CMSC 313 Lecture 05
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Automatic Extraction of X86 Formal Semantics from Its Natural Language Description
Automatic extraction of x86 formal semantics from its natural language description NGUYEN, Lam Hoang Yen Graduate School of Advanced Science and Technology Japan Advanced Institute of Science and Technology March, 2018 Master's Thesis Automatic extraction of x86 formal semantics from its natural language description 1610062 NGUYEN, Lam Hoang Yen Supervisor : Professor Mizuhito Ogawa Main Examiner : Professor Mizuhito Ogawa Examiners : Associate Professor Nguyen Minh Le Professor Kazuhiro Ogata Associate Professor Nao Hirokawa Graduate School of Advanced Science and Technology Japan Advanced Institute of Science and Technology [Information Science] February, 2018 Abstract Nowadays, computers have become an essential device of almost every activity for every- body at any age. From personal demands to industrial and business sectors, they are used to improve human life as well as the efficiency and the productivity. The more important they are, the more attractive target they become for being attacked and serving malicious purposes. There are various threats to a computer system. One of the most common manners that penetrates or damages a system with bad impacts to most of the computer users is malware. Malware detection and malware classification are two of the most at- tractive problems in not only industry area but also academic research. The bits-based fingerprint also known as the signature-based pattern recognition is applied popularly in commercial anti-virus software due to its light-weight and fast features. However, it is easily cheated by advanced polymorphic techniques in malware. Therefore, malware analyses based on control flow graph (CFG) have been attracting a lot of attention, e.g., VxClass at Google. -
Lecture Notes in Assembly Language
Lecture Notes in Assembly Language Short introduction to low-level programming Piotr Fulmański Łódź, 12 czerwca 2015 Spis treści Spis treści iii 1 Before we begin1 1.1 Simple assembler.................................... 1 1.1.1 Excercise 1 ................................... 2 1.1.2 Excercise 2 ................................... 3 1.1.3 Excercise 3 ................................... 3 1.1.4 Excercise 4 ................................... 5 1.1.5 Excercise 5 ................................... 6 1.2 Improvements, part I: addressing........................... 8 1.2.1 Excercise 6 ................................... 11 1.3 Improvements, part II: indirect addressing...................... 11 1.4 Improvements, part III: labels............................. 18 1.4.1 Excercise 7: find substring in a string .................... 19 1.4.2 Excercise 8: improved polynomial....................... 21 1.5 Improvements, part IV: flag register ......................... 23 1.6 Improvements, part V: the stack ........................... 24 1.6.1 Excercise 12................................... 26 1.7 Improvements, part VI – function stack frame.................... 29 1.8 Finall excercises..................................... 34 1.8.1 Excercise 13................................... 34 1.8.2 Excercise 14................................... 34 1.8.3 Excercise 15................................... 34 1.8.4 Excercise 16................................... 34 iii iv SPIS TREŚCI 1.8.5 Excercise 17................................... 34 2 First program 37 2.1 Compiling, -
X86 Assembly Language Syllabus for Subject: Assembly (Machine) Language
VŠB - Technical University of Ostrava Department of Computer Science, FEECS x86 Assembly Language Syllabus for Subject: Assembly (Machine) Language Ing. Petr Olivka, Ph.D. 2021 e-mail: [email protected] http://poli.cs.vsb.cz Contents 1 Processor Intel i486 and Higher – 32-bit Mode3 1.1 Registers of i486.........................3 1.2 Addressing............................6 1.3 Assembly Language, Machine Code...............6 1.4 Data Types............................6 2 Linking Assembly and C Language Programs7 2.1 Linking C and C Module....................7 2.2 Linking C and ASM Module................... 10 2.3 Variables in Assembly Language................ 11 3 Instruction Set 14 3.1 Moving Instruction........................ 14 3.2 Logical and Bitwise Instruction................. 16 3.3 Arithmetical Instruction..................... 18 3.4 Jump Instructions........................ 20 3.5 String Instructions........................ 21 3.6 Control and Auxiliary Instructions............... 23 3.7 Multiplication and Division Instructions............ 24 4 32-bit Interfacing to C Language 25 4.1 Return Values from Functions.................. 25 4.2 Rules of Registers Usage..................... 25 4.3 Calling Function with Arguments................ 26 4.3.1 Order of Passed Arguments............... 26 4.3.2 Calling the Function and Set Register EBP...... 27 4.3.3 Access to Arguments and Local Variables....... 28 4.3.4 Return from Function, the Stack Cleanup....... 28 4.3.5 Function Example.................... 29 4.4 Typical Examples of Arguments Passed to Functions..... 30 4.5 The Example of Using String Instructions........... 34 5 AMD and Intel x86 Processors – 64-bit Mode 36 5.1 Registers.............................. 36 5.2 Addressing in 64-bit Mode.................... 37 6 64-bit Interfacing to C Language 37 6.1 Return Values.......................... -
Assembly Language: IA-X86
Assembly Language for x86 Processors X86 Processor Architecture CS 271 Computer Architecture Purdue University Fort Wayne 1 Outline Basic IA Computer Organization IA-32 Registers Instruction Execution Cycle Basic IA Computer Organization Since the 1940's, the Von Neumann computers contains three key components: Processor, called also the CPU (Central Processing Unit) Memory and Storage Devices I/O Devices Interconnected with one or more buses Data Bus Address Bus data bus Control Bus registers Processor I/O I/O IA: Intel Architecture Memory Device Device (CPU) #1 #2 32-bit (or i386) ALU CU clock control bus address bus Processor The processor consists of Datapath ALU Registers Control unit ALU (Arithmetic logic unit) Performs arithmetic and logic operations Control unit (CU) Generates the control signals required to execute instructions Memory Address Space Address Space is the set of memory locations (bytes) that are addressable Next ... Basic Computer Organization IA-32 Registers Instruction Execution Cycle Registers Registers are high speed memory inside the CPU Eight 32-bit general-purpose registers Six 16-bit segment registers Processor Status Flags (EFLAGS) and Instruction Pointer (EIP) 32-bit General-Purpose Registers EAX EBP EBX ESP ECX ESI EDX EDI 16-bit Segment Registers EFLAGS CS ES SS FS EIP DS GS General-Purpose Registers Used primarily for arithmetic and data movement mov eax 10 ;move constant integer 10 into register eax Specialized uses of Registers eax – Accumulator register Automatically -
17Computerarchitectu
Computer Architecture and Assembly Language Prof. David August COS 217 1 Goals of Today’s Lecture • Computer architecture o Central processing unit (CPU) o Fetch-decode-execute cycle o Memory hierarchy, and other optimization • Assembly language o Machine vs. assembly vs. high-level languages o Motivation for learning assembly language o Intel Architecture (IA32) assembly language 2 Levels of Languages • Machine language o What the computer sees and deals with o Every command is a sequence of one or more numbers • Assembly language o Command numbers replaced by letter sequences that are easier to read o Still have to work with the specifics of the machine itself • High-level language o Make programming easier by describing operations in a natural language o A single command replaces a group of low-level assembly language commands 3 Why Learn Assembly Language? • Understand how things work underneath o Learn the basic organization of the underlying machine o Learn how the computer actually runs a program o Design better computers in the future • Write faster code (even in high-level language) o By understanding which high-level constructs are better o … in terms of how efficient they are at the machine level • Some software is still written in assembly language o Code that really needs to run quickly o Code for embedded systems, network processors, etc. 4 A Typical Computer CPU . CPU Memory Chipset I/O bus ROM Network 5 Von Neumann Architecture • Central Processing Unit CPU o Control unit Control – Fetch, decode, and execute Unit o Arithmetic -
Intel Architecture Intel Architecture
CS499 Intel Architecture Intel Architecture References IA-32 Intel® Architecture Software Developer’s Manual, • Volume 1: Basic Architecture • Volume 2: Instruction Set Reference www.intel.com/design/pentiumii/manuals/ Number Systems Decimal-to-Hexadecimal: 420.62510 = 420.62510 = 42010 + .62510 Division Quotient Remainder 420 ÷ 16 26 4 LSB 26 ÷ 16 1 10 (or A) 1 ÷ 16 0 1 MSB Multiplication Product Carry-out .625 x 16 10.00 10 (or A) 420.62510 = 1A4.A16 413510 = 102716 625.62510 = 271.A16 Number Systems Binary-Coded Hexadecimal (BCH): 2AC = 0010 1010 1100 1000 0011 1101 . 1110 = 83D.E Complements Data are stored in complement form to represent negative numbers One’s complements of 01001100 1111 1111 -0100 1100 1011 0011 Two’s complements 1011 0011 +0000 0001 1011 0100 The 80x86 MICROPROCESSOR Some buzz words ...ha? CISC – Complex Instruction Set Computers • Refers to number and complexity of instructions • Improvements was: Multiply and Divide • The number of instruction increased from • 45 on 4004 to: • 246 on 8085 • 20,000 on 8086 and 8088 RISC – Reduced Instruction Set Computer • Executes one instruction per clock Newer RISC - Superscaler Technology • Execute more than one instruction per clock Inside The 8088/8086 Concepts important to the internal operation of 8088/8086 • Pipelining • Registers Inside The 8088/8086…pipelining • Pipelining – Two ways to make CPU process information faster: • Increase the working frequency – technology dependent • Change the internal architecture of the CPU – Pipelining is to allow CPU to fetch and -
(Mentos) Fundamental Concepts
Mentoring Operating System (MentOS) fundamental concepts Alessandro Danese University of Verona [email protected] Version 1.0.0 Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 1 / 23 Table of Contents 1 Mentoring Operating System 2 Fundamental concepts Central Processing Unit (CPU) Programmable Interrupt Controller (PIC) Memory organization 3 Kernel doubly-linked list Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 2 / 23 Mentoring Operating System Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 3 / 23 MentOS What... MentOS (Mentoring Operating system) is an open source educational operating system. MentOS can be freely downloaded from a public github repository: https://mentos-team.github.io/MentOS/ Goal... The goal of MentOS is to provide a project environment that is realistic enough to show how a real Operating System work, yet simple enough that students can understand and modify it in significant ways. Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 4 / 23 MentOS Why... There are so many operating systems, why did we write MentOs? It is true, there are a lot of education operating system, BUT how many of them follow the guideline defined by Linux? MentOs aims to have the same Linux's data structures and algorithms. It has a well-documented source code, and you can compile it on your laptop in a few seconds! If you are a beginner in Operating-System developing, perhaps MentOS is the right operating system to start with. Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 5 / 23 Fundamental concepts Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 6 / 23 The big picture Central Processing Unit Programmable Interrupt Controller Random Access Memory RAM PIC CPU BUS (Address, Data, Control) Mentoring Operating System (MentOS) fundamental concepts Version 1.0.0 7 / 23 CPU registers There are three types of registers: general-purpose data registers, segment registers, and status control registers. -
AMD64 Architecture Programmer's Manual Volume 1: Application
AMD64 Technology AMD64 Architecture Programmer’s Manual Volume 1: Application Programming Publication No. Revision Date 24592 3.09 September 2003 AMD64 Technology 24592—Rev. 3.09—September 2003 © 2002, 2003 Advanced Micro Devices, Inc. All rights reserved. The contents of this document are provided in connection with Advanced Micro Devices, Inc. (“AMD”) products. AMD makes no representations or warranties with respect to the accuracy or completeness of the contents of this publication and reserves the right to make changes to specifications and product descriptions at any time without notice. No license, whether express, implied, arising by estoppel or otherwise, to any intellectual property rights is granted by this publication. Except as set forth in AMD’s Standard Terms and Conditions of Sale, AMD assumes no liability whatsoever, and disclaims any express or implied warranty, relating to its products including, but not limited to, the implied warranty of merchantability, fitness for a particular pur- pose, or infringement of any intellectual property right. AMD’s products are not designed, intended, authorized or warranted for use as components in systems intended for surgical implant into the body, or in other applications intended to support or sustain life, or in any other application in which the failure of AMD’s product could create a situation where personal injury, death, or severe property or environmental damage may occur. AMD reserves the right to discontinue or make changes to its products at any time without notice. Trademarks AMD, the AMD arrow logo, and combinations thereof, and 3DNow! are trademarks, and AMD-K6 is a registered trademark of Advanced Micro Devices, Inc. -
Module I What Is Microprocessor? Evolution of Microprocessors
Module I Evolution of microprocessors, 8086 Microprocessor - Architecture and signals, Memory organisation, Minimum and maximum mode of operation, Minimum mode Timing Diagram. Comparison of 8086 and 8088. What is Microprocessor? A single chip processor is called microprocessor. It is also called Central Processing Unit (CPU). It is the brain of a computer system. It is also used in many electronic devices. Microprocessor is a semiconductor device consisting of electronic logic circuits manufactured by techniques such as large scale integration (LSI) or very large scale integration. It is capable of performing computing functions and making decisions to change the sequence of program execution. A computer built with a microprocessor is called micro computer. Examples Intel 8086, Intel 80286, Pentium II A microprocessor in which most instructions operate on n-bit data and its registers are of n-bit size is said to be a n-bit microprocessor. Evolution of microprocessors 4-bit Microprocessors The first microprocessor was introduced in 1971 by Intel Corp. It was named Intel 4004 as it was a 4 bit processor. It was a processor on a single chip. It could perform simple arithmetic and logic operations such as addition, subtraction, boolean AND and boolean OR. Intel introduced the enhanced version of 4004, the 4040. 8-bit Microprocessors The first 8 bit microprocessor which could perform arithmetic and logic operations on 8 bit words was introduced in 1973 again by Intel. This was Intel 8008 and was later followed by an improved version, Intel 8088. 16-bit Microprocessors The 8-bit processors were followed by 16 bit processors. -
Chapter 3 Basic Execution Environment
CHAPTER 3 BASIC EXECUTION ENVIRONMENT This chapter describes the basic execution environment of an Intel 64 or IA-32 processor as seen by assembly- language programmers. It describes how the processor executes instructions and how it stores and manipulates data. The execution environment described here includes memory (the address space), general-purpose data registers, segment registers, the flag register, and the instruction pointer register. 3.1 MODES OF OPERATION The IA-32 architecture supports three basic operating modes: protected mode, real-address mode, and system management mode. The operating mode determines which instructions and architectural features are accessible: • Protected mode — This mode is the native state of the processor. Among the capabilities of protected mode is the ability to directly execute “real-address mode” 8086 software in a protected, multi-tasking environment. This feature is called virtual-8086 mode, although it is not actually a processor mode. Virtual-8086 mode is actually a protected mode attribute that can be enabled for any task. • Real-address mode — This mode implements the programming environment of the Intel 8086 processor with extensions (such as the ability to switch to protected or system management mode). The processor is placed in real-address mode following power-up or a reset. • System management mode (SMM) — This mode provides an operating system or executive with a transparent mechanism for implementing platform-specific functions such as power management and system security. The processor enters SMM when the external SMM interrupt pin (SMI#) is activated or an SMI is received from the advanced programmable interrupt controller (API C). In SMM, the processor switches to a separate address space while saving the basic context of the currently running program or task. -
Status Flags
BASIC EXECUTION ENVIRONMENT 3.4.3.1. STATUS FLAGS The status flags (bits 0, 2, 4, 6, 7, and 11) of the EFLAGS register indicate the results of arith- metic instructions, such as the ADD, SUB, MUL, and DIV instructions. The functions of the status flags are as follows: CF (bit 0) Carry flag. Set if an arithmetic operation generates a carry or a borrow out of the most-significant bit of the result; cleared otherwise. This flag indi- cates an overflow condition for unsigned-integer arithmetic. It is also used in multiple-precision arithmetic. PF (bit 2) Parity flag. Set if the least-significant byte of the result contains an even number of 1 bits; cleared otherwise. AF (bit 4) Adjust flag. Set if an arithmetic operation generates a carry or a borrow out of bit 3 of the result; cleared otherwise. This flag is used in binary- coded decimal (BCD) arithmetic. ZF (bit 6) Zero flag. Set if the result is zero; cleared otherwise. SF (bit 7) Sign flag. Set equal to the most-significant bit of the result, which is the sign bit of a signed integer. (0 indicates a positive value and 1 indicates a negative value.) OF (bit 11) Overflow flag. Set if the integer result is too large a positive number or too small a negative number (excluding the sign-bit) to fit in the destina- tion operand; cleared otherwise. This flag indicates an overflow condition for signed-integer (two’s complement) arithmetic. Of these status flags, only the CF flag can be modified directly, using the STC, CLC, and CMC instructions. -
Embedded Intel486™ Processor Family Developer's Manual
Embedded Intel486™ Processor Family Developer’s Manual Release Date: October 1997 Order Number: 273021-001 The Intel486™ processors may contain design defects known as errata which may cause the products to deviate from published specifications. Currently characterized errata are avail- able on request. Information in this document is provided in connection with Intel products. No license, express or implied, by estoppel or oth- erwise, to any intellectual property rights is granted by this document. Except as provided in Intel’s Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel retains the right to make changes to specifications and product descriptions at any time, without notice. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. *Third-party brands and names are the property of their respective owners. Copies of documents which have an ordering number and are referenced in this document, or other Intel literature, may be obtained from: Intel Corporation P.O. Box 5937 Denver, CO 80217-9808 or call 1-800-548-4725 or visit Intel’s website at http:\\www.intel.com Copyright © INTEL CORPORATION, October 1997 CONTENTS CHAPTER 1 GUIDE TO THIS MANUAL 1.1 MANUAL CONTENTS .................................................................................................