asm lang deep dive Notes - ipatch/theairportwiki GitHub Wiki

Notes

  • CPU Memory I/O all talk to each other via a system bus.
  • One of the main purposes for the assembly language is to provide mnemonic instructions for machine code.
  • ⚠ī¸ It is to my understanding CPU's operate using a base-2 numerical system, whereas physical memory RAM operates using a base-16 numerical system.

CPU components

  • CPU - consists of 4 components
    • Control Unit - Retrieve / Decode instructions and Retrieve / Store data in memory.
    • Execution Unit - Actual execution of instruction happens here.
    • Registers - Internal memory locations used as variables
    • Flags - Used to indicate various events when execution is happening.

CPU requires some sort of internal memory location in order to perform calculations.

  • CPU - Registers there are 4 types
    1. general purpose registers
    • CPU consists of 8 general purpose registers
      • EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP
        • ECX - dictates how many times a loop is run.
    1. segment registers
    2. instruction pointer register
    3. control register

Having a solid understanding of how the EIP operates is essential

  • ESP - always points to the top of the stack.

Fun fact 11 - register names start with %

Virtual Memory Model

Every process is unaware of other processes running on the system, ie, runs in isolation.

  • analoc - refers to pointer in the virtual memory space located in the heap.

Virtual Memory Space - Linux 2.4 - 2.6

  • /proc - directory that holds various run-time information about the system.
  • cat /proc/PID/maps - shows the memory map of the program.

⚠ī¸ Linux kernel > 2.6 virtual memory space is randomized to thwart various attacks that rely on hard coded memory address space.

The Stack

  • Stack - a LIFO Last in First Out data structure used for short-term storage and addresses memory from high to low.
  • PUSH - pushes a value onto the stack.
  • POP - removes the top most value from the stack.

The Heap

  • heap - is a managed memory region that allows for the dynamic allocation of variable-sized blocks of memory at run-time.

Binary

  • .text - contains the actual program code.

System Calls

A list of Linux system calls can be found at the below location

/usr/include/asm/unistd.h

This is does not apply to macOS ☚ī¸

A list macOS sys calls are stored in the below location

/usr/include/unistd.h

Notable sys calls include

  • exit()
  • read()
  • write()

System calls are invoked by processes using a software interrupt - INT 0x80

To pass arguments to system calls

  • EAX - System Call number
  • EBX - first argument
  • ECX - second argument
  • EDX - third argument
  • ESI - fourth argument
  • EDI - fifth argument

Assembly language Data Types in .DATA segment

  • .byte - 1 byte
  • .ascii - string
  • .asciz - Null terminated string
  • .int - 32 bit integer
  • .short - 16 bit integer
  • .float - Single precision floating point number
  • .double - Double precision floating point number

Assembly language data types in .BSS segment

  • .comm - declares common memory area
  • .lcomm - declares local common memory area

Assembly language instruction example

movl %eax, %ebx

The above example moves a 32 bit value from register %eax to register %ebx

Comparison of Jump operations

ASM mnemonic English ❓
je jump if equal zf=1
jne jump if not equal zf=0
jz jump if zero zf=1
jnz jump if not zero zf=0
jg jump if greater zf=0 & sf=of
jge jump if greater or equal sf=of
jng jump if not greater zf=1
jnge jump if not greater or equals f(not equal)of
jl jump if less sf(not equal)of

Useful Links

Security Tube - Assembly Primer For Hackers