Assembly 09. Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 1.

Slides:



Advertisements
Similar presentations
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
Advertisements

ICS312 Set 6 Operands. Basic Operand Types (1) Register Operands. An operand that refers to a register. MOV AX, BX ; moves contents of register BX to.
Irvine, Kip R. Assembly Language For Intel-Based Computers TYPE and SIZE Operators TYPE –returns the size, in bytes of a single element of a data label.
Assembly 02. Outline mov Command Registers Memory EFLAGS Arithmetic 1.
1 Lecture 4: Data Transfer, Addressing, and Arithmetic Assembly Language for Intel-Based Computers, 4th edition Kip R. Irvine.
Target Processor Directives , When using.386, the program can only run on 386 and above processors.
Assembly Language for Intel-Based Computers, 4 th Edition Chapter 6: Conditional Processing (c) Pearson Education, All rights reserved. You may modify.
Assembly Language for Intel-Based Computers Chapter 5: Procedures Kip R. Irvine.
CS2422 Assembly Language & System Programming October 3, 2006.
Assembly Language for Intel-Based Computers
Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.
Accessing parameters from the stack and calling functions.
Practical Session 3. The Stack The stack is an area in memory that its purpose is to provide a space for temporary storage of addresses and data items.
Assembly Language for Intel-Based Computers
Practical Session 2. Labels Definition valid characters in labels are: letters, numbers, _, $, ~,., and ? first character can be: letter, _, ? and.
Web siteWeb site ExamplesExamples Irvine, Kip R. Assembly Language for Intel-Based Computers, Stack Operations Runtime Stack PUSH Operation POP.
CEG 320/520: Computer Organization and Assembly Language ProgrammingIntel Assembly 1 Intel IA-32 vs Motorola
CDP ECE Spring 2000 ECE 291 Spring 2000 Lecture 7: More on Addressing Modes, Structures, and Stack Constantine D. Polychronopoulos Professor, ECE.
Introduction to Assembly Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2013/2014.
Introduction to Assembly Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015.
Faculty of Engineering, Electrical Department,
String-Introduction String is a series of bytes or a series of words in sequential memory locations. Index registers - SI (Data segment) - DI (Extra segment)
CNIT 127: Exploit Development Ch 3: Shellcode. Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object.
ICS312 Lecture13 String Instructions.
Addressing Modes Chapter 6 S. Dandamudi To be used with S. Dandamudi, “Introduction to Assembly Language Programming,” Second Edition, Springer,
Assembly Language. Symbol Table Variables.DATA var DW 0 sum DD 0 array TIMES 10 DW 0 message DB ’ Welcome ’,0 char1 DB ? Symbol Table Name Offset var.
String Processing Chapter 10 S. Dandamudi To be used with S. Dandamudi, “Introduction to Assembly Language Programming,” Second Edition, Springer,
Introduction to Assembly II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2013/2014.
Assembly 03. Outline inc, dec movsx jmp, jnz Assembly Code Sections Labels String Variables equ $ Token 1.
Assembly 07. Outline Boxes within Boxes Procedure Definition call, ret Saving / Restoring Registers Argument(s) Return Value(s) Global vs. Local Data.
4. Kernel and VGA ENGI 3655 Lab Sessions. Richard Khoury2 Textbook Readings  None.
October 1, 2003Serguei A. Mokhov, 1 SOEN228, Winter 2003 Revision 1.2 Date: October 25, 2003.
Assembly 06. Outline cmp (review) Jump commands test mnemonic bt mnemonic Addressing 1.
Assembly 08. Outline Local Labels Jump Lengths External Libraries Macros 1.
String Instructions String instructions were designed to operate on large data structures. The SI and DI registers are used as pointers to the data structures.
Introduction to Assembly II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015.
Computer Architecture and Assembly Language
Arrays. Outline 1.(Introduction) Arrays An array is a contiguous block of list of data in memory. Each element of the list must be the same type and use.
Computer Organization & Assembly Language University of Sargodha, Lahore Campus Prepared by Ali Saeed.
Addressing Modes Dr. Hadi Hassan.  Two Basic Questions  Where are the operands?  How memory addresses are computed?  Intel IA-32 supports 3 fundamental.
Chapter 8 String Operations. 8.1 Using String Instructions.
Practical Session 3.
CSC 221 Computer Organization and Assembly Language
Computer Architecture and Assembly Language
Practical Session 5.
Computer Architecture and Assembly Language
Assembly Lab 3.
Assembly 07 String Processing.
Additional Assembly Programming Concepts
Chapter 9.
Chapter six of V4: The String Instructions
Chapter 4 Data Movement Instructions
EE3541 Introduction to Microprocessors
Assembly IA-32.
Computer Architecture and Assembly Language
Computer Organization and Assembly Language
BIC 10503: COMPUTER ARCHITECTURE
Symbolic Instruction and Addressing
Practical Session 4.
Symbolic Instruction and Addressing
Assembly Language for Intel-Based Computers, 5th Edition
T opic: S TRING I NSTRUCTION P RESENTED B Y: N OOR FATIMA M AHA AKRAM ASIF.
X86 Assembly Review.
Data Movement Instructions
Chapter 6 –Symbolic Instruction and Addressing
More on operators and procedures in the Linked
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Computer Architecture and System Programming Laboratory
Presentation transcript:

Assembly 09

Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 1

Strings in x86 x86 string: any contiguous group of bytes in memory Not necessarily characters only Can also be words, dwords Arbitrary size 2

Strings in x86 Unlike strings in C++, Java, Python, etc. x86 strings have no length counter no.length() x86 strings have no boundary character C-style strings end in ‘\0’ (null terminator) 3

Strings in x86 “Think of strings as the register values that define them.” “Assembly strings are wholly defined by values you place in registers” Pointer to string’s address in memory Length of string in ecx 4

msg: db “THIS IS A STRING”, 10; in.data len: equ $-msg ptr: dd 0x00; declare 32-bit variable mov eax, msg; in.text (evaluate msg’s address) mov dword [ptr], msg; copy msg’s address to ptr mov ebx, [ptr]; evaluate ptr’s value mov eax,4; write system call… mov ebx,1; mov ecx, [ptr]; use address stored in ptr mov edx, len; int 0x80

msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 UNIX>./a.out THIS IS A STRING UNIX> UNIX>./a.out THIS IS A STRING UNIX>

7 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 eax ebx ptr

8 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 0 eax ebx ptr

9 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 0x080490B8 0 eax ebx ptr msg’s address

10 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 0x080490B8 eax ebx ptr

11 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 0x080490B8 eax ebx ptr

12 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 0x080490B8 eax ebx ptr we use the 32-bit value in ptr (the address of msg)

13 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 msg: db “THIS IS A STRING”, 10 len: equ $-msg ptr: dd 0x00 mov eax, msg mov dword [ptr], msg mov ebx, [ptr] mov eax,4 mov ebx,1 mov ecx, [ptr] mov edx, len int 0x80 UNIX>./a.out THIS IS A STRING UNIX> UNIX>./a.out THIS IS A STRING UNIX> address stored in ptr works!

Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 14

esi, edi, ecx, eax CPU makes assumption: registers esi, edi, ecx, and eax used in string-specific instructions… esi - source edi – destination ecx – string length eax – buffer between source / destination 15

buf: resb 1000; declare a 1000 byte string (in.bss) ; Fill buf string with ‘#’ (in.text) mov edi, buf; store buf’s address in edi mov al, ‘#’; put character in eax register mov ecx, 1000; put string length in ecx _loop: mov byte [edi], al; put ‘#’ in memory pointed to by edi inc edi; edi + 1 points to next byte in buf dec ecx; decrement loop counter jnz _loop; if loop counter > 0, loop ;syscall to print buf ;syscall to exit

buf: resb 1000; in.bss ; Fill buf string with ‘#’ (in.text) mov edi, buf mov al, ‘#’ mov ecx, 1000 _loop: mov byte [edi], al inc edi dec ecx jnz _loop ;syscall to print buf ;syscall to exit buf: resb 1000; in.bss ; Fill buf string with ‘#’ (in.text) mov edi, buf mov al, ‘#’ mov ecx, 1000 _loop: mov byte [edi], al inc edi dec ecx jnz _loop ;syscall to print buf ;syscall to exit UNIX>./a.out ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### #########...UNIX> UNIX>./a.out ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### ####################### #########...UNIX>

18 I ain’t no liar none!! (dag nabbit!!)

esi, edi, ecx, eax Is there a simpler way to do this common string manipulation? _loop: mov byte [edi], al inc edi dec ecx jnz _loop Yes!! (duh) 19

Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 20

stosb stosb mnemonic: “Store String by Byte” stosb does the following: 1.copies byte al to memory at edi 2.increments edi stosb instruction takes no operands edi, al are implicit 21

stosb _loop: mov byte [edi], al inc edi dec ecx jnz _loop 22 _loop: stosb dec ecx jnz _loop equivalent

stosw, stosd stosw – similar to stosb, but works with word strings Uses ax instead of al stosd – similar to stosb, but works with dword strings Uses eax instead of al Note: ecx remains unchanged ecx is still number of items in string (not number of bytes) E.g., 1000 bytes, 1000 words, 1000 dwords 23

24 buf: resd 1000; declare a 1000 dword string (in.bss) ; Fill buf string with ‘#’ (in.text) mov edi, buf; store buf’s address in edi mov ecx, 1000; put string length in ecx mov eax,0xACEBEEF; store some identifiable string _loop: stosd; store eax in [edi] (buf) dec ecx; decrement loop counter jnz _loop; if loop counter > 0, loop mov ebx,[buffer + 500*4]; examine 500 th item ;syscall to exit

25 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] buf[0] buf[1] buf[500] buf[999] buf[…] … … ebx ecx edi eax

26 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] buf[0] buf[1] buf[500] buf[999] buf[…] buf … … buf[…] ebx ecx edi eax

27 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] buf[0] buf[1] buf[500] buf[999] buf[…] 1000 buf … … buf[…] ebx ecx edi eax

28 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx buf[0] buf[1] buf[500] buf[999] buf[…] 1000 buf edi … … buf[…] eax 0xACEBEEF

29 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx 0xACEBEEF buf[0] buf[1] buf[500] buf[999] buf[…] 1000 buf+4 edi … … buf[…] eax 0xACEBEEF

30 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx 0xACEBEEF buf[0] buf[1] buf[500] buf[999] buf[…] 999 buf+4 edi … … buf[…] eax 0xACEBEEF

31 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx 0xACEBEEF buf[0] buf[1] buf[500] buf[999] buf[…] 999 buf+8 edi … … buf[…] eax 0xACEBEEF

32 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx 0xACEBEEF buf[0] buf[1] buf[500] buf[999] buf[…] 998 buf+8 edi … … buf[…] eax 0xACEBEEF

33 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx 0xACEBEEF buf[0] buf[1] buf[500] buf[999] buf[…] 0 buf+4000 edi … … buf[…] eax 0xACEBEEF loop continues 998 more times (1000 total)

34 buf: resd 1000 mov edi, buf mov ecx, 1000 mov eax,0xACEBEEF _loop: stosd dec ecx jnz _loop mov ebx,[buf + 500*4] ebx ecx 0xACEBEEF buf[0] buf[1] buf[500] buf[999] buf[…] 0xACEBEEF 0 buf+4000 edi … … buf[…] eax 0xACEBEEF don’t forget how to access dwords in memory…

Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 35

Directional Flag DF determines direction of stosb command DF clear: fill string “uphill”, low to high memory (default) edi gets incremented DF set: fill string “downhill”, high to low memory edi gets decremented 36

DF Commands cld-> clear DF (cld takes no arguments) std->set DF (std takes no arguments) 37

buf: resb 10; declare string buffer of 10 bytes (in.bss) mov edi, buf; point edi to string buf (in.text) mov ecx, 10; set loop counter to 10 mov al,’0’; put character 0 in al cld; clear DF to go “uphill” in memory _loop: stosb; store al in [edi] (then edi++) inc al; change ‘0’ to ‘1’… dec ecx; decrement the loop counter jnz _loop; close the loop ;sys calls to write buf, write newline, and exit cleanly

39 buf: resb 10; mov edi, buf; mov ecx, 10; mov al,’0’; cld; _loop: stosb; inc al; dec ecx; jnz _loop ;sys calls UNIX>./a.out UNIX> start at BEGINNING of string DF clear: go “uphill” from low to high memory

buf: resb 10; declare string buffer of 10 bytes (in.bss) mov edi, buf+10; point edi to end of string buf (in.text) mov ecx, 10; set loop counter to 10 mov al,’0’; put character 0 in al std; set DF to go “downhill” in memory _loop: stosb; store al in [edi] (then edi--) inc al; change ‘0’ to ‘1’… dec ecx; decrement the loop counter jnz _loop; close the loop ;sys calls to write buf, write newline, and exit cleanly

41 buf: resb 10; mov edi, buf+10; mov ecx, 10; mov al,’0’; std _loop: stosb; inc al; dec ecx; jnz _loop ;sys calls UNIX>./a.out UNIX> start at END of string DF set: go “downhill” from high to low memory

Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 42

rep Is there an even more succinct way to do this? 43 _loop: stosb dec ecx jnz _loop rep stosb equivalent

rep rep stosb 1.copy byte al to memory at address edi 2.increment (or decrement) edi 3.decrement ecx 4.if ecx > 0, jump back to copy instruction rep => repeat 44

buf: resb 1000; declare a 1000 byte string (in.bss) ; Fill buf string with ‘$’ (in.text) mov edi, buf; store buf’s address in edi mov al, ‘$’; put character in eax register mov ecx, 1000; put string length in ecx rep stosb; single command to: ; copy al to [edi] ; increment edi ; decrement ecx ; compare ecx to 0 and jump ;syscall to print buf ;syscall to exit

buf: resb 1000 mov edi, buf mov al, ‘$’; mov ecx, 1000; rep stosb ;syscall to print buf ;syscall to exit buf: resb 1000 mov edi, buf mov al, ‘$’; mov ecx, 1000; rep stosb ;syscall to print buf ;syscall to exit UNIX>./a.out $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$...UNIX> UNIX>./a.out $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$...UNIX>

Outline Strings in x86 esi, edi, ecx, eax stosb, stosw, stosd cld, std rep loop 47

loop Instruction Usage: loop ; loop does the following: 1)dec ecx 2)jnz label 48 anyone know what this is? it’s used in geology…

loop Instruction 49 _myLoop: inc al dec ecx jnz _myLoop _myLoop: inc al loop _myLoop equivalent

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.