1 / 16

x86 assembly

x86 assembly. JongBeom Lim. Reference. Tom Shanley , X86 Instruction Set Architecture: Comprehensive 32- and 64- Bit Coverage, MindShare Press, 2009 http://www.mindshare.com Jon Erickson, Hacking: the art of exploitation, No Starch Press, 2008. x86 Instruction Basics.

brock
Télécharger la présentation

x86 assembly

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. x86 assembly JongBeom Lim

  2. Reference • Tom Shanley, X86 Instruction Set Architecture: Comprehensive 32- and 64- Bit Coverage, MindShare Press, 2009 • http://www.mindshare.com • Jon Erickson, Hacking: the art of exploitation, No Starch Press, 2008

  3. x86 Instruction Basics • x86 is a CISC architecture with hundreds of instructions defined • General instruction categories • General Purpose instructions • Floating-Point instructions • Program Flow-related instructions • Hardware-related instructions • Simple x86 instructions: • MOV AX, BX • ADD AX, CX 15 0 • (BX => AX) • 2Ch (AX) • + 55h (CX) • --------------- • 81h (AX) • (CX+AX => AX) • 81 • ADD CX, AX (AX+CX => CX) Note: intel syntax (destination, source)

  4. Typical Instruction Variants • A number of the x86 instructions have multiple variants. Here are a few variants of the MOV and ADD instructions as examples: • MOV SI, 7000h ; move immediate to register • MOV BX, AX ; move ax register to bx register • MOV BX, [SI] ; move memory data to register • MOV [SI], BX ; move register data to memory • ADD AX, BX ; register to register add • ADD AX, [BX] ; memory to register add • ADD [BX], AX ; register to memory add • ADD AX, 20 ; immediate to register add • MOV 7000h, SI • MOV [7000h], SI √ MOVS [SI], [BX] ; moves data from one memory location to another • MOV [SI], [BX] Note: intel syntax (destination, source)

  5. Subset of Instructions • A small sampling of the general-purpose and floating-point x86 instructions are shown below: • ADD • SUB • INC • DEC • MUL • DIV • XOR • NOT • NEG • SHL • MOV • MOVS • XCHG • FADD • FMULP • FSIN • FXSAVE • PADDB • PAVGW • PCMPEQB • ADDPS • SUBSD • MULPD • DIVSS • CVTPI2PD • SQRTPS MMX instructions x87 instructions • [ ] • BX SSE instructions • AX • BX • ( ? * BX) • DX : AX SIMD operations (Single Instruction Multiple Data) Upper 16 bits Lower 16 bits http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html

  6. Subset of Instructions (Continued) • Here is a small subset of the x86 instructions related to program flow: • JMP • JNZ • LOOP • CALL • RET • INT • IRET / 1 / 0 IP DEC CX ; CX = 2 LOOP Lable1 JNZ Label 1

  7. Instruction Composition Average instruction size: 32-bit code: 3.4 bytes 64-bit code: 3.8 bytes

  8. Traditional x86 Register Set

  9. x86-64 Register Set

  10. General-Purpose Registers (GPRs) (Accumulator) (Base) (Counter) (Data) • “L” means the Low byte • “H” means the High byte

  11. General-Purpose Registers (GPRs)

  12. General-Purpose Registers (GPRs) R8D (“D” means a Doubleword access) Dword = 4 bytes R8W (“W” means a Word access) Word = 2 bytes R8W (“B” means a Bord access) Quadword = Qword = 8 bytes

  13. Sized Operations with GPRs • 16-bit Operations • ADD AX, BX • ADD AX, R8W • ADD R9W, R8W • 64-bit Operations • ADD RAX, RBX • ADD RAX, R8 • ADD RAX, RAX • 8-bit Operations • ADD AL, BL • ADD AL, AH • ADD R8B, AL • ADD R8B, AH • 32-bit Operations • ADD EAX, EBX • ADD EAX, R8D • ADD R9W, EAX You cannot perform a byte operation using a high register (AH, BH, CH, DH) and one of the new registers (R8B – R15B). The operand sizes must match on most x86 instructions

  14. GPR Behavior 63 31 15 7 0 63 31 15 7 0 • ADD AL, 24h • ADD AH, 96h 63 31 15 7 0 63 31 15 7 0 • ADD AX, 96h 63 31 15 7 0 63 31 15 7 0 • ADD EAX, 242424h 63 31 15 7 0 63 31 15 7 0 The upper 32 bits are cleared when Performing a Dword operation.

  15. X86 is Little Endian • Little Endian – the least significant byte goes in the littlest address • movesi, 4000h • mov ax, 1234h • mov [esi], ax Memory • 4003h • 4002h • 4001h • 4000h 63 31 15 7 0 • 3FFFh • 3FFEh AH AL • 3FFDh AX • 3FFCh EAX RAX

  16. 0x250 Getting You Hands Dirty (Demo) #include <stdio.h> int main() { inti; for(i=0; i < 10; i++) { printf("Hello World!\n"); } }

More Related