Practical Session 4

GNU Linker Links object files together Used as the last step in the compilation We will use ld to link together compiled assembly without using c. Usage:  nasm –f elf myprog.s –o myprog.o  ld -m elf_i386 myprog.o –o myprog.bin

Command Line Arguments in NASM

Command-line arguments In Linux, we receive command-line arguments on the stack as execution starts: - The first argument; number of arguments (i.e. argc) - The rest of the arguments; each one is a pointer to an argument string. (i.e. argv[0], argv[1] argv[2])

Function calls in NASM

Caller side The caller pushes the function's parameters on the stack, one after another, in reverse order. The caller executes a CALL instruction to pass control to the callee. This CALL is either near or far depending on the memory model. The address of the next instruction is pushed onto the stack as the return address.

Stack structure EBP Ret add (offset) Param #1 … Param #2 dword argc argv[0] … argv[1] argv[2] Function_start

Function call example STR: DB ‘ Printing two ints: %d, %d ’,10,0 … MOV EAX, 15 PUSH EAX ; 3 rd parameter PUSH DWORD 20 ; 2 nd parameter PUSH DWORD STR ; 1 st parameter CALL PRINTF ADD ESP, 12 ; 3 dwords = 12 bytes

Stack contents EBP Ret add (offset) STR 20 dword ; how to get parameters PUSH EBP MOV EBP, ESP MOV EAX, dword [EBP+8] ; 1 st parameter MOV EBX, dword [EBP+12] ; 2 nd parameter MOV ECX, dword [EBP+16] ; 3 rd parameter … 15

section.rodata error_string: db"Not enough arguments!",10,0 section.bss input_string_ptr: resd1; Will contain the pointer to the input string output_string: resb256; Will contain the actual string after copy section.text global _start _start: pop ebx; Contains the number of arguments (Including argv[0]) cmpebx, 2 jlprint_error popebx; First argument: Name of the program popebx; The first argument - Our argument movdword [input_string_ptr], ebx pushdword [input_string_ptr] pushdword output_string callcpy_string; Copy the string to our own buffer addesp, 8 Print String

pushdword output_string callinsert_linefeed; Add a linefeed character (not present in the input) addesp, 4 pushdword output_string callmy_print; Print the output string addesp, 4 mov ebx,0; Exit with return code of 0 (no error) proc_exit: mov eax,1 ; The system call for exit (sys_exit) int 80h print_error:; This is not a function! Just a jmp destination! pusherror_string callmy_print addesp, 4 movebx, 1; Exit with return code of 1 (error) jmpproc_exit Print String

section.rodata error_string: db"Not enough arguments!",10,0 section.bss input_string_ptr: resd1; Will contain the pointer to the input string output_string: resb256; Will contain the actual string after copy section.text global _start _start: pop ebx; Contains the number of arguments (Including argv[0]) cmpebx, 2 jlprint_error popebx; First argument: Name of the program popebx; The first argument - Our argument movdword [input_string_ptr], ebx pushdword [input_string_ptr] pushdword output_string callcpy_string; Copy the string to our own buffer addesp, 8 pushdword output_string callinsert_linefeed; Add a linefeed character (not present in the input) addesp, 4 pushdword output_string callmy_print; Print the output string addesp, 4 mov ebx,0; Exit with return code of 0 (no error) proc_exit: mov eax,1 ; The system call for exit (sys_exit) int 80h print_error:; This is not a function! Just a jmp destination! pusherror_string callmy_print addesp, 4 movebx, 1; Exit with return code of 1 (error) jmpproc_exit Print String

;;;;; This function calculates the length of a string ;;;;; Parameter 1: A pointer to a string ;;;;; Return Value: Integer calc_str_len: pushebp movebp, esp pushebx pushecx movebx, dword [ebp+8]; The input in ebx moveax, 0; The result will be in eax len_next_char: movcl, byte [ebx] cmpcl, 0 jelen_next_char_end inceax incebx jmplen_next_char len_next_char_end: pop ecx popebx movesp, ebp popebp ret calc_str_len

;;;;; This function prints an input string. Note: input string must end with 0! ;;;;; Parameter 1: A pointer to a string ;;;;; Return Value: VOID my_print: pushebp movebp, esp pushad movecx, dword [ebp+8] pushecx callcalc_str_len; Calculate the length of the input string addesp, 4 movedx, eax mov eax, 4 mov ebx, 1 int 80h popad movesp, ebp popebp ret my_print

;;;;; This function will copy a string from an input memory buffer to another ;;;;; Parameter 1: Destination Buffer (Address) ;;;;; Parameter 2: Source Buffer (Address) ;;;;; Return Value: VOID cpy_string: pushebp movebp, esp pushad movebx, dword [ebp+8]; Pointer to Destination movecx, dword [ebp+12]; Pointer to Source movdl, byte[ecx] cpy_next_char: movbyte [ebx], dl cmpdl, 0 jecpy_next_char_end incebx incecx movdl, byte[ecx] jmp cpy_next_char cpy_next_char_end: popad movesp, ebp popebp ret cpy_string

;;;;; This function will add a linefeed character to a string in a memory buffer ;;;;; Parameter 1: Address of memory buffer containing the string ;;;;; Return Value: VOID insert_linefeed: pushebp movebp, esp pushad movebx, dword [ebp+8] pushebx call calc_str_len addesp,4 addebx, eax; Go to the end of the string movbyte [ebx], 10; Add linefeed incebx movbyte [ebx], 0; Add null terminal popad movesp, ebp popebp ret insert_linefeed

ld vs. gcc argc argv[0] … argv[1] argv[2] _start argc &{argv[0],arg[1],…} … main Ret address This is just like C’s main(int argc, char* argv[])