CS61: Systems Programing and Machine Organization
|
|
- Juniper Cross
- 8 years ago
- Views:
Transcription
1 CS61: Systems Programing and Machine Organization Fall 2009 Section Notes for Week 2 (September 14 th - 18 th ) Topics to be covered: I. Binary Basics II. Signed Numbers III. Architecture Overview IV. Control Flow V. Loops VI. Introduction to GDB VII. Procedure Calls
2 I. Binary Basics Some basics of conversion = (2 2 x 1) + (2 1 x 0) + (2 0 x 1) = 5 10 MSB: Most significant bit bit position with highest bit value LSB: Least significant bit bit position with lowest bit value Nibble: A group of four bits. Maximum value of a nibble is = = 0x To convert from binary to hex, starting from the LSB, put the binary digits into groups of 4 bits (nibbles) and convert each group into corresponding hexadecimal value. E.g FB 16 For the reverse direction, convert each hexadecimal into the corresponding nibble. Bit shifting: Simple way to multiple or divide by 2 n. << n multiply by 2 n E.g: compute 12 x << 2 = = = >> divide by 2 n E.g.: compute 12 / >> 2 = 11 2 = = 3 10 II. Signed Numbers Let us assume we have a 1 byte variable x and we assigned -42 to it. How does the machine represent - 42 in binary? How does the computer store and interpret negative numbers? How do we perform 42 64? Is it addition or subtraction? After all, binary has no notion of +/-. The answer lies in how we interpret the MSB. Computers represent negative numbers using a system known as two's complement. Very simply, here is how it works. For -42, first, write down +42 in binary
3 now, invert the bits and add Note, the MSB is set to '1'. Hence, a signed interpretation of the above number will be as follows = = -42 Note: The value inferred from a binary representation really depends how the bits are interpreted. For example, for the same binary representation as above, an unsigned byte interpretation would result in 214 (not -42). For example, try the following in C, printf( %d (signed), (char)0xd6); But why is two's complement useful? It is commonly used in addition, subtraction, multiplcation, etc. on binary digits. Exercise #1: let us compute Exercise #2: Fill in the blanks Binary Unsigned Byte Signed Byte Exercise #3: Why does the compiler often generate code wherein memory locations are accessed using large offsets. E.g. mov 0xfffffffc (%ecx), %eax? What is this equal to?
4 III. Architecture Overview What does a CPU do, really? Not much, actually. It perfunctorily iterates trough the following: forever { fetch an instruction execute an instruction update instruction pointer } What does an instruction do? Again not all that much. Typically Change state of the CPU ALU operations Jumps Read data from memory Write data to memory x86 IA32 Registers Registers are places to keep data that are can be accessed very very quickly. Historically, they were very expensive to include on a chip, which is why IA32 only has only 8 of them. The IA32 architecture has 8 general purpose registers and 8 floating point registers. (Note: we're not going to discuss floating point in this course, but the textbook has lots of useful information on it.) Exercise #4: movl $0xFEEDFACE, %eax What are the contents of %ax? %ah? %al? EFLAGS is a 32 bit register that contains separate bits for each of the condition flags, which are set automatically by the CPU to represent the result of the previously executed instruction. Examples of condition flags include: CF (Carry Flag), PF(Parity Flag), OF(Overflow Flag), SF(Sign Flag). The x86 manual includes a complete description of all of the flags and which flags are modified by each instruction.
5 Typically these flags are set/unset as the result of an instruction (eg add, sub, cmp etc) and can then be used to perform conditional operations or jumps. e.g cmp %eax, %ecx subtracts the value of register %eax from the value of %ecx, but %ecx is not modified. However the corresponding flags are set as follows: SF: set if sign bit of result = = 1 ZF: set if result = = 0 CF: set if carry out from last arithmetic operation OF: set if overflow from last arithmetic operation (2's complement arithmetic) Similarly, test %eax, %ecx The instruction performs a logical AND on the values of the two registers. Again, %ecx is not modified, but the corresponding flags are updated. Register Size Special Uses EAX 32-bit Accumulator for operands and results EBX 32-bit Base pointer to data in the data segment ECX 32-bit Counter for loop operations EDX 32-bit I/O pointer EBP 32-bit Frame Pointer - useful for stack frames ESP 32-bit Stack Pointer - hardcoded into PUSH and POP operations ESI 32-bit Source Index - required for some array operations EDI 32-bit Destination Index - required for some array operations EIP 32-bit Instruction Pointer EFLAGS 32-bit Result Flags - hardcoded into conditional operations Some registers also have special uses and we will be learning about them later in the course. How are sign bits set? Let us look at how addl does this vis some simple examples. Exercise #5: For each one of the following, determine which flags are set by the add instruction? Why? [1] movl $0x40, %eax movl $0xffffffc0, %ebx addl %eax, %ebx
6 [2] movl $0x2a, %eax movl $0xffffffc0, %ebx addl %eax, %ebx [3] movl $0xffffffff, %eax movl $0x1, %ebx addl %eax, %ebx Endianess: When we write a hexadecimal value, like 0x1a2b3c4d, we write it with the most significant byte (0x1a) on the left, and the least significant byte (0x4d) on the right. That's just because humans have a convention of writing numbers in this way. But when such a value is stored in memory, the order in which the bytes are stored depends on the "endianness" of the CPU architecture. The x86 is a "littleendian" machine, which means it stores the low-order byte of a word in the LOWEST MEMORY ADDRESS. So, the value 0x1a2b3c4d would be stored in memory as memory address M M+1 M+2 M+3 content 0x4d 0x3c 0x2b 0x1a A "big-endian" architecture (like the Sun SPARC processor) stores the highest-order byte of a word in memory first. Why does this matter? Because when you look at a memory dump, say using GDB, you will see the contents of memory as they are stored. If you intend to interpret 4 bytes stored in memory as a word, you need to remember to 'swap the bytes' to make up the actual hex value of the word. So a memory dump of 0xab 0x40 0x1b 0x67 would be interpreted as the value 0x671b40ab. IV. Control Flow The 'jcc' (jump on condition) class of instructions cause a program to start executing from a different point. The condition refers to the status of the flags in the EFLAGS register. Examples of the jcc class includes jz, jnz, jge, jle etc. The conditional jump statements allow for the implementation of loops. There are two methods of performing jumps: direct and indirect. For direct jumps, the destination is specified as a label (e.g. jmp.l1). For indirect jumps, the jump target is read from a register or a memory location and is preceded by a '*'. E.g. jmp *%eax uses the value in register %eax as the jump target. Exercise #6: What do the following do? jmp *%eax jmp *(%eax)
7 Exercise #7: Lets say GCC generated the following code and we are told there is only ONE IF statement in the original C source. 1 movl 8(%ebp), %edx #variable 'x' 2 movl 12(%ebp), %eax #variable 'y' 3 movl $0x10, %ecx 4 testl %eax, %eax 5 je.l3 6 testl %edx, %edx 7 jle.l3 8 cmpl %ecx, %edx 9 jge.l3 10 addl %edx, (%eax) 11.L3: (1) Write a version in C that performs the same computation as above and mimics the control flow of the assembly code. V. Control Flow: Loops Let us now see how loops are implemented using conditional jumps. The following is a simple function to compute a Fibonacci sequence fibonacci.c int fibonacci(int n) { int i = 0; int val = 0; int nval = 1; do { int t = val + nval; val = nval; nval = t; i++; } while (i < n); return val; } Generate the assembly code in the cs61 machine: Linux> gcc34 -O2 -S -m32 fibonacci.c Let's look at the code inside the loop: Register usage Register Variable Initially
8 %ecx i 0 %ebx val 0 %edx nval 1 %esi n n %eax t -.L2: xorl %ecx, %ecx # i=0 movl $1, %edx # nval=1 pushl %esi # save previous value of %esi movl 8(%ebp), %esi # load n into %esi pushl %ebx # save previous value of %ebx xorl %ebx, %ebx # val=0 leal (%ebx,%edx), %eax # t=val + nval incl %ecx # i++ movl %edx, %ebx # val = nval cmpl %esi, %ecx # Compare i to n movl %eax, %edx # nval = t jl.l2 movl %ebx, %eax #Set val as return Note that assembly code instructions do not always appear in the same order as the corresponding code in the C program. For example, i in incremented in the beginning of the loop in the assembly program, but incremented at the end of the loop. The compiler is free to re-arrange the order of the instructions as long as it does not change the correctness of the code. VI. Introduction to GDB GDB contains a large repertoire of commands. The manual Debugging with GDB includes extensive documentation on the use of these commands, together with examples of their use. Furthermore, the command help invoked from within GDB activates a simple help facility which summarizes the available commands and their options. In this section we summarize a few of the most commonly used commands to give an idea of what GDB is about. You should create a simple program with debugging information and experiment with the use of these GDB commands on the program as you read through the following section. Now let work through an example. /*example1*/ #include <stdio.h> int main () { int i; i = 10; printf("the value of i is %d \n", i); i = incr(i);
9 } printf("the new value of i is %d\n",i); return 1; int incr( int j) { return j+1; } To compile this program > gcc34 -m32 -O example1.c -o example1 To add debugging information to the executable we use the -g flag. > gcc34 -m32 -g -O example1.c -o example1 To disassemble the program > objdump -d example <main>: : 55 push %ebp : 89 e5 mov %esp,%ebp : 83 ec 08 sub $0x8,%esp a: 83 e4 f0 and $0xfffffff0,%esp d: 83 ec 10 sub $0x10,%esp : c a movl $0xa,0x4(%esp) : : c c movl $0x804846c,(%esp) f: e8 2c ff ff ff call 80482a0 <printf@plt> : c a movl $0xa,(%esp) b: e call <incr> : mov %eax,0x4(%esp) : c movl $0x ,(%esp) b: e8 10 ff ff ff call 80482a0 <printf@plt> : b mov $0x1,%eax : c9 leave : c3 ret <incr>: : 55 push %ebp : 89 e5 mov %esp,%ebp a: 8b mov 0x8(%ebp),%eax d: 40 inc %eax e: c9 leave f: c3 ret To run gdb >gdb./example1 (gdb)
10 Note that our program does not accept any user inputs and will run to completion if we execute it. So we need to set up breakpoints wherever we want to inspect the code. Lets say we want to break at some point within the main function and looking at the objdump output we pick 0x Gdb allows us to set a breakpoint at any memory address. We can also break at a function. New breakpoints can be set any time during a gdb session. The 'continue' command resumes execution. (gdb) break *0x Breakpoint 1 at 0x : file example1.c, line 7. (gdb) break incr Breakpoint 2 at 0x804839a: file example1.c, line 15. (gdb) info breakpoints Num Type Disp Enb Address What 1 breakpoint keep y 0x in main at example1.c:7 2 breakpoint keep y 0x a in incr at example1.c:15 (gdb) del breakpoints 1 (gdb) info breakpoints Num Type Disp Enb Address What 2 breakpoint keep y 0x a in incr at example1.c:15 (gdb) break *0x Breakpoint 3 at 0x : file example1.c, line 7. Now let us run the program until we hit this breakpoint. (gdb) run Starting program: /space/home/roy/example1 Breakpoint 3, 0x in main () at example1.c:7 7 printf("the value of i is %d \n", i); To see the disassembly around the current instruction being executed we can use the 'disassemble' command (gdb) disassemble Dump of assembler code for function main: 0x <main+0>: push %ebp 0x <main+1>: mov %esp,%ebp 0x <main+3>: sub $0x8,%esp 0x a <main+6>: and $0xfffffff0,%esp 0x d <main+9>: sub $0x10,%esp 0x <main+12>: movl $0xa,0x4(%esp) 0x <main+20>: movl $0x804846c,(%esp) 0x f <main+27>: call 0x80482a0 <printf@plt> 0x <main+32>: movl $0xa,(%esp) 0x b <main+39>: call 0x <incr> 0x <main+44>: mov %eax,0x4(%esp) 0x <main+48>: movl $0x ,(%esp) 0x b <main+55>: call 0x80482a0 <printf@plt> 0x <main+60>: mov $0x1,%eax 0x <main+65>: leave 0x <main+66>: ret End of assembler dump.
11 If there is nothing to inspect, we can step through the instruction(s). The next command is like the step command except that it steps through function calls. Stepi steps through machine instruction rather than source lines. (gdb) stepi 0x f 7 printf("the value of i is %d \n", i); Now suppose we want to see the value of the registers. (gdb) info registers eax 0xfff6aa ecx 0x9792c edx 0x1 1 ebx 0x971ff esp 0xfff6a9e0 0xfff6a9e0 ebp 0xfff6a9f8 0xfff6a9f8 esi 0x82fca edi 0x0 0 eip 0x804836f 0x804836f <main+27> eflags 0x282 [ SF IF ] cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x63 99 If we want to resume our execution: (gdb) continue Continuing. The value of i is 10 Breakpoint 2, incr (j=10) at example1.c:15 15 return j+1; If we want to inspect the value of j in function incr, we can simply print it out. The print command can print out in different formats formats using the switches /d, /x, /o etc. Moreover we can use the set command to alter the value of j. (gdb) print j $1 = 10 (gdb) print /x $eax $2 = 0x16 (gdb) set j=5 To display the backtrace of the call chain leading to the current point of execution, we use the 'backtrace' command and to inspect the function's stack frame we use the 'frame' command. The argument to the frame command is always with respect to the the function being executed. Thus incr is frame 0 and main is frame 1. The 'up/down' command allows us navigate between frames and look at
12 the state of their local variables. We would be talking more about stacks in our next section. (gdb) backtrace #0 incr (j=5) at example1.c:15 #1 0x in main () at example1.c:8 (gdb) frame 0 #0 incr (j=5) at example1.c:15 15 return j+1; (gdb) up #1 0x in main () at example1.c:8 8 i = incr(i); (gdb) quit *You may also want to try other frontends for debuggers. For example, ddd or insight offer a frontend GUI for gdb.
13 VII. Procedure Calls Register Usage Conventions: - %eax, %edx, and %ecx are saved by the caller. This means the callee may use and overwrite these registers without destroying any data required by the caller. - %ebx, %esi, and %edi are saved by the callee. These registers must be saved on the stack by the callee and restored before returning. - %ebp and %esp are also maintained as described above. Exercise #8: Lets say we are given the following assembly code for a function. 1 pushl %edi 2 pushl %esi 3 pushl %ebx 4 movl 24(%ebp), %eax 5 imull 16(%ebp), %eax 6 movl 24(%ebp), %ebx 7 leal 0(, %eax, 4), %ecx 8 addl 8(%ebp), %ecx 9 movl %ebx, %edx popl %ebx 21 popl %esi 22 popl %edi a. Why are %edi, %esi, and %ebx the only registers saved and restored by this piece of code? What about %eax, %edx, and %ecx? b. What do 24(%ebp) and 16(%ebp)refer to? Exercise #9: Lets say we are given the following assembly code for a function. int proc(void) { int x, y; scanf( %x %x, &y, &x); return x y; } and the corresponding assembly code generated is
14 1 proc: 2 pushl %ebp 3 movl %esp, %ebp 4 subl $24, $esp 5 addl $-4, %esp 6 leal -4(%ebp), %eax 7 pushl %eax 8 leal -8(%ebp), %eax 9 pushl %eax 10 pushl $.LC0 11 call scanf 12 movl -8(%ebp), %eax 13 movl -4(%ebp), %edx 14 subl %eax, %edx 15 movl %edx, %eax 16 movl %ebp, %esp 17 popl %ebp 18 ret Lets assume procedure proc starts executing with the following register values: %esp = 0x %ebp = 0x Suppose proc calls scanf (line 11) and scanf reads values 0x46 and 0x53 from the standard input. Assume the string %x %x is stored at memory location 0x a. What value does %ebp get on line 3? b. At what addresses are local variables x and y stored? c. What is the value of %esp after line 10? d. What does the stack frame look like after line 11?
15 Appendix I: GDB Commands set args arguments The arguments list above is a list of arguments to be passed to the program on a subsequent run command, just as though the arguments had been entered on a normal invocation of the program. The set args command is not needed if the program does not require arguments. run The run command causes execution of the program to start from the beginning. If the program is already running, that is to say if you are currently positioned at a breakpoint, then a prompt will ask for confirmation that you want to abandon the current execution and restart. breakpoint location The breakpoint command sets a breakpoint, that is to say a point at which execution will halt and GDB will await further commands. location is either a line number within a file, given in the format file:linenumber, or it is the name of a subprogram. If you request that a breakpoint be set on a subprogram that is overloaded, a prompt will ask you to specify on which of those functions you want to breakpoint. You can also specify that all of them should be breakpointed. If the program is run and execution encounters the breakpoint, then the program stops and GDB signals that the breakpoint was encountered by printing the line of code before which the program is halted. breakpoint exception name A special form of the breakpoint command which breakpoints whenever exception name is raised. If name is omitted, then a breakpoint will occur when any exception is raised. print expression This will print the value of the given expression. Most simple expression formats are properly handled by GDB, so the expression can contain function calls, variables, operators, and attribute references. continue Continues execution following a breakpoint, until the next breakpoint or the termination of the program. step Executes a single line after a breakpoint. If the next statement is a subprogram call, execution continues into (the first statement of) the called subprogram. next Executes a single line. If this line is a subprogram call, executes and returns from the call. list Lists a few lines around the current source location. In practice, it is usually more convenient to have a separate edit window open with the relevant source file displayed. Successive applications of this command print subsequent lines. The command can be given an argument which is a line number, in which case it displays a few lines around the specified one. backtrace Displays a backtrace of the call chain. This command is typically used after a breakpoint has occurred, to examine the sequence of calls that leads to the current breakpoint. The display includes one line for each activation record (frame) corresponding to an active subprogram. up At a breakpoint, GDB can display the values of variables local to the current frame. The command up can be used to examine the contents of other active frames, by moving the focus up the stack, that is to say from callee to caller, one frame at a time. down Moves the focus of GDB down from the frame currently being examined to the frame of its callee
16 (the reverse of the previous command), frame n Inspect the frame with the given number. The value 0 denotes the frame of the current breakpoint, that is to say the top of the call stack.
17 Solutions to Exercises # (-64) = = ~ = ( ) = Hence, = #2 Binary Unsigned Byte Signed Byte #3 The offset, when treated as a signed number translates to an offset of -4 #4 Answer: %ax = 0xFACE, %ah = 0xFA, %al = 0xCE #5 a. We're performing The result, stored in %ecx, is = 0. Hence, the ZF flag is set to 1. b. This is Since the MSB of the result from the addl instruction is 1, the SF is set to 1. c. 0xffffffff + 1. The add instruction results in a carry and hence the CF flag is set. Note, the result is 0 so the ZF flag is also set. #6 The first one jumps to the address in memory pointed to by the contents in register %eax. The second one reads the jump target from memory, using the value in %eax as the read address.
18 #7 x is an int y is an int* (the hint lies in line 11 where we reference (%eax)) note, the order in which the conditionals are checked.e. we first check if y!= 0 and then if x > 0 and then if x < 10. if (y && x > 0 && x < 16) { *y += x; } OR if (y && x > 0) { if (x < 16) { *y += x; } } (this could also be the case for a very simple nested ifs) #8 a. Registers are %edi, %esi, and %ebx are callee saved registers. %eax, %ecx, and %edx are caller saved registers. b. 16(%ebp) refers to the 3 rd argument passed to this function. 24(%ebp) refers to the 4 th argument passed to this function. Lines 4 and 5 result in the multiplication of the 3 rd and 4 th arguments passed to this function. #9 a. We started with %esp = 0x Line 2 decrements it by 4, thereby resulting in 0x80003C in the %esp register. Hence, this is the new value in %ebp. b. We can see how the two leal instructions compute the arguments to pass to scanf. Since arguments are pushed in reverse order, we can see that x is at offset -4 relative to %ebp and y is at offset -8. The addresses are therefore 0x and 0x c. Starting with the original value of 0x800040, line 2 decremented the stack pointed by 4. Line 4 decremented it by 24, and line 5 decremented it by 4. The three pushes decremented it by 12, resulting in an overall change of 44. Thus, after line 10 %esp = 0x
19 d. Memory Addresses 0x80003C (%ebp) 0x x x x80002C 0x x x x80001C 0x Stack Contents 0x x53 0x46 0x x x (%esp) 0x Note: byte addresses 0x to 0x800033are unused by proc. These wasted spaces are allocated to improve cache performance. We'll see how and why later this semester.
Assembly Language: Function Calls" Jennifer Rexford!
Assembly Language: Function Calls" Jennifer Rexford! 1 Goals of this Lecture" Function call problems:! Calling and returning! Passing parameters! Storing local variables! Handling registers without interference!
More informationOff-by-One exploitation tutorial
Off-by-One exploitation tutorial By Saif El-Sherei www.elsherei.com Introduction: I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend
More informationCS:APP Chapter 4 Computer Architecture Instruction Set Architecture. CS:APP2e
CS:APP Chapter 4 Computer Architecture Instruction Set Architecture CS:APP2e Instruction Set Architecture Assembly Language View Processor state Registers, memory, Instructions addl, pushl, ret, How instructions
More informationInstruction Set Architecture
CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant adapted by Jason Fritts http://csapp.cs.cmu.edu CS:APP2e Hardware Architecture - using Y86 ISA For learning aspects
More informationLecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com
CSCI-UA.0201-003 Computer Systems Organization Lecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com Some slides adapted (and slightly modified)
More informationCS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 20: Stack Frames 7 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Where We Are Source code if (b == 0) a = b; Low-level IR code
More informationMachine-Level Programming II: Arithmetic & Control
Mellon Machine-Level Programming II: Arithmetic & Control 15-213 / 18-213: Introduction to Computer Systems 6 th Lecture, Jan 29, 2015 Instructors: Seth Copen Goldstein, Franz Franchetti, Greg Kesden 1
More informationHacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail All materials is licensed under a Creative Commons Share Alike license http://creativecommonsorg/licenses/by-sa/30/ # whoami Ali
More informationMachine Programming II: Instruc8ons
Machine Programming II: Instrucons Move instrucons, registers, and operands Complete addressing mode, address computaon (leal) Arithmec operaons (including some x6 6 instrucons) Condion codes Control,
More informationLecture 27 C and Assembly
Ananda Gunawardena Lecture 27 C and Assembly This is a quick introduction to working with x86 assembly. Some of the instructions and register names must be check for latest commands and register names.
More information64-Bit NASM Notes. Invoking 64-Bit NASM
64-Bit NASM Notes The transition from 32- to 64-bit architectures is no joke, as anyone who has wrestled with 32/64 bit incompatibilities will attest We note here some key differences between 32- and 64-bit
More informationReturn-oriented programming without returns
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Return-oriented programming without urns S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy
More informationChapter 4 Processor Architecture
Chapter 4 Processor Architecture Modern microprocessors are among the most complex systems ever created by humans. A single silicon chip, roughly the size of a fingernail, can contain a complete high-performance
More informationFaculty of Engineering Student Number:
Philadelphia University Student Name: Faculty of Engineering Student Number: Dept. of Computer Engineering Final Exam, First Semester: 2012/2013 Course Title: Microprocessors Date: 17/01//2013 Course No:
More informationA Tiny Guide to Programming in 32-bit x86 Assembly Language
CS308, Spring 1999 A Tiny Guide to Programming in 32-bit x86 Assembly Language by Adam Ferrari, ferrari@virginia.edu (with changes by Alan Batson, batson@virginia.edu and Mike Lack, mnl3j@virginia.edu)
More informationIntroduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code
Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and
More informationCHAPTER 6 TASK MANAGEMENT
CHAPTER 6 TASK MANAGEMENT This chapter describes the IA-32 architecture s task management facilities. These facilities are only available when the processor is running in protected mode. 6.1. TASK MANAGEMENT
More informationSystems Design & Programming Data Movement Instructions. Intel Assembly
Intel Assembly Data Movement Instruction: mov (covered already) push, pop lea (mov and offset) lds, les, lfs, lgs, lss movs, lods, stos ins, outs xchg, xlat lahf, sahf (not covered) in, out movsx, movzx
More informationX86-64 Architecture Guide
X86-64 Architecture Guide For the code-generation project, we shall expose you to a simplified version of the x86-64 platform. Example Consider the following Decaf program: class Program { int foo(int
More informationChapter 7D The Java Virtual Machine
This sub chapter discusses another architecture, that of the JVM (Java Virtual Machine). In general, a VM (Virtual Machine) is a hypothetical machine (implemented in either hardware or software) that directly
More informationStack Overflows. Mitchell Adair
Stack Overflows Mitchell Adair Outline Why? What? There once was a VM Virtual Memory Registers Stack stack1, stack2, stack3 Resources Why? Real problem Real money Real recognition Still prevalent Very
More informationMACHINE ARCHITECTURE & LANGUAGE
in the name of God the compassionate, the merciful notes on MACHINE ARCHITECTURE & LANGUAGE compiled by Jumong Chap. 9 Microprocessor Fundamentals A system designer should consider a microprocessor-based
More informationx64 Cheat Sheet Fall 2015
CS 33 Intro Computer Systems Doeppner x64 Cheat Sheet Fall 2015 1 x64 Registers x64 assembly code uses sixteen 64-bit registers. Additionally, the lower bytes of some of these registers may be accessed
More informationIntel 8086 architecture
Intel 8086 architecture Today we ll take a look at Intel s 8086, which is one of the oldest and yet most prevalent processor architectures around. We ll make many comparisons between the MIPS and 8086
More informationUnpacked BCD Arithmetic. BCD (ASCII) Arithmetic. Where and Why is BCD used? From the SQL Server Manual. Packed BCD, ASCII, Unpacked BCD
BCD (ASCII) Arithmetic The Intel Instruction set can handle both packed (two digits per byte) and unpacked BCD (one decimal digit per byte) We will first look at unpacked BCD Unpacked BCD can be either
More informationFor a 64-bit system. I - Presentation Of The Shellcode
#How To Create Your Own Shellcode On Arch Linux? #Author : N3td3v!l #Contact-mail : 4nonymouse@usa.com #Website : Nopotm.ir #Spcial tnx to : C0nn3ct0r And All Honest Hackerz and Security Managers I - Presentation
More informationMICROPROCESSOR. Exclusive for IACE Students www.iace.co.in iacehyd.blogspot.in Ph: 9700077455/422 Page 1
MICROPROCESSOR A microprocessor incorporates the functions of a computer s central processing unit (CPU) on a single Integrated (IC), or at most a few integrated circuit. It is a multipurpose, programmable
More informationl C-Programming l A real computer language l Data Representation l Everything goes down to bits and bytes l Machine representation Language
198:211 Computer Architecture Topics: Processor Design Where are we now? C-Programming A real computer language Data Representation Everything goes down to bits and bytes Machine representation Language
More informationComputer Organization and Architecture
Computer Organization and Architecture Chapter 11 Instruction Sets: Addressing Modes and Formats Instruction Set Design One goal of instruction set design is to minimize instruction length Another goal
More informationCS:APP Chapter 4 Computer Architecture Instruction Set Architecture
Adaptation par J.Bétréma CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant Carnegie Mellon University http://csapp.cs.cmu.edu CS:APP Instruction Set Architecture Application
More informationPART B QUESTIONS AND ANSWERS UNIT I
PART B QUESTIONS AND ANSWERS UNIT I 1. Explain the architecture of 8085 microprocessor? Logic pin out of 8085 microprocessor Address bus: unidirectional bus, used as high order bus Data bus: bi-directional
More informationBuffer Overflows. Security 2011
Buffer Overflows Security 2011 Memory Organiza;on Topics Kernel organizes memory in pages Typically 4k bytes Processes operate in a Virtual Memory Space Mapped to real 4k pages Could live in RAM or be
More informationAbysssec Research. 1) Advisory information. 2) Vulnerable version
Abysssec Research 1) Advisory information Title Version Discovery Vendor Impact Contact Twitter CVE : Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability : QuickTime player 7.6.5
More informationAdvanced Computer Architecture-CS501. Computer Systems Design and Architecture 2.1, 2.2, 3.2
Lecture Handout Computer Architecture Lecture No. 2 Reading Material Vincent P. Heuring&Harry F. Jordan Chapter 2,Chapter3 Computer Systems Design and Architecture 2.1, 2.2, 3.2 Summary 1) A taxonomy of
More informationComputer Organization and Assembly Language
Computer Organization and Assembly Language Lecture 8 - Strings and Arrays Introduction We already know that assembly code will execute significantly faster than code written in a higher-level language
More informationInstruction Set Architecture (ISA)
Instruction Set Architecture (ISA) * Instruction set architecture of a machine fills the semantic gap between the user and the machine. * ISA serves as the starting point for the design of a new machine
More informationChapter 5 Instructor's Manual
The Essentials of Computer Organization and Architecture Linda Null and Julia Lobur Jones and Bartlett Publishers, 2003 Chapter 5 Instructor's Manual Chapter Objectives Chapter 5, A Closer Look at Instruction
More informationCaml Virtual Machine File & data formats Document version: 1.4 http://cadmium.x9c.fr
Caml Virtual Machine File & data formats Document version: 1.4 http://cadmium.x9c.fr Copyright c 2007-2010 Xavier Clerc cadmium@x9c.fr Released under the LGPL version 3 February 6, 2010 Abstract: This
More informationOverview of IA-32 assembly programming. Lars Ailo Bongo University of Tromsø
Overview of IA-32 assembly programming Lars Ailo Bongo University of Tromsø Contents 1 Introduction... 2 2 IA-32 assembly programming... 3 2.1 Assembly Language Statements... 3 2.1 Modes...4 2.2 Registers...4
More informationIntel Assembler. Project administration. Non-standard project. Project administration: Repository
Lecture 14 Project, Assembler and Exam Source code Compiler phases and program representations Frontend Lexical analysis (scanning) Backend Immediate code generation Today Project Emma Söderberg Revised
More informationSyscall 5. Erik Jonsson School of Engineering and Computer Science. The University of Texas at Dallas
Syscall 5 System call 5 allows input of numerical data from the keyboard while a program is running. Syscall 5 is a bit unusual, in that it requires the use of register $v0 twice. In syscall 5 (as for
More informationIntroduction. Figure 1 Schema of DarunGrim2
Reversing Microsoft patches to reveal vulnerable code Harsimran Walia Computer Security Enthusiast 2011 Abstract The paper would try to reveal the vulnerable code for a particular disclosed vulnerability,
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationMemory Systems. Static Random Access Memory (SRAM) Cell
Memory Systems This chapter begins the discussion of memory systems from the implementation of a single bit. The architecture of memory chips is then constructed using arrays of bit implementations coupled
More information1 Classical Universal Computer 3
Chapter 6: Machine Language and Assembler Christian Jacob 1 Classical Universal Computer 3 1.1 Von Neumann Architecture 3 1.2 CPU and RAM 5 1.3 Arithmetic Logical Unit (ALU) 6 1.4 Arithmetic Logical Unit
More informationUsing the RDTSC Instruction for Performance Monitoring
Using the Instruction for Performance Monitoring http://developer.intel.com/drg/pentiumii/appnotes/pm1.htm Using the Instruction for Performance Monitoring Information in this document is provided in connection
More informationCSE 141L Computer Architecture Lab Fall 2003. Lecture 2
CSE 141L Computer Architecture Lab Fall 2003 Lecture 2 Pramod V. Argade CSE141L: Computer Architecture Lab Instructor: TA: Readers: Pramod V. Argade (p2argade@cs.ucsd.edu) Office Hour: Tue./Thu. 9:30-10:30
More informationBCD (ASCII) Arithmetic. Where and Why is BCD used? Packed BCD, ASCII, Unpacked BCD. BCD Adjustment Instructions AAA. Example
BCD (ASCII) Arithmetic We will first look at unpacked BCD which means strings that look like '4567'. Bytes then look like 34h 35h 36h 37h OR: 04h 05h 06h 07h x86 processors also have instructions for packed
More informationPROBLEMS (Cap. 4 - Istruzioni macchina)
98 CHAPTER 2 MACHINE INSTRUCTIONS AND PROGRAMS PROBLEMS (Cap. 4 - Istruzioni macchina) 2.1 Represent the decimal values 5, 2, 14, 10, 26, 19, 51, and 43, as signed, 7-bit numbers in the following binary
More informationPC Assembly Language. Paul A. Carter
PC Assembly Language Paul A. Carter November 20, 2001 Copyright c 2001 by Paul Carter This may be reproduced and distributed in its entirety (including this authorship, copyright and permission notice),
More informationAn Introduction to Assembly Programming with the ARM 32-bit Processor Family
An Introduction to Assembly Programming with the ARM 32-bit Processor Family G. Agosta Politecnico di Milano December 3, 2011 Contents 1 Introduction 1 1.1 Prerequisites............................. 2
More informationMICROPROCESSOR AND MICROCOMPUTER BASICS
Introduction MICROPROCESSOR AND MICROCOMPUTER BASICS At present there are many types and sizes of computers available. These computers are designed and constructed based on digital and Integrated Circuit
More informationEmbedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C
Embedded Systems A Review of ANSI C and Considerations for Embedded C Programming Dr. Jeff Jackson Lecture 2-1 Review of ANSI C Topics Basic features of C C fundamentals Basic data types Expressions Selection
More information(Refer Slide Time: 00:01:16 min)
Digital Computer Organization Prof. P. K. Biswas Department of Electronic & Electrical Communication Engineering Indian Institute of Technology, Kharagpur Lecture No. # 04 CPU Design: Tirning & Control
More informationHow It All Works. Other M68000 Updates. Basic Control Signals. Basic Control Signals
CPU Architectures Motorola 68000 Several CPU architectures exist currently: Motorola Intel AMD (Advanced Micro Devices) PowerPC Pick one to study; others will be variations on this. Arbitrary pick: Motorola
More informationProgramming from the Ground Up
Programming from the Ground Up Jonathan Bartlett Edited by Dominick Bruno, Jr. Programming from the Ground Up by Jonathan Bartlett Edited by Dominick Bruno, Jr. Copyright 2003 by Jonathan Bartlett Permission
More informationProgramming Languages
Programming Languages In the beginning To use a computer, you needed to know how to program it. Today People no longer need to know how to program in order to use the computer. To see how this was accomplished,
More informationUnderstanding a Simple Operating System
Understanding a Simple Operating System SOS is a Simple Operating System designed for the 32- bit x86 architecture. Its purpose is to understand basic concepts of operating system design. These notes are
More informationComputer Architectures
Computer Architectures 2. Instruction Set Architectures 2015. február 12. Budapest Gábor Horváth associate professor BUTE Dept. of Networked Systems and Services ghorvath@hit.bme.hu 2 Instruction set architectures
More informationLecture 21: Buffer Overflow Attack. Lecture Notes on Computer and Network Security. by Avi Kak (kak@purdue.edu)
Lecture 21: Buffer Overflow Attack Lecture Notes on Computer and Network Security by Avi Kak (kak@purdue.edu) April 2, 2015 3:58pm c 2015 Avinash Kak, Purdue University Goals: Services and ports A case
More informationAutomating Mimicry Attacks Using Static Binary Analysis
Automating Mimicry Attacks Using Static Binary Analysis Christopher Kruegel and Engin Kirda Technical University Vienna chris@auto.tuwien.ac.at, engin@infosys.tuwien.ac.at Darren Mutz, William Robertson,
More informationInstruction Set Architecture. or How to talk to computers if you aren t in Star Trek
Instruction Set Architecture or How to talk to computers if you aren t in Star Trek The Instruction Set Architecture Application Compiler Instr. Set Proc. Operating System I/O system Instruction Set Architecture
More informationCSC 2405: Computer Systems II
CSC 2405: Computer Systems II Spring 2013 (TR 8:30-9:45 in G86) Mirela Damian http://www.csc.villanova.edu/~mdamian/csc2405/ Introductions Mirela Damian Room 167A in the Mendel Science Building mirela.damian@villanova.edu
More informationProgramming from the Ground Up. Jonathan Bartlett
Programming from the Ground Up Jonathan Bartlett Programming from the Ground Up by Jonathan Bartlett Copyright 2002 by Jonathan Bartlett Permission is granted to copy, distribute and/or modify this document
More informationSoftware Fingerprinting for Automated Malicious Code Analysis
Software Fingerprinting for Automated Malicious Code Analysis Philippe Charland Mission Critical Cyber Security Section October 25, 2012 Terms of Release: This document is approved for release to Defence
More informationASSEMBLY PROGRAMMING ON A VIRTUAL COMPUTER
ASSEMBLY PROGRAMMING ON A VIRTUAL COMPUTER Pierre A. von Kaenel Mathematics and Computer Science Department Skidmore College Saratoga Springs, NY 12866 (518) 580-5292 pvonk@skidmore.edu ABSTRACT This paper
More informationM A S S A C H U S E T T S I N S T I T U T E O F T E C H N O L O G Y DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE
M A S S A C H U S E T T S I N S T I T U T E O F T E C H N O L O G Y DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE 1. Introduction 6.004 Computation Structures β Documentation This handout is
More informationApplication Note. Introduction AN2471/D 3/2003. PC Master Software Communication Protocol Specification
Application Note 3/2003 PC Master Software Communication Protocol Specification By Pavel Kania and Michal Hanak S 3 L Applications Engineerings MCSL Roznov pod Radhostem Introduction The purpose of this
More informationAn Overview of Stack Architecture and the PSC 1000 Microprocessor
An Overview of Stack Architecture and the PSC 1000 Microprocessor Introduction A stack is an important data handling structure used in computing. Specifically, a stack is a dynamic set of elements in which
More informationZ80 Instruction Set. Z80 Assembly Language
75 Z80 Assembly Language The assembly language allows the user to write a program without concern for memory addresses or machine instruction formats. It uses symbolic addresses to identify memory locations
More informationProgramming from the Ground Up
Programming from the Ground Up Jonathan Bartlett Edited by Dominick Bruno, Jr. Programming from the Ground Up by Jonathan Bartlett Edited by Dominick Bruno, Jr. Copyright 2003 by Jonathan Bartlett Permission
More informationTitanMist: Your First Step to Reversing Nirvana TitanMist. mist.reversinglabs.com
TitanMist: Your First Step to Reversing Nirvana TitanMist mist.reversinglabs.com Contents Introduction to TitanEngine.. 3 Introduction to TitanMist 4 Creating an unpacker for TitanMist.. 5 References and
More informationTechnical Support Bulletin Nr.18 Modbus Tips
Technical Support Bulletin Nr.18 Modbus Tips Contents! Definitions! Implemented commands! Examples of commands or frames! Calculating the logical area! Reading a signed variable! Example of commands supported
More information8085 INSTRUCTION SET
DATA TRANSFER INSTRUCTIONS Opcode Operand Description 8085 INSTRUCTION SET INSTRUCTION DETAILS Copy from source to destination OV Rd, Rs This instruction copies the contents of the source, Rs register
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationCompilers I - Chapter 4: Generating Better Code
Compilers I - Chapter 4: Generating Better Code Lecturers: Paul Kelly (phjk@doc.ic.ac.uk) Office: room 304, William Penney Building Naranker Dulay (nd@doc.ic.ac.uk) Materials: Office: room 562 Textbook
More informationAdministration. Instruction scheduling. Modern processors. Examples. Simplified architecture model. CS 412 Introduction to Compilers
CS 4 Introduction to Compilers ndrew Myers Cornell University dministration Prelim tomorrow evening No class Wednesday P due in days Optional reading: Muchnick 7 Lecture : Instruction scheduling pr 0 Modern
More informationCPU Organisation and Operation
CPU Organisation and Operation The Fetch-Execute Cycle The operation of the CPU 1 is usually described in terms of the Fetch-Execute cycle. 2 Fetch-Execute Cycle Fetch the Instruction Increment the Program
More informationUnder The Hood: The System Call
2 Under The Hood: The System Call In this note, we ll peak under the hood of one simple and neat OS called xv6 [CK+08]. The xv6 kernel is a port of an old UNIX version 6 from PDP-11 (the machine it was
More informationExceptions in MIPS. know the exception mechanism in MIPS be able to write a simple exception handler for a MIPS machine
7 Objectives After completing this lab you will: know the exception mechanism in MIPS be able to write a simple exception handler for a MIPS machine Introduction Branches and jumps provide ways to change
More informationStack machines The MIPS assembly language A simple source language Stack-machine implementation of the simple language Readings: 9.1-9.
Code Generation I Stack machines The MIPS assembly language A simple source language Stack-machine implementation of the simple language Readings: 9.1-9.7 Stack Machines A simple evaluation model No variables
More informationInformatica e Sistemi in Tempo Reale
Informatica e Sistemi in Tempo Reale Introduction to C programming Giuseppe Lipari http://retis.sssup.it/~lipari Scuola Superiore Sant Anna Pisa October 25, 2010 G. Lipari (Scuola Superiore Sant Anna)
More informationHigh-speed image processing algorithms using MMX hardware
High-speed image processing algorithms using MMX hardware J. W. V. Miller and J. Wood The University of Michigan-Dearborn ABSTRACT Low-cost PC-based machine vision systems have become more common due to
More informationInterpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters
Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.
More informationEncryption Wrapper. on OSX
Encryption Wrapper on OSX Overview OSX Kernel What is an Encryption Wrapper? Project Implementation OSX s Origins and Design NeXTSTEP Legacy NextStep v1 NextStep v3.3 Mac OS X Jobs creates NeXT Apple acquisition
More information1 The Java Virtual Machine
1 The Java Virtual Machine About the Spec Format This document describes the Java virtual machine and the instruction set. In this introduction, each component of the machine is briefly described. This
More informationCS:APP Chapter 4 Computer Architecture. Wrap-Up. William J. Taffe Plymouth State University. using the slides of
CS:APP Chapter 4 Computer Architecture Wrap-Up William J. Taffe Plymouth State University using the slides of Randal E. Bryant Carnegie Mellon University Overview Wrap-Up of PIPE Design Performance analysis
More informationInstruction Set Architecture
Instruction Set Architecture Consider x := y+z. (x, y, z are memory variables) 1-address instructions 2-address instructions LOAD y (r :=y) ADD y,z (y := y+z) ADD z (r:=r+z) MOVE x,y (x := y) STORE x (x:=r)
More informationComplete 8086 instruction set
Page 1 of 53 Complete 8086 instruction set Quick reference: AAA AAD AAM AAS ADC ADD AND CALL CBW CLC CLD CLI CMC CMP CMPSB CMPSW CWD DAA DAS DEC DIV HLT IDIV IMUL IN INC INT INTO I JA JAE JB JBE JC JCXZ
More information2) Write in detail the issues in the design of code generator.
COMPUTER SCIENCE AND ENGINEERING VI SEM CSE Principles of Compiler Design Unit-IV Question and answers UNIT IV CODE GENERATION 9 Issues in the design of code generator The target machine Runtime Storage
More informationB.Sc.(Computer Science) and. B.Sc.(IT) Effective From July 2011
NEW Detailed Syllabus of B.Sc.(Computer Science) and B.Sc.(IT) Effective From July 2011 SEMESTER SYSTEM Scheme & Syllabus for B.Sc. (CS) Pass and Hons. Course Effective from July 2011 and onwards CLASS
More informationAssembly Language Tutorial
Assembly Language Tutorial ASSEMBLY LANGUAGE TUTORIAL by tutorialspoint.com tutorialspoint.com i ABOUT THE TUTORIAL Assembly Programming Tutorial Assembly language is a low-level programming language for
More informationAbout the Tutorial. Audience. Prerequisites. Copyright & Disclaimer
About the Tutorial Assembly language is a low-level programming language for a computer or other programmable device specific to a particular computer architecture in contrast to most high-level programming
More informationHotpatching and the Rise of Third-Party Patches
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov asotirov@determina.com BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments
More informationIntroduction. Compiler Design CSE 504. Overview. Programming problems are easier to solve in high-level languages
Introduction Compiler esign CSE 504 1 Overview 2 3 Phases of Translation ast modifled: Mon Jan 28 2013 at 17:19:57 EST Version: 1.5 23:45:54 2013/01/28 Compiled at 11:48 on 2015/01/28 Compiler esign Introduction
More informationMotorola 8- and 16-bit Embedded Application Binary Interface (M8/16EABI)
Motorola 8- and 16-bit Embedded Application Binary Interface (M8/16EABI) SYSTEM V APPLICATION BINARY INTERFACE Motorola M68HC05, M68HC08, M68HC11, M68HC12, and M68HC16 Processors Supplement Version 2.0
More informationNotes on Assembly Language
Notes on Assembly Language Brief introduction to assembly programming The main components of a computer that take part in the execution of a program written in assembly code are the following: A set of
More informationCPU performance monitoring using the Time-Stamp Counter register
CPU performance monitoring using the Time-Stamp Counter register This laboratory work introduces basic information on the Time-Stamp Counter CPU register, which is used for performance monitoring. The
More informationesrever gnireenigne tfosorcim seiranib
esrever gnireenigne tfosorcim seiranib Alexander Sotirov asotirov@determina.com CanSecWest / core06 Reverse Engineering Microsoft Binaries Alexander Sotirov asotirov@determina.com CanSecWest / core06 Overview
More information