Posts Tagged ‘ASM’

Intro To x86

Posted: June 13, 2013 in Programming
Tags: ,

Intro to Intel X86

First thing we should know is that X86 is ( microprocessor ) and the X represents a number in the family of 86 , the main components you should aware of is

1- How Ram works RAM with the OS .

2- The Processor it self πŸ˜€ , this tell you what architecture you are working with .

– Data Type

Length ( bits )

Intel – ASM

C

8 ( Bytes )

BYTE

Char

16 ( 2 Bytes )

Word

Short

32 ( 4 Bytes )

Double word

Int / long

128 ( 16 Bytes )

Quad word

Double /long long

– Representation

Decimal ( base 10 )

Binary ( base 2 )

Hex ( base 16 )

0

0000b

0x00

1

0001b

0x01

2

0010b

0x02

3

0011b

0x03

4

0100b

0x04

5

0101b

0x05

6

0110b

0x06

7

0111b

0x07

8

1000b

0x08

9

1001b

0x09

10

1010b

0x0A

11

1011b

0x0B

12

1100b

0x0C

13

1101b

0x0D

14

1110b

0x0E

15

1111b

0x0F

So how we represent the negative numbers .

1- Flips the one β†’ zero , zero β†’ one

2- Sum 1 to the flipped representation

Number Ones’ Comp Tow’s Comp. ( Negative )
0000-0001b : 0x01 1111-1110b : 0xFE 1111-1111b : 0xFF : -1
0000-0100b : 0x04 1111-1011b : 0xFB 1111-1100b : 0xFC : -4

What kind of architecture are there

1- CISC ,Complex Instruction Set Computer { Intel }

– It main characteristic is the huge number of special propose instructions

– Variable length is between 1 and 16 bytes long

2- RISC , Reduced Instruction Set Computer { PowerPC, ARM , SPARC, MIPS }

– Built upon small set of instructions

– Typically has more registers than CISC

In both previous architecture the y should find a way to map the bytes to the RAM

and there is to way to do that ( Little endian , Big endian )

Little endian : you store first the leas significant bytes , 0x12345678 β†’ 0x78563412

Big endian : you store first the most significant byes , 0x12345678 β†’ 0x12345678

Intel is Little endian , but network traffic for example is big endian , other architecture like ARM,SPARC , MIPS ) uses big endian too or can be configured as little endian .

Very important , ( Endianess operation are at byte level )

– Registers

Registers are small box of memory in the CPU some for general propose use and others very important specific uses

Int the INTEL architecture , we have 8 registers and the instruction pointer register

On x86-32 the registers are 32 bit size

On x86-64 the registers are 64 bit size

1- EBX ( Base pointer to the data section ) shorter form ( BX )

2- ECX ( Its used as counter ) shorter form ( CX )

3- EAX ( Stores function return values and shorter form ( AX )

4- EDX ( I / O Pointer ) shorter form ( DX )

5- EIS ( Index source of data ) shorter form ( IS )

6- EDI ( Destination Index ) shorter form ( DI )

7-EBP ( Stack Base Frame pointer ) shorter form ( BP )

8-ESP ( Stack pointer ) shorter form ( SP )

-EFLAG ( This register contains several sub registers each of 1 bit represents something )

ZF : Set to zero if the instruction result is 0

SF : Signed register is set to 1 if the most significant bit is 1 . we can use this register to see if the value is positive or negative .

– EIP ( Instruction Pointer )

– Conventions

Caller – Save register eax, edx , ecx

if the caller has any thing in the registers he is responsible to save the register data before calling, and restoring the data after calling , thats because the callee is highly likely to use this registers

Callee – Save register edx,eci,edi,ebx,ebp

if the callee is in need to change any registers other than the saved from the caller he is responsible of storing the value and restore them .

– Calling Convention

– C declaration : ( c-decl )

1. Parameter are saved into the stack from right to left

push x

2. Save Stack point

push esp

3. Create new Stack Frame

mov ebp , esp

4. return value stored on eax or edx:eax

5. caller is responsible for cleaning up the stack

pop ebp

move esp,ebp

β€œ IN RESUME CALLER CALL AND CALLER CLEAN UP β€œ

How the call Instruction works

the only instruction that makes a jump to some location in the code and inject the mechanism to go back is the call ,

the call instruction , sets the EIP to the address its going to execute , but before that , it push the next instruction ( the one after the call ) address to the stack , allowing the return back mechanism by using the β€œRET β€œ instruction in the callee function .