"Software Security" assembly language Hyper-Enrichment Tutorial & buffer overflow Attack--1

For starters, many of the commands in the compendium are too complex, often for long periods of time, to write a beautiful program that hinders our interest in learning a compilation, and many people give up. My personal view is to learn the assembly, not necessarily write the program, write the program is really not the strength of the Assembly, we might as well play debug, sometimes crack out a little software than to complete a program more sense of accomplishment


"Oh, man, what about the assembly?" That thing useless, brother with VB "fishing" an API is enough for you to work a 10 days and a half months, not necessarily out. "The word of this gentleman is not empty, then we have no need to research him?" (Nonsense, of course!) Why don't you write this article? Don't worry, don't worry, let me take this to the reason slowly: first, all the computer language written out of the program run in memory are machine code storage, machine code can be more accurately translated into assembly language, this is because the assembly language compatibility is the best, so almost all tracking, debugging tools (including win95/ 98) are assembled to show you, if you are interested in crack ... Second, the Assembly directly with the hardware to deal with, if you want to straightened out program in the computer in the context of the implementation, that is, to find out what each component of the computer is doing, exactly how to do? A real hardware enthusiast, do not understand these can not. Three, now play Dos more is "master", such as I mixed (I am not a master) "master" inside, can not only from the "master" friend there set some hacker-level "confidential", but also can boast of "master" to enjoy the strong sense of vanity--#$%& "wake up!"

For starters, many of the commands in the compendium are too complex, often learning for a long time and unable to write a beautiful program that hinders our interest in learning the compendium, and many of them give up. So my personal view of the compilation, not necessarily write procedures, writing procedures is really not the strength of the Assembly, we might as well play debug, sometimes crack out a little software than the completion of a program more sense of accomplishment (like learning computer first play game). Some of the advanced instructions are actually useful only to experienced assembler programmers, which is far too advanced for us. In order to get a good start in language learning, you must first rule out the ornate and complex commands and focus on the most important commands (CMP LOOP MOV jnz ...). ）。 But want to in the bar in the textbook to complete the above objectives, not easy, so I sorted out this ultra-condensed (with WinZip, WINRAR ... Oppression in turn, hey! Tutorial The audacity of said, look through this article, you can "inadvertently" in the predecessor or the epigenetic show off debug, a sense of accomplishment, try! So, what about this next? ――here We go! (It does not matter when reading, there must be decomposition below)

Because the assembly is talking to the hardware through CPU and memory, we have to look at the CPU and memory first: (no mention of the number of binary issues here)

CPU is able to perform all arithmetic on the computer/Logical operation and Basic I/O control function of a piece of chip. An assembly language can only be used for a specific CPU. In other words, the different CPU's assembly language instruction syntax is also not the same. PC from 1981 to date, its CPU development process is: 8086→80286→80386→80486→pentium→ ..., as well as AMD, Cyrix and other offshoot. The latter is compatible with the functions of the front CPU, with only a few more instructions (such as a multi-Pentium MMX instruction set), an increased register (such as 386 of the 32-bit eax), and more registers (such as 486 FS). To ensure that the assembler can be applied to various models, it is recommended to use 8086 assembly language, which is the best compatibility. All of the 8086 assembly languages are mentioned in this paper. Registers are components inside the CPU, so data transfer between registers is very fast. Use: 1. You can perform arithmetic and logic operations on the data in the register. 2. The address stored in the register can be used to point to a location in memory, i.e. addressing. 3. Peripheral devices that can be used to read and write data to the computer. 8086 there are 8 8-bit data registers, these 8-bit registers can be composed of 16-bit registers: Ah&al=ax: Cumulative register, commonly used in operations; BH&BL=BX: base register, commonly used for address index; CH&CL=CX: Count register, commonly used for counting ; DH&DL=DX: Data registers, commonly used for data transfer. In order to use all memory space, 8086 set four segment register, dedicated to save segment address: CS (code Segment): Block Register, DS (Data Segment): segment register; SS (Stack Segment): Stack segment Register ; es (Extra Segment): Additional segment registers. When a program executes, it is necessary to decide where the program code, data, and stack are to be used in memory, and to point to these starting positions by setting the segment register CS,DS,SS. The DS is usually fixed, and CS is modified as needed. Therefore, the program can be written to any size in the case that the addressable space is less than 64K. Therefore, the size of the program and its data is limited to 64K within the meaning of the DS, which is why the COM file must not be larger than 64K. 8086 Save as a battlefield, register as a military base, to speed up work. In addition to the registers mentioned earlier, there are some special functions of the Register: IP (intruction Pointer): instruction pointer register, with the use of CS, to track the execution of the program; SP (Stack Pointer): stack pointer, used in conjunction with SS, Can point to the current stack position. BP (base Pointer): Base point pointer Register, which can be used as a relative base address of the SS; SI (SourCE index): The source-address register can be used to hold the source-variable-address pointer relative to the DS segment; DI (Destination index): The destination variable address register, which can be used to store the target variable-address pointer relative to the ES segment. There is also a sign register fr (flag register) with nine meaningful signs that will be described in detail below.

Memory is a key part of a computer's operation and a place where computers store information at work. The memory organization has many storage locations that can hold values, called "addresses." 8086 address Bus has 20 bits, so the CPU has up to 1M of addressing space, which is the effective control range of DOS, and 8086 can do the operation is limited to processing 16 bits of data, that is, only 0 to 64K, so, you must use segmented addressing to control the entire memory address. The full 20-bit address can be divided into two parts: 1. Segment Base (Segment): 16-bit binary number followed by four binary 0, that is, a 16 binary 0, into a 20-bit binary number, can be set to 1M any 64K segment, usually remember to do 16-bit binary; 2. Offsets (offset) : Directly uses a 16-bit binary number to point to any address in the segment base. such as: 2222 (segment Base): 3333 (offset), its actual 20-bit address value is: 25553. In addition to the above nutrition to fully absorb, you also need to know what DOS, BIOS function calls, simply speaking, the function call similar to the WIN95 API, equivalent to the sub-program. Assembly Writing Program is enough, if not MS, IBM's sub-program, this day is really impossible (about the function call see "Computer enthusiasts" 98 11).

There are two main ways to write assembly language: 1. Use compilers such as MASM or TASM; 2. Use the debug.com with the debugger. Debug is not really a compiler, its main purpose is to remove the wrong, that is, fix the assembler error. However, it can also be used to write short assembler programs, especially for beginners, DEBUG is the best tool for getting started. Because the debug operation is easy: just type the debug carriage return, a enter to assemble, the process is simple, while using the compiler, you must use the text editor, the compiler itself, link and exe2bin programs, each of which must use a series of very complex commands to work, And with the compiler to process the source program, you must include many directive statements unrelated to the instruction statement, for the compiler to recognize, using DEBUG can avoid the first encounter many difficult to understand the program line. In addition to being able to assemble programs, debug can be used to check and modify memory locations, load storage and execution programs, and check and modify registers, in other words, Debug is designed to let us touch the hardware. (8086 common instruction usage will be explained in each assembler, confined to space, and impossible to list all directives).

Debug a command can compile a simple COM file, so the debug program must be written by the address 100h (COM file requirements) at the beginning of the legal. Follow Me,setp by SETP (step back):

Input A100; start assembly from Ds:100
2. Enter MOV dl,1; load the value 01h into the DL register
3. Enter MOV ah,2; load the value 02h into the DL register
4. Enter INT 21; Call DOS 21st interrupt 2nd to display the characters loaded in the DL individually
5. Enter INT 20; Call DOS 20th interrupt, terminate the program, turn control back to DEBUG
6. Press the Enter key
7. The assembly language program has now been put into memory, enter G (run)
8. Result: outputs a symbol.
ㄖ← output is actually not it, because WORD97 can not show the original result, so find a fake will.
Program terminated normally

We can use the U command to disassemble the Hex machine code (unassemble) into assembly instructions. You will find that the assembly instructions on the right side of each line are compiled into the corresponding machine code, and 8086 is actually the machine code to execute the program.
1. Enter u100,106
1fed:0100 B201 MOV dl,01
1fed:0102 B402 MOV ah,02
1fed:0104 CD21 INT 21
1fed:0106 CD20 INT 20
Debug can use the R command to view and change the contents of the register. The CS:IP register, which saves the address of the execution instruction.
1. Enter r
ax=0000 bx=0000 cx=0000 dx=0000 sp=ffee bp=0000 si=0000 di=0000
ds=1fed es=1fed ss=1fed cs=1fed ip=0100 NV up EI PL NZ NA PO NC
1fed:0100 B201 MOV dl,01

When the program is executed by ds:100, the debug automatically sets the IP content back to 100 when the program is terminated. When you want to make this program a standalone executable, you can use the n command to name the program. However, you must be a COM file, or you cannot load it with Debug.
Enter n smile.com; we have to tell the debug program length: The program starts from 100 to 106, so it takes 7
bytes We use BX to store a high portion of the length value, while the low portion is stored in CX.
2. Enter RBX; View BX register content, this program only 7 bytes, so this step can be omitted
3. Enter RCX; View the contents of the CX register
4. Enter 7, the number of bytes in the program
5. Enter W; write the program to the (write) disk with the W command

With this practice, we can really touch the 8086 assembly instructions. When we write assembly language programs, usually do not directly put the machine into memory, but instead into a series of mnemonic symbols (mnemonic Symbols), these symbols than the hexadecimal machine code easier to remember, this is called assembly instructions. Mnemonic symbol that tells the CPU what to do. In other words, the assembly language of the mnemonic symbol is designed for human, while the machine languages are designed for PC.

Now, let's dissect a program that can display all ASCII code.
1. Enter DEBUG
2. Enter A100
3. Input MOV cx,0100; load cycle times
MOV dl,00; Loads the first ASCII code, and then each time the new code is loaded into a loop
MOV ah,02
INT 21
Inc DL, Inc: Increment instruction to add a value of 1 to the data register DL each time
Loop 0105; loop: loop instruction, loop,cx value minus 1 per execution, and jump
To the starting address of the Loop 105, until CX is 0, the loop stops
INT 20
4. Enter G to display all ASCII codes
　
When we want to display arbitrary strings, such as: Understand? , you can use the DOS21H number to interrupt the 9H function. Enter the downstream program, save and execute to see:
1. Enter A100
MOV dx,109; ds:dx = Start Address of string
MOV ah,9; 09h function Call of DOS
INT 21; string output
INT 20
DB ' understand? $ '; Define string

In assembly language, there are two different directives: 1. Formal instruction: such as MOV, is a CPU instruction, used to tell the CPU what to do when the program executes, so it will be stored in memory in the form of Arithmetic code (OP-CODE). 2. Pseudo-directives: such as DB, are instructions for compilers such as debug, to tell the compiler what to do at compile time. The DB (Define Byte) instruction is used to tell debug to put all ASCII in the single quotation mark into memory. Strings that use 9H functionality must end with $. Use the D command to view the DB pseudo-directives to put those contents into memory.
6. Enter D100
1975:0100 BA B4 CD CD-20 6E 64 65 72 73 74 ..... Underst
1975:0110 6E 8B F8 89-45, 8B, and$. F.. E.. F4.d.
1975:0120 C0 5E 5F C9-C3 C8 04 00 00 57 56. E.3.^_ ..... WV
1975:0130 6B F8 0E bayi C7 fe 8b-df 8B C2 E8 fe 0B C0 k ... S ..... 2 ...
1975:0140-C0-8b-45 0C E8 D4 8B F0 ..... E.......
1975:0150 0B D0 (8B 45-08) C6 8B-FE 5E 5F v...t. E.... V.^_
1975:0160 C9 C3 C8 6B d8-0e bayi C3 fe 5E fe ....... K. s.^.
1975:0170 8B C2 E8 FB FD 0B C0 75-09 8B 5E FE 8B ~ 0C E8 ..... ^.. G..

Now, let's dissect another program: Enter any string from the keyboard and display it. DB 20 instructs Debug to reserve 20h of unused memory space for buffer use.
Input A100
MOV dx,0116; ds:dx = buffer address, determined by DB pseudo-instruction buffer address
MOV ah,0a; 0Ah function call
INT 21; keyboard Input Buffer
MOV dl,0a; Since the function ah at the end of each string plus a return code (0Dh by the Enter
MOV ah,02), so that the cursor automatically returns to the front of the input line, in order to make the new output
INT 21; The string does not cover the original input string, so use the function 2h plus a
A newline code (OAH) that moves the cursor to the front of the next line.
MOV dx,0118; Start position of the loaded string
MOV ah,09; 9h function encountered the $ symbol will stop the output, so the string must finally be added
INT 21; $, otherwise the 9h function will continue to display the useless data in memory randomly
INT 20
DB 20; Define Buffers
Send you a word: Learn the assembly should not impatient air dry.

The polite will not speak. 工欲善其事, its prerequisite. Debug is not so much a compiler as a "literal translation", and a command of debug can only turn a line assembly instruction into a machine language and execute it immediately. The real compiler (MASM) works by using a text editor (edit, etc.) to build the assembly instructions into a separate and additional text file named. ASM, called the source program. It is the input part of the MASM program. MASM will compile the input ASM files into the. obj file, called the target program. The obj file contains only information about where the parts of the program are to be loaded and how they are merged with other programs and cannot be loaded directly into memory execution. The link program link can convert the obj file into an EXE file that can be loaded into memory execution (execute). You can also use Exe2bin to turn eligible EXE files into COM files (COM files occupy the least amount of memory and run the fastest).
Below we use MASM to write a program with the same function as the first program written in Debug.
Edit a smile.asm source program file with edit.
SOURCE Program DEBUG Program
Prognam segment
Assume Cs:prognam
ORG 100h A100
MOV dl,1 mov dl,1
MOV ah,2 mov ah,2
int 21h int 21
int 20h int 20
Prognam ends
End

Compare: 1. Because MASM will assume all the values as decimal, and debug uses only hexadecimal, so in the source program, we must add the letters that represent the binary, such as h for 16, and D for decimal. If the hexadecimal number begins with a letter, it must also be preceded by a 0 to indicate that it is a number, such as 0AH. 2. Source program added five-story narrative: Prognam segment and Prognam ends is paired to tell MASM and link, this program will be placed in a program called Prognam, where the paragraph name (Prognam) can be taken , but its position must be fixed. Assume Cs:prognam must be at the beginning of the program to tell the compiler where the program is located in the CS register. End is used to tell MASM that the program ends, and the ORG 100H acts as the debug A100, starting at offset 100. All the source programs of the COM file must contain the five elements, and must be in the same order and location, this thing down on the line, uniform. Next, we compile smile.asm with MASM.
Enter the MASM smile← without entering the add-on name. Asm.
Microsoft (R) Macro assembler Version 5.10
Copyright (C) Microsoft Corp 1981, 1988. All rights reserved.
Object filename [SMILE. obj]:← whether to change the output obj file name, if not change the Enter
Source listing [NUL. lst]:← If a list file (LST) is required, you do not need to enter
Cross-Reference [NUL. crf]:← If a control file (CRF) is required, enter is not required
50162 + 403867 Bytes symbol space free
0 Warning errors← Warning error, indicating that the compiler does not understand some statements, usually an input error.
0 Severe errors← A critical error that causes the program to fail, usually a grammatical structure error.

If no error exists, an obj file can be generated. OBJ contains compiled binary results that cannot be executed by DOS loaded into memory and must be chained (linking). When you link the OBJ file (smile.obj) chain to an EXE file (SMILE.EXE), the.
1. Enter LINK smile← without additional name obj
Microsoft (R) Overlay Linker Version 3.64
Copyright (C) Microsoft Corp 1981, 1988. All rights reserved.
Run File [SMILE. exe]:← whether to change the output EXE file name, if you do not change the Enter
List File [NUL. map]:← If a list file (MAP) is required, enter is not required
Libraries [. lib]:← If you need a library file, type the file name, and do not enter
link:warning l4021:no stack segment← because COM files do not use stack segments, error messages
← "No stack segment" does not affect the normal execution of the program

Now that the EXE file has been generated, we must also use Exe2bin to convert the exe file (SMILE.EXE) into a COM file (smile.com). Enter Exe2bin SMILE to generate the BIN file (smile.bin). In fact, the bin file and the COM file is exactly the same, but because DOS only recognize COM, exe and bat files, so the bin file can not be executed correctly, renamed or directly input exe2bin SMILE SMILE. COM can. Now, the disk should have a smile.com file, you can simply enter the name of the file under the cue symbol C:>, SMILE to execute the program.

Do you feel that using the compiler to generate programs, more trouble than DEBUG! In small programs, that's true, but for larger programs, you'll find the advantages. We'll do the ASCII program again in compiler mode to see if there is any difference. First, use Edit.com to establish ASCII. ASM file.
Prognam segment; define Segments
Assume Cs:prognam; Place the segment base of the above definition segment into CS
MOV cx,100h; Number of loading cycles
MOV dl,0; Load the first ASCII code, and then each time the new code is loaded in a loop
Next:mov ah,2
int 21h
Inc DL, Inc: Increment instruction to add a value of 1 to the data register DL each time
Loop next; Loop instruction, execute once, CX minus 1, until CX is 0, loop stop
int 20h
Prognam ends; segment terminated
End; Assembly termination
In the source program of assembly language, each program line contains three elements:
Start:mov dl,1; load the first ASCII code, then load the new code each time
Identifier expression annotations

adding annotations to the original document makes the program easier to understand and easier to refer to later. Each line of annotations is separated from the program line by ";". The compiler ignores annotations, and the annotated data does not appear in obj, exe, or COM files. Since we are writing the source program, we do not know the address of each program line, so we must represent the relative address by the symbolic name, called the "identifier". We typically type an identifier in the appropriate location for the appropriate row. The identifier (label) can be up to 31 bytes long, so we try to use concise text as an identifier in the program. Now you can compile this ascii.asm file into ascii.com. 1.MASM ascii,2.link ascii,3.exe2bin ASCII ascii.com.

Note: Typing errors, misspelled identifiers, fewer hexadecimal numbers, and logic errors are often encountered when you assemble a program that you design with a compiler. The old-timers ' advice is: it's best to anticipate that the program you're writing is going to be a bit of a mistake (someone told me); If you get the desired result after the first execution of the program, you'd better check it again because it might be wrong. In principle, as long as the general logical structure is correct, the process of finding errors in the program is even more interesting than writing the program itself. When writing a large program, it is best to be divided into many modules, so that the purpose of the program itself is simpler, easy to write and error-checking, in addition to the program in the different parts of the boundary between the clearer, saving compilation time. 　　If you read the program can not understand the best place to write down the register, memory and other content, on the paper slowly gestures, the enlightened. Below we will write a "big program" that can get a decimal value from the keyboard and convert it to a hexadecimal value and display it on the screen. Preface: To allow 8086 to perform such a function, we must first decompose this problem into a series of steps called Program planning. First, take a flowchart to make sure that the entire program is logically free of problems (needless to say!). All languages must have this step). This modular planning approach is called "top-down programming". When the program is actually written, it is from the smallest unit module (subroutine), when each module is completed, and then merged into a large program, this big eye, small hand in the way called "bottom-up programming."

Our first module is Binihex, whose main purpose is to remove the binary number from the 8086 BX register and display it on the screen in 16 binary mode. Note: It is normal for a subroutine not to run independently.
Binihex segment
Assume Cs:binihex
mov ch,4; record the number of hexadecimal digits converted (four-bit)
Rotate:mov cl,4; Use CL when counter, record register number of move number
Rol BX,CL; The contents of the Loop register BX to process 4 hexadecimal numbers sequentially
mov al,bl; transfer bx low eight-bit BL internal data to Al
and AL,0FH; zeroing out the useless bits
Add al,30h, add 30H to the data in AL, and deposit Al
CMP al,3ah; compare with 3ah
JL PrintIt; less than 3ah transfer
Add al,7h, add 30H to the data in AL, and deposit Al
Printit:mov Dl,al; Mount the ASCII code in DL
MOV ah,2
int 21h
Dec ch; ch minus one, reduced to 0 o'clock, 0 flag 1
JNZ rotate; JNZ: When the 0 flag is not set to 1, it jumps to the specified address. i.e.: unequal, then transfer
int 20h; return main program from subroutine
Binihex ends
End

The contents of the Circular Register BX (BX content will be provided by the second subroutine) are rol using the cyclic left-shift instruction to process 4 hexadecimal numbers sequentially: 1. Use CL as the counter to record the number of times the register is shifted. 2. Move the first hexadecimal value of BX to the far right. Use and (Logical and "operation: the corresponding bit is 1 o'clock, the result is 1, the remainder is 0) to clear the part of the non-zero, to obtain the result: the BL value is deposited in AL, and then using and with 0Fh (00001111) to the left of the Al four-bit zeroed. Since the ASCII code from 0 to 9 is 30h to 39h, and a to F ASCII code is 41h to 46h, and the 7h is interrupted, the result is: if the content of Al is less than 3Ah, then the AL value is only 30h, otherwise the AL will be added 7h. The add instruction adds two expressions, and the result is stored in the left-hand expression. The flag register is a separate 16-bit register, with 9 flag bits, some assembly instructions (most of which involve comparisons, arithmetic, or logic operations) when executed, will be associated with the flag position 1 or clear 0, often encountered by the flag bit 0 signs (ZF), symbol (SF), Overflow flag (of) and carry Flag (CF). The flag bit preserves the effect of an instruction after it has been executed, and can use other relevant instructions to identify the status of the flag and generate the action according to the state. The CMP directive is much like subtraction, which subtracts the value of two expressions, but the contents of the register or memory do not change, only the relative flag bit is changed: if the AL value is less than 3Ah, then the sign flag bit will be set 0, whereas the other is 1. The JL directive can be interpreted as: less than is transferred to the specified position, greater than, equal to the execution down. CMP and JG, JL and other conditional transfer instructions can be used to form the branch structure of the program, which is a common technique used in writing assembler programs.

The second module Decibin to receive the keyboard into the decimal number, and convert it to binary number in the BX register for the module 1 Binihex use.
Decibin segment
Assume Cs:decibin
MOV bx,0; BX Clear Zero
Newchar:mov ah,1;
int 21h; Read a keyboard input symbol into AL and show
Sub al,30h; Al minus 30H, result in AL, complete ASCII transcoding binary code
JL exit; less than 0 transfer
CMP al,9d
JG exit; left > right Shift
CBW; 8-bit Al converted to 16-bit AX
XCHG ax,bx; swap ax and BX data
mov cx,10d; decimal Number 10 into CX
Mul CX; The value of an expression is multiplied by the ax content and the results are stored in Microsoft Dynamics AX
Xchg AX,BX
Add Bx,ax
JMP Newchar; Unconditional transfer
Exit:int 20; Back to the main program
Decibin ends
End
CBW The actual result is: If the value in Al is positive, then ah fills in 00h, whereas the AH fills in the FFH. Xchg is often used when you need to temporarily retain content in a register.
Of course, you have to have a subroutine (CRLF) so that the hexadecimal number shown will not be stamped out before the decimal number entered.
CRLF segment
Assume Cs:crlf
mov dl,0dh; Enter the ASCII code 0DH into the DL
MOV ah,2
int 21h
mov dl,0ah; assii code for line break 0AH into AH
MOV ah,2
int 21h
int 20; Back to Main program
Crlf ends
End

Now we can combine modules such as Binihex, Decibin and CRLF into one big program. First, we need to change these three module subroutines slightly. Then, write a program to invoke each sub-program.
CRLF proc near;
MOV DL,0DH
MOV ah,2
int 21h
MOV dl,0ah
MOV ah,2
int 21h
Ret
CRLF ENDP

Similar to segment and ends pseudo-instructions, proc and ENDP are also paired, used to identify and define a program. In fact, the real function of PROC is simply to tell the compiler that the program being invoked belongs to the near or remote (FAR). The general procedure is called directly by DEBUG, so return with INT 20, the program called by the call instruction uses the return instruction instead, Ret,ret will transfer control to the address referred to at the top of the stack, and the address is placed by the call command calling the program.
The modules are all set up, and we're done with the procedure.
Decihex segment; Main program
Assume Cs:decihex
Org 100h
MOV cx,4; the number of cycles into CX; Because the subroutine is going to use CX, the subroutine is going to put CX into the stack
Repeat:call Decibin; Calling decimal to Binary sub-program
Call CRLF; Invoke add back, line break program
Call Binihex; invoke binary hex and show subroutine
Call CRLF
Loop Repeat, 4 cycles, continuous operation 4 times
MOV ah,4ch; Call DOS21 number Interrupt 4c function, exit the program, function with int 20H
int 21H; The same, but the application of a wider, int20h back, try It
Decibin proc near Push CX, press CX onto stack;
　　 ┇Exit:pop CX; restore CX; Retdecibin ENDP binihex proc near Push CX
　　 ┇Pop cx Retbinihex ENDP CRLF proc near
Push CX
　　 ┇Pop cx Retcrlf Endpdecihex ends end

The call instruction is used to invoke the subroutine and transfer control to the subroutine address, while calling the downstream command address as the return address and pressing into the stack. Call can be divided into short-range (near) and remote (FAR): The content of 1.NEAR:IP is pressed into the stack for the program and program in the same paragraph. The contents of the 2.far:cs and IP registers are sequentially pressed into the stack for the program and program in different segments. PUSH, Pop is a pair of instructions used to press and eject the register content, to protect the register data, subroutine calls more use. The stack pointer has a "last in, first out" principle, like PUSH ax,push BX ... POP Bx,pop ax to protect data tittle.

Assembly Language Super Enrichment Tutorial to this will be over, hoping to lay the foundation of your independent design. And more and better skills are all dependent on your usual accumulation.

"Software Security" assembly language Hyper-Enrichment Tutorial & buffer overflow Attack--1