I. Learning Objectives
Understanding the role of ISA abstraction
Master Isa, and be able to learn other architecture extrapolate
Understanding the pipeline and how it is implemented
Second, the Learning content y86-64 directive
MOVQ directive IRMOVQ rrmovq mrmovq RMMOVQ
Four integer manipulation instructions Addq,subq,andq,xorq only the Register data
7 Jump Instructions Cmovle cmovl cmove cmovne cmovge CMOVG
The call command returns the address to the stack, and then j
1.Y86-64 Instruction Set architecture①Y86-64 directive
MOVQ directive IRMOVQ rrmovq mrmovq RMMOVQ
Four integer manipulation instructions Addq,subq,andq,xorq only the Register data
7 Jump Instructions Cmovle cmovl cmove cmovne cmovge CMOVG
The call command returns the address to the stack, and then jumps to the destination address, and the RET instruction returns from such calls
Pushq and POPQ instructions are implemented into the stack and out of the stack
Execution of Halt
processor design, it is often necessary to compare a signal to a number of possible matching signals to detect if a certain instruction code being processed is part of a class of instruction code.Sequential implementation of Y86-64Organize the processing into stages1. For OPL (integer and logical Operations), RRMOVL (register-register transfer) and IRMOVL (immediate count-register transfer)2. For RMMOVL and Mrmov3. For PUSHL and POPL4. For jump, call
was more about C, and I also realized some of my shortcomings in C language. Next, we should focus on the shortcomings of this piece, let the next study smoother.Learning progress Bar
lines of code (new/cumulative)
Blog Volume (Add/accumulate)
Learning Time (new/cumulative)
Important Growth
Goal
5000 rows
30 Articles
400 hours
First week
63/63
1/1
7/7
Second week
enable the compiled executable document to be debugged with GDB
New exploit.c, code below, \x?? \x?? \x?? \x?? Need to add shellcode to the address stored in memory because the location can overwrite the return address just after an overflow occurs.
We want to get shellcode in-memory address, enter commands gdb stack anddisass main
According to strcpy(buffer + 100,shellcode) the statement, we calculate shellcode the address as0xffffd350(十六进制) + 0x64(100的十六进制) = 0xffffd3b4(十六进制)
Mo
1. Machine-Level Code(1) Two kinds of abstract
Defines the format and behavior of machine-level programs by ISA
The memory address used by the machine-level program is the virtual address
2. Data format3. Operand designator4. Press in and eject stack data
Follow the principle of first in and out
Push Press in, pop delete
Pushq press four words into the stack popq four words pop-up stack
5. Arithmetic and logical operations
LEAQ Load Valid address
INC plus a
D
week's exam error summary 1.The following jump commands are related to ZF ()A. jmpB. JeC. jsD. JaE. JBF. JbeAnalytical:2.Assuming that the function of the C-expression T=a+b is completed with the add instruction, the correct statement about the condition Code Register is ()A. If t==0, then zf=1B. If tC. If tD. if (aE. if (aF. LEAQ directive does not affect the condition code registerG. CMP directives do not affect the condition code registerAnalysis: Textbook p135ZF: 0 logo. The result of the r
scoring criteria, I scored for Tan Xin's blog: 6 points. The score is as follows:
Question plus 3 points
Sentiment does not impracticality plus 1 points
Beautifully formatted plus 1 points-Correct use of markdown syntax plus 1 points-Complete elements in the template plus 1 points
Based on the scoring criteria, I scored for Wang Yuhan's blog: 6 points. The score is as follows:
Beautifully formatted plus 1 points
Question plus 2 points
Sent
exploit.c file to compile.6. Running the programAfter the address protection mechanism has been modified, the run is unsuccessful and the segment error is displayed.
Experimental HarvestFeel according to the steps of the experiment step by step, really can get the corresponding results, but the whole experiment is a walk a process, or do not understand the relevant memory overflow of the specific process, as well as the relevant attack ideas, their level or not standards, there is a long way
lower layer. Due to locality, writing back can significantly reduce bus traffic.The disadvantage is increased complexity.Another problem is how to deal with write Miss.Write allocation: load the corresponding lower-level block to the cache, and then update the cache block. The disadvantage is that each Miss will cause a block to be transferred from the lower layer to the cache.Non-write allocation: Avoid high-speed caching and write the word directly to the lower layer.Performance impact of hig
in memory, because this location can overwrite the return address exactly after an overflow occurs. And strcpy(buffer+100,shellcode); This sentence tells us again, Shellcode is saved in buffer + 100 the position. Below we will detail how to get the address we need to add.Now we're going to get shellcode in memory addressEnter the command:$ gdb stack$ disass mainNext:7, according to the statement strcpy (buffer + 100,shellcode); We calculate Shellcode's address as 0xffffd2d0 (hex) + 0x64 (hex of
Summary of the learning contents of the textbook fourth Chapter processor Architecture Y86-64 instruction set architectureThe "programmer" here refers to the person who writes the program with the assembler code, or the compiler that produces the machine code . The state of y86-64 is similar to x86-64.Y86-64 directive
X86-64 's MOVQ instruction is divided into 4 different instructions: IRMOVQ,RRMOVQ,MRMOVQ,RMMOVQ, which explicitly indicates the source and destination format, and the source
, delete the node and set the parent's child reference to null. The color of brothers is the most important thing to delete.
Problems and Solutions in teaching material Learning
Problem 1: In the deletion of the red/black tree, an iteration termination condition is (current. Color = red), which cannot be understood.
Problem 1: because the number of black nodes in each path is the same, when the current node is red, the iteration conditions are met until the current node is red, and al
selection: determine where the desired word starts in the block.
Associated High-speed cache:1. group selection in group-connected high-speed cache: Same as group selection in direct ing high-speed cache, group index bit Identification Group.2. Row matching and word selection in the group-connected high-speed cache: each group is considered as a small memory associated with a (Key, value) pair array,3. Input key to return the value in the corresponding array. The cache must search for each row
layer and find it in the cache content at the K layer. You can directly read data at the K layer, which is called cache hit.
Cache miss. No data is found at the K layer. The cache at the K layer needs to retrieve the block containing objects from the cache at the K + 1 layer. If the K layer is full, overwrite an existing block. Cool hit, the K layer has nothing, so it does not hit.
High-speed cache memory, mainly the size (p426) and probability (p431)Summary of test errors last week
2018-
shift x>>k: Move the K-bit right and the value at the left to complement K's most significant bit
Logical right Shift x>>>k: Move K-bit right, left complement K 0
Use arithmetic right shift for signed number, logical right shift for unsigned numberInteger representation
Information = bit + context
unsigned integer: b2u4[0011]=0 2^3+0 2^2+1 2^1+1 2^0=3
Signed integer-complement code: B2t4[1011]=-1 2^3+0 2^2+1 2^1+1 2^0=-5
Unsigned number means you need to append the suf
understanding of technology, do not tangle with the product implementation methods.
ØEncourage storytelling:Stories are the best way to help designers understand users.
ØAvoid induced problems:Typical induction problem: Will you use this function? In general, the user will give a meaningless positive answer.
I borrowed this book from Zhe tu, but I found that《About face 2.0"And, of courseChinese TranslationAlso, I borrowed a copy of it. I have never read this book similar to the industry bible,
Recently, I want to buy a few books on. NET and design patterns, just csdn on the Dearbook on the next, finishing a few of these more classic books. Some of the English versions of the books cannot be found inside. The price refers to the non-VIP members of the prices, that is, ordinary members of the price.Microsoft.
For Java programmers, mastering object-oriented design theory and some design patterns is an essential skill. To start programming without learning a theory is similar to learning a language without studying the alphabet. There's a lot of object-oriented theory, design patterns and best practices on the market, but only a few
Http://product.china-pub.com/192981
Splendid blueprint: how to plan a memorable website (version 2nd) online reading of e-books
This book is a new version of the best-selling book on information architecture. The author tells you how to plan easy-to-use websites and the information architecture principles behind them easily. This book first introduces the eight basic principles for establishing an information architecture, then emphasizes the role o
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.