Intel X86 Assembly Fundamentals
Intel x86 Assembly FundamentalsComputerpOrganizationg zand Assemblyy Languagesg gYung-Yu Chuangwith slides by Kip Irvine
x86 Assembly LanguageFundamentals
Instructions Assembled into machine code by assemblerExecuted at runtime by the CPUMember of the Intel IA-32 instruction setFour parts––––Label (optional)Mnemonic (required)Operand (usually required)Comment (optional)Label:MnemonicOperand(s);Comment3
Labels Act as place markers– marks the address (offset) of code and data Easier to memorize and more flexiblemov axax, [0020] mov axax, val Follow identifier rules DataDllabelb l– must be unique– example:lmyArrayBYTE10 Code label (ends with a colon)– target of jump and loop instructions– example: L1: mov ax, bx.jmp L14
Reserved words and identifiers Reserved words cannot be used as identifiers– Instruction mnemonics,mnemonics directivesdirectives, type attributesattributes,operators, predefined symbols Identifiers––––1-247 characters, including digitscase insensitive (by default)first character must be a letter, , @, or examples:pvar1Count firstmainMAXopen file@@myfile xVal123455
Mnemonics and operands Instruction mnemonics– "reminder"reminder– examples: MOV, ADD, SUB, MUL, INC, DEC Operands––––constant (immediate value), 96constant expression,expression 2 4Register, eaxmemoryy ((data label),), coucountt Number of operands: 0 to 3– stc– inc ax– mov count,, bx; set Carry flag; add 1 to ax; move BX to count6
Directives Commands that are recognized and acted uponby the assembler– Part of assembler’s syntax but not part of the Intelinstruction set– Used to declare code, data areas, select memorymodel declare proceduresmodel,procedures, etcetc.– case insensitive Different assemblers have different directives– NASM ! MASM, for example Examples:El.datad.codedPROCOC7
Comments Comments are good!– explain the program'sprogram s purpose– tricky coding techniques– application-specificpppexplanationsp Single-line comments– beging with semicolon (;) block comments– begin with COMMENT directive and a programmerprogrammerchosen character and end with the sameprogrammer-chosen characterCOMMENT !This is a commentand this line is also a comment!8
Example: adding/subtracting integersdirective marking a commentTITLE Add and Subtract(AddSub.asm)comment; This program adds and subtracts 32-bit integers.INCLUDE Irvine32.inc copy definitions from Irvine32.inc.code code segment.seg e t. 3 segments:seg e ts: code, data, stacstackmain PROC beginning of a proceduremov eax,10000hsource ; EAX 10000hadd eax,40000h; EAX 50000hddestinationtitisub eax,20000h; EAX 30000hcall DumpRegs; display registersexitdefined in Irvine32Irvine32.incinc to end a programmain ENDPEND mainmarks the last line anddefine the startup procedure9
Example outputProgram outputoutput, showing registers and flags:EAX 00030000EAX 00030000EBXEBX 7FFDF0007FFDF000ECXECX 0000010100000101EDXEDX FFFFFFFFFFFFFFFFESI 00000000EDI 00000000EBP 0012FFF0ESP 0012FFC4EIP 00401024EFL 00000206CF 0SF 0ZF 0OF 010
Alternative version of AddSubTITLE Add and Subtract(AddSubAlt.asm); This program adds and subtracts 32-bit integers.386.MODEL flat,stdcall,.STACK 4096ExitProcess PROTO, dwExitCode:DWORDDumpRegs PROTO.codemain PROCmov eax,10000hadd eax,40000hsub eax,20000hcall DumpRegsINVOKE ExitProcess,0main ENDPEND main; EAX 10000h; EAX 50000h; EAX 30000h11
Program templateTITLE Program Template;;;;;(Template.asm)Program Description:Author:Creation Date:Revisions:Date:Modified by:.data; (insert variables here).codecodemain PROC; (insert executable instructions here)exitimain ENDP; (insert additional procedures here)END main12
Assemble-link execute cycle The following diagram describes the steps fromcreating a source program through executing thecompiled program. If the source code is modified,, Stepsp 2 throughg 4 mustbe repeated.LinkLibrarySourceFileStep 1: text editorStep 2:St2assemblerObjectFileListingFileStep 3:linkerExecutableFileStep 4:OS loaderOutputMapFile13
Defining data
Intrinsic data types(1 of 2) BYTE, SBYTE– 8-bit8 bit unsignedid iinteger;t88-bitbit signedid iintegert WORD, SWORD– 16-bit unsigned & signed integer DWORD, SDWORD– 32-bit unsigned & signed integer QWORDQ– 64-bit integer TBYTE– 80-bit integer15
Intrinsic data types(2 of 2) REAL4– 4-byte4 b t IEEE shorth t reall REAL8– 8-byte IEEE long real REAL10– 10-byte IEEE extended real16
Data definition statement A data definition statement sets aside storage inmemory for a variable.variable May optionally assign a name (label) to the data. Only size matters,matters other attributes such as signed arejust reminders for programmers. Syntax:[name] directive initializer [,initializer] . . .At least one initializer is required, can be ? All initializers become binary data in memory17
Integer constants [{ -}] digits [radix]Optional leading or – signbinary, decimal, hexadecimal, or octal digitsCCommonradixdi xadecimald i l (ddecimal(default)f lt)binaryencoded realoctalExamples: 30d, 6Ah, 42, 42o, 1101bHexadecimal beginning with letter: 0A5h18
Integer expressions Operators and precedence levels: Examples:19
Real number constants (encoded reals) Fixed point v.s. floating point1823SEM 1.bbbb 2 (E-127) Example 3F800000r 1.0,37.75 42170000r double11152SEM20
Real number constants (decimal reals) [sign]integer.[integer][exponent]signi { -}{ }exponent E[{ -}]integer Examples:2. 3.0-4444.2E 052E 0526.E521
Character and string constants Enclose character in single or double quotes– 'A','A' ""x""– ASCII character 1 byte Encloselstrings in singlel or doubled bl quotes– "ABC"– 'xyz'– Each character occupies a single byte Embedded quotes:– ‘Sayy "Goodnight,"gGracie’– "This isn't a test"22
Defining BYTE and SBYTE DataEach of the following defines a single byte of storage:value1 BYTE 'A‘; character constantvalue2l 2 BYTE 0; smallestll t unsignedid bbytetvalue3 BYTE 255; largest unsigned bytevalue4 SBYTE -128 ; smallest signed bytevalue5 SBYTE 127 ; largest signed bytevalue6 BYTE ?; uninitialized byteA variable name is a data label that implies an offset(an address).23
Defining multiple bytesExamples that use multiple initializers:list1 BYTE 1010,20,30,4020 30 40list2 BYTE 10,20,30,40BYTE 50,60,70,80BYTE 81,82,83,84, , ,list3 BYTE ?,32,41h,00100010blist4 BYTE 0Ah,20h,‘A’,22h24
Defining strings(1 of 2) A string is implemented as an array ofcharacters– For convenience, it is usually enclosed inquotation marksq– It usually has a null byte at the end Examples:str1 BYTEstr2 BYTEstr3 BYTEgreeting1"Enter your name",0'Error: halting program',0'A','E','I','O','U'BYTE "Welcome to the Encryption Demo program "BYTE "createdcreated by Kip IrvineIrvine.",00greeting2 \BYTE "Welcome to the Encryption Demo program "BYTE "created by Kip Irvine.",025
Defining strings(2 of 2) End-of-line character sequence:– 0Dh carriage return– 0Ah line feedstr1 BYTE "Enter your name:",0Dh,0AhBYTE "EnterEnter your address: ",00newLine BYTE 0Dh0Dh,0Ah,00Ah 0Idea: Define all strings used by your program inthe same area of the data segment.26
Using the DUP operator Use DUP to allocate (create space for) an array orstring.string Counter and argument must be constants or constantexpressionspvar1 BYTE 20 DUP(0) ; 20 bytes, all zerovar2 BYTE 20 DUP(?) ; 20 bytes,; uninitializedi iti li dvar3 BYTE 4 DUP("STACK") ; 20 bytes:;"STACKSTACKSTACKSTACK"var4 BYTE 1010,33 DUP(0)DUP(0),202027
Defining WORD and SWORD data Define storage for 16-bit integers– or double characters– single value or multiple valuesword1 WORD65535word2 SWORD –32768word3 WORD?;;;;word4 WORD "AB";myListyWORD 1,2,3,4,5, , , ,array WORD 5 DUP(?) ;largest unsignedsmallest signedguninitialized,unsignedgdouble characters; arrayy of wordsuninitialized array28
Defining DWORD and SDWORD dataStorage definitions for signed and unsigned 32-bitintegers:val1val2val3val4DWORD 12345678hSDWORD –2147483648DWORD 20 DUP(?)SDWORD –3,–2,–1,0,13 2 1 0 1;;;;unsignedsignedunsigned arraysigned array29
Defining QWORD, TBYTE, Real DataStorage definitions for quadwords, tenbyte values,and real numbers:qquad1QQWORD 1234567812345678hval1 TBYTE 1000000000123456789AhrVal1aREAL4 -2.1.rVal2 REAL8 3.2E-260rVal3 REAL10 4.6E 4096ShortArray REAL4 20 DUP(0.0)30
Little Endian order All data types larger than a byte store theirindividual bytes in reverse orderorder. The leastsignificant byte occurs at the first (lowest)memory address.address Example:val1 DWORD 12345678h31
Adding variables to AddSubTITLE Add and Subtract,INCLUDE Irvine32Irvine32.incinc.dataval1 DWORD 10000hval2 DWORD 40000hval3 DWORD 20000hfinalVal DWORD ?.codemain PROCmov eax,val1add eax,val2sub eax,val3mov finalVal,eax,call DumpRegsexitmain ENDPEND main(AddSub2.asm);;;;;start with 10000hadd 40000hsubtract 20000hstore the result ((30000h))display the registers32
Declaring unitialized data Use the .data? directive to declare anunintializedi ti li d ddatat segment:t.data? Within the segment, declare variables with "?"initializers: (will not be assembled into .exe)Advantage: the program's EXE file size is reduced.datasmallArray DWORD 10 DUP(0).data?bigArrayDWORD 5000 DUP(?)33
Mixing code and data.codemov eaxeax, ebx.datatemp DWORD ?.codemov temptemp, eax34
Symbolic constants
Equal-sign directive name expression– expressioni iis a 32-bit32 bit integeri t((expressioni or constant)t t)– may be redefined– name isi calledll d a symbolicb li constantt t good programming style to use symbols– Easier to modify– Easier to understand, ESC keyArray DWORD COUNT DUP(0)COUNT 5mov al,l COUNTCOUNT 10mov alal, COUNTCOUNT 500.mov al,COUNT36
Calculating the size of a byte array current location counter: – subtractbt t addressddoff lilistt– difference is the number of byteslist BYTE 10,20,30,40ListSizestS e 4list BYTE 10,20,30,40ListSizestS e ( - list)st)list BYTE 10,20,30,40var2 BYTE 20 DUP(?)ListSize ( - list)myString BYTE “This is a long string.”myString lenSt il ( - myString)St i )37
Calculating the size of a word array current location counter: – subtract address of list– difference is the number of bytes– divide by 2 (the size of a word)listlit WORD 1000h,2000h,3000h,4000h1000h 2000h 3000h 4000hListSize ( - list) / 2list DWORD 1,2,3,4ListSize ( - list) / 438
EQU directive name EQU expressionname EQU symbolQ text name EQU Define a symbol as either an integer or textexpression.expression Can be useful for non-integer constants CannotCt beb redefinedd fi d39
EQU directivePI EQUQ 3.1416 pressKey EQU "Press any key to continue.",0 .dataprompt BYTE pressKeymatrix1 EQU 10*10matrix2 EQU 10 10*10 10 .dataM1 WORD matrix1; M1 WORD 100M2 WORD matrix2; M2 WORD 10*1040
Addressing
Addressing Modes
Addressing Modes
32-Bit Addressing Modes These addressing modes use 32-bit registersSegment Base (Index * Scale) displacement
Operand types Three basic types of operands:– IImmediatedi t – a constantt t iintegert(8(8, 1616, or 32 bitbits)) value is encoded within the instruction– RegisterR i t – theth name off a registeri t register name is converted to a number andencoded within the instruction– Memory – reference to a location in memory memory addressddiis encodedd d withinithi ththeinstruction, or a register holds the address of amemory location45
Instruction operand notation46
Direct memory operands A direct memory operand is a namedreference to storage in memory The named reference (label) is automaticallydereferenced by the assembler.datavar11 BYTE 10h10h,.codemov al,var1l1mov al,[var1]; AL 10h; AL 10halternate format; I prefer this one.47
Direct-offset operandsA constant offset is added to a data label to produce aneffective address (EA).(EA) The address is dereferenced to getthe value inside its memory location. (no range checking).dataarrayB BYTE 10h,20h,30h,40h.codedmov al,arrayB 1; AL 20hmov al,[arrayB 1]; alternative notationmov al,arrayB 3; AL 40h48
Direct-offset operands (cont)A constant offset is added to a data label to produce aneffective address (EA).(EA) The address is dereferenced toget the value inside its memory location.datadataarrayW WORD 1000h,2000h,3000harrayD DWORD 1,2,3,4.codemov ax,[arrayW 2]; AX 2000hmov ax,[arrayW 4][W 4]; AX 3000hmov eax,[arrayD 4]; EAX 00000002h; will the following assemble and run?mov ax,[arrayW-2]; ?mov eax,[arrayD 16][16]; ?49
Data-Related Operators and Directives OFFSET OperatorPTR OperatorpTYPE OperatorLENGTHOF OperatorSIZEOF OperatorLABEL Directive50
OFFSET Operator OFFSET returns the distance in bytes, of a labelfrom the beginning of its enclosing segment– Protected mode: 32 bits– Real mode: 16 bitsoffsetdata segment:myByteThe Protected-mode programs we write only havea singleg segmentg((we use the flat memoryy model).)51
OFFSET ExamplesLet's assume that bVal is located at 00404000h:.databVal BYTE ?wVal WORD ?dVal DWORD ?dV l2 DWORD ?dVal2.codemov esi,OFFSETmov esi,OFFSETmov esi,OFFSETmov esi,OFFSETbVal ;wVal ;dVal ;dVal2;ESIESIESIESI 0040400000404001004040030040400752
Relating to C/C The value returned by OFFSET is a pointer. Comparethe following code written for both C and assemblylanguage:; C version:char array[1000];char * p &array;.dataarray BYTE 1000 DUP(?).codemov esiesi,OFFSETOFFSET array; ESI is p53
TYPE OperatorThe TYPE operator returns the size, in bytes, of a singleelement of a data declaration.declaration.datavar1 BYTE ?var2 WORD ?var3 DWORD ?var4 QWORD ?.codemov eax,TYPEmov eax,TYPEmov eax,TYPEmov eaxeax,TYPETYPEvar1var22var3var4;;;;124854
LENGTHOF OperatorThe LENGTHOF operator counts the number of elementsin a single data declaration.declaration.databyte1 BYTE 10,20,30array1 WORD 30 DUP(?),0,0array22 WORD 5 DUP(3 DUP(?))array3 DWORD 1,2,3,4digitStr BYTE "12345678",012345678 ,0LENGTHOF; 3; 32; 15; 4; 9.codemov ecx,LENGTHOF array1; 3255
SIZEOF OperatorThe SIZEOF operator returns a value that is equivalent tomultiplying LENGTHOF by TYPE.TYPE.databyte1 BYTE 10,20,30array1 WORD 30 DUP(?),0,0array2 WORD 5 DUP(3 DUP(?))array3 DWORD 1,2,3,4digitStr BYTE "12345678"12345678 ,00SIZEOF; 3; 64; 30; 16; 9.codemov ecx,SIZEOF array1; 6456
ALIGN Directive ALIGN bound aligns a variable on a byte, word,doubleword or paragraph boundary fordoubleword,efficiency. (bound can be 1, 2, 4, or 16.)bValALIGNwValbV l2bVal2ALIGNdValdVal2BYTE ?2WORD ?BYTE ?4DWORD ?DWORD ?; 00404000; 00404002; 00404004; 00404008; 0040400C57
PTR OperatorOverrides the default type of a label (variable).Provides the flexibility to access part of a variable.variable.datamyDouble DWORD 12345678h.codemovo aax,myDouble, y oub e; eerroro – why?y?mov ax,WORD PTR myDouble; loads 5678hmov WORD PTR myDouble,4321h; saves 4321hTo understand how this works, we need to knowabout little endian ordering of data in memory.memory58
Little Endian Order Little endian order refers to the way Intelstores integers in memory.memory Multi-byte integers are stored in reverse order,with the least significant byte stored at thelowest address For exampleexample, the doubleword 12345678h wouldbe stored as:byteoffset780000560001340002120003When integers are loaded frommemory into registersregisters, the bytesare automatically re-reversed intotheir correct positions.59
PTR Operator Examples.datamyDouble DWORD 12345678hdoublewordwordbyteoffset12345678 5678780000myDouble560001myDouble 1340002myDouble 2120003myDouble WORDax,WORDPTRPTRPTRPTRPTRmyDouble[myDouble 1][myDouble 2][myDouble]y[myDouble 2];;;;;ALALALAXAX 78h56h34h5678h1234h60
PTR Operator (cont)PTR can also be used to combine elements of a smallerddatatype andd move themhiinto a llarger operand.d ThThe CPUwill automatically reverse the bytes.datamyBytes BYTE 12h,34h,56h,78h.codemov axax,WORDWORD PTR [myBytes]mov ax,WORD PTR [myBytes 1],PTR myBytesy ymov eax,DWORD;;;;AX 3412hAX 5634hEAX 78563412h61
Your turn . . .Write down the value of each destination operand:.datavarB BYTE 65h,31h,02h,05hvarW WORD 6543h6543h,1202h1202hvarD DWORD 12345678h.codemov ax,WORD PTR [varB 2]mov bl,BYTE PTR varDmov bl,BYTE PTR [varW 2]mov axax,WORDWORD PTR [varD 2]mov eax,DWORD PTR varW;;;;;a. 0502hb. 78hc. 02hdd. 1234he. 12026543h62
Spanning Multiple Lines(1 of 2)A data declaration spans multiple lines if each line(except the last) ends with a commacomma. The LENGTHOFand SIZEOF operators include all lines belonging to thedeclaration:.dataarray WORD 10,20,30,40,50,60.codemov eaxeax,LENGTHOFLENGTHOF arraymov ebx,SIZEOF array; 6; 1263
Spanning Multiple Lines(2 of 2)In the following example, array identifies only the firstWORD declaration.declaration Compare the values returned byLENGTHOF and SIZEOF here to those in the previousslide:.dataarrayWORD 10,20WORD 30,40WORD 50,60.codemov eaxeax,LENGTHOFLENGTHOF arraymov ebx,SIZEOF array; 2; 464
LABEL Directive Assigns an alternate label name and type to an existingstorage location LABEL does not allocate any storage of its own; it isjjust an alias. Removes the need for the PTR operator.datadatadwListLABEL DWORDwordListo d st LABEL WORDOintList BYTE 00h,10h,00h,20h.codemov eax,dwList; 20001000hmov cx,wordList; 1000hmov dldl,intListintList; 00h65
Indirect operands(1 of 2)An indirect operand holds the address of a variable,usuallyy an arrayy or string.g It can be dereferenced (j(justlike a pointer). [reg] uses reg as pointer to accessmemory.datadval1 BYTE 10h,20h,30h.codecodemov esi,OFFSET val1mov al,[esi] ; dereference ESI (AL 10h)inc esimov al,[esi]l [ i]; AL 20hinc esimov al,[esi]; AL 30h66
Indirect operands(2 of 2)Use PTR when the size of a memory operand is ambiguous.datamyCount WORD 0unablebl tot determined ti ththesize from the context.codemov esiesi,OFFSETOFFSET myCountinc [esi]; error: ambiguousinc WORD PTR [esi] ; ok67
Array sum exampleIndirect operands are ideal for traversing an array. Notethat the registergin brackets must be incremented byy avalue that matches the array type.dataarrayW.codecodemovmovaddaddaddddaddWORD i,2i 2ax,[esi]arrayW; or: add esi,TYPE arrayW; iincrementt ESIS bby 2; AX sum of the array68
Indexed operandsAn indexed operand adds a constant to a register togenerate an effective address. There are two notationalforms:[label reg]label[reg].datadarrayW WORD 1000h,2000h,3000h.codecodemov esi,0mov ax,[arrayWy esi] ; AX 1000hmov ax,arrayW[esi] ; alternate formatadd esi,2adddd ax,[arrayW[W esi]i]etc.69
Index scalingYou can scale an indirect or indexed operand to theoffsetoset ofo ana arraya ay element.ele e t. Thiss iss dodonee by multiplyingult ply gthe index by the array's TYPE:.dataarrayB BYTE 0,1,2,3,4,5arrayW WORD 00,1,2,3,4,51 2 3 4 5arrayD DWORD 0,1,2,3,4,5.codecodemov esi,4mov alal,arrayB[esi*TYPEarrayB[esi*TYPE arrayB]mov bx,arrayW[esi*TYPE arrayW]mov edxedx,arrayD[esi*TYPEarrayD[esi*TYPE arrayD]; 04; 0004; 0000000470
PointersYou can declare a pointer variable that contains theoffset of another variable.variable.dataarrayW WORD 1000h,2000h,3000h1000 2000 3000ptrW DWORD arrayW.codecodemov esi,ptrWmov ax,[esi]; AX 1000h71
Intel x86 Assembly Fundamentals Comppgz ygguter Organization and Assembly Languages Yung-Yu Chuang with slides by Kip Irvine . x86 Assembly Languagex86 Assembly Language F
Chapter 1: Getting started with Intel x86 Assembly Language & Microarchitecture 2 Remarks 2 Examples 2 x86 Assembly Language 2 x86 Linux Hello World Example 3 Chapter 2: Assemblers 6 Examples 6 Microsoft Assembler - MASM 6 Intel Assembler 6 AT&T assembler - as 7 Borland's Turbo Assembler - TASM 7 GNU assembler - gas 7 Netwide Assembler - NASM 8
Intel C Compiler Intel Fortran Compiler Intel Distribution for Python* Intel Math Kernel Library Intel Integrated Performance Primitives Intel Threading Building Blocks Intel Data Analytics Acceleration Library Included in Composer Edition SCALE Intel MPI Library Intel Trace Analyze
android-x86.org Android-x86 status update from lead developer Chih-Wei Huang . Virtualbox and VMware Player supported. 26-28 Sept. - A Coruña android-x86.org oreo-x86 features . marshmallow-x86 3.7 FORCE_AMDGPU cflag to fix function prototypes (maurossi)
x86 Assembly Language Introduction. x86 Assembly Why Learn Assembly? Assembly is the most primitive tool in the programmers toolbox. Entire software projects can be written without ever once looking at a single line of assembly code. So the question arises: why learn assembly?
Document Number: 337029 -009 Intel RealSenseTM Product Family D400 Series Datasheet Intel RealSense Vision Processor D4, Intel RealSense Vision Processor D4 Board, Intel RealSense Vision Processor D4 Board V2, Intel RealSense Vision Processor D4 Board V3, Intel RealSense Depth Module D400, Intel RealSense Depth Module D410, Intel
Lenovo recommends Windows 8 Pro. SPECIFICATIONS PrOCESSOr OPErATING SySTEM I/O (INPUT/OUTPUT) POrTS Mini-Tower / Small Form Factor (SFF) Intel Core i7-4770S 65W Intel Core i7-4770 84W Intel Core i5-4430S 65W Intel Core i5-4430 84W Intel Core i5-4570S 65W Intel Core i5-4570 84W Intel Core i5-4670S 65W Intel Core i5-4670 84W Intel Core i3-4330 65W
Amazon EC2 64-bit: x86-64. SPARC 64 *15. x86-64. SPARC 64 *15. x86-64. IA64: . Sun Solaris SPARC. Sun Solaris x86-64: Sun Solaris SPARC. Sun Solaris x86-64: HP HP-UX Intel Itanium. . Technical Services may ask the customer to reproduce the issue on the Red Hat or SUSE distributions that are supported before
The development of tourism in natural areas (adventure tourism, ecotourism, rural tourism, etc.) necessarily raises the question of the environmental protection of these areas. Current status of nature conservation & biodiversity Ecotourism as a way to make tourism based on the desire to discover nature and to respect, preserve and enhance the natural balance and cultural places and local .
