Information Security System Design Foundation Fourth Week study summary

Chapter III, the machine-level representation of the program

The computer executes the machine code. In this chapter, we will look at the machine code and the human readable representation-assembly code, in close proximity.

The Intel processor family is commonly known as x86. 8086, 80286, i386, i486, Pentium, Pentiumpro, Pentiumⅱ, Pentiumⅲ, Pentium4, pentium4e, Core2, Core i7.

Moore's Law: The number of transistors doubles every 26 months.

Linux uses a flat addressing approach, allowing programmers to consider the entire storage space as a large byte array.

3.2 Program code

3.21 Machine and code

Two abstractions: ① the format and behavior of a machine-level program, defined as the instruction set architecture (ISA), which defines the processor state, the instruction format, and the effect of each instruction on the state.

The memory address used by the ② machine-level program is a virtual address, and the provided memory model looks like a very large byte array.

3.22 Code Examples

Assuming that you write a C language code file code.c, using the "-S" option on the command line, you can get the assembler code generated by the C compiler, which will cause GCC to run the compiler, producing a compilation file code.s, but no further work.

3.3 Data formats

Char byte B 1

Short Word w 2

int double word L 4

Long int double word L 4

Long Long int--4

char * Double word l 4

Float Single Precision s 4

Double Dual precision L 8

Long double extended precision T 10/12

3.4 Access Information

A IA32 CPU unit consists of a set of 8 registers that store 32 bits. These registers are used to store integer data and pointers.

3.41 operand designator

Most directives have one or more operands that indicate the value of the source data to be referenced in an operation, as well as the target location of the placement result.

Three types: ① immediate count, which is the constant value.

A ② register that represents the contents of a register.

③ memory Reference, which accesses the location of a memory based on a valid address

There are many different addressing modes

Four components of this reference: ① immediate number offset IMM

② Base Register EB

③ Variable address register EI

④ scale factor S (s must be 1, 2, 4, 8)

3.42 Data Transfer Instructions

MOV, MOVS, Movz

MOV

MOV Reg/mem, IMM; immediately count registers or memory
MOV reg/mem/seg, reg, register value? Register/memory/segment Register
MOV reg/seg, mem; The value of the memory unit? Register/Segment Register
MOV Reg/mem, seg; The value of the segment register? Register/Memory Unit
IA32 limit: None of the two operands can point to the memory.

Movz in the PUSHL will double word pressure stack and popl will be double word out of the stack.

A stack is a data structure that allows you to add or delete values, and you need to follow the "last in first out" rule. By manipulating the data into the stack, the data is deleted by the pop operation.

Always insert or delete elements from one end, which is called the top of the stack.

* Press a double-character value into the stack, first reduce the stack pointer by 4, and then write the value to the new stack top address.

3.6 Control

3.61 Piece Code

CF: Carry Flag

ZF: 0 Logo

SF: Symbol Sign

Of: Overflow flag

Data transfer Instructions
MOV does not affect the flag bit
PUSH POP does not affect flag bit
XCHG Exchange instruction does not affect flag bit
XLAT Code change instruction does not affect flag bit
LEA valid address send register instruction does not affect flag bit
PUSHF flag-in-stack instruction does not affect flag bit
Popf flag out stack instruction flag bit determined by Mount value

3.62 Access Criteria Code

Setl: set when less than

SETB: Set below

MOVZBL: Three high byte of clear 0%eax

3.7 Procedure 1. Stack frame

The portion of the stack allocated for a single process is called a stack frame, and the general structure is shown on page 149

So the stack frame is essentially a stack .

2. Two pointers

The topmost stack frame is defined with two pointers:

Register%ebp-frame pointer register%esp-stack pointer

The stack pointer is movable, so the information accesses the multi-phase for the frame pointer.

3. The process of the call

Textbook 150 page procedure p calls the example of the procedure Q.

The caller's frame should be below the callee, and the caller's return address is the end of its stack frame, which ensures that the caller executes the stack and the program continues to execute down.

A few uses for the callee Q stack:

1. Save local variables that cannot be stored in the register.

When you want to use the address operator & for a local variable, you have to generate an address for it, so you want to go into the stack. This usage! Never seen it before!

2. Hold the parameters of other procedures it calls.

Q uses a stack frame to hold the parameters of other processes it invokes. The first parameter is placed relative to the position where the%EBP offset is 8. The remaining parameters are stored in the subsequent 4-byte block, so the parameter i is at the offset of 4+4i relative to the%EBP. The call command has a target, which indicates the address of the instruction at the beginning of the called process. The call command effect (which can be directly or indirectly) is to put the return address into the stack and jump to the beginning of the called procedure. The RET command pops the address from the stack and jumps to that position. Correct use of this command, to prepare the stack, the stack pointer to the previous call command store the location of the return address. Register%eax can be used to return a value. Program registers are the only resources that can be shared by all processes. According to convention, register%eax,%edx, and%ECX are divided into caller-save registers, register%edx,%esi, and%edi are divided into callee-saved registers. GCC adheres to a X86 programming guideline, which means that all stack space used by a function must be an integer multiple of 16 characters. This principle is used to ensure strict alignment of access data. , the stack rule provides a mechanism in which each function call has its own private state information (the saved return location, the stack pointer, and the value of the callee's saved register) are stored.  You can also provide storage of local variables if necessary. Reference---Shang, Wanzihui

Information Security System Design Foundation Fourth Week study summary