Practical Session 2 Flags Register Status Register A

Practical Session 2

Flags Register (Status Register) • A flag is a single bit of information whose meaning is independent from any other bit • Each flag has a two-letter symbol

CF - Carry Flag 1. If the result of an arithmetic or shift operation "carries out" a bit from the operand, CF becomes set 1111 + 00000001 = 10000 CF = 1 2. The carry (borrow) flag is also set if the subtraction of two numbers requires a borrow into MSB subtracted 0000 - 00000001 = 1111 CF = 1 • • In unsigned arithmetic, watch the carry flag to detect errors. In signed arithmetic, the carry flag tells you nothing interesting. 0000 - 00000001 = 1111 • unsigned arithmetic => 1111 = 255 (decimal) => got the wrong answer • signed arithmetic => 1111 = -1 (decimal) => got right answer, do not care about value of CF

OF – Overflow Flag 1. If the sum of two numbers with the sign bits off yields a result number with the sign bit on, the "overflow" flag is turned on. 0100 + 0100 = 1000 OF = 1 2. If the sum of two numbers with the sign bits on yields a result number with the sign bit off, the "overflow" flag is turned on. 1000 + 1000 = 0000 OF = 1 3. Otherwise, the overflow flag is turned off. 0100 + 0001 = 0101 OF = 0 0110 + 1001 = 1111 OF = 0 1000 + 0001 = 1001 OF = 0 1100 + 1100 = 1000 OF = 0 • • In signed arithmetic, overflow flag on means the answer is wrong - you added two positive numbers and got a negative, or you added two negative numbers and got a positive. In unsigned arithmetic, the overflow flag tells you nothing interesting.

ZF, SF, PF, and AF Flags ZF – Zero Flag - set if result is zero; cleared otherwise add 0, 0 ZF = 1 SF – Sign Flag becomes set when the result of an operation is negative (i. e. MSB of the result is 1) • all arithmetic operations except multiplication and division • compare instructions - CMP • logical instructions - XOR, AND, OR • TEST instructions (equivalent to AND instructions without storing the result) sub 0000, 00000001 1111 SF = 1 PF – Parity Flag - set if low-order eight bits of result contain an even number of "1" bits; cleared otherwise add 11010, 1 (result is 11011 4 bits are ‘ 1’ PF = 1) add 11000, 1 (result is 11001 3 bits are ‘ 1’ PF = 0) AF – Auxiliary Carry Flag (or Adjust Flag) is set if there is a carry from low nibble (4 bits) to high nibble or a borrow from a high nibble to low nibble 1111 + 0001 = 10000 AF = 1 first nibble second nibble

Jcc: Conditional Branch Instruction JO JNO JS JNS JE JZ JNE JNZ JB JNAE JC JNB JAE JNC JBE JNA JA JNBE JL JNGE JNL JLE JNG JG JNLE JP JPE JNP JPO JCXZ JECXZ Description Jump if overflow Jump if not overflow Jump if sign Jump if not sign Jump if equal Jump if zero Jump if not equal Jump if not zero Jump if below Jump if not above or equal Jump if carry Jump if not below Jump if above or equal Jump if not carry Jump if below or equal Jump if not above Jump if not below or equal Jump if less Jump if not greater or equal Jump if not less Jump if less or equal Jump if not greater Jump if not less or equal Jump if parity even Jump if not parity Jump if parity odd Jump if CX register is 0 Jump if ECX register is 0 Flags OF = 1 OF = 0 SF = 1 SF = 0 ZF = 1 ZF = 0 CF = 1 CF = 0 CF = 1 or ZF = 1 CF = 0 and ZF = 0 SF <> OF SF = OF ZF = 1 or SF <> OF ZF = 0 and SF = OF PF = 1 PF = 0 CX = 0 ECX = 0

Sections • • Every process consists of sections that are accessible to the process when it is running Each sections holds the bulk of object file information Data. bss - holds uninitialized data; occupies no file space. data and. data 1 - hold initialized data. rodata and. rodata 1 - hold read-only data Text. text - holds the ‘‘text’’ (executable instructions) of a program Stack - is used for local variables, information that is saved each time a function is called Heap - contains the dynamically allocated memory Example int a, b, c = 1; char *str; const int i = 10; main() { int ii, a=1, b=2, c; char * ptr = malloc(4); c= a+b+i; ---->. text } ---->. data ---->. bss ---->. rodata ----> local variables on Stack ----> allocated memory in Heap

Memory layout for Linux USER Space Virtual Addresses • program (. exe file) creates its own memory space in the RAM process • 4 GB of virtual address space on 32 -bit architecture • • 3 GB is accessible to the user space 1 GB is accessible to the kernel space (kernel code, data, heap and stack) . bss loaded from . exe file . data . text Read-only Data . rodata Segment

Pseudo-instructions RESB, RESW, RESD, RESQ and rest: declaring uninitialized storage space Examples: 1. buffer: resb 64 ; reserve 64 bytes 2. word. Var: resw 1 ; reserve a word 3. real. Array: resq 10 ; array of ten real numbers Note: you can not make any assumption about values of a storage space cells.

Pseudo-instructions TIMES: Repeating Instructions or Data • TIMES prefix causes the instruction to be assembled multiple times zero. Buf: times 64 db 0 ; 64 bytes initialized to 0 0 0 … 0 • TIMES can be applied to ordinary instructions, so you can code trivial loops mov EAX, 0 times 100 inc EAX ; EAX =100 => loop buffer + 64 • the argument to TIMES is not just a numeric constant, but a numeric expression buffer: db ‘go’ times 64 -$+buffer db ‘!’ ; (64 - $ + buffer = 64 – 35 + 33 = 64 – 2 = 62) $ (current position in section) buffer $$ (start of the current section) - start of section. data RAM 96 ! … … 36 ! 35 ! 34 o 33 g … … 20

Pseudo-instructions EQU: defining constants • EQU defines a symbol to a given constant value – when EQU is used, the source line must contain a label – this definition cannot changed later. Example: Foo: EQU 1 ; Foo = 1

Byte Order - Little Endian If the hardware is built so that the lowest, least significant byte of a multi-byte scalar is stored "first", at the lowest memory address, then the hardware is said to be "little-endian. • • numeric into memory reversed order dd 0 x 12345678 ; 0 x 78 0 x 56 0 x 34 0 x 12 numeric into register source order mov EAX, 0 x 12345678 ; 0 x 12 0 x 34 0 x 56 0 x 78 characters into memory source order dw ‘ab’ ; 0 x 61 0 x 62 dw ‘abc’ ; 0 x 61 0 x 62 0 x 63 0 x 00 characters into register reversed order mov eax, ‘abc’ ; 0 x 00 0 x 63 0 x 62 0 x 61 • register into memory reversed order mov [buffer], eax ; 0 x 61 0 x 62 0 x 63 0 x 00 • memory into register reversed order mov eax, [buffer] ; 0 x 00 0 x 63 0 x 62 0 x 61

Effective Addresses • Effective address is any operand to an instruction which references memory. • Effective address syntax: consists of an expression evaluating to the desired address, enclosed in square brackets. Example wordvar: dw 0 x 5 A, 0 x 39 mov ax, [wordvar] mov ax, [wordvar+1] ; a request for two words 0 x 005 A and 0 x 0039 ; ax = 0 x 005 A (in little-endian format) ; ax = 0 x 3900 In memory we get the following: 0 x 5 A 0 x 00 0 x 39 [wordvar] [wordvar+1] [wordvar+2] 0 x 00 [wordvar+3]

Advanced Instructions MUL r/m - unsigned integer multiplication IMUL r/m - signed integer multiplication Multiplicand Multiplier Product AL r/m 8 AX AX r/m 16 DX: AX EAX r/m 32 EDX: EAX MUL r/m 8 mov bl, 5 mov al, 9 mul bl ; multiplier ; multiplicand ; => ax = 2 Dh MUL r/m 16 mov bx, 8000 h mov ax, 2000 h mul bx ; => dx: ax = 1000: 0000 h MUL r/m 32 mov ebx, 8000 h mov eax, 2000 h mul ebx ; => edx: eax = 10002000: 10000000 h

Advanced Instructions SHL, SHR – Bitwise Logical Shifts on the first operand – number of bits to shift by is given by the second operand – vacated bits are filled with zero – shifted bit enters the Carry Flag SHL r/m 8/m 16/m 32 1/CL/imm 8 SHR r/m 8/m 16/m 32 1/CL/imm 8 Example: mov CL , 3 mov AL , 10110111 b shr AL, 1 shr AL, CL ; AL = 10110111 ; shift right 1 AL = 01011011, CF = 1 ; shift right 3 AL = 00001011, CF = 0 Note: that shift indeed performs division/multiplication by 2

Advanced Instructions SAL, SAR – Bitwise Arithmetic Shifts on the first operand – – vacated bits are filled with zero for SAL vacated bits are filled with copies of the original high bit of the source operand for SAR SAL r/m 8/m 16/m 32 1/CL/imm 8 SAR r/m 8/m 16/m 32 1/CL/imm 8 Example: mov CL , 3 mov AL , 10110111 b sar AL, 1 sar AL, CL ; AL = 10110111 ; shift right 1 AL = 11011011 ; shift right 3 AL = 11111011

Advanced Instructions ROL, ROR – Bitwise Rotate (i. e. moves round) on the first operand ROL r/m 8/m 16/m 32 1/CL/imm 8 ROR r/m 8/m 16/m 32 1/CL/imm 8 Example: mov CL, 3 mov BH , 10110111 b rol BH, 01 rol BH, CL ; BH = 10110111 ; rotate left 1 bit BH = 01101111 ; rotate left 3 bits BH = 01111011

Advanced Instructions RCL, RCR – Bitwise Rotate through Carry Bit on the first operand Carry Flag RCL r/m 8/m 16/m 32 1/CL/imm 8 RCR r/m 8/m 16/m 32 1/CL/imm 8 Example: mov BH , 10110111 b rcl BH, 01 ; BH = 10110111 , CF = 0 ; rotate left 1 bit BH = 01101110 , CF = 1

Advanced Instructions LOOP, LOOPE, LOOPZ, LOOPNE, LOOPNZ – loop with counter (CX or ECX*) Example: mov ax, 1 mov cx, 3 my_ loop: add ax, ax loop my_ loop, cx 1. decrements its counter register (in this case it is CX register) 2. if the counter does not become zero as a result of this operation, it jumps to the given label LOOPE ≡ LOOPZ: jumps if the counter is nonzero and Zero Flag = 1 LOOPNE ≡ LOOPNZ: jumps if the counter is nonzero and Zero Flag = 0 Note: if a counter is not specified explicitly, the BITS** setting dictates which is used. ** The BITS directive specifies whether NASM should generate code designed to run on a processor operating in 16 -bit mode, or code designed to run on a processor operating in 32 -bit mode. The syntax is BITS 16 or BITS 32.