How the computer Works (based on X86/linux)

Indicate

Li Zhenye
Original works reproduced please indicate the source
"Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000

first, the experimental process

First create a C language file

VI main.c

Then write a C language code

int g (int x) {return x + 32;} int f (int x) {return g (x);} int main (void) {return F (6) + 1;}

End Save and exit

Shift+:wq

Compile the above code into 32-bit assembly code using GCC functions

Gcc-s-O main.s main.c-m32

This compiles the main.c into a main.s file, such as

650) this.width=650; "Src=" "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/61/wKioL1T8bGXhV4yNAALbAD1rkH4865.jpg "style=" float: none; "title=" 1.png "alt=" Wkiol1t8bgxhv4ynaalbad1rkh4865.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/65/wKiom1T8a02xRbwmAAMPqOE8IKA086.jpg "style=" float: none; "title=" 2.png "alt=" Wkiom1t8a02xrbwmaampqoe8ika086.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/61/wKioL1T8bGjBKXTBAAELmoQDDHA016.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1t8bgjbkxtbaaelmoqddha016.jpg "/>

650) this.width=650; "Src=" "/>

650) this.width=650; "Src=" "/>

The BWLQ represents 8-, 16-, 32-, and 64-bit, and here the instruction is the end of L, stating that the content of the file is indeed a 32-bit assembly code.
Delete all content that begins with a point, leaving the pure assembly code.

650) this.width=650, "src=" "/>650) this.width=650; src=" http://s3.51cto.com/wyfs02/M01/5A/65/ Wkiom1t8a3dcwbdkaahhnvezhg4508.jpg "title=" 5.png "alt=" Wkiom1t8a3dcwbdkaahhnvezhg4508.jpg "/>

II. Compilation Analysis

Before analysis, the following knowledge is understood:
1. eip:instruction Pointer is a piece of area that points to memory as a pointer, and E begins with a 32-bit system
2. stacks are very basic things in a computer.
3. The CPU accurately locates an instruction according to CS:EIP when actually fetching the instruction.
4. Register mode, register identifier beginning with%
5. The immediate number is the register identifier beginning with $
6. Direct addressing: Data that accesses a specified memory address directly
7. Indirect Addressing: accesses memory as a memory address for the value of the Register
8. variable addressing: Changing the value of a register when indirectly addressing
9. The Linux kernel uses the/T assembly format
10. EIP registers cannot be directly modified and can only be modified indirectly by special instructions
11. The function call stack is superimposed on a logically multiple stack.
12. The return value of the function is returned to the upper-level function by default using the EAX register store

Pre-execution stack, both ESP and EBP are 0

One

Two

Three

Four

Five

Six

Seven

From the number of lines in the Code analysis:

18-19: (main starts) into the stack one = Ebp0,esp down 0→1,ebp down 0→1

20:esp Move Down 1→2

21: two = 6

22: three = EIP, esp Move down 2→3,eip jump to f (line 8th)

9-10: Into the stack four = Ebp1,esp Move Down 3→4,EBP 1→4

11:esp Move Down 4→5

12: Variable addressing, EAX = 6

13: five = 6

14: Six =EIP, esp Move down 5→6,eip jump to G (line 1th)

2-3: Into the stack of seven =ebp4,esp down 6→7,ebp Move Down 4→7

4: Variable addressing, eax=6

5:eax=eax+32=38

6: Out of the stack ebp up 7→4,esp move Up 7→6

7:esp Move Up 6→5,EIP (15)

15: Perform Leave,esp up 5→4,ebp move up 4→1,esp and move up 4→3

16:esp Move Up 3→2,eip (23)

23:eax=eax+1=39

24: Perform leave,esp up 2→1,ebp move up 1→0,esp and move up 1→0

25:ret, End

It can be seen that the stack is executed as follows, and finally passed from the stack to the stack, the value of EAX is 39

one = Ebp0

two = 6

three = EIP (23)

four = EBP1

Five = 6

six = EIP (15)

Seven = Ebp4

Iii. Summary

I've never learned the principles of assembly and operating system. The Linux kernel analysis is really difficult, but it is good to stick to and finish homework and test.
I hope we can continue to deepen our understanding.

How the computer Works (based on X86/linux)