Talking about how the computer works and the simple disassembly operation under Linux __linux

I remember learning how to do the basic arm assembly operation when ARM programming, also involves some very basic Linux under the assembly instruction form. But have not really deep understanding, also did not write how many assembly code, in addition to be able to understand the meaning of the code, really handwriting some assembly code to deal with the problem I am still learning.

When it comes to how computers work, there seems to be a name in every computer-related book, that is Neumann. I remember this is also the computer room wall will post the figure head, and Turing stood together.

This article is not too much about the principle of computer composition, but simply to describe the understanding of the computer work so far I can remember the process.

The book says that the Neumann structure is a general-purpose computer structure, and it is also called the Princeton structure. It has only one main memory, the main memory can be stored in the data can also be instructions. And it has only one command to access the main memory. The CPU exchanges information with the memory through the bus. This structure is in fact not efficient because the data and instructions are mixed together. Therefore, the corresponding better design is the Harvard structure, Harvard structure is the instruction and data storage system structure. It has separate address spaces and access instructions for storing instructions and data, so there are two types of buses, bus and instruction buses. Because of the separation of duties, the Harvard structure of the computer processor has a higher data throughput rate.

The principle of computer work lies in the processing of data, and the processing of data is done by invoking instructions. We usually operate the computer, you can through the keyboard, through the mouse operation, corresponding to the computer circuit 0,1 potential changes. And how to interpret the operation is handled by the operating system, in a word, the computer work process has been abstracted and encapsulated, and the operating system is on the bottom of the first layer of encapsulation. The most basic computer consists of memory, input, screen, motherboard, CPU and other hardware. How to drive these hardware is done by software.

Programming is done on the basis of the operating system through the operation of the Code and then compiled by the compiler to execute.

In Linux we have a disassembly to test how C code is converted into assembly code.

We do this on the lab floor, the C code is a simple three function (a main function and two called functions):

Disassembly with GCC under Linux:

Gcc-s-O main.s main.c-m32

You can get the assembly-level code for MAIN.C:

Start with a point is the annotation class so delete most of these statements, the above screenshot is for all the assembly code.

First from main: start looking:

PUSHL%EBP

EBP is the underlying stack pointer, supposedly 0, when the stack is empty and both ESP and EBP point to the bottom of the stack, which is equivalent to:

Subl $,%esp

Movl%ebp, (%ESP)

That is to say, the position where ESP points to is subtracted by 4, then the value of the ESP corresponds to the position of EBP, assuming 0;

MOVL%esp,%EBP

is to change the value of the EBP pointer to the ESP pointer, which means that ESP points to the same location again and EBP;

Subl $,%esp

MOVL, (%ESP)

These two instructions are equivalent to the PUSHL $ $, the ESP pointer moves 4 bytes down, and the value of the register pointed to by ESP is set to 8;

Call F

Call function f, this instruction is equivalent to

PUSHL%EIP (*)

MOVL F%eip (*)

The meaning is the value of the EIP, the EIP is pointing to the location of the instructions to call, in the diagram is the 24th line, the existence of registers, and then to the EIP to assign the entrance address of F, the implementation of the F function code;

PUSHL%EBP

ESP goes down 4 bytes and pushes the EBP pointer value onto the stack

MOVL%esp,%EBP

Set the value of EBP to why ESP is the same

Subl $4,%esp

ESP goes down 4 bytes

MOVL 8 (%EBP),%eax

The value of the EAX register is equal to Ebp+8, that is, EAX now points to the number 8

Movl%eax, (%ESP)

Set the value of the ESP location to the EAX pointer value

Call G

Equivalent to

PUSHL%EIP (*)

MOVL G%EIP (*)

Call function g, the value of EIP exists registers, the figure is 16 rows, and then to the EIP to assign value, into the G function entrance;

PUSHL%EBP

ESP goes down 4 bytes and puts the EBP pointer value in

MOVL%esp,%EBP

Make Ebp=esp

MOVL 8 (%EBP),%eax

So eax=ebp+8, 8 bytes up, pointing to store the EAX value, this eax is pointing to the number 8

Addl $10,%eax

Add the value of the eax point to 10 to get 18.

POPL%EBP

Equivalent to MOVL (%ESP),%EBP

Addl $,%esp

And then:

Ret

Equivalent to POPL%eip (*)

Jump to line 16 for execution

Leave

Equivalent to

MOVL%EBP,%esp

POPL%EBP

Then eject EIP jump to the 24th line of the EAX value of 18, and then add 3, and then leave, and then RET,EBP and ESP are back to the initial values.

Wang Bing Original works reproduced please indicate the source of "Linux kernel Analysis" MOOC course http://mooc.study.163.com/course/USTC-1000029000