Process Layout and Function Calls CS 161 – Spring 2017 1 / 8
Process Layout in Memory 0xc0000000 ◮ Stack Stack high address ◮ grows towards decreasing addresses. dynamic ◮ is initialized at run-time . growth ◮ Heap ◮ grow towards increasing addresses. Heap ◮ is initialized at run-time . ◮ BSS section BSS ◮ size fixed at compile-time . Data ◮ is initialized at run-time . low address Text ◮ was grouped into Data in CS61C. 0x08048000 ◮ Data section ◮ is initialized at compile-time . ◮ Text section ◮ holds the program instructions (read-only). Process Layout 2 / 8
Process Layout in Memory 0xc0000000 ◮ Stack Stack high address ◮ grows towards decreasing addresses. dynamic ◮ is initialized at run-time . growth ◮ Heap ◮ grow towards increasing addresses. Heap ◮ is initialized at run-time . ◮ BSS section BSS ◮ size fixed at compile-time . Data ◮ is initialized at run-time . low address Text ◮ was grouped into Data in CS61C. 0x08048000 ◮ Data section uninitialized variables ◮ is initialized at compile-time . initialized variables ◮ Text section ◮ holds the program instructions (read-only). Process Layout 2 / 8
IA-32 Caveats Key Differences Between AT&T Syntax and Intel Syntax 1 AT&T Intel Parameter src before dst dst before src Order movl $4, %eax mov eax, 5 Parameter Mnemonics suffixed with Derived from name of reg- Size a letter indicating size of ister that is used (e.g. rax, operands: q for qword, l for eax, ax, al imply q, l, w, b, long (dword), w for word, respectively) and b for byte addl $4, %esp add esp, 4 Sigils Immediate values prefixed Assembler automatically de- with a $ , registers prefixed tects type of symbols; i.e., whether they are registers, with a % constants or something else [1] Adapted from: https://en.wikipedia.org/wiki/X86_assembly_language#Syntax IA-32 3 / 8
Function Calls void foo(int a, int b, int c) { int bar[2]; char qux[3]; bar[0] = ’A’; qux[0] = 0x42; } int main(void) { int i = 1; foo(1, 2, 3); return 0; } Function Calls 4 / 8
Function Calls in Assembler int main(void) ebp { int i = 1; esp foo(1, 2, 3); Larger Memory Addresses return 0; } main: pushl %ebp movl %esp,%ebp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ebp { int i = 1; foo(1, 2, 3); Larger Memory Addresses esp sfp return 0; } main: pushl %ebp movl %esp,%ebp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses esp + ebp sfp return 0; } main: pushl %ebp movl %esp,%ebp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; esp } main: pushl %ebp movl %esp,%ebp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; 1 esp } main: pushl %ebp movl %esp,%ebp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; 1 } 3 main: 2 pushl %ebp 1 esp movl %esp,%ebp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; 1 } 3 main: 2 pushl %ebp 1 movl %esp,%ebp rip esp subl $4,%esp movl $1,-4(%ebp) pushl $3 pushl $2 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ebp sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip esp subl $12,%esp movl $65,-8(%ebp) movb $66,-12(%ebp) leave ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ebp sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip subl $12,%esp esp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) leave ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ofp (m) sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip subl $12,%esp esp + ebp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) leave ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ofp (m) sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip subl $12,%esp ebp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) leave esp ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ofp (m) sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip subl $12,%esp ebp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) 00 00 00 41 leave esp ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ofp (m) sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip subl $12,%esp ebp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) 00 00 00 41 leave 42 esp ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ofp (m) sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip subl $12,%esp esp + ebp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) 00 00 00 41 leave: leave movl %ebp,%esp 42 popl %ebp ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ebp sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 movl %esp,%ebp rip esp subl $12,%esp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) 00 00 00 41 leave: leave movl %ebp,%esp 42 popl %ebp ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler void foo(int a, int b, int c) { ofp int bar[2]; char qux[3]; bar[0] = ’A’; Larger Memory Addresses ebp sfp qux[0] = 0x42; 1 } 3 foo: 2 pushl %ebp 1 esp movl %esp,%ebp rip subl $12,%esp sfp movl $65,-8(%ebp) movb $66,-12(%ebp) 00 00 00 41 ret: leave popl %eip 42 ret Larger Memory Addresses Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; 1 } 3 main: 2 pushl %ebp 1 esp movl %esp,%ebp rip subl $4,%esp sfp movl $1,-4(%ebp) pushl $3 00 00 00 41 pushl $2 42 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; 1 esp } 3 main: 2 pushl %ebp 1 movl %esp,%ebp rip subl $4,%esp sfp movl $1,-4(%ebp) pushl $3 00 00 00 41 pushl $2 42 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses ebp sfp return 0; 1 esp } 3 main: 2 pushl %ebp 1 movl %esp,%ebp rip subl $4,%esp sfp movl $1,-4(%ebp) pushl $3 00 00 00 41 pushl $2 42 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Function Calls in Assembler int main(void) ofp { int i = 1; foo(1, 2, 3); Larger Memory Addresses esp + ebp sfp return 0; 1 } 3 main: 2 pushl %ebp 1 movl %esp,%ebp rip subl $4,%esp sfp movl $1,-4(%ebp) pushl $3 00 00 00 41 pushl $2 42 pushl $1 call foo addl $12,%esp Larger Memory Addresses xorl %eax,%eax leave ret Function Calls 5 / 8
Recommend
More recommend
