Explaining Assembly Concepts on C Examples

The main Assembly command is the mov data-exchange command, which can be considered an equivalent of the assignment operator. For example, c = 0x333 can be written as follows in Assembly language: mov eax, 333h (note the difference in the format used for hexadecimal number representation). Also, it is possible to write it as follows: mov eax, ebx (write the value of the EBX register into the EAX register).

The pointers are enclosed in square brackets. The a = *b construct of the C language will appear as follows in Assembly: mov eax, [ebx] . If desired, it is possible to add the offset to the pointer. Thus, a = b [0x66] in C is equivalent to mov eax, [ebx + 66h] in Assembly.

Variables are declared using the following directives: db (1-byte variable), dw (2-byte variable), dd (double-word variable), etc. Sign property is not specified when variables are declared. The same variable can be interpreted differently in different program sections: as a signed or an unsigned number. To load a variable into the pointer, either the lea or the mov command with the offset directives are used. Consider the example in Listing 2.1.

Listing 2.1: Main methods of data exchange
image from book
 LEA EDX, b        ; The EDX register contains the pointer to the b variable. MOV EBX, a        ; The EBX register contains the value of the a variable. MOV ECX, offset a ; The ECX register contains the pointer to the a variable. MOV [EDX], EBX    ; Copy the a variable to the b variable. MOV b, EBX        ; Copy the a variable to the b variable. MOV b, a          ; Error! This is an invalid operation.                   ; Both arguments of the MOV command cannot be                   ; located in the memory. a DD 66h          ; Declare the a variable of the double word type                   ; and initialize it with the 66h number, b DD ?            ; Declare the uninitalized b variable of the dword type. 
image from book
 

Now, consider conditional jumps . Assembly language has no if operators, and in practice this operation must be carried out in two stages. The cmp command allows the programmer to compare two numbers and saves the result of this comparison in flags. Flags are special-purpose bits of the specialized register, which will not be considered here because its detailed description would take too much precious book space. For the moment, it is enough to memorize that there are three main states: less than (below or less), greater than (above or greater) and equal to (equal). The jx family of the conditional operator commands checks the condition specified as x and, if this condition is true, carries out the jump to the specified address. For example, je jumps if two numbers are equal (jump if equal), and jne ” if two numbers are not equal (jump if not equal). Similarly, jb/ja commands work with unsigned numbers, and jl/jg work with the unsigned ones. Any two conditions that are not mutually exclusive can be combined, for example, jbe ” jump if one unsigned number is below or equal to another one. The jmp command corresponds to an unconditional jump.

The cmp/jx construct is much more like IF xxx GOTO in Basic than a similar C construct. Here are several examples illustrating its use (Listing 2.2).

Listing 2.2: Main types of conditional jumps
image from book
 CMP EAX, EBX                ; Compare EAX and EBX. JZ  xxx                     ; Jump to xxx if they are equal. CMP [ECX], EDX              ; Compare  *  ECX and EDX. JAE yyy                     ; If unsigned  *  ECX >= EDX then jump to yyy. 
image from book
 

Implementation of function calls in Assembly is much more complicated than in C. First, there are at least two types of calling conventions ” C and Pascal. According to the C calling convention, function arguments are passed to the function from right to left, and the code that calls the function clears them from the stack. According to the Pascal calling convention, the situation is opposite . Arguments are passed from left to right, and the functions must clear them from the stack on its own. Most API functions of the Windows operating system observe the combined calling convention known as stdcall , according to which arguments are passed according to the C calling convention and cleared from the stack according to the Pascal calling convention. The value returned by the function is loaded into the EAX register. For passing 64-bit values, the EDX:EAX pair of registers is used. Naturally, these conventions must be observed only when calling external functions, such as API functions and library functions. Internal functions are not required to correspond to these conventions, and they can pass argument in any imaginable manner, for example, using the registers.

Listing 2.3 demonstrates the simplest example of the function call.

Listing 2.3: Calling API functions of the operating system
image from book
 PUSH offset LibName            ; Push the string offset onto the stack. CALL LoadLibrary               ; Function call MOV  h, EAX                    ; EAX contains the returned value. 
image from book
 


Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net