SlideShare a Scribd company logo

17

Download as PPTX, PDF
D
dano2osu

The Y86 architecture has 8 32-bit registers, 3 condition codes (ZF, SF, OF), a program counter (PC), and up to 4GB of memory. It supports normal, register, and displacement addressing modes. Instructions include arithmetic, logical operations, jumps, calls, returns, and memory load/store. The execution cycle fetches, decodes, executes, and updates the PC for each instruction. Condition codes track the results of arithmetic operations for conditional jumps.

TechnologyBusiness
1 of 57
CSE 2421 Autumn 2013 S. Preston
Y86 programmer-visible state • The Y86 has: • • • • • 8 32-bit registers with the same names as the IA32 32-bit registers 3 condition codes: ZF, SF, OF • no carry flag - interpret integers as signed a program counter (PC) • Holds the address of the instruction currently being executed a program status byte: AOK, HLT, ADR, INS • State of program execution memory: up to 4 GB to hold program and data (4096 = 2^12) RF: Program registers %eax %esi %ecx %edi %edx %esp %ebx CC: Condition codes Stat: Program Status %ebp ZF SF OF DMEM: Memory PC 2
Condition Codes • 3 condition codes in y86 • ZF – Set if the result of the last arithmetic operation is 0 • SF – Set if the result of the last arithmetic operation resulted in the sign bit being set • OF – Set if the result of the last arithmetic operation resulted in an overflow
Conditions • FLAGS: Zero, Sign, Overflow • Less or Equal • Z = 1, S = 1, O = X • Z = 0, S = 1, O = X • Z = 1, S = 0, O = X • Z = 0, S = X, O = X • Z = 1, S = 0, O = X • Z = 0, S = 0, O = X • Less • Equal • Not Equal • Greater or Equal • Greater
Simple Addressing Modes • Normal = (R) = Mem[Reg[R]] • Register Reg specifies memory address • denoted by a register in ( ) • Example value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 ecx = 0x00000120 addr 0x44 movl (%ecx),%eax move the value that is at the address in ecx into eax Moves 0x11223344 into eax 5
Simple Addressing Modes • Displacement = D(R) = Mem[Reg[R]+D] • Register R specifies start of memory address • Constant displacement D specifies offset • In bytes loads 0x33445566 into edx value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 0x44 0x124 • Denoted by displacement(register) ebp = 0x120 movl 2(%ebp),%edx move the value at ebp (0x120) + 2 into edx addr 0x55 0x125 0x66 6
Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again 7
Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again Why don’t we just do addl $1, %edx?? Cant! not allowed, only register to register 8
Y86 Stack • Stack top address always held in esp • Stack grows towards lower addresses Stack “Top” %esp • • • Stack “Bottom” Increasing Addresses
Y86 Stack - Push • Pushing • Decrement the stack register by 4 then store new data (1) addr value (2) addr value 0x11B //(1)esp = 0x120 movl 0xFECA8712, %eax push %eax //(1)esp = 0x11C 0x11B 0x11C 0x11C 0x12 0x11D 0x11D 0x87 0x11E 0x11E 0xCA 0x11F 0x11F 0xFE 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
Y86 Stack - Pop • Pushing • Save new data on stack, Increment the stack register by 4 (1) addr //(1) esp = 0x11C pop eax //(2) esp = 0x120 //eax = 0xFECA8712 value (2) addr value 0x11B 0x11B 0x11C 0x12 0x11C 0x11D 0x87 0x11D 0x11E 0xCA 0x11E 0x11F 0xFE 0x11F 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
Stack Example 2 ==PUSH== subl $4, %esp movl %ebp, (%esp) ==POP=== movl (%esp), %eax addl $4, %esp
Y86 Instruction Set 13
Fetch Cycle
Executing  rmmovl • Fetch • Read 6 bytes • Read operand registers • Decode • Execute • Compute effective address • Memory • Write to memory • Do nothing • Increment PC by 6 • Write back • PC Update 16
Executing  Arithmetic/Logical Ops • Fetch • Read 2 bytes • Read operand registers • Decode • Execute • • Perform operation Set condition codes • Do nothing • Update register • Increment PC by 2 • Memory • Write back • PC Update 17
Executing  popl • • • • • Fetch • Decode • Read stack pointer Execute • Increment stack pointer by 4 Memory • Read from old stack pointer Write back • • • Read 2 bytes Update stack pointer Write result to register PC Update • Increment PC by 2 18
Jumps • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Do nothing Execute • Determine whether to take branch based on jump condition and condition codes Memory • Do nothing Write back • Do nothing PC Update • Set PC to Dest if branch taken or to incremented PC if not branch 19
Executing  Call • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 20
Executing  ret • • • • • • Fetch • • Read 1 bytes Increment PC by 1 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 21
Instruction encoding practice • Determine the byte encoding of the following Y86 instruction sequence given ―.pos 0x100‖ specifies the starting address of the object code to be 0x100 (practice problem 4.1) .pos 0x100 # start code at address 0x100 irmovl $15, %ebx #load 15 into %ebx rrmovl %ebx, %ecx #copy 15 to %ecx loop: rmmovl %ecx, -3(%ebx)#save %ecx at addr 15-3=12 addl %ebx, %ecx #increment %ecx by 15 jmp loop # goto loop 23
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx rrmovl %ebx, %ecx rmmovl %ecx, -3(%ebx) loop: addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) 0x10e: 6031 //addl %ebx, %ecx jmp loop
Instruction encoding practice 0x100: 0x106: loop: 0x108: 0x10e: 0x110: 30f30f000000 //irmovl $15, %ebx 2031 //rrmovl %ebx, %ecx 4013fdffffff //rmmovl %ecx, -3(%ebx) 6031 //addl %ebx, %ecx 708010000 //jmp loop
Instruction encoding practice (cont) What about disassembling? 0x200: a06f80080200000030f30a00000090 0x400: 6113730004000000 29
Instruction encoding practice (cont) What about disassembling? 0x200: a06f push %esi 0x202: 80080200000030f30a00000090 0x400: 6113730004000000 30
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 8008020000 0x208: 30f30a00000090 0x400: 6113730004000000 pop %esi call 0x208 31
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx 32
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret 33
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx 34
Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 73004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx je 0x400 35
Y86 int Sum(int *Start, int Count) { int sum = 0; while (Count) { sum += *Start; Start++; Count--; } } 36
x86 • 8 32 bit registers • General Purpose Registers • • • • • • eax ebx ecx edx esi edi • Stack Register • esp • Base Register • ebp
x86 - Registers
x86 Registers • • • • • • eax, ebx, ecx, edx Registers can be accessed in parts Rrx – Referes to the 64 bit register erx – Refers to 32 bit register rx – Referes to the lower 16 bits of erx rh – Refers to the top 8 bits of the rx bit register • rl – Refers to the lower 8 bits of the rx register
Condition Flags • CF – Carry – Last arithmetic resulted in a carry • PF – Parity – Last arithmetic/logical operation results in even parity (even number of 1’s) • ZF – Zero – Last arithmetic/logical operation resulted in a zero • SF – Sign – Last arithmetic operation resulted in the sign bit being set • OF – Overflow – Last arithmetic resulted in an overflow
Condition Flags • AF – Adjust – Last arithmetic results in a carry out of the lowest 4 bits (Used for BCD arithmetic) • TF – Trap – Enables CPU single step mode – Used for debugging • IF – Interrupt Enable – Enables cpu to handle system interrupts • DF – Direction – Sets the direction of string processing from R->L
Verbiage • Opcode operand1, operand2 • operand1 and/or operand2 are not always required, depending on the opcode • mov eax, ebx • Opcode – mov • operand1 – eax • operand2 - ebx
Operand Specifiers • Source operand • Constants, registers, or memory • Destination operand • Registers or memory • Cannot do Memory-Memory transfer with a single instruction • 3 types of operands • Immediate • Register • Memory 43
IA32 – Intel Architecture • 32-bit address bus • • normal physical address space of 4 GBytes (232 bytes) addresses ranging continuously from 0 to 0xFFFFFFFF • Data formats  • • Primitive data types of C Single letter suffix • • denotes size of operand No aggregate types • Arrays, structures C Declaration Suffix Size char B 8 bits short W or S 16 bits int L 32 bits * (pointer) L 32 bits float S 32 bits 44
Addressing Modes • An addressing mode is a mechanism for specifying an address. • Immediate • Register • Memory • • • • Absolute • specify the address of the data Indirect • use register to calculate address Base + displacement • use register plus absolute address to calculate address Indexed • • Indexed • Add contents of an index register Scaled index • Add contents of an index register scaled by a constant 45
Operand addressing example Address Value 0x100 0xFF 0x104 0xAB 0x108 0x13 0x10C 0x11 Register Value ax 0x100 cx 0x01 dx 0x03 Operand %eax 0x104 $0x108 (%eax) Value Comment 0x100 Register 0xAB Absolute Address - memory 0x108 Immediate 0xFF Address 0x100 - indirect Address 0x104 - base+displacement 4(%eax) 0XAB (4+register) Address 0x10C – indexed 9(%eax,%edx) 0X11 (9 + eax+edx) Address 0x108 – indexed 0x104(%ecx,%edx) 0X13 (0x104+ecx+edx) Address 0x100 - scaled index 0xFC(,%ecx,4) 0XFF (0xfc+0+ecx*4) Address 0x10C - scaled index (%eax,%edx,4) 0X11 (eax+edx*4) *scaled index multiplies the 2nd argument by the scaled value (the 3rd argument) which must be a value of 1, 2, 4 or 8 (sizes of the primitive data types) 46
Operand Combinations example Source Dest Src,Dest* C analog Immediate Register movl $0x4, %eax temp = 0x4; Immediate Memory movl $-147, (%eax) *p = -147; Register Register movl %eax, %edx temp2 = temp1; Register Memory movl %eax, (%edx) *p = temp; Memory Register movl (%eax), %edx temp = *p; • Each statement should be viewed separately. • REMINDER: cannot do memory-memory transfer with a single instruction. • The parentheses around the register tell the assembler to use the register as a pointer. 47
Size Directive • Typically you can infer the size being operated on by which variation of the register is in use • mov (ebx), %eax • Destination EAX, implies moving 4 bytes • mov (ebx), %ax • Destination AX implies moving only 2 bytes • mov (ebx), %ah • Destination ah implies moving only 1 bytes
Size Directive • Sometimes it is unclear though. • mov $2, (%ebx) • How many bytes do you move into memory @ address ebx. 2? 4? 8? • Have to explicitly specify size when dealing with immediate values • movw $2, (%ebx) • Explicitly move 2 bytes • movl $2, (%ebx) • Explicitly move 4 bytes C Declaration Suffix Size char b 8 bits short w or s 16 bits int l 32 bits * (pointer) l 32 bits float s 32 bits long q 64 bits
x86 Instructions • Three categories • Data Movement • Arithmetic/Logic • Control-Flow • We will not cover ALL x86 instructions, there are numerous obscure ones • We will cover all of the common instructions • For full list of operands see Intel’s instruction set reference
x86 Instructions <reg32> Any 32-bit register (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP) <reg16> Any 16-bit register (AX, BX, CX, or DX) <reg8> Any 8-bit register (AH, BH, CH, DH, AL, BL, CL, or DL) <reg> Any register <mem> A memory address (e.g., [eax], [var + 4], or dword ptr [eax+ebx]) <con32> Any 32-bit constant <con16> Any 16-bit constant <con8> Any 8-bit constant <con> Any 8-, 16-, or 32-bit constant
Data Movement • mov source, destination • Move data from source to destination • Syntax mov <reg>,<reg> mov <reg>,<mem> mov <mem>,<reg> mov <const>, <reg> mov <const>, <mem> • Examples mov %eax, %ebx — copy the value in eax into ebx
Data Movement • push • add 4 bytes on top of the stack • Syntax push <reg32> push <mem> push <con32> • Examples push %eax — push eax on the stack
Data Movement • pop • remove top 4 byte value from stack • Syntax pop <reg32> pop <mem> • Examples pop %eax — pop off stack into eax
Data Movement • lea – Load Effective Address • loads the address of the source into the registers in the second operand • Syntax lea <mem>, <reg32> • Examples lea (var), %eax — address of var is placed into eax
Arithmetic and Logic • add • adds together the two operands and stores result in the second operand • Syntax add <reg>,<reg> add <reg>,<mem> add <mem>,<reg> add <imm>,<reg> add <imm>,<mem> Examples add $10, %eax — add 10 to the current value in eax, and store result in eax
Arithmetic and Logic • sub • subtracts the two operands and stores result in the second operand • Syntax sub <reg>,<reg> sub <reg>,<mem> sub <mem>,<reg> sub <imm>,<reg> sub <imm>,<mem> Examples sub $10, %eax — subtracts 10 from the current value in eax, and store result in eax

Recommended

Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Hsien-Hsin Sean Lee, Ph.D.
 
The Stack and Buffer Overflows
The Stack and Buffer OverflowsThe Stack and Buffer Overflows
The Stack and Buffer Overflows
UTD Computer Security Group
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Hsien-Hsin Sean Lee, Ph.D.
 
Seh based attack
Seh based attackSeh based attack
Seh based attack
Mihir Shah
 
Assem -lect-6
Assem -lect-6Assem -lect-6
Assem -lect-6
Dolly Angel
 
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Hsien-Hsin Sean Lee, Ph.D.
 
Windows debugging sisimon
Windows debugging sisimonWindows debugging sisimon
Windows debugging sisimon
Sisimon Soman
 
X86 assembly & GDB
X86 assembly & GDBX86 assembly & GDB
X86 assembly & GDB
Jian-Yu Li
 

Recommended

Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Lec20 Intro to Computer Engineering by Hsien-Hsin Sean Lee Georgia Tech -- Da...
Hsien-Hsin Sean Lee, Ph.D.
 
The Stack and Buffer Overflows
The Stack and Buffer OverflowsThe Stack and Buffer Overflows
The Stack and Buffer Overflows
UTD Computer Security Group
 
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Lec12 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- P6, Netbur...
Hsien-Hsin Sean Lee, Ph.D.
 
Seh based attack
Seh based attackSeh based attack
Seh based attack
Mihir Shah
 
Assem -lect-6
Assem -lect-6Assem -lect-6
Assem -lect-6
Dolly Angel
 
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Lec7 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Dynamic Sch...
Hsien-Hsin Sean Lee, Ph.D.
 
Windows debugging sisimon
Windows debugging sisimonWindows debugging sisimon
Windows debugging sisimon
Sisimon Soman
 
X86 assembly & GDB
X86 assembly & GDBX86 assembly & GDB
X86 assembly & GDB
Jian-Yu Li
 
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
Functional Thursday
 
L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16
Varun A M
 
ROP
ROPROP
ROP
Jian-Yu Li
 
Input Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerInput Output programming in AVR microcontroller
Input Output programming in AVR microcontroller
Robo India
 
How Functions Work
How Functions WorkHow Functions Work
How Functions Work
Saumil Shah
 
Class9
Class9Class9
Class9
Sai Santosh Praveen
 
Programming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CProgramming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded C
Varun A M
 
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISALec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Hsien-Hsin Sean Lee, Ph.D.
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
GangSeok Lee
 
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- MulticoreLec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Hsien-Hsin Sean Lee, Ph.D.
 
Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1
Tom Paulus
 
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Hsien-Hsin Sean Lee, Ph.D.
 
Dsd lab Practical File
Dsd lab Practical FileDsd lab Practical File
Dsd lab Practical File
Soumya Behera
 
W10: Interrupts
W10: InterruptsW10: Interrupts
W10: Interrupts
Daniel Roggen
 
Microprocessor Week 8: Subroutine
Microprocessor Week 8: Subroutine Microprocessor Week 8: Subroutine
Microprocessor Week 8: Subroutine
Arkhom Jodtang
 
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Anne Nicolas
 
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
RootedCON
 
Page table manipulation attack
Page table manipulation attackPage table manipulation attack
Page table manipulation attack
Jungseung Lee 이정승
 
Microcontroller Instruction Set atmel
Microcontroller Instruction Set atmelMicrocontroller Instruction Set atmel
Microcontroller Instruction Set atmel
Ruderocker Billy
 
Using Timers in PIC18F Microcontrollers
Using Timers in PIC18F MicrocontrollersUsing Timers in PIC18F Microcontrollers
Using Timers in PIC18F Microcontrollers
Corrado Santoro
 
Intro to reverse engineering owasp
Intro to reverse engineering owaspIntro to reverse engineering owasp
Intro to reverse engineering owasp
Tsvetelin Choranov
 
lec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdflec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdf
hasan58964
 

More Related Content

What's hot

[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
Functional Thursday
 
L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16
Varun A M
 
ROP
ROPROP
ROP
Jian-Yu Li
 
Input Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerInput Output programming in AVR microcontroller
Input Output programming in AVR microcontroller
Robo India
 
How Functions Work
How Functions WorkHow Functions Work
How Functions Work
Saumil Shah
 
Class9
Class9Class9
Class9
Sai Santosh Praveen
 
Programming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CProgramming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded C
Varun A M
 
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISALec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Hsien-Hsin Sean Lee, Ph.D.
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
GangSeok Lee
 
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- MulticoreLec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Hsien-Hsin Sean Lee, Ph.D.
 
Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1
Tom Paulus
 
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Hsien-Hsin Sean Lee, Ph.D.
 
Dsd lab Practical File
Dsd lab Practical FileDsd lab Practical File
Dsd lab Practical File
Soumya Behera
 
W10: Interrupts
W10: InterruptsW10: Interrupts
W10: Interrupts
Daniel Roggen
 
Microprocessor Week 8: Subroutine
Microprocessor Week 8: Subroutine Microprocessor Week 8: Subroutine
Microprocessor Week 8: Subroutine
Arkhom Jodtang
 
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Anne Nicolas
 
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
RootedCON
 
Page table manipulation attack
Page table manipulation attackPage table manipulation attack
Page table manipulation attack
Jungseung Lee 이정승
 
Microcontroller Instruction Set atmel
Microcontroller Instruction Set atmelMicrocontroller Instruction Set atmel
Microcontroller Instruction Set atmel
Ruderocker Billy
 
Using Timers in PIC18F Microcontrollers
Using Timers in PIC18F MicrocontrollersUsing Timers in PIC18F Microcontrollers
Using Timers in PIC18F Microcontrollers
Corrado Santoro
 

What's hot (20)

[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
[FT-11][suhorng] “Poor Man's” Undergraduate Compilers
 
L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16 L293D IC interfacing with ATmega16
L293D IC interfacing with ATmega16
 
ROP
ROPROP
ROP
 
Input Output programming in AVR microcontroller
Input Output programming in AVR microcontrollerInput Output programming in AVR microcontroller
Input Output programming in AVR microcontroller
 
How Functions Work
How Functions WorkHow Functions Work
How Functions Work
 
Class9
Class9Class9
Class9
 
Programming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded CProgramming ATmega microcontroller using Embedded C
Programming ATmega microcontroller using Embedded C
 
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISALec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
Lec4 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- ISA
 
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
[2012 CodeEngn Conference 06] pwn3r - Secuinside 2012 CTF 예선 문제풀이
 
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- MulticoreLec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
Lec13 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Multicore
 
Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1Getting Started with Raspberry Pi - DCC 2013.1
Getting Started with Raspberry Pi - DCC 2013.1
 
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
Lec11 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Memory part3
 
Dsd lab Practical File
Dsd lab Practical FileDsd lab Practical File
Dsd lab Practical File
 
W10: Interrupts
W10: InterruptsW10: Interrupts
W10: Interrupts
 
Microprocessor Week 8: Subroutine
Microprocessor Week 8: Subroutine Microprocessor Week 8: Subroutine
Microprocessor Week 8: Subroutine
 
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
Kernel Recipes 2014 - x86 instruction encoding and the nasty hacks we do in t...
 
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
Ilfak Guilfanov - Decompiler internals: Microcode [rooted2018]
 
Page table manipulation attack
Page table manipulation attackPage table manipulation attack
Page table manipulation attack
 
Microcontroller Instruction Set atmel
Microcontroller Instruction Set atmelMicrocontroller Instruction Set atmel
Microcontroller Instruction Set atmel
 
Using Timers in PIC18F Microcontrollers
Using Timers in PIC18F MicrocontrollersUsing Timers in PIC18F Microcontrollers
Using Timers in PIC18F Microcontrollers
 

Similar to 17

Intro to reverse engineering owasp
Intro to reverse engineering owaspIntro to reverse engineering owasp
Intro to reverse engineering owasp
Tsvetelin Choranov
 
lec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdflec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdf
hasan58964
 
PattPatelCh04.ppt
PattPatelCh04.pptPattPatelCh04.ppt
PattPatelCh04.ppt
DipakShow2
 
Coal (1)
Coal (1)Coal (1)
Coal (1)
talhashahid40
 
class04_x86assembly.ppt hy there u need be
class04_x86assembly.ppt hy there u need beclass04_x86assembly.ppt hy there u need be
class04_x86assembly.ppt hy there u need be
mnewg218
 
LFSR Lecture
LFSR LectureLFSR Lecture
LFSR Lecture
ssuseradfc19
 
other-architectures.ppt
other-architectures.pptother-architectures.ppt
other-architectures.ppt
Jaya Chavan
 
Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...
Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...
Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...
haseebali10701
 
Central processing unit
Central processing unitCentral processing unit
Central processing unit
Heman Pathak
 
Introduction to debugging linux applications
Introduction to debugging linux applicationsIntroduction to debugging linux applications
Introduction to debugging linux applications
commiebstrd
 
Load-time Hacking using LD_PRELOAD
Load-time Hacking using LD_PRELOADLoad-time Hacking using LD_PRELOAD
Load-time Hacking using LD_PRELOAD
Dharmalingam Ganesan
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)
bolovv
 
Advance ROP Attacks
Advance ROP AttacksAdvance ROP Attacks
Advance ROP Attacks
n|u - The Open Security Community
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROP
Saumil Shah
 
8253,8254
8253,8254 8253,8254
8253,8254
jemimajerome
 
x86
x86x86
x86
Wei-Bo Chen
 
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
Weber Tsai
 
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- PipeliningLec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Hsien-Hsin Sean Lee, Ph.D.
 
Esd module2
Esd module2Esd module2
Esd module2
SOURAV KUMAR
 
heuring_jordan_----------ch02(1) (1).pptx
heuring_jordan_----------ch02(1) (1).pptxheuring_jordan_----------ch02(1) (1).pptx
heuring_jordan_----------ch02(1) (1).pptx
christinamary2620
 

Similar to 17 (20)

Intro to reverse engineering owasp
Intro to reverse engineering owaspIntro to reverse engineering owasp
Intro to reverse engineering owasp
 
lec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdflec15_x86procedure_4up.pdf
lec15_x86procedure_4up.pdf
 
PattPatelCh04.ppt
PattPatelCh04.pptPattPatelCh04.ppt
PattPatelCh04.ppt
 
Coal (1)
Coal (1)Coal (1)
Coal (1)
 
class04_x86assembly.ppt hy there u need be
class04_x86assembly.ppt hy there u need beclass04_x86assembly.ppt hy there u need be
class04_x86assembly.ppt hy there u need be
 
LFSR Lecture
LFSR LectureLFSR Lecture
LFSR Lecture
 
other-architectures.ppt
other-architectures.pptother-architectures.ppt
other-architectures.ppt
 
Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...
Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...
Maximizing CPU Efficiency: A Comprehensive Exploration of Pipelining in Compu...
 
Central processing unit
Central processing unitCentral processing unit
Central processing unit
 
Introduction to debugging linux applications
Introduction to debugging linux applicationsIntroduction to debugging linux applications
Introduction to debugging linux applications
 
Load-time Hacking using LD_PRELOAD
Load-time Hacking using LD_PRELOADLoad-time Hacking using LD_PRELOAD
Load-time Hacking using LD_PRELOAD
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)
 
Advance ROP Attacks
Advance ROP AttacksAdvance ROP Attacks
Advance ROP Attacks
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROP
 
8253,8254
8253,8254 8253,8254
8253,8254
 
x86
x86x86
x86
 
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
 
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- PipeliningLec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
Lec1 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- Pipelining
 
Esd module2
Esd module2Esd module2
Esd module2
 
heuring_jordan_----------ch02(1) (1).pptx
heuring_jordan_----------ch02(1) (1).pptxheuring_jordan_----------ch02(1) (1).pptx
heuring_jordan_----------ch02(1) (1).pptx
 

Recently uploaded

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 

Recently uploaded (20)

5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 

17

  • 2. Y86 programmer-visible state • The Y86 has: • • • • • 8 32-bit registers with the same names as the IA32 32-bit registers 3 condition codes: ZF, SF, OF • no carry flag - interpret integers as signed a program counter (PC) • Holds the address of the instruction currently being executed a program status byte: AOK, HLT, ADR, INS • State of program execution memory: up to 4 GB to hold program and data (4096 = 2^12) RF: Program registers %eax %esi %ecx %edi %edx %esp %ebx CC: Condition codes Stat: Program Status %ebp ZF SF OF DMEM: Memory PC 2
  • 3. Condition Codes • 3 condition codes in y86 • ZF – Set if the result of the last arithmetic operation is 0 • SF – Set if the result of the last arithmetic operation resulted in the sign bit being set • OF – Set if the result of the last arithmetic operation resulted in an overflow
  • 4. Conditions • FLAGS: Zero, Sign, Overflow • Less or Equal • Z = 1, S = 1, O = X • Z = 0, S = 1, O = X • Z = 1, S = 0, O = X • Z = 0, S = X, O = X • Z = 1, S = 0, O = X • Z = 0, S = 0, O = X • Less • Equal • Not Equal • Greater or Equal • Greater
  • 5. Simple Addressing Modes • Normal = (R) = Mem[Reg[R]] • Register Reg specifies memory address • denoted by a register in ( ) • Example value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 ecx = 0x00000120 addr 0x44 movl (%ecx),%eax move the value that is at the address in ecx into eax Moves 0x11223344 into eax 5
  • 6. Simple Addressing Modes • Displacement = D(R) = Mem[Reg[R]+D] • Register R specifies start of memory address • Constant displacement D specifies offset • In bytes loads 0x33445566 into edx value 0x120 0x11 0x121 0x22 0x122 0x33 0x123 0x44 0x124 • Denoted by displacement(register) ebp = 0x120 movl 2(%ebp),%edx move the value at ebp (0x120) + 2 into edx addr 0x55 0x125 0x66 6
  • 7. Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again 7
  • 8. Y86 example program w/ loop # y86loop.ys .pos 0x0 irmovl $0,%eax irmovl $1,%ecx Loop: addl %ecx,%eax irmovl $1,%edx addl %edx,%ecx irmovl $1000,%edx subl %ecx,%edx jge Loop halt # sum = 0 # num = 1 CONVERT TO C sum=0; num = 1; do { sum += num; num++; } while (1000 – num >= 0) # sum += num # tmp = 1 # num++ # lim = 1000 # if lim - num >= 0 # loop again Why don’t we just do addl $1, %edx?? Cant! not allowed, only register to register 8
  • 9. Y86 Stack • Stack top address always held in esp • Stack grows towards lower addresses Stack “Top” %esp • • • Stack “Bottom” Increasing Addresses
  • 10. Y86 Stack - Push • Pushing • Decrement the stack register by 4 then store new data (1) addr value (2) addr value 0x11B //(1)esp = 0x120 movl 0xFECA8712, %eax push %eax //(1)esp = 0x11C 0x11B 0x11C 0x11C 0x12 0x11D 0x11D 0x87 0x11E 0x11E 0xCA 0x11F 0x11F 0xFE 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
  • 11. Y86 Stack - Pop • Pushing • Save new data on stack, Increment the stack register by 4 (1) addr //(1) esp = 0x11C pop eax //(2) esp = 0x120 //eax = 0xFECA8712 value (2) addr value 0x11B 0x11B 0x11C 0x12 0x11C 0x11D 0x87 0x11D 0x11E 0xCA 0x11E 0x11F 0xFE 0x11F 0x120 0x11 0x120 0x11 0x121 0x22 0x121 0x22 0x122 0x33 0x122 0x33
  • 12. Stack Example 2 ==PUSH== subl $4, %esp movl %ebp, (%esp) ==POP=== movl (%esp), %eax addl $4, %esp
  • 14.
  • 16. Executing  rmmovl • Fetch • Read 6 bytes • Read operand registers • Decode • Execute • Compute effective address • Memory • Write to memory • Do nothing • Increment PC by 6 • Write back • PC Update 16
  • 17. Executing  Arithmetic/Logical Ops • Fetch • Read 2 bytes • Read operand registers • Decode • Execute • • Perform operation Set condition codes • Do nothing • Update register • Increment PC by 2 • Memory • Write back • PC Update 17
  • 18. Executing  popl • • • • • Fetch • Decode • Read stack pointer Execute • Increment stack pointer by 4 Memory • Read from old stack pointer Write back • • • Read 2 bytes Update stack pointer Write result to register PC Update • Increment PC by 2 18
  • 19. Jumps • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Do nothing Execute • Determine whether to take branch based on jump condition and condition codes Memory • Do nothing Write back • Do nothing PC Update • Set PC to Dest if branch taken or to incremented PC if not branch 19
  • 20. Executing  Call • • • • • • Fetch • • Read 5 bytes Increment PC by 5 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 20
  • 21. Executing  ret • • • • • • Fetch • • Read 1 bytes Increment PC by 1 Decode • Read stack pointer Execute • Decrement stack pointer by 4 Memory • Write incremented PC to new value of stack pointer Write back • Update stack pointer PC Update • Set PC to Dest 21
  • 22.
  • 23. Instruction encoding practice • Determine the byte encoding of the following Y86 instruction sequence given ―.pos 0x100‖ specifies the starting address of the object code to be 0x100 (practice problem 4.1) .pos 0x100 # start code at address 0x100 irmovl $15, %ebx #load 15 into %ebx rrmovl %ebx, %ecx #copy 15 to %ecx loop: rmmovl %ecx, -3(%ebx)#save %ecx at addr 15-3=12 addl %ebx, %ecx #increment %ecx by 15 jmp loop # goto loop 23
  • 24. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx rrmovl %ebx, %ecx rmmovl %ecx, -3(%ebx) loop: addl %ebx, %ecx jmp loop
  • 25. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
  • 26. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) addl %ebx, %ecx jmp loop
  • 27. Instruction encoding practice 0x100: 30f30f000000 //irmovl $15, %ebx 0x106: 2031 //rrmovl %ebx, %ecx loop: 0x108: 4013fdffffff //rmmovl %ecx, -3(%ebx) 0x10e: 6031 //addl %ebx, %ecx jmp loop
  • 28. Instruction encoding practice 0x100: 0x106: loop: 0x108: 0x10e: 0x110: 30f30f000000 //irmovl $15, %ebx 2031 //rrmovl %ebx, %ecx 4013fdffffff //rmmovl %ecx, -3(%ebx) 6031 //addl %ebx, %ecx 708010000 //jmp loop
  • 29. Instruction encoding practice (cont) What about disassembling? 0x200: a06f80080200000030f30a00000090 0x400: 6113730004000000 29
  • 30. Instruction encoding practice (cont) What about disassembling? 0x200: a06f push %esi 0x202: 80080200000030f30a00000090 0x400: 6113730004000000 30
  • 31. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 8008020000 0x208: 30f30a00000090 0x400: 6113730004000000 pop %esi call 0x208 31
  • 32. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx 32
  • 33. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret 33
  • 34. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 730004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx 34
  • 35. Instruction encoding practice (cont) What about disassembling? 0x200: a06f 0x202: 800802000000 0x208: 30f30a000000 0x20F: 90 0x400: 6113 0x402: 73004000000 pop %esi call 0x208 irmovl $a0, %ebx ret subl %ecx, %ebx je 0x400 35
  • 36. Y86 int Sum(int *Start, int Count) { int sum = 0; while (Count) { sum += *Start; Start++; Count--; } } 36
  • 37. x86 • 8 32 bit registers • General Purpose Registers • • • • • • eax ebx ecx edx esi edi • Stack Register • esp • Base Register • ebp
  • 39. x86 Registers • • • • • • eax, ebx, ecx, edx Registers can be accessed in parts Rrx – Referes to the 64 bit register erx – Refers to 32 bit register rx – Referes to the lower 16 bits of erx rh – Refers to the top 8 bits of the rx bit register • rl – Refers to the lower 8 bits of the rx register
  • 40. Condition Flags • CF – Carry – Last arithmetic resulted in a carry • PF – Parity – Last arithmetic/logical operation results in even parity (even number of 1’s) • ZF – Zero – Last arithmetic/logical operation resulted in a zero • SF – Sign – Last arithmetic operation resulted in the sign bit being set • OF – Overflow – Last arithmetic resulted in an overflow
  • 41. Condition Flags • AF – Adjust – Last arithmetic results in a carry out of the lowest 4 bits (Used for BCD arithmetic) • TF – Trap – Enables CPU single step mode – Used for debugging • IF – Interrupt Enable – Enables cpu to handle system interrupts • DF – Direction – Sets the direction of string processing from R->L
  • 42. Verbiage • Opcode operand1, operand2 • operand1 and/or operand2 are not always required, depending on the opcode • mov eax, ebx • Opcode – mov • operand1 – eax • operand2 - ebx
  • 43. Operand Specifiers • Source operand • Constants, registers, or memory • Destination operand • Registers or memory • Cannot do Memory-Memory transfer with a single instruction • 3 types of operands • Immediate • Register • Memory 43
  • 44. IA32 – Intel Architecture • 32-bit address bus • • normal physical address space of 4 GBytes (232 bytes) addresses ranging continuously from 0 to 0xFFFFFFFF • Data formats  • • Primitive data types of C Single letter suffix • • denotes size of operand No aggregate types • Arrays, structures C Declaration Suffix Size char B 8 bits short W or S 16 bits int L 32 bits * (pointer) L 32 bits float S 32 bits 44
  • 45. Addressing Modes • An addressing mode is a mechanism for specifying an address. • Immediate • Register • Memory • • • • Absolute • specify the address of the data Indirect • use register to calculate address Base + displacement • use register plus absolute address to calculate address Indexed • • Indexed • Add contents of an index register Scaled index • Add contents of an index register scaled by a constant 45
  • 46. Operand addressing example Address Value 0x100 0xFF 0x104 0xAB 0x108 0x13 0x10C 0x11 Register Value ax 0x100 cx 0x01 dx 0x03 Operand %eax 0x104 $0x108 (%eax) Value Comment 0x100 Register 0xAB Absolute Address - memory 0x108 Immediate 0xFF Address 0x100 - indirect Address 0x104 - base+displacement 4(%eax) 0XAB (4+register) Address 0x10C – indexed 9(%eax,%edx) 0X11 (9 + eax+edx) Address 0x108 – indexed 0x104(%ecx,%edx) 0X13 (0x104+ecx+edx) Address 0x100 - scaled index 0xFC(,%ecx,4) 0XFF (0xfc+0+ecx*4) Address 0x10C - scaled index (%eax,%edx,4) 0X11 (eax+edx*4) *scaled index multiplies the 2nd argument by the scaled value (the 3rd argument) which must be a value of 1, 2, 4 or 8 (sizes of the primitive data types) 46
  • 47. Operand Combinations example Source Dest Src,Dest* C analog Immediate Register movl $0x4, %eax temp = 0x4; Immediate Memory movl $-147, (%eax) *p = -147; Register Register movl %eax, %edx temp2 = temp1; Register Memory movl %eax, (%edx) *p = temp; Memory Register movl (%eax), %edx temp = *p; • Each statement should be viewed separately. • REMINDER: cannot do memory-memory transfer with a single instruction. • The parentheses around the register tell the assembler to use the register as a pointer. 47
  • 48. Size Directive • Typically you can infer the size being operated on by which variation of the register is in use • mov (ebx), %eax • Destination EAX, implies moving 4 bytes • mov (ebx), %ax • Destination AX implies moving only 2 bytes • mov (ebx), %ah • Destination ah implies moving only 1 bytes
  • 49. Size Directive • Sometimes it is unclear though. • mov $2, (%ebx) • How many bytes do you move into memory @ address ebx. 2? 4? 8? • Have to explicitly specify size when dealing with immediate values • movw $2, (%ebx) • Explicitly move 2 bytes • movl $2, (%ebx) • Explicitly move 4 bytes C Declaration Suffix Size char b 8 bits short w or s 16 bits int l 32 bits * (pointer) l 32 bits float s 32 bits long q 64 bits
  • 50. x86 Instructions • Three categories • Data Movement • Arithmetic/Logic • Control-Flow • We will not cover ALL x86 instructions, there are numerous obscure ones • We will cover all of the common instructions • For full list of operands see Intel’s instruction set reference
  • 51. x86 Instructions <reg32> Any 32-bit register (EAX, EBX, ECX, EDX, ESI, EDI, ESP, or EBP) <reg16> Any 16-bit register (AX, BX, CX, or DX) <reg8> Any 8-bit register (AH, BH, CH, DH, AL, BL, CL, or DL) <reg> Any register <mem> A memory address (e.g., [eax], [var + 4], or dword ptr [eax+ebx]) <con32> Any 32-bit constant <con16> Any 16-bit constant <con8> Any 8-bit constant <con> Any 8-, 16-, or 32-bit constant
  • 52. Data Movement • mov source, destination • Move data from source to destination • Syntax mov <reg>,<reg> mov <reg>,<mem> mov <mem>,<reg> mov <const>, <reg> mov <const>, <mem> • Examples mov %eax, %ebx — copy the value in eax into ebx
  • 53. Data Movement • push • add 4 bytes on top of the stack • Syntax push <reg32> push <mem> push <con32> • Examples push %eax — push eax on the stack
  • 54. Data Movement • pop • remove top 4 byte value from stack • Syntax pop <reg32> pop <mem> • Examples pop %eax — pop off stack into eax
  • 55. Data Movement • lea – Load Effective Address • loads the address of the source into the registers in the second operand • Syntax lea <mem>, <reg32> • Examples lea (var), %eax — address of var is placed into eax
  • 56. Arithmetic and Logic • add • adds together the two operands and stores result in the second operand • Syntax add <reg>,<reg> add <reg>,<mem> add <mem>,<reg> add <imm>,<reg> add <imm>,<mem> Examples add $10, %eax — add 10 to the current value in eax, and store result in eax
  • 57. Arithmetic and Logic • sub • subtracts the two operands and stores result in the second operand • Syntax sub <reg>,<reg> sub <reg>,<mem> sub <mem>,<reg> sub <imm>,<reg> sub <imm>,<mem> Examples sub $10, %eax — subtracts 10 from the current value in eax, and store result in eax

Editor's Notes

  1. Start of Chapter 4http://vip.cs.utsa.edu/classes/cs3843f2011/notes/ch04-1.html
  2. Technically, the bits are set to ZF=1, SF=0 and OF=0 when the program startsWhy not add 1 to %ecx addl $1,%edx… CAN’T not allowed – only reg to reg Op
  3. Technically, the bits are set to ZF=1, SF=0 and OF=0 when the program startsWhy not add 1 to %ecx addl $1,%edx… CAN’T not allowed – only reg to reg Op
  4. 0x100: 30f30f0000000x106: 20310x108: 4013fdffffff0x10e: 60310x110: 7008010000
  5. Parts A, B and D of practice problem 4.2See pages 458-459 for solutions*** C and E have exceptions
  6. Of course can’t have a constant as a destination operand
  7. Similar to Y86 .long but Y86 has only one operand size (32-bit)
  8. Reminder: Y86 has two addressing modes:(reg) = get the value at that address designated by the reg this is “indirect” for IA32D(reg) = displacement + reg then get the value at the address of D+R  this is “base + displacement” for IA32