20135308-Information Security system design basics Fifth Week study summary

Source: Internet
Author: User
Tags integer division gdb debugger

3rd Chapter The machine level of the program represents a, X86 addressing method

1 The flat mode of the DOS era, not distinguishing between user space and kernel space, very insecure

2-8086 segmented mode

3 IA32 Flat mode with protected mode

Second, the program code

Compile the following code:

unix> gcc -01 -o p p1.c p2.c

    • 01 means that the compiler is told to use the first level of optimization. In general, increasing the level of optimization will make the final program run faster, but the compilation time may be longer and debugging the code with debugging tools will be more difficult.
    • From the resulting program performance considerations, the second level of optimization-02 is considered to be a better choice.
Second, machine-level code 1, two kinds of abstract (1) ISA

ISA (instruction set architecture) instruction architecture: The format and behavior of a machine-level program that defines the state of the processor, the format of the instruction, and the effect of each instruction on the state.

(2) The memory address used by the machine-level program is the virtual address

The provided memory model appears to be a very large byte array, and the actual implementation is to combine multiple hardware storage with operating system software.

2. Assembly Code Features

It is expressed in a more readable text format.

3. Several processors with status visible
    • Program counter (PC, denoted by%eip)
    • Integer register (contains 8 named locations, storing 32-bit values)
    • Condition code Registers (implementing if and while statements)
    • Floating-point registers (storing floating-point numbers)

Machine code simply sees memory as a large, byte-addressable array. Assembly code also does not differentiate between signed or unsigned integers, different types of pointers, or even pointers and integers.

A machine instruction only performs a very basic operation

Iii. Get assembly Code (1) Gcc-s xxx.c-o xxx.s Get assembly code
eg:unix> gcc -01 -S code.c
(2) objdump-d xxx disassembly;
eg:unix> objdump -d code.o

Note: The 64-bit machine wants to get 32 code: Gcc-m32-s XXX.C

There is no objdump in MAC OS, there is a basic equivalent command otool

Ubuntu gcc-s code.c (without-o1) produces code closer to the code in the textbook (delete ".") The beginning of the statement)

Iv. viewing binary format files

Binary files can be viewed with the Od command, or by GDB's X command. Some of the output is too much, we can use the more or less command to view with a pipe, or you can use output redirection to view

        od code.o | more        od code.o > code.txt
V. Notes on the Format

With "." The lines that begin are commands that instruct the assembler and linker, and we can usually ignore them.

Gcc-s produced in the assembly can be put to "." The beginning statements are deleted and then read again.

VI. assembly formats for Linux and Windows

assembly code in ATT format

is the default format for GCC, objdump, and other tools we use.

Assembly code in Intel format

Includes programming tools such as Microsoft tools.

1, the C language Basic data type corresponds to the IA32 expression.

There are three variants of the data transfer command:

Movb (transfer bytes)

MOVW (transfer Word)

MOVL (double word transfer)

The suffix ' l ' is used to denote double word

Note: assembly code also uses the suffix ' l ' to represent 4-byte integers and 8-byte double-precision floating-point numbers.

Vii. Access to Information

A IA32 central processing unit (CPU) contains a set of 8 registers that store 32-bit values. These registers are used to store integer data and pointers.

ESI EDI can be used to manipulate arrays, esp EBP is used to manipulate stack frames.

1, operand indicator

operand: indicates the source data value to be referenced in the execution of an operation, and the target location of the drop result.

(1) of three types of operands
    • Immediate number
    • Register
    • Memory
(2) Many different ways of addressing

2. Data transfer Instructions

(1) MOV class instruction

definition: copies data from one location to another, copying the value of the source operand to the destination operand.

(2) Push&pop directive

Push: Press the data into the program stack

Pop: Popping data from the program stack


1. LIFO: The value that pops up is always the most recently pressed, still within the stack

2. Stack pointer to the top element of the stack

3. Stack down or low address direction growth

4. The address of the top element of the stack is the lowest of all the element addresses in the stack.

3. Data transfer Example (1) Pointer example
eg:int x = *xp;

read out the parameter XP, put in register%edx, then read X to%eax, implement the Operation X=*xp in C program, and then use register%eax to return a value x from this function.

Viii. Arithmetic and logic operations 1, Operation classification
    • Load a valid address
    • Unary operation

      There is only one operand, both the source and the destination. It can be a register, or a memory location.

    • Binary operation

      There are two operands, the second operand, the source, and the purpose.

    • Shift

      SAL Arithmetic left shift

      SHL Logical left Shift

      SAR Arithmetic right shift (fill sign bit)

      SHR Logic right Shift (complement 0)

The displacement is given first, then the number of digits to be shifted is given, and the arithmetic and logical right shift can be carried out.

2. Load a valid address

The load valid addresses (load effective address) Directive Leal is a variant of the MOVL directive.

Writes the valid address to the destination operand.

3. Special arithmetic operation

The instructions described support the generation of two 32-bit numbers with a full 64-bit product and integer division.

(1) multiplication

Product truncation: Produces a 32-bit product

Product does not truncate:

    • Unsigned number multiplication (mull)
    • Complement multiplication (imull)
(2) Division

Signed Division instruction: IDIVL

Use the 64-digit number in the register%edx,%eax as the dividend

Stores the quotient in register%eax, and the remainder is stored in the%edx.

Nine, control 1, condition code

Condition Code Registers: They describe the properties of the most recent arithmetic or logical operation.

Common condition Code:


Common directives:


2. Access Condition code

Common use methods:

(1) A byte is set to 0 or 1 according to a combination of the condition code

(2) can be conditional jump to some other part

(3) The data can be transmitted conditionally

(1) Set instruction

The combination of set and different condition codes achieves different jump conditions.

3. Jump instruction and its code

A jump instruction that causes execution to switch to a completely new location in the program.

Note: Jumps are divided into direct and indirect jumps

    • Direct jump: followed by marking as a jump target
    • Indirect Jump: * followed by an operand indicator

Ten, translation conditions branch

The most common way to translate conditional expressions and statements from C to machine languages is to combine conditional and unconditional jumps.

Using Goto is often considered a less-than-good style.

Xi. Cycle 1, Do-while cycle

In the assembly, the cyclic code is generated according to the Do-while form

General form of the Do-while statement:


Can be translated as follows:

loop:body-statementt = test-expr;if(t)    goto loop;

2. While loop

Common form of a while statement:

while (test-expr)body-statement

The method used by GCC is to use conditional branching, omitting the first execution of the loop body when needed:

if(!test-expr)    goto done;do    body-statement    while(test-expr);done:

Next, this code can be translated directly into the Goto code:

    t = test-expr;     if(!t)    goto done:loop:    body-statement    t = test-expr;    if(t)    goto loop;done:
3. For loop

Common form for A For loop:


Assembly structure:

    init-expr    t=test-expr;    if(!t)    goto done;loop:    body-statement    update-expr;    t=test-expr;    if(t)        goto loop;    done:
4. Switch statement

Depending on the number of branches of an integer index, the key step in executing the switch statement is to access the code location through a jump table, making the structure more efficient.

12. Process

Procedure Call

    • Allocate space for local variables of the process when entering

    • Passes data (in the form of procedure parameters and return values) and controls from one part of the code to another.

    • Frees these spaces when exiting.

1, stack frame structure
    • The IA32 program uses a program stack to support procedure calls.

    • The machine uses stacks to pass process parameters, store return information, save registers, and local storage.

2. Translation control (1) Call command
    • The target is the address of the instruction that indicates the start of the called process

    • The effect is to put the return address into the stack and jump to the beginning of the called procedure.

(2) RET instruction
    • POPs the address from the stack and jumps to that position.

    • function return value exists in%eax

3. Register Usage Conventions

Note: ensure that when a procedure invokes another procedure, the callee does not overwrite the value of a register that is later used by a caller.

13. Application: Using GDB Debugger

GDB command about stack frames:

2. Frame
n为栈中的层编号,是一个从0开始的整数比如:frame 0,表示栈顶,frame 1,表示栈的第二层。该指令是移动到n指定的栈帧中去,并打印选中的栈的信息。如果没有n,则打印当前帧的信息。
3, up
4, down

20135308-Information Security system design basics Fifth Week study summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.