A summary of the first week of the Linux kernel analysis course

Name: He Weizin

Study No.: 20135223

(* Original works reproduced please specify the source *)

(Learning course: Linux kernel Analysis MOOC course http://mooc.study.163.com/course/USTC-1000029000)

Learning content: By compiling a simple C program, analyze the assembly code to understand how the computer worksPart I: Summary of video teaching notes

One, the storage program computer

Von Neumann architecture concept: The architecture with a stored program computer, most of the devices that have compute and storage capabilities (phones, tablets, computers, etc.) whose core structure is the von Neumann architecture

Von Neumann architecture Work model:

(a) From a hardware point of view

CPU and memory through the bus connection, the CPU on the IP (16-bit CPU called IP, 32-bit CPU called EIP, 64-bit CPU called RAP) always point to a piece of memory area; IP points to the code snippet CS;CPU always executes an IP-directed instruction, and then executes the next instruction after executing this instruction. Memory holds instructions and data, CPU executes these instructions

(b) From the software point of view

API: interface between programmer and computer

ABI: Program and CPU binary interface, instruction encoding, mainly assembly instructions, need to be familiar with the instructions involved in the register layout, most instructions can access memory.

The EIP in X86 automatically adds an instruction after the CPU executes an instruction, the instruction length is different, and can be modified by other instructions such as CALL,RET,JMP and conditional JMP.

Ii. the basis of x86 compilation

Stack segment Register: EBP (stack base register) and ESP (stack top pointer register) These two registers are more commonly used to assemble the program

Code Snippet Register: The CPU actually takes the instruction by Cs:eip to describe

64-bit CPUs and 32-bit machines with a small difference in the core mechanism, the registers are denoted by R, such as Rax, RBX

The suffix b,w,l,q represents the 8,16,32,64 bit, and the immediate number is the hexadecimal value starting with $

Common Assembly directives

Register addressing MOVL%eax,%edx-----edx=eax

Immediate number addressing MOVL $0x123,%eax-----%eax=0x123

Direct addressing MOVL 0x123,%eax-----edx=* (int32_t*) 0x123;

Addressing MOVL 4 (%EBX),%edx---edx = * (INET_32 *) (EBX+4), (the value of EBX is added after 4 as an address and the data it points to is assigned to%edx

Most directives have direct access to memory addresses)

A&T assembly format is slightly different from Intel assembler

The Linux kernel uses the A&T assembly format

Important Assembly instructions (the function call stack is the key to understanding C code execution on the CPU)

Push%eax equivalent to Subl $4,%esp;

Movl%eax, (%ESP)

Pop%eax equivalent to MOVL (%ESP),%eax;

Addl $4,%esp

Call 0x12345 is equivalent to push%EIP (*);

MOVL $0X12345,%EIP (*)

RET equivalent to POPL%EIP (*)

Enter equals Push%EBP

MOVL%ESP,%EBP

leave equivalent to MOVL%EBP, %esp;

Pop%EBP

(Supplementary note: RET is to take the saved Eip from the stack, execute from the next instruction of the function call, the enter instruction is equivalent to build a new empty stack on the original stack; the leave instruction is equivalent to revoking the function call stack; the function call stack is superimposed on a logically multiple stack. The return value of the function is stored by default in%eax and then returned to the upper function)

Part II: Experiments and Operations

(Note: The following experiments in my Computer 64-bit virtual machine completed, non-experimental building)

(1) Create the Code folder, use VI to write the source code in the Linux environment, and run the source code if there is an error

Source:

(2) gcc –S –o main.s main.c -m32  compiling the assembly code with the command

(3) will be "." The line at the beginning is deleted and a clean assembly code is obtained

Analyze assembly Code

(1) The code first executes from the main function, first creating an empty stack

(2) PUSHL%EBP equivalent to Movl%ebp, (%ESP); Addl $4,%esp

That is, place%EBP at the address pointed to by%ESP,%esp Move down four-bit bytes (move one cell)

(3) Movl%esp,%ebp the stack top pointer%esp to the address assigned to%EBP

(4) Subl $4,%esp move%esp down four-bit byte (move one cell)

(5) Movl $, (%ESP) will immediately number 15 on the address%esp points to

(6) Call F调用f函数执行,将call f 后面的那条语句addl $5, %eax(这里用eip 23)压栈，此时eip指向f函数，程序执行f函数，建立f函数堆栈结构

(7) PUSHL%EBP equivalent to Movl%ebp, (%ESP); Addl $4,%esp

That is, place%EBP at the address pointed to by%ESP,%esp Move down four-bit bytes (move one cell)

(8) Movl%esp,%ebp the stack top pointer%esp to the address assigned to%EBP

(9) Subl $4,%esp move%esp down four-bit byte (move one cell)

(MOVL) 8 (%EBP),%eax

movl%eax, (%ESP) assign the stored value of the%EBP address plus the 8-byte address to the%eax, and then place the value of%eax (immediate number 15) in the%ESP specified location

(one) call G 调用g函数执行,将call g 后面的那条指令 leave (used eip 15表示）压栈,此时eip指向g函数，程序执行g函数，建立g函数栈结构 here

(PUSHL%ebp) The%EBP pressure stack is equivalent to MOVL%EBP, (%ESP); Addl $4,%esp

That is, place%EBP at the address pointed to by%ESP,%esp Move down four-bit bytes (move one cell)

MOVL%esp,%EBP assigns the address of the top pointer%esp to%EBP

MOVL 8 (%EBP),%EAX, assigns the stored value of the%EBP address plus the 8-byte address to%eax (at this point eax=15),%esp

Addl $10,%eax, add the value of%eax to 10, that is, at this time eax=15+10=25,%esp unchanged

(+) popl%EBP, will%EBP3 Stack,%ESP 4 equivalent to MOVL (%ESP),%EBP; Addl $4,%esp

(+) ret equivalent to POPL%EIP (*) equivalent to MOVL (%ESP),%eip;addl $4,%esp

leave undo function Stack for f function movl%ebp,%esp;p op%ebp the EBP points to the address assigned to ESP, EBP points to the stack of EBP 2,esp plus 4, and indents up a stack unit

(+) ret equivalent to POPL%eip (*)

Addl $5,%eax, eax plus 5 (at this time eax=25+5=30)

(+) The leave operation of the main function , equivalent to MOVL%ebp,%esp;p op%ebp

Final result return value%eax=30

Part III: Learning Summary

(a) Stack structure:

1. The stack growth direction is the direction of decreasing address.

2. Function call when the stack order of the parameters is reversed, the last parameter to press the stack, the first parameter of the last stack, that is, the stack follows the "advanced out" principle.

3. After entering the function, the original stack structure will be re-adjusted, first the EBP stack, and then point EBP to the current ESP, that is, change the stack-bottom pointer, and also change the value of the top pointer of the ESP stack, as if the new stack structure is newly opened, and then on the new stack to implement the function code Finally, the original stack structure is restored.

4. The call instruction will automatically stack the return address (EIP) and the RET instruction will automatically stack the return address (EIP).

5.eax for storing return values

(ii) Learning and understanding:

according to the principle of the von Neumann storage program, the computer executes the program must first be executed by the relevant program and data into the internal memory, in the execution of the program, the CPU based on the contents of the current program pointer register to take out instructions and execute instructions, and then by the address to send the results into memory. The next instruction is then taken and executed, so the loop continues until the program ends the instruction. The process of its work is to constantly take instructions and execute the instructions, and finally put the results of the calculation into the memory address specified in the instruction, this is the basic principle of computational work. While this may seem like a "clumsy" computer, this clumsy approach is needed for most complex programs.

A summary of the first week of the Linux kernel analysis course