Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
include PowerPoint Presentation

include

114 Vues Download Presentation
Télécharger la présentation

include

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. # include stdio.h < > v oid main(void) { long NUM1[5]; long SUM; long N; NUM1[0] = 17; NUM1[1] = 3;  NUM1[2] = 51; NUM1[3] = 242; NUM1[4] = 113; SUM = 0; N = 5; asm { LEA EBX,NUM1 MO V ECX,N MO V EAX,0 MO V EDI,0 ST AR T ADD: ADD EAX,[EBX + EDI*4] INC EDI DEC ECX JG ST AR T ADD MO V SUM,EAX } printf ("The sum of the list v alues is %ld \ n", SUM ); } Figure D.2. IA-32 Program in Figure 3.40a encapsulated in a C/C++ program.

  2. Machine instructions Assembly language instructions (hexadecimal) 03 04 BB STARTADD: ADD EAX,[EBX + EDI*4] 47 INC EDI 49 DEC ECX 7F F9 JG ST AR T ADD (a) Loop body encoding OP code ModR/M byte SIB byte 03 04 BB 00000011 00 000 100 10 111 011 ADD (see T able D.2) (see Figure D.1 c ) (doubleword (b) ADD instruction OP code Offset 7F F9 01111111 111111001 JG 7 (short offset) (c) JG instruction Figure D.3. Encoding of the loop body in Figure D.2.

  3. T ABLE D.1 Register field enco ding in IA-32 instructions Reg/Base/Index* Register field 0 0 0 EAX 0 0 1 ECX 0 1 0 EDX 0 1 1 EBX 1 0 0 ESP 1 0 1 EBP 1 1 0 ESI 1 1 1 EDI *ESP (100) cannot be used as an index register.

  4. T ABLE D.2 IA-32 addressing modes selected by the ModR/M and SIB bytes ModR/M b yte Addressing mode Mod R/M field field b b b b b 7 6 2 1 0 0 0 Reg Register indirect EA = [Reg] 0 1 Reg Base with 8-bit displacement EA = [Reg] + Disp8 1 0 Reg Base with 32-bit displacement EA = [Reg] + Disp32 1 1 Reg Register EA = Reg Exceptions 0 0 1 0 1 Direct EA = Disp32 0 0 1 0 0 Base with index (uses SIB b yte)  EA = [Base] + [Index] Scale When Base = EBP the addressing mo de is: Index with 32-bit displacement  EA = [Index] Scale + Disp32 0 1 1 0 0 Base with index and 8-bit displacement (uses SIB b yte)  EA = [Base] + [Index] Scale + Disp8 32-bit 1 0 1 0 0 Base with index and displacemet (uses SIB b yte)  EA = [Base] + [Index] Scale + Disp32

  5. T ABLE D.3 Scale field encoding in IA-32 SIB b yte Scale field Scale 0 0 1 0 1 2 1 0 4 1 1 8

  6. T ABLE D.4 IA-32 instructions Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C  ADC B,D reg reg dst [dst] + [src] + [CF] x x x x (Add with reg mem carry) mem reg reg imm mem imm  ADD B,D reg reg dst [dst] + [src] x x x x (Add) reg mem mem reg reg imm mem imm  AND B,D reg reg dst [dst] ^ [src] x x 0 0 (Logical reg mem AND) mem reg reg imm mem imm BT D reg reg bit# = [src]; x  (Bit test) reg imm8 CF bit# of [dst] mem reg mem imm8 BTC D reg reg bit# = [src]; x  (Bit test and reg imm8 CF bit# of [dst]; complement mem reg complement bit# mem imm8 of [dst] BTR D reg reg bit# = [src]; x  (Bit test reg imm8 CF bit# of [dst]; and reset) mem reg clear bit# of [dst] to 0 mem imm8 Table D.4 – page 1

  7. T ABLE D.4 ( Continued ) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C BTS D reg reg bit# = [src]; x  (Bit test reg imm8 CF bit# of [dst]; and set) mem reg set bit# of [dst] to 1 mem imm8  – CALL D reg ESP [ESP] 4;  (Subroutine mem [ESP] [EIP];  call) EIP EA of dst  CLC CF 0 0 (Clear carry)  CLI IF 0 (Clear int. flag)  CMC CF [CF] x (Compl. carry)  CMP B,D reg reg [dst] [src] x x x x (Compare) reg mem mem reg reg imm mem imm  – DEC B,D reg dst [dst] 1 x x x (Decrement) mem DIV B,D reg for B: ? ? ? ? (Unsigned mem [AL]/[src];  divide) AL quotient;  AH remainder for D: [EAX]/[src];  EAX quotient;  ED X remainder Table D.4 – page 2

  8. T ABLE D.4 ( Continued ) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C HL T Halts execution un til (Halt) reset or external in terrupt o ccurs IDIV B,D reg for B: ? ? ? ? (Signed mem [AL]/[src];  divide) AL quotient;  AH remainder for D: [EAX]/[src];  EAX quotient;  ED X remainder IMUL B,D reg (double-length product) ? ? x x (Signed mem for B:   m ultiplication) AX [AL] [src] for D:  ED X,EAX [EAX]  [src] D reg reg (single-length pro duct) ? ? x x   reg mem reg [reg] [src]  IN B,D dst = AL AL or EAX [src] (Isolated or EAX input) src = imm8 or [D X]  INC B,D reg dst [dst] + 1 x x x (Increment ) mem INT D imm8 Push EFLA GS; (Software Push EIP;  in terrupt) EIP address (determined b y imm8) Table D.4 – page 3

  9. T ABLE D.4 ( Continued) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C IRET D P op EIP; x x x x (Return from P op EFLA GS in terrupt)  LEA D reg mem reg EA of src (Load effectiv e address)  – LOOP D target ECX [ECX] 1;  (Lo op) If ( [ECX] 0 )  EIP target  – LOOPE D target ECX [ECX] 1;  (Lo op on If ( [ECX] 0 ^ equal/zero) [Z] = 1 )  EIP target  – LOOPNE D target ECX [ECX] 1;  (Lo op on If ( [ECX] 0 ^  not equal/ [Z] 1 )  not zero) EIP target  MO V B,D reg reg dst [src] (Mo v e) reg mem mem reg reg imm mem imm  MO VSX B reg reg reg sign extend [src] (Sign extend reg mem b yte in to register) Table D.4 – page 4

  10. T ABLE D.4 ( Continued) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C  MO VZX B reg reg reg zero extend [src] (Zero extend reg mem b yte in to register) MUL B,D reg (double-length pro duct) ? ? x x (Unsigned mem for B:   m ultiplication) AX [AL] [src] for D:  ED X,EAX [EAX]  [src]  NEG B,D reg dst 2's-complement x x x x (Negate) mem [dst] NOP alias for: (No op eration) X CHG EAX,EAX  NOT B,D reg dst [dst ] (Logical mem complement)   OR B,D reg reg dst [dst] [src] x x 0 0 (Logical OR) reg mem mem reg reg imm mem imm  OUT B,D dst = imm8 dst [AL] or [EAX] (Isolated or [D X] output) src = AL or EAX Table D.4 – page 5

  11. T ABLE D.4 ( Continued) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C  POP D reg dst [[ESP]];  (Pop off mem ESP [ESP] + 4 stack) POPAD D Pop eight doublewords (Pop off off stack in to stack in to EDI, ESI, EBP , discard, all registers EBX, EDX, ECX, EAX;  except ESP) ESP [ESP] + 32  – PUSH D reg ESP [ESP] 4;  (Push on to mem [ESP] [src] stac k) imm PUSHAD D Push contents of (Push all EAX, ECX, EDX, EBX, registers ESP , EBP , ESI, EDI on to stack) on to stack;  – ESP [ESP] 32 R CL B,D reg imm8 See Figure 2.32 b ; ? x (Rotate left reg CL src operand is with C flag) mem imm8 rotation count mem CL R CR B,D reg imm8 See Figure 2.32 d ; ? x (Rotate righ t reg CL src operand is with C flag) mem imm8 rotation count mem CL  RET EIP [[ESP]];  (Return from ESP [ESP] + 4 subroutine) Table D.4 – page 6

  12. T ABLE D.4 (Continued) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C R OL B,D reg imm8 See Figure 2.32 a ; ? x (Rotate left) reg CL src operand is mem imm8 rotation count mem CL R OR B,D reg imm8 See Figure 2.32 c ; ? x (Rotate righ t) reg CL src operand is mem imm8 rotation count mem CL SAL B,D reg imm8 See Figure 2.30 a ; x x ? x (Shift reg CL src operand is arithmetic mem imm8 shift count left) mem CL same as SHL SAR B,D reg imm8 See Figure 2.30 c ; x x ? x (Shift reg CL src operand is arithmetic mem imm8 shift count right) mem CL  – SBB B,D reg reg dst [dst] [src] x x x x – (Subtract reg mem [CF] with b orrow) mem reg reg imm mem imm SHL B,D reg imm8 See Figure 2.30 a ; x x ? x (Shift reg CL src operand is left) mem imm8 shift count same as SAL mem CL Table D.4 – page 7

  13. T ABLE D.4 (Continued) Mnemonic Size Operands Operation CC flags (Name) performed affected dst src S Z O C SHR B,D reg imm8 See Figure 2.30 b ; x x ? x (Shift reg CL src operand is righ t) mem imm8 shift coun t mem CL  STC CF 1 1 (Set carry flag)  STI IF 1 (Set in terrupt flag)  – SUB B,D reg reg dst [dst] [src] x x x x (Subtract) reg mem mem reg reg imm mem imm TEST B,D reg reg [dst] ^ [src]; x x 0 0 (T est) mem reg set flags based reg imm on result mem imm X CHG B,D reg reg [reg]  [src] (Exchange) reg mem   X OR B,D reg reg dst [dst] [src] x x 0 0 (Exclusive reg mem OR) mem reg reg imm mem imm Table D.4 – page 8

  14. T ABLE D.5 IA-32 conditional jump instructions Mnemonic Condition Condition code name test JS Sign (negative) SF = 1 JNS No sign (positive or zero) SF = 0 JE/JZ Equal/Zero ZF = 1 JNE/JNZ Not equal/Not zero ZF = 0 JO Overflow OF = 1 JNO No overflow OF = 0 JC/JB Carry/Unsigned below CF = 1 JNC/JAE No carry/Unsigned above or equal CF = 0  JA Unsigned above CF ZF = 0  JBE Unsigned below or equal CF ZF = 1  JGE Signed greater than or equal SF OF = 0  JL Signed less than SF OF = 1   JG Signed greater than ZF (SF OF) = 0   JLE Signed less than or equal ZF (SF OF) = 1