How computers work---Linux kernel learning notes (i)

---restore content starts---

Content one: Experimental report related instructions.

Real name Chering Help

Original works reproduced please indicate the source

Lessons learned: Linux kernel Analysis MOOC course

Links:http://mooc.study.163.com/course/USTC-1000029000

Virtual Lab Experiment

Content two: Analysis of stack changes during the working process of assembler code

The analysis is divided into two parts: (The label of the stack address is not aligned, please understand)

The first part is the stack transform diagram.

The second part is the description of the transformation diagram.

The first part of the diagram

The second part explains

One:

The program starts with the main function, assuming that ESP,EBP two pointers point to position 0, indicating that the stack is empty. (1)

Two:

Execute Statement 18,19

PUSHL%EBP

MOVL%ESP,%EBP

The change of EBP,ESP (2) is shown, pointing to position 1. Position 0 To position 1 has a space of 4 bytes, which is used to store the contents before the EBP register.

Three:

Execute statement 20,21

Subl $4,%esp//esp value minus 4 is equivalent to ESP pointing to position 2

MOVL, (%ESP)

(3) shown, the EBP,ESP points to position 1 and position 2 respectively. The value of the register EAX is 90.

Four:

Execute statement, call F statement is equivalent to

PUSHL%EIP//At this time the EIP for the next instruction (23rd instruction) with an EIP (23) indicated

Address of the MOVL function F,%eip

(4) shown, the EBP,ESP points to position 1 and position 3 respectively. Eip points to line 9th instructions

Five:

Execute statement 9,10, 11,12,13

PUSHL%EBP

MOVL%esp,%EBP

Subl $4,%esp

MOVL 8 (%EBP),%eax

Movl%eax, (%ESP)

(5) shown, the Ebp,esp points to position 4 and position 5 respectively. The value of%eax is * (8+ EBP), which equals 90. Shown in the Red box.

Five:

Execute Statement 14,2,3,4,5

Call G

PUSHL%EBP

MOVL%esp,%EBP

MOVL 8 (%EBP),%eax

(6) as shown, the EBP,ESP all point to position 7.

The value of%eax is 1014+90 = 1104 This value can be saved.

Six:

Execute statement 6 popl%EBP, (7), respectively, point to position 4 and position 6

Seven:

Execute Statement 7 RET is equivalent to POPL%EIP, the next instruction executed by the program is statement 15. (8), pointing to position 4 and position 5, respectively.

Eight:

Executes the statement, the leave statement is equivalent to

MOVL%ebp,%esp

POPL%EBP

Equivalent to the stack used by the Undo function f

(9) as shown,

Perform MOVL%ebp,%esp ebp,esp all point to position 4.

The execution popl%ebp ebp,esp points to position 1 and position 3 respectively.

Nine:

Execute Statement-RET

(10) shown, the EBP,ESP points to position 1 and position 2 respectively. The next instruction executed by the program is statement 23.

Ten:

Execute statement 23,24

Addl,%eax

Leave

(11) Shown, the Ebp,esp are executed 0. The stack is empty at this time. The running results of the program are saved in the EAX register. Its value is eax+90 = 1104 + 90=1194

Content Three: summary

1: The next instruction read by the computer is always stored in an EIP.

2: The program is executed from the main function.

3: When the program calls a new function, it is implemented by the call command. The call command does two things, and the first thing is to put the next instruction that the program executes (that is, the value of the EIP) into the stack. The second thing is to modify the value of the EIP to the address of the function. To begin executing the called function.

4: When calling the called function, always want to create a new stack in the stack area for the function to use. When the function finishes executing, it is destroyed. So the temporary variables in the function don't work.

How computers work---Linux kernel learning notes (i)