20135219 Hong--Information Security system Design Foundation Fourth Week study summary

Information Security System Design Foundation Fourth Week study summary

Learning tasks: Textbook Chapter III

Duration of study: 10 hours

Learning content

First, the textbook knowledge carding

1. Program coding and machine-level code

　　Program Code :

gcc compiler, converting source code into executable code, c preprocessor-assembler-linker

　　machine-Level code :

The format and behavior of the machine-level program, defining the "instruction set architecture Isa", defines the processor state, the instruction format, and the effect of the directive on the state

The machine-level program uses a virtual address for a practical storage address

2. data Format

　Integer, Long integer stored in 4-byte format

Pointer type stored in 4-byte format

There are three types of floating-point numbers: Single, Double, extended, 4, 8, 10, respectively

3. Operand designator :

　　The first is the immediate number , which is the constant value

The second is a register that represents the contents of a register

The third is the memory , which accesses the memory location according to the calculated valid address.

4. operand format See textbook P113 "Note s factor must be 1, 2, 4 or 8"

5. Data transfer instructions: The different instructions are divided into instruction classes, the same class of instructions to perform the same operation "Different is the size of the operands"

The value of the instruction source operand in the 6.MOV class is copied to the destination operand "The specified value of the source operand is an immediate number, the destination operand specifies a location"

7. The stack is a data structure that can add or remove values and follow the LIFO principle.

8. Load the valid address "Leal": Read data from memory to register.

9. Unary operation and two Yuan operation

Unary operation: Only one operand, both source and destination

Binary operations: Where the second operand is both a meta and a destination

10. Shift operation: First give the shift amount, and then give the shift value, you can do arithmetic and logical right shift.

11. Condition Code: Register, which describes the properties of the most recent arithmetic or logical operation.

　　Most commonly used condition code: CF "Carry Mark", ZF "0 mark", SF "symbol symbol", "overflow mark"

12. Note: The CMP directive and the test instruction do not modify the values of any registers, only set the condition code.

13. Access Condition code: Three methods commonly used P125

14. Three cycles of "Do-while" "while" "for"

15. A process involves passing data and control from one part of the code to another, allocating space for local variables of the process at entry, and freeing space on exit.

16. Stack frame structure: The portion of the stack allocated for a single process is called a "stack frame"

　　When the program executes, the stack pointer can be moved, and most information access is for the frame pointer

17. Transfer control: Call instruction, leave instruction, RET directive P150

18. Recursive Process P156

Second, the key points of knowledge (and carding the repeated content is no longer written)

1.x86 addressing mode through three generations:

The flat mode of the DOS era, without distinguishing between user space and kernel space, is not secure
Segmented mode of 8086
IA32 flat mode with protected mode
2. The program counter "PC" indicates the address of the next instruction that will be executed in memory

3.gcc-s xxx.c-o xxx.s Get assembly code

objdump-d xxx Disassembly, view the contents of the target code file

"Note" on 64-bit machines want to get 32 code: Gcc-m32-s XXX.C

There is no objdump in MAC OS, there is a basic equivalent command otool

Ubuntu gcc-s code.c (without-o1) produces code closer to the code in the textbook (delete ".") The beginning of the statement)

4. Binary files can be viewed with the OD command, or can be viewed with GDB's x command
Some of the output is too much, we can use the more or less command to view with a pipe, or you can use output redirection to view
OD CODE.O | More
OD code.o > Code.txt

5.gcc-s produced in the assembly can be put to "." The start statement is deleted and then read

Differences between the 6.ATT format and the Intel format　　

The Intel code omits the suffix of the indicated size, omitting the% in front of the register name and describing the location in the memory in different ways

7. Note The assembly code suffix for different data in the P111 table such as: char "B", short "w", int "L"

8.esi EDI can be used to manipulate arrays, esp EBP is used to manipulate stack frames. for registers, especially the Eax,ebx,ecx,edx in the General register, it is understood that the ah,al of the ax,8 bits of the 32-bit eax,16 bits are independent, as shown in the following example: Assuming that the current is a 32-bit x86 machine, The value of the EAX register is 0x8226, after the ADDW $0x8266 is executed, what is the%ax value after the eax instruction? Parsing: 0x8226+0x826=0x1044c, Ax is a 16-bit register, overflow, 1 of the highest bit will be discarded, the remaining 0x44c, do not think EAX is 32 bits will not occur overflow.

9. Master valid Address calculation method IMM (eb,ei,s) = Imm + R[eb] + r[ei]*s

The MOV is equivalent to the C language Assignment "=", note the direction in the ATT format, also note that you can not from the memory address of the direct MOV to another memory address, to use the register to relay a bit. Can distinguish Mov,movs,movz, master Push,pop

11. Stack frame and push pop; Note that the address of the top element of the stack is the lowest of all the element addresses in the stack.
Think about: Where CMP and sub are used

CMP is a comparison instruction that sets the condition code based on the difference between the two operands

The 12.SET instruction sets the condition code according to the t=a-b result.

Bt/frame/up/down: gdb command on stack frames

20135219 Hong--Information Security system Design Foundation Fourth Week study summary