1. Introduction to Assembly Abed Asi Extended System Programming Laboratory (ESPL) CS Department @ BGU Fall 2013/2014

2. 2 When ?TopicLecture October 20, 2013 Introduction to C Programming in Unix Environment - I 1 October 27, 2013 Introduction to C Programming in Unix Environment - II 2 November 3, 2013Introduction to Assembly3 November 17, 2013 November 10, 2013 Functions and System Calls (Assembly)4 Midterm A December 8, 2013Unix Processes5 December 15, 2013Programs Execution6 December 22, 2013Introduction to script languages (Python)7 January 5, 2014Web programming8 Midterm B

3. 3  msg is a pointer that points to memory which is in the data segment (read only part) Abed Asi - ESPL 3 char msg2[]= “text”; msg2[0] = ‘n’; char* msg = “text”; msg[0] = ‘n’;  msg2 is an array of chars that are on the stack

4. Abed Asi - ESPL 4 Courtesy: Guide to Assembly Language Programming in Linux, Sivarama P. Dandamudi, 2005Sivarama P. Dandamudi

5.  Low-level programming language  Influenced by:  The architecture of the processor  The instruction set  Two basic types of processors  CISC (Complex Instruction Set Computers)  RISC (Reduced Instruction Set Computers)  Pentium is an example of a CISC processor  Assembler translates assembly to machine code  NASM is a popular assembler for Pentium processors Abed Asi - ESPL 5

6.  Program development is faster  Programs are easier to maintain  Programs are portable Abed Asi - ESPL 6 so, why to program in the Assembly language ?

7.  Efficiency  Time efficiency  Space efficiency  Direct hardware control Abed Asi - ESPL 7  Programmer productivity ?  Write code  Debug

8.  Educational purposes  Practical purposes (embedded systems)  Cracking Abed Asi - ESPL 8 Personal Satisfaction

9.  IA – 32 architecture  Registers  Fetch-decode-execute cycle  Addressing Modes  Registers  Immediate  Direct  Indirect  Logical and Arithmetic instructions Abed Asi - ESPL 9

10.  A processor acts as a controller  Executing the following cycle forever:  Fetch an instruction from the memory  Decode the instruction  Execute the instruction  Who provides the instructions to the processor ?  Who places these instructions in the main memory ? Abed Asi - ESPL 10

11. Abed Asi - ESPL 11  Pentium has 10 32-bit and 6 16-bit registers  Registers are grouped into:  General registers  Control registers  Segment registers  General registers  Data registers  Pointer registers  Index registers

12.  Data registers  Four 32-bit registers (EAX, EBX, ECX,EDX)  Four 16-bit registers (AX, BX, CX, DX)  Eight 8-bit registers (AH,AL,BL,BH,CL,CH,DL,DH)  Data registers can be used in arithmetic and logical instructions  Special functions for specific instructions  EAX – Accumulator (mul)  ECX – Counter (loop) Abed Asi - ESPL 12

13.  String Registers (could be used as general-purpose)  ESI  EDI  Pointer Registers (could be used as general-purpose)  Mainly used to maintain the stack  ESP  EBP Abed Asi - ESPL 13

14.  Instruction Pointer (EIP)  Tracks the next instr.  Updated once an instr. is executed, jump, etc.  Flag register  Affected by logical and arithmetic inst.  Affects conditional jump operations Abed Asi - ESPL 14

15.  It’s meaning is independent from any other bit  OF— The Overflow flag is set when the result of an operation becomes too large to fit in the operand it originally occupied.  SF— The Sign flag becomes set when the result of an operation forces the operand to become negative.  ZF— The Zero flag becomes set when the results of an operation become zero  CF— The Carry Flag becomes set when an arithmetic or shift operation "carries out" a bit from the operand Abed Asi - ESPL 15

16.  A program is logically divided into two segments:  Code segment (CS)  Data segment (DS)  The SS register points to the program’s stack segment Abed Asi - ESPL 16

17.  The classes of statements  Executable  Directive/pesudo-instructions - constants and more  Macros – naming a group of statements  All three classes use the same format  [label] mnemonic [operands] [;comment]  Fields in [ ] are optional  Examples  repeat: inc result ;executable  CR: EQU 0DH ; directive Abed Asi - ESPL 17

18.  Storage allocation statement  variable-name define-directive initial-value [,initial-value], …  Define directive takes one of this basic forms  DBDefine Byte; allocates 1 byte  DWDefine Word;allocates 2 bytes  DDDefine Doubleword;allocates 4 bytes  DQDefine Quadword;allocates 8 bytes  DTDefine Ten Bytes;allocates 10 bytes  Examples … Abed Asi - ESPL 18

19. Abed Asi - ESPL 19  sorted DB ‘y’  sorted DB ‘79H’  sorted DB 1111001B  Allocate two bytes of contiguous storage and initialized it to 25159  value DW 25159  automatically converted to its 16-bit hex. equivalent (6247H)  address: x x+1 47 62 sorted DB ‘y’ Pentium uses little-endian

20.  Reserve space for uninitialized data  Reserve directives  RESBReserve a byte  RESWReserve a Word  RESDReserve a Doubleword  RESQReserve a Quadword  RESTReserve Ten bytes  response RESB1  buffer RESW100  total RESD1 Abed Asi - ESPL 20

21.  A string  messageDB‘H’ DB‘E’ DB‘L’ DB‘L’ DB‘O’  more compactly: message DB ‘HELLO’ Abed Asi - ESPL 21  Array with 8 elements  messageDW0 DW 0 DW 0 DW 0 DW 0  can be abbreviated: marks DW 0,0,0,0,0 marks TIMES 8 DW 0

22.  Assembly language instructions require operands  Possible locations of the operands (addressing mode):  in a register internal to the processor  in the instruction itself  in the main memory (usually in the data segment)  mov instruction  copies the content of the source register into the dest. register  syntax: mov destination, source ; example: mov EAX, EBX  works with 16-bit and 8-bit registers  memory-to-memory transfer is not supported! Abed Asi - ESPL 22

23.  Using processor’s internal registers  Very efficient. Why ? mov EAX, EBX mov BX, CX mov AL, CL Abed Asi - ESPL 23

24.  Data is part of the instruction  Data is located in the code segment not in the data segment  The immediate data is always a constant mov AL, 75 Abed Asi - ESPL 24

25. responseDB ‘Y’ ;allocates a byte, initializes to Y table1TIMES 20 DD 0 ;allocates 80 bytes, initializes to 0 name1DB‘Jim Ray’ ; 7 bytes ----------------------------------------------------------------------------------- movAL, [response] ; copies Y into AL register mov[response], ‘N’ ; N is written into response mov[name1], ‘K’ ; writes K as the first character of name1 move[table1],56 ; 56 is written in the first element – table1[0] = 56  mov EBX, table1  copies the address of table1 into EBX  mov EBX, [table1]  what is the difference ? Abed Asi - ESPL 25

26.  How to access second element of table1 ?  This mode is required for variable with several elements movEBX, [table1] mov[EBX], 100 ;table[0] = 100 addEBX, 4; EBX = EBX + 4 mov[EBX], 99; table[1] = 99  lea EBX,[table1+ESI] VS. mov EBX,[table1+ESI]  Assembly time and run time Abed Asi - ESPL 26

27.  Moving immediate value into memory sometimes causes ambiguity mov EBX, table1 mov ESI, name1 mov [EBX], 100 mov [ESI], 100  Word equivalent of 100 ? maybe a byte equivalent of 100 ?  Clarify this by using a type specifier movWORD [EBX], 100  mov [EBX], WORD 100 mov BYTE [EBX], 100  mov [EBX], BYTE 100 Abed Asi - ESPL 27

28. Abed Asi - ESPL 28 Bytes addressedType Specifier 1BYTE 2WORD 4DWORD 8QWORD 10TBYTE

29.  increment/decrement the operand by 1  The operand can be either in register or in memory inc destination ;might be 8-, 16-, 32-bit dec destination ;might be 8-, 16-, 32-bit Abed Asi - ESPL 29

30.  Used to add 8-, 16-, 32-bit operands add destination, source ;dest = dest + source  inc EAX is preffered to add EAX,1  Less memory, same speed Abed Asi - ESPL 30

31.  SUB used to subtract 8-, 16-, 32-bit operands sub destination, source ;dest = dest - source  CMP compares two operands (equal, not equal,..)  CMP behavior is similar to SUB except that the result is not saved  So, how can we retrieve the comparison result ?  CMP is typically used with a conditional JUMP inst. Abed Asi - ESPL 31

32. mov EAX, 1 inc again: inc EAX jmp inc_again mov EBX, EAX …  When to stop ? Abed Asi - ESPL 32

33.  Jump if the specified condition is satisfied j label ;identifies the condition  The condition being tested is the result of the last arithmetic or logic operation read_char: movDL,0... (code for reading a character into AL)... cmpAL,0DH ;compares the character to CR jeCR_received ; if equal, jump to CR_received incCL ;otherwise, increment CL and jmpread_char ; go back to read another char. CR_received: movDL, AL Abed Asi - ESPL 33 but, the CMP doesn’t save the result, so what really happens ?!!

34. Abed Asi - ESPL 34 MeaningMnemonic jump if equal jump if zero je jz jump if not equal jump if not zero jne jnz jump if greater jump if not less of equal jg jnle jump if greater or equal jump if not less jge jnl jump if less jump if not greater or equal jl jnge jump if less or equal jump if not greater jle jng jump if carry (i.e. if CF = 1)jc

35.  Two multiplication instr. : mul and imul mul source  The source operand can be in a register or in memory  Immediate operands are not allowed  Where is the second operand ? Abed Asi - ESPL 35

36.  Two Division instr. : div and idiv div source  The source operand is the divisor Abed Asi - ESPL 36

37. mov CL,50 repeat1: dec CL jnz repeat1... Abed Asi - ESPL 37 mov ECX,50 repeat1: loop repeat1...

38. anddestination, source ordestination, source xordestination, source notdestination, source testdestination, source... and AL, 01H jebit_is_zero jmpskip1 bit_is_zero: skip1: Abed Asi - ESPL 38

39.  Shift  SHL  SHR  Rotate  ROL  ROR Abed Asi - ESPL 39

40. section.text global _start ;must be declared for linker (ld) section.data msg db 'Hello world!',0xa ;our dear string len equ $ - msg ;length of our dear string _start: ;tell linker entry point mov edx,len ;message length mov ecx,msg ;message to write mov ebx,1 ;file descriptor (stdout) mov eax,4 ;system call number (sys_write) int 0x80 ;call kernel mov eax,1 ;system call number (sys_exit) int 0x80 ;call kernel Abed Asi - ESPL 40

41. ; Data section begins section.data var1 dd 40 var2 dd 20 var3 dd 30 section.text global _start _start: mov ecx, [var1] cmp ecx, [var2] jg check_third_var mov ecx, [var2] check_third_var: cmp ecx, [var3] jg _exit mov ecx, [var3] _exit: mov ebx, ecx mov eax, 1 int 80h Abed Asi - ESPL 41