Title: Essentials of 80x86 Assembly Language
1Chapter 6 Procedures
26.1 The 80x86 Stack
3Hardware Stack
- Allocated with directive, for example.STACK
4096allocates 4096 uninitialized memory bytes - Visual Studio project setting can also be used to
allocate stack space - Most access is indirect, through the stack point
register ESP - Operating system initializes ESP to point to byte
above stack - As program executes, it points to the last item
pushed on the stack
4push instruction
- Usual format push source
- source can in memory, register or immediate
- doubleword or word pushed on the stack
- Formats to use when the assembler cannot
determine operand size - pushd source
- pushw source
5push execution
- ESP decremented by size of operand
- Operand stored in stack where ESP points after
being decremented - Flags not changed
6push Example
7pop instruction and execution
- Usual format pop destination
- doubleword or word destination can in memory or
register - Operand stored in stack where ESP points is
copied to destination - ESP incremented by size of operand after the
value is copied - Flags not changed
8pop Example
9Pushing/Popping Flags
- pushfd pushes EFLAGS register contents onto stack
- popfd pops doubleword from top of stack into
EFLAGS
10Viewing the Stack with Debugger
- Stop at breakpoint
- View registers
- ESP contains address of byte above stack
- Subtract number of bytes to view from the address
in ESP - Use this as the starting address at which to view
memory - Example if ESP contains 0042FFC4, using
0042FFC4 20 0042FFA4 lets you see the top 32
(2016) bytes of the stack
116.2 32-bit Procedures with Value Parameters
12Terminology
- Procedure - a subprogram that is essentially a
self-contained unit - Main program or another subprogram calls a
procedure - A procedure may simply do a task or it may return
a value - value-returning procedure is sometimes called a
function
13Procedure Concepts
- Transfer of control from calling program to
procedure and back - Passing parameter values to procedure and results
back from the procedure - Having procedure code that is independent of the
calling program - The cdecl protocol provides one standard
implementation scheme
14Procedure Definition
- In a code segment with body statements bracketed
by PROC and ENDP directives giving procedure name - .CODE
- procName PROC
- procedure body
- ...
- procName ENDP
15Transferring Control to a Procedure
- In the main program, use
- call procName
- The next instruction executed will be the first
one in the procedure
16Returning from a Procedure
- In the procedure, use
- ret
- The next instruction executed will be the one
following the call in the main program
17How call Works
- The address of the instruction following the call
is pushed on the stack - The instruction pointer register EIP is loaded
with the address of the first instruction in the
procedure
18How ret Works
- The doubleword on the top of the stack is popped
into the instruction pointer register EIP - Assuming that this was the address of the
instruction following the call, that instruction
will be executed next - If the stack has been used for other values after
the call, these must be removed before the ret
instruction is executed
19Alternative ret Format
- ret n
- n is added to ESP after the return address is
popped - This is most often used to logically remove
procedure parameters that have been pushed onto
the stack - Not used in cdecl protocol
20Parameter Terminology
- A procedure definition often includes parameters
(also called formal parameters) - These are associated with arguments (also called
actual parameters) when the procedure is called - For a procedure's in (pass-by-value) parameters,
values of the arguments are copied to the
parameters when the procedure is called - These values are referenced in the procedure
using their local names (the identifiers used to
define the parameters)
21Implementing Value Parameters
- Parameter values normally passed on the stack
- Pushed in reverse order from argument list
- Example
- Design or high-level code sum add2(value1,
value2) - 80x86 implementationpush ecx assuming
value2 in ECXpush value1 assuming value1
in memorycall add2 call procedure to
find sumadd esp, 8 remove parameters
from stackmov sum, eax sum in memory - With the cdecl protocol the calling program must
remove parameters from the stack - A single integer value normally returned in EAX
22Procedure Entry Code
- Since the stack pointer ESP may change, a
procedure starts with entry code to set the base
pointer EBP to an address in the stack - This location is fixed until exit code restores
EBP right before returning - In the procedure body, parameters are located
relative to EBP - Entry code also saves contents of registers that
are used locally within the procedure body - Exit code restores these registers
23Example Procedure
- add2 PROC add two words passed on the
stack - return the sum in the EAX
register - push ebp save EBP
- mov ebp,esp establish stack
frame - mov eax,ebp8 copy first
parameter value - add eax,ebp12 add second
parameter value - pop ebp restore EBP
- ret return
- add2 ENDP
24 parameter 2 parameter 2
parameter 2 parameter 2
parameter 2 parameter 2
parameter 2 parameter 2
parameter 1 ? parameter 1
parameter 1 increasing parameter 1
parameter 1 addresses parameter 1
parameter 1 parameter 1
return address return address
return address return address
return address return address
ESP ? return address return address
old value of EBP
old value of EBP
old value of EBP
ESP,EBP ? old value of EBP
stack upon procedure entry stack upon procedure entry stack upon procedure entry stack upon procedure entry after EBP established after EBP established after EBP established
Stack frame upon entry to procedure add2 and
after EBP established in entry code
25Accessing Parameters in a Procedure
- Use based addressing
- Since the value is actually on the stack, EBPn
references the value - Examplemov eax,ebp8 copies the last
parameter pushed to EAX
26Saving/Restoring Registers
- Push registers in entry code after EBP is
established - Exit code pops registers in the opposite order
- Calling programs flag values from can be saved
with pushfd/popfd
27Entry and Exit Code Summary
- Entry code
- push ebp establish stack frame
- mov ebp, esp
- push ... save registers
- ...
- push ...
- pushfd save flags
- Exit code
- popfd restore flags
- pop ... restore registers
- ...
- pop ...
- pop ebp restore EBP
- ret return
28Procedure Call Summary
calling program code procedure code
push arguments on stack in right-to-left order call procedure add number of bytes of parameters to ESP for value-returning procedure, use value in EAX save EBP and establish stack frame save registers used by procedure access parameter values using based addressing in procedure body return value, if any, goes in EAX restore saved registers and EBP return
296.3 Additional 32-bit Procedure Options
30Reference Parameters
- The address of the argument instead of its value
is passed to the procedure - Reference parameters are used
- To send a large argument (for example, an array
or a structure) to a procedure - To send results back to the calling program as
argument values
31Passing an Address
- lea instruction can put address of an argument in
a register, and then the contents can be pushed
on the stack - lea eax, minimum 3rd parameter
- push eax
32Returning a Value in a Parameter
- Get address from stack
- Use register indirect addressing
- mov ebx, ebp16 get addr of min
- ...
- mov ebx, eax min ai
33Allocating Local Variable Space
- save EBP and establish stack frame
- subtract number of bytes of local space from ESP
- save registers used by procedure
- Access both parameters and local variables in
procedure body using based addressing - return value, if any, goes in EAX
- restore saved registers
- copy EBP to ESP
- restore EBP
- return
New entry and exit code actions are bold
34Recursive Procedure
- Calls itself, directly or indirectly
- Many algorithms are very difficult to implement
without recursion - A recursive call is coded just like any other
procedure call
35Separate Assembly
- Procedure code can be in a separate file from the
calling program - File with call has an EXTERN directive to
describe procedure that is defined in another
file - ExampleEXTERN minMaxPROC
3664-bit procedures
37Stack Usage
- Normally push and pop quadwords
- call pushes a 64-bit address on the stack
- ret pops a 64-bit address into RIP
- Calling procedures entry code must reserve space
on the stack for arguments. - Typical code includes sub rsp,120
3864-bit protocol
- Different from cdecl
- First four arguments passed in registers
- Later arguments copied to stack
- Fifth argument is copied to RSP32
Argument Register
1 RCX
2 RDX
3 R8
4 R9
39Register Usage
- RAX, RCX, RDX, and R8-R11 are called volatile
- A called procedure is free to change them
- RBX, RDI, RSI, RBP, RSP and R12-R15 are called
nonvolatile - A called procedure has the responsibility of
preserving them - In practice, it is safest to preserve any
register that you dont want destroyed by a
called procedure
40Procedure to Add Five Integers
- void add5(int x1,int x2,int x3,int x4,int x5)
- returns sum of arguments
- add5 PROC
- mov eax, ecx x1
- add eax, edx x2
- add eax, r8d x3
- add eax, r9d x4
- add eax, DWORD PTR rsp40 x5
- ret return
- add5 ENDP
416.5 Macro Definition and Expansion
42Macro
- Expands to the statements it represents
- Expansion then assembled
- Resembles a procedure call, but is different
- Each time a macro appears in code, it is expanded
- There is only one copy of procedure code
43Macro Definition
- name MACRO list of parameters
- assembly language statements
- ENDM
- Parameters in the MACRO directive are ordinary
symbols, separated by commas - The assembly language statements may use the
parameters as well as registers, immediate
operands, or symbols defined outside the macro
44Macro Example 1
- Given the definition
- add2 MACRO nbr1, nbr2
- put sum of two doubleword parameters in EAX
- mov eax, nbr1
- add eax, nbr2
- ENDM
- the macro call
- add2 value, 30 value 30
- expands to
- put sum of two doubleword parameters in EAX
- mov eax, value
- add eax, 30
45Macro Example 2
- Given the definition
- add2 MACRO nbr1, nbr2
- put sum of two doubleword parameters in EAX
- mov eax, nbr1
- add eax, nbr2
- ENDM
- the macro call
- add2 eax, ebx sum of two values
- expands to
- put sum of two doubleword parameters in EAX
- mov eax, eax
- add eax, ebx
46Macro Example 3
- Given the definition
- add2 MACRO nbr1, nbr2
- put sum of two doubleword parameters in EAX
- mov eax, nbr1
- add eax, nbr2
- ENDM
- the macro call
- add2 value
- expands to
- put sum of two doubleword parameters in EAX
- mov eax, value
- add eax, (wont assemble)
47Macros in IO.H
- Each expands to a statement that calls a
procedure, for example - atod MACRO source convert ASCII string
- to integer in EAX
- lea eax,source source address to AX
- push eax source parameter on
stack - call atodproc call atodproc(source)
- add esp, 4 remove parameter
- ENDM