The first week of Linux kernel analysis-Understand how a computer works by analyzing assembly code

first, let's write a simple C language program, as follows:

int g (int x) {      return x +3;} int f (int x) {      return g (x);} int main (void) {      return F (8) + 1;}

Then we compile the source program into an assembly language, the instructions are as follows

Gcc-s-O main.s main.c-m32

Get the result, delete the symbol item to get the result

First, the main function is the starting entry for the program, so start with the main function:

• Line 18 is entered in the main function (enter operation), the process is:
  First, the pushl %ebp operation: sp-4, then put the current BP value into the memory block pointed to by the SP, and then: The value of the movl %esp, %ebp ESP is assigned to EBP, so that the BP and SP will point to the same location, that is, to point to the SP point to the top position of the stack.
• The line 19 operation will immediately count 8 into the stack, ready for use in addition operations.

Starting with line 20, the F function is called, where the F function is parsed:

• When call F is finished, the stack condition is: SP (point to Ip,ip to the F function execution segment in CS), BP (point to SP previous position)
• Line 9 To Line 10 is the Enter operation, enter the function of its operation process main函数 of the same operation process, after the end of this state will be, BP and SP point to the same stack top position, when the SP is pointing to the content of BP before entering the F function to enter the BP value ( Note that the BP value here is not the same as the BP value in the main function ).
• Execution to Line 11 o'clock, the BP plus 8 (that is, the value of 8) in the SP points to the allocated memory block, for the function G call to prepare.

At line 12 is the start of calling the G function, where the G function begins to parse:

• Line 2 To Line 3 performs the Enter operation with the F function.
• Line 4 puts the value pointed to by bp+8 in Ax, or 8, to prepare for the following addition operation.
• Line 5 will immediately count 3 in the value in AX to do the addition operation, and then the results are placed in ax.
• Line 6 pop-up stack top ip,sp+4
• Line 7 returns the G function, and after execution, the contents of the popup stack are placed in the IP, and the stack goes back to the state before the function g is called, getting g (8)

Go back to the F function:

• Line 13 ~ 15 after execution, the stack reverts to function f called, gets f (8)

Finally, go back to the main function:

• Line 22 executes, sp+4, SP points to BP value (this BP's value is the value to the bottom of the stack), add $3， $eax and the value stored in AX +3
• Line 24,main The function is finished, the stack goes back to its original state (SP,BP all point to the bottom of the stack) and returns the calculated value.

Summarize

By analyzing the assembly code of the C language code, we can get some characteristics of the computer program execution:

• Always use the EIP to get the next piece of code to execute, and then execute the code, that is, always refer to the execution
• When a function call is made, the stack saves the state of the program before the calling function, while the stack pointer BP and SP are伪初始位置
• Each time the function call ends, the stack pointer bp and the SP revert to the state before the call

The first week of Linux kernel analysis-Understand how a computer works by analyzing assembly code