x86 Assembly Crash Course
Stack
Stack is a structure which can be pushed and popped Elements that are higher on the stack have a lower address than the elements at the bottom of the stack When functions are generated, they are allocated stack frames EBP - base pointer, contains the base address of the current stack frame ESP - stack pointer, contains the address of the top element of the current stack frame
Case : Building and calling a function in the main
Consider the piece of code:
#include <stdio.h>
#include <stdlib.h>
void func(int x){
int a = 0;
int b = x;
}
int main(){
func(10);
}
First, an address for the parameter 10 is allocated in the stack frame. Then return address of the function is allocated in the frame. Then base pointer is equal to stack pointer. Next, stack pointer is extended to fit local variables. test
Instruction format
Instructions have two parts:
- operation
- arguments operation arg
if an operation takes two arguments, the args are separated by two commas: operation arg1, arg2
mov instruction
mov instruction takes the address of second arg and copies it into the first one: mov arg1, mov arg2
However, if we want to mov the actual value that our second argument holds, we use square brackets: mov arg1, [arg2]
add instruction
takes two arguments, sums them, and saves the results into the first argument: eax = 10 add eax, 0x5 now eax = 15
sub instruction
It is like add, but now the values are subsracted: eax = 10 sub eax, 0x5 now eax = 5
push instruction
Decreases the esp pointer, adds a new value onto the stack push arg
pop instruction
increments esp, pops the top element off the stack into the register which is the argument of the instruction pop reg
lea instruction(load effective address)
Takes the address in the second argument, and copies it into the register in the first argument. Used to have a pointer to a memory region. lea reg, addr
cmp instruction
cmp is like sub and add, but it will not save the result into first argument. Instead it will save it to a flag var in the processor. Three values can be saved : =0, <0, >10 for example: cmp 1,3 since 1-3=-2 , it will save <0 to the flag
jmp instruction
sets eip to the address in the argument if the condition is met. There are several types of jmp: je, jne, jg, jl. So, in the case je addr, it will not jmp, since the flag is <0. but if jmp type is jl, then it will jump. If it’s jmp addr, then it will jump without a condition
call instruction
Calls a function. call = push eip, jmp function In other words, it will put the return address of the called function onto the stack, and moves eip to the first instruction of the function
leave/ret instruction
Called at the end of each function It destroys the current stack frame by setting esp to ebp and popping ebp. ret instruction follows leave. It pops the return address off the stack and sets eip equal to it.