip값설정1. pop eip; //eip return addr2. esp = esp + 0
b n
a n-4
return addr n-8
bbpp n-12
ESP
cccccccch…
cccccccch n-80
z = ssssssssh n-16
bbxx n-84
ssii n-88
ddii n-92
2017-09-15 Seong Jong Choi Assembly Language-32
Function Call - Caller
; 14 : c = sum(a,b);
mov ecx, DWORD PTR _b$[ebp]
push ecx
mov edx, DWORD PTR _a$[ebp]
push edx
call ?sum@@YAHHH@Z ; sum
add esp, 8
mov DWORD PTR _c$[ebp], eax
esp를원래대로복원
b n
a n-4
return addr n-8
n-12
ESP
return addr:
n+4
2017-09-15 Seong Jong Choi Assembly Language-33
Function Call - Caller
; 14 : c = sum(a,b);
mov ecx, DWORD PTR _b$[ebp]
push ecx
mov edx, DWORD PTR _a$[ebp]
push edx
call ?sum@@YAHHH@Z ; sum
add esp, 8
mov DWORD PTR _c$[ebp], eax
eax에저장된계산결과를 c로저장
b n
a n-4
return addr n-8
n-12
ESP
return addr:
n+4
2017-09-15 Seong Jong Choi Assembly Language-34
Function Call: Summary
• 스택 공간의 용도– 매개변수를 위한 공간으로 사용. 오른쪽 매개변수부터 스택에
push된다.– 함수 내의 지역변수를 위한 공간으로 사용
• ebp의 용도– 함수 내에서의 모든 매개변수와 지역변수는 ebp와 인덱스를
사용하여 접근한다.– ebp는 함수내 지역변수를 위한 stack공간의 맨 위를 가리킨다.
• 함수 시작 전 스택에 push하고 종료 후 pop하는 레지스터– ebp, edi, esi, ebx
• int형 반환 데이터는 eax에 저장된다.
• 함수 호출 측은 함수 종료 후, 매개변수를 위해 사용한스택공간을 재조정한다. (add esp, 8)
2017-09-15 Seong Jong Choi Assembly Language-35
Return Instruction
• sum()과 wsum() 함수의 차이는 함수 종료 후 누가(호출측 or 함수측) 매개변수를 위한 스택공간을 정리하는가이다.– sum() return instruction: ret 0
– wsum() return instruction: ret 8
• ret n– RET transfers control to a return address located on the stack. The
address is usually placed on the stack by a CALL instruction, and the return is made to the instruction that follows the CALL.
– The optional numeric parameter to RET gives the number of stack bytes to be released after the return address is popped. These items are typically used as input parameters to the procedure called.
2017-09-15 Seong Jong Choi Assembly Language-36
Calling Convention
Keyword Stack cleanup Parameter passing
__cdecl
(C default)Caller
Pushes parameters on the stack, in reverse order (right to left)
__stdcall(#define WINAPI __stdcall)
CalleePushes parameters on the stack, in reverse order (right to left)
__fastcall Callee Stored in registers, then pushed on stack
thiscall
(not a keyword)Callee
Pushed on stack; this pointer stored in ECX
Recommended