no slide titlemmlab.uos.ac.kr/system programming/pdf/assmv2.pdfmultimedia lab. dept. of electrical...

Copyright, 2017 © Multimedia Lab., UOS

시스템프로그래밍

(Assembly Code and Calling Convention)

Seong Jong Choi

[email protected]

Multimedia Lab.

Dept. of Electrical and Computer Eng.

University of Seoul

Seoul, Korea

http://mmlab.uos.ac.kr/

2017-09-15 Seong Jong Choi Assembly Language-2

MS VS++

• Integrated Development Environment– Language Sensitive Text Editor

– Preprocessor

– Compiler

– Linker

– Wizard

• Project (.dsp)– A collection of all the necessary information to build a binary

excutibles (.exe .dll)

– Files (source, header)

– Compile options

– Link options

• Work Space (.dsw)– A collection of projects


Build Process

Makefile Header filesSource

Editor

Preprocessor

Compiler

Object file

Object files Linker Libraries

Debug Ver. Release Ver

iostream.hhello.cpp

hello.obj

hello.exe hello.exe

mlibcewq.lib

개발 툴By MS VC++

사용자 정의


Assembly Code

• Project Setting -> C/C++ -> Category -> Listing files -> Listing file type -> Assembly, Machine Code, and Source

• Then, compile

• You’ll see xxx.cod file in the debug directory


Intel 80386 Registers


Intel Fundamental Data Type


Assembly code

• Instruction := operation [operand] [, operand]

• Examples– Data movement: mov destaddr, eax

– Stack operation: pop eax

– Arithmetic, logic, comparison, etc


Operand: Addressing Mode

• Immediate: Instruction에 포함

• Register Direct: Register의 내용

• Register indirect: Register 내용을 메모리 주소로 사용

• Memory Direct: Memory의 내용

• Memory indirect: Memory 내용을 주소로 사용

• Index: address +-


Data Movement Instruction

• mov destination, source

_a$ = -4

…

mov dword ptr _a$[ebp], OAh

Above two lines are equivalent to:

mov dword ptr [ebp-4], 0Ah

operation

Operand: index + register indirect addressing

Operand: Immediate addressing


Stack Instructions

• PUSH1. Decrement the stack pointer (ESP)2. Then, transfer source to the stack indicated by ESP– Ex) Push eax

• POP1. Transfer data at the current top of stack (ESP)2. Then, increment ESP– Ex) Pop eax

• Stack Pointer(ESP) == POP할 데이터를 가리킨다.

FF…F번지

0번지


Stack Instructions


Assembly Debugging

• View -> Debug windows에서– Register

– Memory

– Disassembly


An Example

/* simple.cppdemonstrating assembly language code generated by the compiler

*/#include <windows.h>int sum(int x, int y);int WINAPI wsum(int x, int y);

void main() {int a, b, c;a = 10;b = 20;c = a + b;c = sum(a,b);c = wsum(a,b);

}

int sum(int x, int y) {int z;z = x + y;return z;

}

int WINAPI wsum(int x, int y) { //모든 Windows API는 WINAPI 형식의 함수이다.int z;z = x + y;return z;

}


Simple.cod File: 0번지부터 시작

; 11 : a = 10;

00018 c7 45 fc 0a 00 00 00

mov DWORD PTR _a$[ebp], 10; 0000000aH

C source code

Translated machine code

Memory address for machine code

Translated assembly code


Disassembly Window: 실행 시 기계어의 위치(relocated)

11: a = 10;

00401048 mov dword ptr [ebp-4],0Ah

C source code

Memory address for machine code (Relocated)

Translated assembly code (Disassemble)


Function Call

Caller; 14 : c = sum(a,b);

mov ecx, DWORD PTR _b$[ebp]

push ecx

mov edx, DWORD PTR _a$[ebp]

push edx

call ?sum@@YAHHH@Z ; sum

add esp, 8

mov DWORD PTR _c$[ebp], eax

Callee; COMDAT ?sum@@YAHHH@Z_TEXT SEGMENT_x$ = 8_y$ = 12_z$ = -4?sum@@YAHHH@Z PROC NEAR ; sum, COMDAT

; 19 : int sum(int x, int y) {

push ebpmov ebp, espsub esp, 68 ; 00000044Hpush ebxpush esipush edilea edi, DWORD PTR [ebp-68]mov ecx, 17 ; 00000011Hmov eax, -858993460 ; ccccccccHrep stosd

; 20 : int z;; 21 : z = x + y;

mov eax, DWORD PTR _x$[ebp]add eax, DWORD PTR _y$[ebp]mov DWORD PTR _z$[ebp], eax

; 22 : return z;

mov eax, DWORD PTR _z$[ebp]

; 23 : }

pop edipop esipop ebxmov esp, ebppop ebpret 0

?sum@@YAHHH@Z ENDP ; sum_TEXT ENDS


Before Function Call

• Assume:– esp = n + 4

– ebp = bbpp

– edi = ddii

– esi = ssii

– ebx = bbxx

• The above registers are used in the callee.


Function Call – Caller

; 14 : c = sum(a,b); //esp = n+4


push ecx


push edx


add esp, 8


2번째매개변수를Stack에저장

b n

n-4

n-8

n-12

ESP


Function Call - Caller

; 14 : c = sum(a,b);


push ecx


push edx


add esp, 8


1번째매개변수를Stack에저장

b n

a n-4

n-8

n-12

ESP



; 14 : c = sum(a,b);


push ecx


push edx


add esp, 8


Return address를Stack에저장1. Push returnaddr:2. eip ?sum@@YAHH@Z

b n

a n-4

return addr n-8

n-12

ESP

return addr:


Function Call - Callee


push ebp; [ebp] = bbpp

mov ebp, esp

sub esp, 68 ;00000044H

push ebx

push esi

push edi

lea edi, DWORD PTR [ebp-68]

movecx, 17 ; 00000011H

moveax, -858993460; ccccccccH

rep stosd

함수안에서 ebp를사용하기때문에,우선ebp를 Stack에저장

b n

a n-4

return addr n-8

bbpp n-12ESP





mov ebp, esp

sub esp, 68 ;00000044H

push ebx

push esi

push edi


mov ecx, 17 ; 00000011H

mov eax, -858993460; ccccccccH

rep stosd

Ebp의값을현재의esp값으로지정ebp = n-12

b n

a n-4

return addr n-8

bbpp n-12ESPEBP





mov ebp, esp

sub esp, 68 ;00000044H

push ebx

push esi

push edi


mov ecx, 17 ; 00000011H


rep stosd

함수내의지역변수를위한공간(17 DWORD)을stack에마련esp = n-80

b n

a n-4

return addr n-8

bbpp n-12

ESP

…

n-80

EBP

n-16





mov ebp, esp

sub esp, 68 ;00000044H

push ebx

push esi

push edi


mov ecx, 17 ; 00000011H


rep stosd

함수에서사용할 Register의내용을 Stack에저장

b n

a n-4

return addr n-8

bbpp n-12

ESP

…

n-80

EBP

n-16

bbxx n-84

ssii n-88

ddii n-92





move bp, esp

sub esp, 68 ;00000044H

push ebx

push esi

push edi


mov ecx, 17 ; 00000011H


rep stosd

지역변수를위해확보한Stack의내용을모두cccccccch로저장4 x 17 = 68

b n

a n-4

return addr n-8

bbpp n-12

ESP

cccccccch…

cccccccch n-80

EBP

cccccccch n-16

bbxx n-84

ssii n-88

ddii n-92

EDI

for(i=0; i<ecx; i++) mov [edi + 4*i], eax

for(i=0; i<17; i++) mov[(n-80) + 4*i], ccccccccH



_x$ = 8

_y$ = 12

_z$ = -4

; 21 : z = x + y;

mov eax, DWORD PTR _x$[ebp]

add eax, DWORD PTR _y$[ebp]

mov DWORD PTR _z$[ebp], eax

a와 b를더해[ebp-4]에저장

b n

a n-4

return addr n-8

bbpp n-12

ESP

cccccccch…

cccccccch n-80

EBP

z = a+b n-16

bbxx n-84

ssii n-88

ddii n-92

EBP-4

EBP+8

EBP+12



; 22 : return z;

mov eax, DWORD PTR _z$[ebp]

Return할값을 eax에저장eax = a+b

b n

a n-4

return addr n-8

bbpp n-12

ESP

cccccccch…

cccccccch n-80

EBP

z = a+b n-16

bbxx n-84

ssii n-88

ddii n-92

EBP-4

EBP+8

EBP+12



; 23 : }

pop edi

pop esi

pop ebx

mov esp, ebp

pop ebp

ret 0

함수에서사용하기전Register값복원

b n

a n-4

return addr n-8

bbpp n-12

ESP

cccccccch…

cccccccch n-80

EBP

z = ssssssssh n-16

bbxx n-84

ssii n-88

ddii n-92



; 23 : }

pop edi

pop esi

pop ebx

mov esp, ebp

pop ebp

ret 0

지역변수를위해확보한공간을소멸esp = ebp

b n

a n-4

return addr n-8

bbpp n-12ESP

cccccccch…

cccccccch n-80

EBP

z = ssssssssh n-16

bbxx n-84

ssii n-88

ddii n-92



; 23 : }

pop edi

pop esi

pop ebx

mov esp, ebp

pop ebp

ret 0

ebp값을복원ebp = bbpp

b n

a n-4

return addr n-8

bbpp n-12

ESP

cccccccch…

cccccccch n-80

z = ssssssssh n-16

bbxx n-84

ssii n-88

ddii n-92



; 23 : }

pop edi

pop esi

pop ebx

mov esp, ebp

pop ebp

ret 0

caller로다시가기위해 eip값설정1. pop eip; //eip return addr2. esp = esp + 0

b n

a n-4

return addr n-8

bbpp n-12

ESP

cccccccch…

cccccccch n-80

z = ssssssssh n-16

bbxx n-84

ssii n-88

ddii n-92



; 14 : c = sum(a,b);


push ecx


push edx


add esp, 8


esp를원래대로복원

b n

a n-4

return addr n-8

n-12

ESP

return addr:

n+4



; 14 : c = sum(a,b);


push ecx


push edx


add esp, 8


eax에저장된계산결과를 c로저장

b n

a n-4

return addr n-8

n-12

ESP

return addr:

n+4


Function Call: Summary

• 스택 공간의 용도– 매개변수를 위한 공간으로 사용. 오른쪽 매개변수부터 스택에

push된다.– 함수 내의 지역변수를 위한 공간으로 사용

• ebp의 용도– 함수 내에서의 모든 매개변수와 지역변수는 ebp와 인덱스를

사용하여 접근한다.– ebp는 함수내 지역변수를 위한 stack공간의 맨 위를 가리킨다.

• 함수 시작 전 스택에 push하고 종료 후 pop하는 레지스터– ebp, edi, esi, ebx

• int형 반환 데이터는 eax에 저장된다.

• 함수 호출 측은 함수 종료 후, 매개변수를 위해 사용한스택공간을 재조정한다. (add esp, 8)


Return Instruction

• sum()과 wsum() 함수의 차이는 함수 종료 후 누가(호출측 or 함수측) 매개변수를 위한 스택공간을 정리하는가이다.– sum() return instruction: ret 0

– wsum() return instruction: ret 8

• ret n– RET transfers control to a return address located on the stack. The

address is usually placed on the stack by a CALL instruction, and the return is made to the instruction that follows the CALL.

– The optional numeric parameter to RET gives the number of stack bytes to be released after the return address is popped. These items are typically used as input parameters to the procedure called.


Calling Convention

Keyword Stack cleanup Parameter passing

__cdecl

(C default)Caller

Pushes parameters on the stack, in reverse order (right to left)

__stdcall(#define WINAPI __stdcall)

CalleePushes parameters on the stack, in reverse order (right to left)

__fastcall Callee Stored in registers, then pushed on stack

thiscall

(not a keyword)Callee

Pushed on stack; this pointer stored in ECX

no slide titlemmlab.uos.ac.kr/system programming/pdf/assmv2.pdfmultimedia lab. dept. of electrical...

Documents