Information Security System Design Foundation Fourth Week study summary

Source: Internet
Author: User

    1. X86 addressing mode through three generations:
      1 The flat mode of the DOS era, not distinguishing between user space and kernel space, very insecure
      2-8086 segmented mode
      3 IA32 Flat mode with protected mode

    1. Definition of ISA

ISA is the instruction set architecture, which defines the processor state, the format of the instruction, and the effect of each instruction on the state.

PC Register:

That is, the program counter. Indicates the address in memory where the next instruction will be executed.

    1. The P107 code is code.c:

intaccum = 0;

intsum (int x,int y)

{

Int t = x + y;

Accum +=t;

Return T;

}

Use the "-S" option on the command line to get the assembler code generated by the C language compiler. In a Linux system, a program obgdump with a "-d" command-line flag can act as a disassembler role. Gcc-s xxx.c-o xxx.s Get assembly code, you can also use objdump-d XXX disassembly to view the contents of the target code file; Note that the first two and the last two assembly codes, all functions have the function call stack frame.
Note: The 64-bit machine wants to get 32 code: Gcc-m32-s XXX.C
There is no objdump in MAC OS, there is a basic equivalent command otool
Ubuntu gcc-s code.c (without-o1) produces code closer to the code in the textbook (delete ".") The beginning of the statement)


4. P108 binary files can be viewed with the Od command, or by GDB's X command.
Some of the output is too much, we can use the more or less command to view with a pipe, or you can use output redirection to view
OD CODE.O | More
OD code.o > Code.txt


There are such functions in 5.MAIN.C:

Int Main ()

{

Return sum (1,3);

}

Use unix> gcc-01–o prog code.o main.c to generate the executable prog, and then disassemble it:

Unix>objdump–d prog, the disassembly results are almost identical to the code produced by the code.c disassembly. The difference is that the left address is different, and there are accum addresses.

The last four bytes of the disassembly are reversed, for 0x804a018

With "." The beginning of the can be ignored.


6.p110: Learn about the compilation format differences between Linux and Windows: 4 differences in ATT format and Intel format.


7.p111: assembly code suffix for different data in tables

See P111 form

8.P112: A CPU contains a set of 8 registers that store 32-bit values that are used to store integer data and pointers. ESI EDI can be used to manipulate arrays, esp EBP is used to manipulate stack frames.

%esp and%EBP hold pointers to important positions in the program stack.
For registers, especially eax,ebx,ecx,edx in the general register, to understand that the ah,al of the ax,8 bits of the 32-bit eax,16 bits are independent, we illustrate by the following example:
Assuming that the current is a 32-bit x86 machine, the value of the EAX register is 0x8226, after the addw$0x8266 is executed, what is the%ax value after the eax instruction?
Parsing: 0x8226+0x826=0x1044c, Ax is a 16-bit register, overflow, 1 of the highest bit will be discarded, the remaining 0x44c, do not think EAX is 32 bits will not occur overflow.

9.p113 table

Operand: Indicates the source data value to be referenced in the execution of an operation, and the target location of the drop result.

Three types of operands: immediate count, register, memory

The results are stored in two possible ways: in registers, in memory

Effective address calculation imm (eb,ei,s) = Imm + R[eb] + r[ei]*s

The 10.p114:mov class consists of three instructions, namely MOVB,MOVW,MOVL. MOV is equivalent to the C language assignment "=".

Note the direction in the ATT format, and note that you cannot transfer from the memory address directly to the other memory address, with a register. The first of the MOV instructions is the source operand, and the second is the destination operand.

Both the MOVS and MOVS instruction classes replicate a smaller source data to a larger data location, populated with a sign bit extension (MOVS) or 0 extension (MOVZ).

Stack: The stack is a data structure that can add or remove values, but follow the "advanced out" principle.

Push the data into the stack and delete the data through the pop operation.

11. Stack frame and push pop.

Note that the address of the top element of the stack is the lowest of all the element addresses in the stack.

Examples of some pointers in 12.C languages

Int x = *XP;

*xp = y;

The pointer is the address, and the indirect reference pointer is to place the pointer in a register, and then use that register in the memory reference.

Local variables such as x are usually stored in registers. Register access is more than the memory access block

13.p119: Understand the arithmetic and logic operations in conjunction with the table, and notice what type of the purpose operand is.
Pay special attention to the subtraction who subtracted who.
Note that the shift operation can be either an immediate number or a number in the%CL
P123: The C language to understand the control section, that is, the branch (If/switch), the Loop statement (while, for) how to implement. Test everyone extrapolate learning ability. The core of the control is the jump statement: Conditional jump p128 (Implementation if,switch,while,for), unconditional jump to jmp (to achieve goto)
P124: Conditional jump condition See status register (textbook is called Conditional Code register)
Note Leal does not change the condition code register
Think about: Where CMP and sub are used
The p125:set instruction sets the condition code based on the results of the T=a-b
p127: Jump and label
Assembly structure of the P130/p131:if-else
P132/p133:do-while
P134/p135:while
P137/p138:for
P144/p145:switch
The P149:IA32 implements the procedure call through the stack. Master the stack frame structure and pay attention to the stacking order of function parameters.
P150/p151:call/ret; function return value exists in%eax
P174:bt/frame/up/down: gdb command on stack frames

Information Security System Design Foundation Fourth Week study summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.