Documentation is available (Intel IA-32 Software Developer’s Manuals). Serves as a complete reference.
mov DWORD PTR [ebp-4], 10mov $10, -4(%ebp)About the 8 general purpose registers:
ah refers to the second halfs first 8 bitseax return valueebx –ecx Counteredx –ebp Frame/Base Pounteresi Source index (for arrays)edi Destination index (for arrays)esp Stack pointereax, ecx, edx are volatileWhat types of stuff can we use in instructuins?
$0x42, the literal hexadecimal value 42%eax, the value in eax0x4001000, get the value at that memory address(%esp) – Get the memory address at that register, and the value at the memory address8(%esp), Add 8 to address found in esp, then get that valueD(B,I,S), where we take the value at address \(D+B+I*S\).
8(%esp, %esi, 4) – 4 * some int value in esi, add that to esp, and then add the displacement.S must be 1, 2, 4, or 8.addl $1, %eaxEFLAGS register, which is a bit field. Contains ZF (zero result), SF (signed/neg result), CF (carry-out of MSB occurred), and OF (overflow occurred), among many others.{add, sub, imul} src destneg dest – negate{inc, dec} dst{sal, sar, shr} src, dst – Arithmetic and logical shifts (<<, >>, >>> respectively to the order shown).{and, or, xor} src, dstnot dst – bitwise NOTcmp src, dst – Does dst - src. Does not store the result, but sets flagstest src, dst – Does dst & src. Does not store the result, but sets flagsjmp target – Unconditionally jump to target (Changes %eip)Conditional jumps (these will make use of the EFLAGS flags):
{je, jne} target – Jump to target if equal{jl, jle} target – Jump less than (or equal){jg, jge} target – Jump greater than (or equal){ja, jb} target – Jump to target if above/below (respectively)What are the sources in these? These instructions make use of the EFLAGS register, which stores stuff from previous arithmetic instructions.
target is usually an address encoded as an immediate operand, but can also be stored in a register/memory. In that case however, indirect addressing is required, i.e. *%eax and *0x4001000 (We get the address at the location, and the * tells us to treat is as a memory address, this is indirect addressing).
Consider an if statement
if (cond) {
// if-clause
} else {
// else-clause
}testl %eax, %eax
je ELSE
# if-clause
jmp ENDIF
ELSE:
# else-clause
ENDIF:
# ...Consinder a while control structure
while (cond) {
// loop-body
}testl %eax, %eax
je ENDLOOP
LOOP:
# loop-body
testl %eax, %eax
jne LOOP
ENDLOOP:
# ....mov src, destmovzbl src dest Copy 8 bit value to 32 bit target using zero fillmovsbl src dest Copy 8 bit value to 32 bit target using sign extension{cmove/ne} src, dst Move data from src to dst if ZF = 0Address computation
lea address, dst – Load effective address? Moves the ADDRESS (not the value) into the dst.Implicitly modify %esp$
push src – Push src onto stackpop dst – Pop the top of the stack into dstcall target – Pushes the current %eip onto the stack and then jump to the targetleave – Restores the frame pointer %ebp and clears the stack frameret – Pop the stack into %eiptarget can use indirect addressing.
Functions make extensive use of the call-stack, and it has alot of convention.
Before calling:
Right before returning:
%eax%esp does not always reflect the top of the stacklea can be used in surprising ways (addressing modes as arithmetic)%ebp) creates a chain of stack frames
When an x86 system boots up, it runs in 16-bit real mode (compatible with 8086) – all address reference “real” memory locations [no virtual memory business]
IP=0x4000, CS=0x1100, CS:IP (segmented address) refers to 0x1100x16 + 0x4000 = 0x15000.CPL flag is found in the CS register, we will cover the mechanism for updating CPL later