CSE3101
Assembly Language Introduction
Why use assembly language?
- Size optimization
- Priveliged code for operating systems
- Writing a compiler
- Reverse engineering
- Optimization for speed (but most C/C++ compilers can do better)
Intel architecture history
- 8088/8086 (1979)
- Single tasking (real mode)
- 1M (20 bit) address space (overlapping 64K segments)
- 16 bit registers: AX, BX, CX, DX, SI, DI, SP, BP
- 5 MHz (0.33 MIPS)
- Used in original 1981 IBM-PC running BASIC
- 80386 (1985)
- Adds protected mode to support multitasking
- 4 GB (32 bit) flat address space
- 64 TB (46 bit) virtual memory support
- Adds 32 bit registers: EAX, EBX, ECX, EDX, ESI, EDI, ESP, EBP
- 16 MHz (5-6 MIPS)
- 80486 (1989)
- Adds 80-bit floating point registers on-chip: ST(0) - ST(7)
- 25 MHz (20 MIPS)
- Pentium MMX (1997)
- Adds 64-bit MMX (packed 8x8, 4x16, 2x32 bit integer operations):
MM0 - MM7 (overlapping ST(0) - ST(7))
- 166-233 MHz
- Pentium III (1999)
- Adds 128-bit SSE
(packed 4x32 float operations): XMM0 - XMM7
- 450-800 MHz
- Pentium 4 (2000)
- Adds SSE2 (packed 16x8 8x16, 4x32 bit integer and 2x64 bit double operations)
- Up to 3.4 GHz, 11000 MIPS in 2004
- AMD Opteron, Athlon64 (2003)
- Adds XMM8 - XMM15
- Intel to add to 64-bit processors in 2004
- All versions are backwards compatible back to 8088
Reference
IA-32 Architecture
General purpose registers
31 16 15 8 7 0
+------------+-----+-----+
| EAX | AH | AL | Accumulator (EAX = 32 bits, AX = 16 bits, AH, AL = 8 bits)
+------------+-----+-----+
| EBX | BH | BL | Table base
+------------+-----+-----+
| ECX | CH | CL | Counter
+------------+-----+-----+
| EDX | DH | DL | High bits of AX, EAX
+------------+-----+-----+
| ESI | SI | Source index
+------------+-----------+
| EDI | DI | Destination index
+------------+-----------+
| EBP | BP | Base pointer
+------------+-----------+
| ESP | SP | Stack pointer
+------------+-----------+
Important flags (1 bit):
- CF = carry or borrow (unsigned overflow)
- OF = overflow (signed)
- ZF = zero
- SF = sign (1 = negative)
- DI = direction (set to 1 = backwards) for array operations
Other registers:
- ST(0) - ST(7): 80 bit FPU floating point stack, ST(0) is top
- FPU status flags (rounding control, exceptions)
- MM0 - MM7: 64 bit packed integers, overlaps ST(0) - ST(7)
- XMM0 - XMM7: 128 bit packed float (SSE), and int and double (SSE2) (unrelated to MM0-7)
- CS, SS, DS, ES, FS, GS - 16 bit segment registers (priveliged)
- Test, debug, and other priveliged registers
Real mode
- 1 MB memory in 64K segments addressed by segment registers
- Pointers and int are 2 bytes (4 bytes for FAR pointers)
- Programs have full control over hardware
- For single tasking OS (MS-DOS)
- Initial mode after boot
Protected mode (preferred)
- 4 GB flat memory model
- Pointers and int are 4 bytes
- For multitasking OS (Windows, Linux, UNIX)
- 4 privelige levels (OS = 0, user = 3)
- OS assigns read, write, execute permissions to memory segments
- Traps priveliged instructions in user mode (IN, OUT, CLI, MOV CS, etc.)
- Real model programs run in virtual 8086 mode
Real mode and protected mode opcodes differ. You must tell your
compiler or assembler which kind you want.
Program organization
Windows .EXE 32-bit (flat model)
- Protected mode (4 GB memory)
- Can link to C programs and libraries
- Can make Windows system calls, but not BIOS or MSDOS
- Code, data and stack segments
0ffffffffh +-------------+ <-- SS limit
| | <-- ESP
| Stack |
| |
+-------------+ <-- SS base
| |
| |
+-------------+ <-- DS, ES, FS, GS limits
| Dynamic |
| data |
+-------+ +-------------+
| | | Static |
| .exe | | data |
| | +-------------+ <-- DS, ES, FS, GS bases
| File | | | <-- CS limit
| | | Code |
| | | | <-- EIP
+-------+ +-------------+ <-- CS base
| |
0h +-------------+
MSDOS .EXE 16-bit (large model)
- Real mode (1 MB memory)
- Can link to 16-bit C or libraries (MARS, commercial Borland, Microsoft, Intel)
- Can call BIOS or MSDOS, but not Windows
- May have more than one code and data segment, one stack segment
0fffffh +-------------+ <-- SP
| |
| Stack |
| |
+-------------+ <-- SS
| |
| |
+-------------+
| Dynamic |
| data |
+-------+ +-------------+
| | | Static |
| .exe | | data |
| | +-------------+ <-- DS, ES
| File | | |
| | | Code |
| | | | <-- IP
+-------+ +-------------+ <-- CS
| |
0h +-------------+
.COM 16-bit (tiny model)
- Real mode (64K memory)
- File contains pure code, no header
- Not linked to anything
- Can call BIOS and MSDOS, but not Windows
- Flat 64K memory model (all segments overlap)
- Execution starts at address 100h (first byte of file)
0ffffh +------------+
| | <-- SP (stack grows downward)
| free |
| memory |
| |
+------------+
| copy of |
| prog.com |
100h +------------+ <-- IP (instruction pointer)
80h | PSP | <-- (command line arguments at 80h)
0h +------------+ <-- CS, SS, DS, ES
Software development
- MASM - Microsoft assembler (included with book)
- Links to Visual C/C++, Intel C/C++, Borland C/C++, Digital MARS, MINGW, but not DJGPP
- TASM - Borland assembler (not included with free version of Borland C++)
- Mostly MASM compatible except for some advanced features
- NASM (free) Documentation
- For Windows or Linux
- Largely incompatible with MASM, but uses familiar syntax
- Links to Borland, MINGW, DJGPP C/C++ (but not MARS)
- AS (free, included with DJGPP
and MINGW C/C++ compilers)
Documentation
- Uses AT&T syntax (completely different from MASM)
- Compatible with Linux
- Links to gcc only (DJGPP and MINGW)
- Inline assembler in C
- Uses asm statement in C
- Compiler dependent syntax (not portable, even on same hardware)
- Borland requires TASM (not included with free version)
- MARS requires its own assembler (not included with free version)
- DJGPP and MINGW use AT&T syntax and AS
- C/C++ compilers: Borland, MARS, g++ are free at
www.cplusplus.com/info/compilers/