libftASM
Writing a lib in x86 assembly (intel flavour)
X86 Assembly
General Purpose Registers
Some registers values are preserved across function calls !
| Preserved Registers | rbx |
rsp |
rbp |
r12 |
r13 |
r14 |
r15 |
||
|---|---|---|---|---|---|---|---|---|---|
| Scratch Registers | rax |
rdi |
rsi |
rdx |
rcx |
r8 |
r9 |
r10 |
r11 |
Noteworthy Instructions
An instruction is a statement that is executed at runtime. An x86 instruction can have zero to three operands. See the complete list of x86 instructions.
instruction destination_operand, source_operand, last_operand
| Instruction | Black Sheep Wall |
|---|---|
NOP |
The one-byte NOP instruction is commonly used to align memory to speed-up jump as it is faster to jump using powers of 2 |
push |
Pushes an immediate (numeric constant) or the value contained in a register onto the Stack and automatically decrements rsp by sizeof(value) |
pop |
Pops value off the stack into a register and automatically increments rsp by sizeof(value) |
syscall |
Does wicked Kernel Magic |
call |
Pushes rip onto the stack and jumps to the destination_operand |
leave |
Releases the current stack frame. Moves rbp to rsp and pops rbp from the stack |
ret |
Pops the rip saved by call back in rip |
mov |
Move the value of the source operand in destination operand |
lea |
Load Effective Address of the source operand in the destination operand. The source operand is a memory address (offset part) specified with one of the processors addressing modes, the destination operand is a general-purpose register |
jump |
Loads the destination operand in rip, the destination operand specifies the address of the instruction being jumped to. This operand can be an immediate value, a general-purpose register, or a memory location |
and |
Performs the following operation: destination operand = destination operand & source operand and sets some flags |
test |
Is basically an and instruction that does not alter the destination operand |
rep |
Repeat String Operations : repeats a string instruction the number of times specified in the count register. rep (repeat), repe (repeat while equal), repne (repeat while not equal), repz (repeat while zero), and repnz (repeat while not zero) |
Pointer Directives
There are times when we need to assist assembler in translating references to data in memory. When the instruction has no reference to operand size one must use a pointer directive.
mov BYTE [ al], 42 ; Store 8-bit (1 byte) value
mov WORD [ ax], 42 ; Store 16-bit (2 bytes) value
mov DWORD [eax], 42 ; Store 32-bit (4 bytes) value
mov QWORD [rax], 42 ; Store 64-bit (8 bytes) valuePassing function arguments
User space call
User-level applications use as integer registers for passing the sequence rdi, rsi, rdx, rcx, r8 and r9.
| Destination | Source | Data | Counter | R8 | R9 |
|---|---|---|---|---|---|
rdi |
rsi |
rdx |
rcx |
r8 |
r9 |
- An user-space call is done via the
callinstruction. - If more params are passed they are stored on the Stack in reverse order
- The register
raxcontains the result of the called procedure.
Kernel space syscall
The kernel interface uses rdi, rsi, rdx, r10, r8 and r9.
| Destination | Source | Data | R10 | R8 | R9 |
|---|---|---|---|---|---|
rdi |
rsi |
rdx |
r10 |
r8 |
r9 |
- A system-call is done via the
syscallinstruction. - This clobbers
rcxandr11, as well asrax, but other registers are preserved. - The number of the syscall has to be passed in register
rax. - System-calls are limited to six arguments, no argument is passed directly on the stack.
- Returning from the syscall, register
raxcontains the result of the system-call. - A value in the range between
-4095and-1indicates an error, it is-errno. - Only values of class INTEGER or class MEMORY are passed to the kernel.
Useful links
- About Calling conventions
- Or the System V ABI
- List of x86 instructions
- All the XNU syscalls
- More on X86_Architecture
- Try out the Compiler explorer