As we have discussed that if a hacker that hasn’t mastered Assembly language is not a hacker because nothing really moves without it.Because assembly language allows you to do things you can't do in other programming languages. Without assembly language you will not be able to find the 0day against software , because debugger only output in asm code. So now we will start learn assembly language. The first concept of assembly language which you needs to understand is addressing modes.
Processors have a number of different ways of accessing data, known as addressing modes. In other words, Data accessing modes or methods are different ways a processor can adopt to access data.
The general form of memory address references is this:
ADDRESS_OR_OFFSET(%BASE_OR_OFFSET,%INDEX,MULTIPLIER)
or,
BaseAddress( %Offset, %Index, DataSize)
All of the fields are optional. To calculate the address, simply perform the following calculation:
Perform the following calculation to calculate the address:
FINAL ADDRESS = ADDRESS_OR_OFFSET + %BASE_OR_OFFSET + MULTIPLIER * %INDEX
or,
Final_address = BaseAddress + %Offset + (DataSize x %Index)
BaseAddress and DataSize must both be constants, while the other two, i.e. %Offset and %Index,must be registers. If any of the pieces is left out, it is just substituted with zero in the equation.
If you are new to this stuff, you might not be able to digest and understand it properly. So just go through them once and do keep referring them while programming.
There are following modes of addressing :-
1.Immediate Addressing Mode:the data to access is embedded in the instruction itself. For example, if we want to initialize a register to 10, instead of giving the computer an address to read the 10 from, we would specify immediate mode, and give it the number 10.
Instruction : movl $10, %eax
It says load the value 10 into the register eax. This mode is used to load direct values into registers or
memory location.So we can say that Immediate mode is used to load direct values into registers or memory locations.
Notice that to indicate immediate mode, we used a dollar sign in front of the number. If we did not, it would be direct addressing mode, in which case the value located at memory location 10 would be loaded into %eax rather than the number 10 itself.
2.Direct Addressing Mode:In the direct addressing mode, the instruction contains the memory address to
access. This is done by only using the ADDRESS_OR_OFFSET or BaseAddress portion,and rests of the fields have been substituted with zero in the equation.
The gernal instruction for Direct Addressing Mode is:
movl ADDRESS, %eax
This loads %eax with the value at memory address ADDRESS.
3.Indirect Addressing Mode:In the indirect addressing mode, the instruction contains a register that contains a pointer to where the data should be accessed. Indirect addressing mode loads a value from the address indicated by a register.
The gernal instruction for Indirect Addressing Mode is:
movl (%eax), %ebx
It means eax is holding some address, and we want to move the value at that address into register ebx.
Hence, the “Indirect Addressing Mode” loads a value from the address indicated by a register.
For example, if we used indirect addressing mode and specified the %eax register, and the %eax register contained the value 4, whatever value was at memory location 4 would be used. In direct addressing, we would just load the value 4, but in indirect addressing, we use 4 as the address to use to find the data we want.
4.Indexed Addressing Mode :In the indexed addressing mode, the instruction contains a memory address to access, and also specifies an index register to offset that address.You can use any general-purpose register as the index register. You can also have a constant multiplier of 1, 2, or 4 for the index register, to make it easier to index by bytes, double-bytes, and words.
The gernal instruction is:
movl BaseAddress(%Offset , %Index, DataSize),%DestinationRegister
For example, let’s say that we had a string of bytes as string_start and wanted to access the third one (an index of 2 since we start counting the index at zero), and %ecx held the value 2. If you wanted to load it into %eax you could do the following:
movl string_start(,%ecx,1), %eax
This starts at string_start, and adds 1 * %ecx to that address, and loads the value into %eax.
5. Base Pointer Addressing Mode : Base pointer addressing is similar to indirect addressing, except that it adds a constant value to the address in the register.
For example, if you have a record where the age value is 4 bytes into the record, and you have the address of the record in %eax, you can retrieve the age into %ebx by issuing the following instruction:
movl 4(%eax), %ebx
So The gernal instruction is:
movl 4(%eax), %ebx
Let's revise addressing mode :
movl (%esp), %eax : Indirect addressing mode. It would copy the value on the top of the stack into eax
movl 4(%esp), %eax : Base pointer addressing mode to access the 2nd top value on a stack
movl $9, 4(%edi) : copy the value 9 in the memory pointed out by (edi + 4)
movl $9, -2(%edi ) : copy the value 9 in the memory pointed out by (edi – 2)
6. Register addressing mode: In the register addressing mode, the instruction contains a register to access, rather than a memory location. The rest of the modes will deal with addressesRegister mode simply moves data in or out of a register. In all of our examples, register addressing mode was used for the other operand.
The gernal instruction is :
movl %eax, %ebx
Register mode simply moves data in or out of a register.
These addressing modes are very important, as every memory access will use one of these. Every mode except immediate mode can be used as either the source or destination operand. Immediate mode can only be a source operand.
Examples: Now let's understand these addressing mode with examples :-
1. If you need to move a value 15 in the location?
movl $15, mem_location
;This instruction would change the value in mem_location from 10 to 15
2.If you need to move a value 15 in register?
movl $15, %eax
;This is Immediate Addressing Mode
3.How to move the value in the mem_location in a register ?
movl mem_location, %eax
Or, How to move the value in the register in a mem_location ?
movl %eax, mem_location
4. What if need to copy the address of mem_location in a register? i.e. the value stored in the register
would be the addess of the mem_location :
movl $mem_location, %eax
;Notice the prepended “$” dollar to memory location
Similarly, movl $mem_location, another_location, will load the address of mem_location to another_location.
5. What if I need to copy something from one register to another?
movl %eax, %ebx ; To move a 32 bit value
movw %ax, %bx ; To move a 16 bit value
movb %ah, %bh ; To move a 8 bit value.
Bottom line is that both, the source and destination, should be of same size.
6. How to access value in an array?
BaseAddress(Offset, Index, Data_Size)
Here the trap is, the “Offset” and “Index” needs to be mentioned in registers. “Data_Size” would be an integer value and it's basically the size of the data type under operation.
Let us say you want to change the 4th variable of array to 44, following would be the instructions:
movl $0, %eax
movl $3, %ebx
movl $44, IntegerArray(%eax, %ebx, 4)
7. How to do indirectly (Indirect Addressing Mode)?
movl $mem_location, %eax ;move the address of label mem_location into register eax
movl (%eax), %ebx ;move the value at the address stored in register eax into register ebx i.e. mov the value of label mem_location into register ebx
movl $35, (%eax) ;move the value 35 at the location pointed by the address stored in register eax i.e. here in the current case, the current value of label mem_location would be over written with integer value 35
Reference : 1. 15 FIRST DATES WITH ASSEMBLY PROGRAMMING
2.Programming from ground up.
Processors have a number of different ways of accessing data, known as addressing modes. In other words, Data accessing modes or methods are different ways a processor can adopt to access data.
The general form of memory address references is this:
ADDRESS_OR_OFFSET(%BASE_OR_OFFSET,%INDEX,MULTIPLIER)
or,
BaseAddress( %Offset, %Index, DataSize)
All of the fields are optional. To calculate the address, simply perform the following calculation:
Perform the following calculation to calculate the address:
FINAL ADDRESS = ADDRESS_OR_OFFSET + %BASE_OR_OFFSET + MULTIPLIER * %INDEX
or,
Final_address = BaseAddress + %Offset + (DataSize x %Index)
BaseAddress and DataSize must both be constants, while the other two, i.e. %Offset and %Index,must be registers. If any of the pieces is left out, it is just substituted with zero in the equation.
If you are new to this stuff, you might not be able to digest and understand it properly. So just go through them once and do keep referring them while programming.
There are following modes of addressing :-
1.Immediate Addressing Mode:the data to access is embedded in the instruction itself. For example, if we want to initialize a register to 10, instead of giving the computer an address to read the 10 from, we would specify immediate mode, and give it the number 10.
Instruction : movl $10, %eax
It says load the value 10 into the register eax. This mode is used to load direct values into registers or
memory location.So we can say that Immediate mode is used to load direct values into registers or memory locations.
Notice that to indicate immediate mode, we used a dollar sign in front of the number. If we did not, it would be direct addressing mode, in which case the value located at memory location 10 would be loaded into %eax rather than the number 10 itself.
2.Direct Addressing Mode:In the direct addressing mode, the instruction contains the memory address to
access. This is done by only using the ADDRESS_OR_OFFSET or BaseAddress portion,and rests of the fields have been substituted with zero in the equation.
The gernal instruction for Direct Addressing Mode is:
movl ADDRESS, %eax
This loads %eax with the value at memory address ADDRESS.
3.Indirect Addressing Mode:In the indirect addressing mode, the instruction contains a register that contains a pointer to where the data should be accessed. Indirect addressing mode loads a value from the address indicated by a register.
The gernal instruction for Indirect Addressing Mode is:
movl (%eax), %ebx
It means eax is holding some address, and we want to move the value at that address into register ebx.
Hence, the “Indirect Addressing Mode” loads a value from the address indicated by a register.
For example, if we used indirect addressing mode and specified the %eax register, and the %eax register contained the value 4, whatever value was at memory location 4 would be used. In direct addressing, we would just load the value 4, but in indirect addressing, we use 4 as the address to use to find the data we want.
4.Indexed Addressing Mode :In the indexed addressing mode, the instruction contains a memory address to access, and also specifies an index register to offset that address.You can use any general-purpose register as the index register. You can also have a constant multiplier of 1, 2, or 4 for the index register, to make it easier to index by bytes, double-bytes, and words.
The gernal instruction is:
movl BaseAddress(%Offset , %Index, DataSize),%DestinationRegister
For example, let’s say that we had a string of bytes as string_start and wanted to access the third one (an index of 2 since we start counting the index at zero), and %ecx held the value 2. If you wanted to load it into %eax you could do the following:
movl string_start(,%ecx,1), %eax
This starts at string_start, and adds 1 * %ecx to that address, and loads the value into %eax.
5. Base Pointer Addressing Mode : Base pointer addressing is similar to indirect addressing, except that it adds a constant value to the address in the register.
For example, if you have a record where the age value is 4 bytes into the record, and you have the address of the record in %eax, you can retrieve the age into %ebx by issuing the following instruction:
movl 4(%eax), %ebx
So The gernal instruction is:
movl 4(%eax), %ebx
Let's revise addressing mode :
movl (%esp), %eax : Indirect addressing mode. It would copy the value on the top of the stack into eax
movl 4(%esp), %eax : Base pointer addressing mode to access the 2nd top value on a stack
movl $9, 4(%edi) : copy the value 9 in the memory pointed out by (edi + 4)
movl $9, -2(%edi ) : copy the value 9 in the memory pointed out by (edi – 2)
6. Register addressing mode: In the register addressing mode, the instruction contains a register to access, rather than a memory location. The rest of the modes will deal with addressesRegister mode simply moves data in or out of a register. In all of our examples, register addressing mode was used for the other operand.
The gernal instruction is :
movl %eax, %ebx
Register mode simply moves data in or out of a register.
These addressing modes are very important, as every memory access will use one of these. Every mode except immediate mode can be used as either the source or destination operand. Immediate mode can only be a source operand.
Examples: Now let's understand these addressing mode with examples :-
1. If you need to move a value 15 in the location?
movl $15, mem_location
;This instruction would change the value in mem_location from 10 to 15
2.If you need to move a value 15 in register?
movl $15, %eax
;This is Immediate Addressing Mode
3.How to move the value in the mem_location in a register ?
movl mem_location, %eax
Or, How to move the value in the register in a mem_location ?
movl %eax, mem_location
4. What if need to copy the address of mem_location in a register? i.e. the value stored in the register
would be the addess of the mem_location :
movl $mem_location, %eax
;Notice the prepended “$” dollar to memory location
Similarly, movl $mem_location, another_location, will load the address of mem_location to another_location.
5. What if I need to copy something from one register to another?
movl %eax, %ebx ; To move a 32 bit value
movw %ax, %bx ; To move a 16 bit value
movb %ah, %bh ; To move a 8 bit value.
Bottom line is that both, the source and destination, should be of same size.
6. How to access value in an array?
BaseAddress(Offset, Index, Data_Size)
Here the trap is, the “Offset” and “Index” needs to be mentioned in registers. “Data_Size” would be an integer value and it's basically the size of the data type under operation.
Let us say you want to change the 4th variable of array to 44, following would be the instructions:
movl $0, %eax
movl $3, %ebx
movl $44, IntegerArray(%eax, %ebx, 4)
7. How to do indirectly (Indirect Addressing Mode)?
movl $mem_location, %eax ;move the address of label mem_location into register eax
movl (%eax), %ebx ;move the value at the address stored in register eax into register ebx i.e. mov the value of label mem_location into register ebx
movl $35, (%eax) ;move the value 35 at the location pointed by the address stored in register eax i.e. here in the current case, the current value of label mem_location would be over written with integer value 35
Reference : 1. 15 FIRST DATES WITH ASSEMBLY PROGRAMMING
2.Programming from ground up.