Chapter 05 : / : , , , , : 2013 5 5 010-6250-5242h125623@naver.com5.4 010-3648-8055qaplqa@naver.com5.2010-9596-4948ljzero2007@naver.com5.3010-8831-7520dltnddns@naver.com5.5010-9580-8639neophilia16@naver.com5.6 5.1 .

.

5.3 Irvine32.lib Irvine16.lib . , , ? .

.

Irvine32.lib Irvine16.lib Irvine32.lib MS-Windows API .(32 ) Irvine16.lib MS-DOS .(16 ) (link library) () . , . . WriteString . WriteString PROTO .

6WrtieString PROTO CALL WriteString .call WriteString CALL , . WtringString . .

ClossFile = (Irvine32) EAX 32 .

Clrscr = . .* WaitMsg .

CreateOutputFile = (Irvine32) . EAX (32) .

Crlf = . ASCII 0Dh 0Ah .

Delay = msec . Delay EAX .

DumpMem = 16 . -ESI,-EBX,-ECX .

DumpRegs = EAX,EBX,ECX,EDX,ESI,EDI,EBP,ESP,EIP,EFL 16 .CF,SF,ZF,OF,AF,PF .

EIP DumpRegs . DumpRegs CPU .

GetCommandTail = . 1, 0 .

Encrypt = GetCommandTail . EDX 129 .

GetMaxXY = (Irvine32) . .

GetMseconds = EAX msec .

GetTextColor = . X : 0~79, Y : 0~24

Gotoxy = . X 0 79 , Y 0 24. Gotoxy DH Y() DL X() . IsDigit = AL 10 . AL ASCII . AL 10 Zero 1 . Zero 0 .MsgBox = (Irvine32) . EDX . EBX . EBX 0 .

MsgBoxAsk = (Irvine32 ) Yes No . EDX EBX . EBX 0 . MsgBoxAsk EAX IDYES(6) IDNO(7 ) .

OpenInputFile = (Irvine32 ) . EDX . EAX , EAX INVALID_HANDLE_VALUE( ) .ParseDecimal32 = 10 32 . . . EDX, ECX . EAX .

ParseInteger32 = 10 32 . . . EDX, ECX . EAX .

Random32 = 32 EAX . , (pseudorandom integer) . (seed) . . . .

Randomize = Random32 RandomRange . 100 1 . (Randomize) Random32 RandomRange , . Randomize .

RandomRange = 0 n-1 . n EAX . EAX . 0 4999 EAX .

ReadChar , AL . .

ReadDec = 32 10 EAX . . . 123ABC EAX 123 .

ReadFromFile = (Invine32 ) . EAX, EDX, ECX . CF = 0 EAX , CF = 1 EAX .

ReadHex = 32 16 EAX . . A F . 8 . ( .) .ReadInt = 32 EAX . + - . ReadInt Overflow 1 32 . . +123ABC +123 .

ReadKey = . Zero 1 . Zero 0 AL 0 ASCII .AL 0 (, ) . AH , DX , EBX . EAX EDX . 11 ReadKey .

ReadString = Enter . EDX ECX ( ) 1 . EAX .

SetTextColor = (Irvine32 ) .SetTextColor AX . . include Irvine32.inc Irvine16.inc . 16 .

StrLength = . ECX . EAX .

WaitMsg = "Press any key to continue..." . . .

WriteBin = ASCII . EAX . 4 .

WriteBinB = 32 ASCII . EAX EBX (1,2,3) . 4 .

WriteChar = . ( ASCII) AL .WriteDec 32 0 10 EAX WriteHex 32 8 16 0 . EAX .

WriteHexB 32 16 . 0 . EAX EBX (1,2,4) .

WriteInt 32 0 10 . EAX .

WriteString . EDX .

WriteToFile = (Irvine 32) . EAX , EDX, ECX . EAX .

WriteWindowsMsg = (Irvine32 ) . . , WriteWindowsMsg .

5.4 10

,

, , 10 (stack) .

LIFO(Last-In First-Out) .

10987651423TOPbottom ESP ESP

ESP 32

ESP

ESP CALL,RET,PUSH,POP

ESP

CPU ALU CPU ESP = 00001000h00000006Offset00000FF400000FF000000FF800000FFC000001000 32 32 16 SP 16 Push 32 push 4

ESP

push 00000006BEFORE00000FF400000FF000000FF800000FFC000001000AFTER00000006000000A500000100000000FFC00000FFC00000FF400000FF0ESPESP0000000200000001000000A500000006Offset00000100000000FFC00000FF800000FF400000FF0ESP00000001 00000002 push Pop 00000006000000A50000000100000002BEFORE00000FF400000FF000000FF800000FFC000001000AFTER00000006000000A50000000100000100000000FFC00000FFC00000FF400000FF0ESPESP Pop ( ) ESP (logically empty)

. .

CALL CPU .

(argument) .

.

PUSH POP

PUSH ESP .16 ESP 2 32 ESP 4 PUSH reg/mem16PUSH reg/mem32PUSH imm32

PUSH POP

PUSH ESP .16 ESP 2 32 ESP 4 PUSH reg/mem16PUSH reg/mem32PUSH imm32

PUSHFD POPFD

ESP .16 ESP 2 32 ESP 4 pushdfpopfd

16 16 FLAGS PUSHF FLAGS POPF .ESP .16 ESP 2 32 ESP 4 Pushfd ; save the flags;; any sequence of statements here;Popfd ; restore the flags push pop POPFD PUSHAD, PUSHA, POPAD, POPA PUSHAD 32 EAX, ECX, EDX, EBX,ESP (PUSHAD ), EBP,ESI,EDI

ESP (PUSHAD ), EBP,ESI,EDI

80286 PUSHA 16 (AX,CX,DX,BX,SP,BP,SI,DI)

POPAD

POPA PUSH reg/mem16PUSH reg/mem32PUSH imm32

: TITLE Reversing a String (RevStr.asm)

INCLUDE Irvine32.inc.dataaName Size = ($ - aName) =1

.codeMain PROC; Push the name on the stack. mov exc,nameSize mov esi,0

L1: movzx eax, aName[esi] ; get characterPush eax ; push on stackInc esiLoop L1

; Pop the name from the stack, in reverse,; and store in the aName array. mov ecx,nameSize mov esi,0

L2: pop eax ; get characterMov aName[esi],a1 ; push on stackInc esiLoop L2

; Display the name.Mov edx, OFFSET aNameCALL WriteStringCall crlf ExitMain ENDP END main

1. () ?2. ?3. LITE ?4.32 ESP ?5.(/) Irvine32 32 6. .7.(/) Irvine16 16 8. .9.(/)PUSH (immediate) .10. 32 EFLAGS ?11. EFLAGS ?12.: (NASM) PUSH . MASM PUSHAD ? NASM .PUSH EAX EBX ECX13. : PUSH . PUSH EAX .

5.5 .

.

. 5.5.1 PROC , return .

PROC ENDP . ( ) . main . main PROC..main ENDP RET . RET CPU .

(main) exit . INCLUDE Irvine32.inc , exit ExitProcess .sample PROC . .retsample ENDPINVOKE ExitProcess, 0INCLUDE Irvine16.inc exit .EXIT . .

mov ah, 4C0 0h ; call MS - DOS function 4ch int 21h ; terminate program . . Destination JMP .

(::) . jmp DestinationDestination :: .

.

: 32 Sumof . EAX, EBX, ECX . EAX .

SumOf PROC add eax, ebx add eax, ecx retSumOf ENDP . . Receives . . Returns . (precondition) . Requires . Receives, Returns, Requires ; . SumOf ;----------------------------------------------------------------------------------------------SumOf PROC;; Calculates and returns the sum of three 32-bit integers.; Receives : EAX, EBX, ECX, the three integers. May be; signed or unsigned.; Returns : EAX = sum;---------------------------------------------------------------------------------------------- add eax, ebx add eax, ecx retSumOf ENDP

C C++ 8 AL, 16 AX, 32 EAX . 5.5.2 CALL RET CALL .

RET(return from procedure) .

CALL . RET .

32 CPU EIP(instruction) . 16 IP .

main CALL 00000020 . 5 . ( MOV) 00000025 . main PROC00000020 call MySub00000025 mov eax, ebx MySub 00000040 . MySub PROC00000040 mov eax, edx . . ret MySub ENDP CALL ( 5-8) call (00000025) MySub EIP . MySub RET . RET ESP EIP . ( 5-9 1) 2 ESP .( 2) ????00000025ESP00000040EIP 5-8 CALL ????0000002500000025ESPEIPstep 1:step 2:????ESP 5-9 RET (nested procedure call) . (ret to main)(ret to Sub1)(ret to Sub2)ESPmain PROC..call Sub1exitmain ENDPSub1 PROC..call Sub2retSub ENDPSub2 PROC..call Sub3retSub2 ENDPSub3 PROC..retSub3 ENDP 5-10 62 ESP . Sub2 RET .(ret to main)(ret to Sub1)ESP Sub1 [ESP] main .(ret to main)ESP , , . . . .

. (argument) (input parameter) .

.

64 EAX, EBX, ECX SumOf . main SumOf EAX, EBX, ECX ..datatheSum DWORD ?.codemain PROC mov eax, 10000h ; argument mov ebx, 20000h ; argument mov ecx, 30000h ; argument call Sumof ; EAX = (EAX + EBX + ECX) mov theSum, eax ; save the sumCALL EAX . 5.5.3 : C++ Java .

. . 32 ArraySum . EAX .;---------------------------------------------------------------------ArraySum PROC;; Calculates the sum of an array of 32-bit integers.; Receives : ESI = the array offset; ECX = number of elements in the array; Returns : EAX = sum of the array elements;--------------------------------------------------------------------- push esi ; save ESI, ECX push ecx mov eax, 0 ; set the sum to zeroL1: add eax, [esi] ; add each integer to sum add esi, TYPE DWORD ; point to next integerloop L1 ; repeat for array size pop ecx ; restore ECX, ESI pop esi ArraySum ENDP . 32 .ArraySum array ESI, ECX ArraySum . EAX ..dataarray DWORD 100000h, 200000h, 300000h, 400000h, 500000h,theSum DWORD ?.codemain PROC mov esi, OFFSET array ; ESI point to array mov ecx, LENGTHOF array ; ECX = array count call ArraySum ; calculate the sum mov theSum ; returned in EAX 5.5.4 .

. yes no (decision) (process) . . ex) CX 1 . begin/endProcess (task)Procedure calldecisionyesnocx = cx + 1add cx, 1 ArraySum LOOP (CX ) LOOP . beginpush esi, ecxeax = 0add eax.[esi]add esi, 4ecx = ecx 1pop ecx, esiecx > 0?endyespush esipush ecxmov eax, 0

AS1:add eax, [esi]add esi, 4loop AS1

pop ecxpop esi 5.5.5 ArraySum ECX ESI .

, .

( EAX) . . USES USES . PUSH . POP .

USES PROC ( ) .5.5.3 ArraySum ESI ECX PUSH POP ArraySum PROC USES esi ecx mov eax, 0 ; set the sum to zeroL1 : add eax, [esi] ; add each integer to sum add esi , TYPE DWORD ; point to next integer

ret ; sum is in EAXArraaySum ENDP USES .ArraySum PROC push esi push esi mov eax, 0 ; set the sum to zeroL1 : add eax, [esi] ; add each integer to sum add esi , TYPE DWORD ; point to next integer loop L1 ; repeat for array size

pop ecx pop esi ret ArraaySum ENDP

( Visual Studio) , MASA . View Debug windows . Disassembly . .[] ( EAX) . . SumOf EAX SumOf PROC ; sum of three integers push eax ; save EAX add eax, ebx ; calculate the sum add eax, ecx ; of EAX, EBX, ECX pop eax ; lost the sum !SumOf ENDP