Recitation 2: Assembly & gdb Andrew Faulring 15213 Section A 16 September 2002.

Slides:

Advertisements

Similar presentations

Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.

Advertisements

Recitation 4: 09/30/02 Outline The Stack! Essential skill for Lab 3 –Out-of-bound array access –Put your code on the stack Annie Luo

Gnu Debugger (GDB) Topics Overview Quick Reference Card Readings: Quick Reference Card February 7, 2012 CSCE 212Honors Computer Organization.

1 Homework / Exam Turn in mp2 at start of class today Reading –PAL, pp 3-6, Exam #1 next class –Open Book / Open Notes –NO calculators or other.

Machine Programming – Procedures and IA32 Stack CENG334: Introduction to Operating Systems Instructor: Erol Sahin Acknowledgement: Most of the slides are.

University of Washington Last Time For loops  for loop → while loop → do-while loop → goto version  for loop → while loop → goto “jump to middle” version.

Machine-Level Programming I: Introduction Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic operations CS.

Machine-Level Programming III: Procedures Apr. 17, 2006 Topics IA32 stack discipline Register saving conventions Creating pointers to local variables CS213.

– 1 – , F’02 ICS05 Instructor: Peter A. Dinda TA: Bin Lin Recitation 4.

C Prog. To Object Code text text binary binary Code in files p1.c p2.c

Stack Activation Records Topics IA32 stack discipline Register saving conventions Creating pointers to local variables February 6, 2003 CSCE 212H Computer.

Recitation: Bomb Lab June 5, 2015 Dipayan Bhattacharya.

Machine-Level Programming 3 Control Flow Topics Control Flow Switch Statements Jump Tables.

Y86 Processor State Program Registers

1 Carnegie Mellon Stacks : Introduction to Computer Systems Recitation 5: September 24, 2012 Joon-Sup Han Section F.

University of Washington x86 Programming III The Hardware/Software Interface CSE351 Winter 2013.

Fabián E. Bustamante, Spring 2007 Machine-Level Programming III - Procedures Today IA32 stack discipline Register saving conventions Creating pointers.

Recitation 4: The Stack & Lab3 Andrew Faulring Section A 30 September 2002.

1 #include void silly(){ char s[30]; gets(s); printf("%s\n",s); } main(){ silly(); return 0; }

Recitation 2 – 2/11/02 Outline Stacks & Procedures Homogenous Data –Arrays –Nested Arrays Mengzhi Wang Office Hours: Thursday.

Recitation 2: Outline Assembly programming Using gdb L2 practice stuff Minglong Shao Office hours: Thursdays 5-6PM Wean Hall.

Carnegie Mellon Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza.

Machine-Level Programming 3 Control Flow Topics Control Flow Switch Statements Jump Tables.

ELF binary # readelf -a foo.out ELF Header:

1 Carnegie Mellon Assembly and Bomb Lab : Introduction to Computer Systems Recitation 4, Sept. 17, 2012.

Machine-Level Programming 1 Introduction Topics Assembly Programmer’s Execution Model Accessing Information Registers Memory Arithmetic operations.

Machine-level Programming III: Procedures Topics –IA32 stack discipline –Register saving conventions –Creating pointers to local variables.

Recitation 2 – 2/4/02 Outline Floating Point Typecasting

Compiler Construction Code Generation Activation Records

1 Linking. 2 Outline Symbol Resolution Relocation Suggested reading: 7.6~7.7.

EXPLOITATION CRASH COURSE – FALL 2013 UTD Computer Security Group – Andrew Folloder csg.utdallas.edu (credit: Scott Hand)

Recitation 3 Outline Recursive procedure Complex data structures –Arrays –Structs –Unions Function pointer Reminders Lab 2: Wed. 11:59PM Lab 3: start early.

OUTLINE 2 Pre-requisite Bomb! Pre-requisite Bomb! 3.

Recitation 2 – 2/11/02 Outline Stacks & Procedures Homogenous Data –Arrays –Nested Arrays Structured Data –struct s / union s –Arrays of structs.

IA32 Stack –Region of memory managed with stack discipline –Grows toward lower addresses –Register %esp indicates lowest stack address address of top element.

Machine-Level Programming 2 Control Flow Topics Condition Codes Setting Testing Control Flow If-then-else Varieties of Loops Switch Statements.

Section 5: Procedures & Stacks

Recitation 3: Procedures and the Stack

A job ad at a game programming company

Reading Condition Codes (Cont.)

Machine-Level Programming 2 Control Flow

Instruction Set Architecture

C function call conventions and the stack

Recitation 2 – 2/11/02 Outline Stacks & Procedures

Aaron Miller David Cohen Spring 2011

Homework In-line Assembly Code Machine Language

Introduction to Compilers Tim Teitelbaum

Recitation 2 – 2/4/01 Outline Machine Model

Assembly Language Programming V: In-line Assembly Code

Machine-Level Programming II: Arithmetic & Control

Carnegie Mellon Machine-Level Programming III: Switch Statements and IA32 Procedures / : Introduction to Computer Systems 7th Lecture, Sep.

Chapter 3 Machine-Level Representation of Programs

Machine-Level Programming 1 Introduction

asum.ys A Y86 Programming Example

Machine-Level Programming III: Switch Statements and IA32 Procedures

Y86 Processor State Program Registers

Machine-Level Programming 4 Procedures

Instructor: David Ferry

C Prog. To Object Code text text binary binary Code in files p1.c p2.c

Machine-Level Programming 2 Control Flow

Assembly Language Programming II: C Compiler Calling Sequences

Machine-Level Programming III: Procedures Sept 18, 2001

Machine-Level Representation of Programs III

Machine-Level Programming 2 Control Flow

Machine-Level Programming: Introduction

Chapter 3 Machine-Level Representation of Programs

X86 Assembly Review.

Computer Architecture and System Programming Laboratory

Presentation transcript:

Recitation 2: Assembly & gdb Andrew Faulring Section A 16 September 2002

Andrew Faulring Office hours: –NSH 2504 (lab) / 2507 (conference room) –Normally Thursday 5–6 –THIS WEEK: Wednesday 5–6

Today’s Plan Preparing for Lab2 –due Thursday, 26 11:59PM Assembly programming C to ASM –Using gdb ASM to C –Reverse engineering (like in Lab2)

Machine Model EIPEIP Registers CPU Memory Object Code Program Data Addresses Data Instructions Stack Condition Codes

Special Registers %eaxReturn Value %eipInstruction Pointer %ebpBase (Stack Frame) Pointer %espStack Pointer

Simple Addressing Modes $1010 (R)Mem[R] $10(R)Mem[R + 10] $0x10(R)Mem[R + 16]

Indexed Addressing Modes Generic Form D(Rb, Ri, S)Mem[Reg[Rb]+S*Reg[Ri]+D] Examples (Rb,Ri)Mem[Reg[Rb]+Reg[Ri]] D(Rb,Ri)Mem[Reg[Rb]+Reg[Ri]+D] (Rb,Ri,S)Mem[Reg[Rb]+S*Reg[Ri]]

Example 1: Arithmetic int func1(int a, int b) { int x, y; x = a + b; y = 2*x - b; return x*y; }

func1 assembly func1: push %ebp # save frame pointer mov %esp,%ebp # frame ptr = stack ptr mov 0xc(%ebp),%eax # %eax = b mov 0x8(%ebp),%ecx # %ecx = a add %eax,%ecx # %ecx = x = a + b lea (%ecx,%ecx,1),%edx # %edx = 2 * x sub %eax,%edx # %edx = y = 2 * x - b mov %ecx,%eax # %eax = x imul %edx,%eax # %eax = x * y mov %ebp,%esp # restore stack pointer pop %ebp # restore frame pointer ret

gdb GNU debugger Your friend for Lab2 Usage –gdb

gdb commands run : starts the program, can include command line arguments disas : disassembles code into asm print : used to print values of variables & memory x : examine memory contents step, next : step through code break : set breakpoints in the code

Using gdb with func1 break func1 run disas where print/x $eax print/x $ecx

Example 2: Control int func2(int a, int b) { if(a>b) return a; else return b; }

ASM for func2 func2: push %ebp # save frame pointer mov %esp,%ebp # frame ptr = stack ptr mov 0x8(%ebp),%edx # %edx = a mov 0xc(%ebp),%eax # %eax = b cmp %eax,%edx # a > b jle.L1 # a <= b mov %edx,%eax # return a.L1: # otherwise %eax = b mov %ebp,%esp # restore stack pointer pop %ebp # restore frame pointer ret

Example 3: int func3(int a, int b) { int r = 0xDEADBEEF; switch(a) { case 0: r = a; break; case 1: r = b; break; case 2: r = a+b; break; case 3: r = a-b; break; case 4: r = a*b; break; } return r; }

ASM for func3 # $edx = a, $ecx = b, $eax = 0xdeadbeef 0x : mov 0x8(%ebp),%edx 0x : mov 0xc(%ebp),%ecx 0x : mov $0xdeadbeef,%eax # go to default case, if a > 4 0x804845e : cmp $0x4,%edx 0x : ja 0x804848b # execute the jump … 0x : jmp *0x (,%edx,4) 0x804846a : lea 0x0(%esi),%esi

ASM for func3 case 0: return a 0x : mov %edx,%eax 0x : jmp 0x804848b case 1: return b 0x : mov %ecx,%eax 0x : jmp 0x804848b 0x : lea (%ecx,%edx,1),%eax case 2: return a+b 0x : lea (%ecx,%edx,1),%eax 0x804847b : jmp 0x804848b 0x804847d : lea 0x0(%esi),%esi

ASM for func3 case 3: a-b 0x : mov %edx,%eax 0x : sub %ecx,%eax 0x : jmp 0x804848b case 4: a*b 0x : mov %edx,%eax 0x : imul %ecx,%eax

Addresses of the cases case 0: 0x case 1: 0x case 2: 0x case 3: 0x case 4: 0x

The Jump Table 0x : jmp *0x (,%edx,4) (gdb) x/5xw 0x x : 0x x x x x : 0x %edx = a Jump to instruction with address MEM[0x a*4]

Example 4: asm => c Dump of assembler code for function func4: 0x80483c0 : push %ebp 0x80483c1 : mov %esp,%ebp 0x80483c3 : mov 0x8(%ebp),%ecx 0x80483c6 : xor %eax,%eax 0x80483c8 : xor %edx,%edx 0x80483ca : cmp %ecx,%eax 0x80483cc : jge 0x80483d7 0x80483ce : mov %esi,%esi 0x80483d0 : add %edx,%eax 0x80483d2 : inc %edx 0x80483d3 : cmp %ecx,%edx 0x80483d5 : jl 0x80483d0 0x80483d7 : mov %ebp,%esp 0x80483d9 : pop %ebp 0x80483da : ret 0x80483db : nop End of assembler dump.

Examining func4 : pushl %ebp # save frame pointer movl %esp,%ebp # frame ptr = stack ptr movl 0x8(%ebp),%ecx # put arg1 into %ecx xorl %eax,%eax # zero %eax xorl %edx,%edx # zero %edx

Examining func4 cmpl %ecx,%eax # compare arg1 (%ecx) and %eax jge.L4 # jump to.L4 if arg1 <= %eax (0).L6: addl %edx,%eax # %eax = %eax + %edx incl %edx # %edx = %edx + 1 cmpl %ecx,%edx # compare arg1 (%ecx) and %edx jl.L6 # jump to.L06 if %edx < arg1.L4: movl %ebp,%esp # restore stack pointer popl %ebp # restore frame pointer ret

Name the variables %ecx: x (first argument) %eax: result %edx: i

func4 int func4(int x) // %ecx = x { int result = 0; // %eax = result int i; // %edx = i for (i = 0; i < x; i++) result += i; return result; }