Intel Assembly

• Формат инструкций:

 

• LABEL:
• Метка хранит символическое имя адреса памяти .

 

• OPCODE:
• Собственно сама инструкция.

 

• OPERANDS:
• Значение регистра , адреса памяти или непосредственно само значение .

 

• Операндов может быть от 0 до 3 .

Data Addressing Modes

• Инструкции перемещения данных (bytes, words , doublewords) либо между регистрами либо между регистрами и памятью .

 

• Это команда movs которая обменивает данные находящиеся в памяти .

 

• В большинстве своем инструкции по перемещению данных не изменяют регистр EFLAGS .

 

• Format:
• opcode destination , source

 

 

• Register

Data Addressing Modes

• Immediate

 

• Direct (eax), Displacement (other regs)

 

• Register Indirect

• Any of eax , ebx , ecx , edx , ebp , edi or esi may be used.

Data Addressing Modes

• Base-plus-index

• Any combination of eax , ebx , ecx , edx , ebp , edi or esi .

 

• Register relative

• A second variation includes: mov eax , [ ARR+ ebx ]

Data Addressing Modes

• Base relative-plus-index

• A second variation includes: mov eax , [ ebx + edi +4]

 

• Scaled-index

• A second variation includes: mov eax , ebx *2+ ecx +offset
• Scaling factors can be 2X, 4X or 8X.

Data Addressing Modes

• Register addressing:

• Note: mov really COPIES data from the source to destination register.
• Never mix an 16-bit register with a 32-bit, etc.
• For example

• None of the mov instruction effect the EFLAGS register.

Data Addressing Modes

• Immediate addressing:
• The value of the operand is given as a constant in the instruction stream.

• Use b for binary, q for octal and nothing for decimal.

 

• ASCII data requires a set of apostrophes:

 

• Register and immediate addressing example:

Data Addressing Modes

• Direct addressing:
• Transfers between memory and al , ax and eax .
• Usually encoded in 3 bytes, sometime 4:

 

• Displacement:

• Displacement instructions are encoded with up to 7 bytes (32 bit register and a 32 bit displacement).

Data Addressing Modes

• Direct and displacement addressing example:

• Note: Direct addressing (using al) requires 3 bytes to encode while Displacement (using bx) requires 4.

 

• Register Indirect addressing:
• Offset stored in a register is added to the segment register.

• The memory to memory mov is allowed with string instructions.

Data Addressing Modes

• Register Indirect addressing (cont)
• Any register EXCEPT esp for the 80386 and up.
• For eax , ebx , ecx , edx , edi and esi : The data segment is the default.
• For ebp : The stack segment is the default.

 

• Some versions of register indirect require special assembler directives byte, word , or dword

• Does [ edi ] address a byte, a word or a double-word?

 

• The assembler can't determine the size of 0x10 !
• Use:

Data Addressing Modes

• Base-Plus-Index addressing:
• Effective address computed as:
• seg_base + base + index.

 

• Base registers: Holds starting location of an array.
• ebp (stack)
• ebx (data)
• Any 32-bit register except esp.

 

• Index registers: Holds offset location.
• edi
• esi
• Any 32-bit register except esp .

Data Addressing Modes

• Base-Plus-Index addressing:

Data Addressing Modes

• Register Relative addressing:
• Effective address computed as:
• seg_base + base + constant.

• Same default segment rules apply with respect to ebp , ebx , edi and esi .
• Displacement constant is any 32-bit signed value.

 

• Base Relative-Plus-Index addressing:
• Effective address computed as:
• seg_base + base + index + constant.

• Designed to be used as a mechanism to address a two-dimensional array.

Data Addressing Modes

• Base Relative-Plus-Index addressing:

Data/Code Addressing Modes

• Scaled-Index addressing:
• Effective address computed as:
• seg_base + base + constant*index.

 

Code Memory-Addressing Modes:

• Used in jmp and call instructions.
• Three forms:
• Direct
• PC-Relative
• Indirect

 

• Direct:
• Absolute jump address is stored in the instruction following the opcode.

Code Addressing Modes

• An inter segment jump:

• This far jmp instruction loads cs with 1000H and eip with 00000000H.
• A far call instruction is similar.

 

• PC-Relative:
• A displacement is added to the EIP register.
• This constant is encoded into the instruction itself, as above.

 

• Intra segment jumps:
• Short jumps use a 1-byte signed displacement.
• Near jumps use a 4-byte signed displacement.
• The assembler usually computes the displacement and selects the appropriate form.

Code Addressing Modes

• Indirect:
• Jump location is specified by a register.
• There are three forms:
• Register:
• Any register can be used: eax , ebx , ecx , edx , esp , ebp , edi or esi .

 

• Register Indirect:
• Intra segment jumps can also be stored in the data segment.

 

• Register Relative:

Stack Addressing Modes

• The stack is used to hold temporary variables and stores return addresses for procedures.
• push and pop instructions are used to manipulate it.
• call and ret also refer to the stack implicitly.

 

• Two registers maintain the stack, esp and ss .
• A LIFO (Last-in, First-out) policy is used.
• The stack grows toward lower address.
• Data may be pushed from any of the registers or segment registers.
• Data may be popped into any register except cs.

Purpose of Stack

 

• Memory used to pass parameters to procedures.

 

• Memory used for allocating space for local variables.

 

• Save return address in procedure calls.

 

• Save registers to be preserved across procedure calls.

Passing Parameters to Procedures

Call Frames

Setting up Call Frames

Reading Arguments

Reading Arguments

Get argument and Return

Purpose of Stack

 

• Memory used to pass parameters to procedures.

 

• Memory used for allocating space for local variables.

 

• Save return address in procedure calls.

 

• Save registers to be preserved across procedure calls.

Passing Parameters to Procedures

Call Frames

Setting up Call Frames

Reading Arguments

Reading Arguments

Get argument and Return