Assembly Language Day 02

0x00

This article is dedicated to daily learning and note sharing to help everyone learn assembly language. Why learn assembly language? Because in red-blue confrontations, our tools are often detected and killed by some AV/EDR. Therefore, we need to counter AV, which is the evasion technique. To learn evasion techniques, we must start from the basics. In the future, I may also share some notes on C++, PE file structures, etc. Additionally, I may introduce knowledge related to reverse engineering.

0x01

Last experiment:

Assembly Language Day 02

II. Registers – Memory Access

Storage of Words in Memory

1. Any two consecutive memory units, unit N and unit N+1, can be viewed as two memory units or as a word unit with address N consisting of high and low byte units.

2. If a memory unit is a byte unit, then a word must be stored using two consecutive memory units.

3. A word unit, which stores a word-sized data (16 bits), consists of two consecutive memory units.

DS and [address]

1. When the CPU needs to read or write a memory unit, it must first provide the address of that memory unit. In the 8086 CPU, the memory address consists of a segment address and an offset address.

2. The 8086 CPU has a DS register, which is used to store the segment address of the data to be accessed.

3. The mov instruction can perform basic transfers.

  • Directly send data to a register: mov ax,100h mov bx,ax
  • Transfer the content of one register to another register.
  • Transfer the content of a memory unit to a register.

4. How to read data from 10000H using the mov instruction?

1000H is represented by segment address and offset address as 1000:0;

First, place the segment address 1000H into DS, then use mov al,[0] to complete the transfer.

5. The format from memory unit to register: mov register_name, memory_unit_address

The format from register to memory unit: mov memory_unit_address, register_name

6. Write a few instructions to send the data in al to memory unit 10000H?

mov bx,1000H

mov ds,bx

mov [0],al

mov, add, sub Instructions

The mov instruction has several forms, and add and sub are similar in usage.

mov register, data		mov ax,8
mov register, register	mov ax,bx
mov register, memory_unit	mov ax,[0]
mov memory_unit, register	mov [0],ax
mov memory_unit, segment_register	mov [0],ds
mov segment_register, register	mov ds,ax
mov segment_register, memory_unit	mov ds,[0]
mov register, segment_register	mov ax,ds

Stack

1. Basic operations: Push and Pop

  • Push: Place a new element on top of the stack.
  • Pop: Remove an element from the top of the stack.

2. The top element of the stack is always the last one pushed and is the first to be popped when needed.

3. The stack mechanism provided by the CPU:

  • The 8086 provides push and pop instructions: push (push) pop (pop).
  • push ax; Push the data in register ax onto the stack;
  • pop ax; Pop data from the top of the stack into ax.
  • The push and pop operations of the 8086 CPU are performed in word units.

4. How does the CPU know the location of the current instruction to be executed?

The registers CS and IP store the segment address and offset address of the current instruction.

In the 8086 CPU, there are two registers:

  • Segment register SS: stores the segment address of the stack top.
  • Offset register SP: stores the offset address of the stack top.
  • At any time, SS:SP points to the top element of the stack.

5. The execution process of the push instruction (and the pop instruction):

  • SP=SP-2 (fetch data from the memory unit pointed to by SS:SP).
  • Send the content of ax to the memory unit pointed to by SS:SP, now SS:SP points to the new stack top (SP=SP+2).
  • The stack grows downwards, with the top of the stack at a low address and the bottom at a high address.

6. If we treat the space from 10000H to 100FH as a stack, and the initial state is empty, then SS=1000H, SP=?

The stack is empty, SS:SP points to the next unit after the highest address unit of the stack space; after executing push ax, SS:SP points to the first element in the stack, i.e., SP=10010H.

7. Summary:

  • Treat the space from 10000H to 1000FH as a stack segment, SS=1000H, the stack space size is 16 bytes, and the address of the bottom word unit of the stack is 1000:000E.
  • At any time, SS:SP points to the top of the stack, and when there is only one element in the stack, SS=1000H, SP=000EH.
  • When executing push, first change SP, then transfer to SS:SP; when executing pop, first read the data at SS:SP, then change SP.

8. The push and pop instructions can transfer data between registers and memory.

Stack Mechanism Provided by the CPU

When programming based on the 8086 CPU, a segment of memory can be used as a stack, with push and pop representing the push and pop operations. For example, push ax means to push the data in register ax onto the stack, and pop ax means to pop data from the top of the stack into ax, in word units.

Assembly Language Day 02

mov ax,0123H
push ax
mov bx,2266H
push bx
mov cx,1122H
push cx
pop ax
pop bx
pop cx

In the 8086 CPU, the segment register SS and SP store the stack top address and offset address, for example, the execution of push ax is completed in two steps.

  • SP=SP-2, SS:SP points to the memory unit before the current stack top, making it the new stack top.
  • Send the content of ax to the memory unit pointed to by SS:SP, now SS:SP points to the new stack top.

Assembly Language Day 02

Stack Overflow Issues

  • SS and SP only record the address of the stack top, relying on SS and SP to ensure that the stack top can be found during push and pop operations.
  • However, how can we ensure that the stack top does not exceed the stack space during push and pop operations?
  • When the stack is full and a push instruction is used, or when the stack is empty and a pop instruction is used, a stack overflow issue will occur.
  • Push, pop, and other stack operation instructions only modify SP, meaning the range of changes to the stack top is maximally: 0~FFFFH.

Push and Pop Instructions

Push and pop can transfer data between registers and memory, and can take the following forms:

push	register		Push the content of the register onto the stack
pop		register		Pop the element from the stack into the register
push	segment_register	Push the data of the segment register onto the stack
pop		segment_register	Pop the element from the stack into the segment register
push	memory_unit
pop		memory_unit

In which the segment address is obtained from ds during instruction execution.

Note:For the stack, the principle of push and pop follows the last in, first out (LIFO) rule.

Stack Segment

We can define a stack segment as a group of consecutive memory units starting at an address that is a multiple of 16, for example, from 10010H to 1001FH, with a segment address of 1001H and a size of 16 bytes.

The CPU does not automatically treat the defined stack space as a stack, so we need to define SS:SP to point to our defined stack segment.

0x02

Previous Notes:

Assembly Language Day 01

Basic Knowledge of Assembly Language

Previous Practices:

Domain Forest Breach from the Red Team Perspective: A Cross-Domain Control Attack and Defense Triggered by Shiro Deserialization Practice – From Shiro Deserialization to Domain Control “Nuclear Explosion Effect” After Domain Control Takeover: Permission Harvesting of 1600 Hosts Based on DCSync and Golden TicketAssembly Language Day 02ShareAssembly Language Day 02CollectAssembly Language Day 02ViewAssembly Language Day 02Like

Assembly Language Day 02

Scan to Follow UsBecome an Excellent Network Security Guard

Related posts

  1. Understanding Assembly Language: Key Concepts and Syntax
  2. My Uncle Suggested I Stay Away from Python and Start with Assembly Language…
  3. Introduction to x86 Assembly Language and Environment Configuration
  4. Applications of Assembly Language
  5. Introduction to Li Zhong X64 Architecture Assembly Language and Operating System Basics
  6. Should High Cohesion and Low Coupling be Emphasized in Embedded Software Written in C?
  7. Fundamentals of Assembly Language
  8. Assembly Language Day 01
  9. Quick Memory Techniques for MCS-51 Instructions
  10. Can You Believe It? Assembly Language Ranks in the Top 10 Programming Languages for July
  11. Assembly Language: Two Clever MIPS Tricks
  12. The First Assembly Language Program
  13. How to Write a Graphical User Interface in Assembly Language
  14. Comprehensive Review of Assembly Language for Final Exam
  15. The Role of Stack Mechanism in Assembly Language
  16. Assembly Language: A Legacy
  17. Digital Clock Based on Assembly Language
  18. Detailed Explanation of CPU I/O Capabilities and Peripheral Control Techniques in Assembly Language
  19. Implementing Hexadecimal Display of Byte Data Using Lookup Tables in Assembly Language

Leave a Comment