Unconditional Branching
1 JMP:
* Analogous to goto statement in C program
* Syntax - JMP label
* Short - JMP within +or-128 bytes
* Near - Is jumping between both, Short & Far
* Far - JMP from one segment to another segment
2 Call
* Just like calling a function in C
* Syntax - Call location
* There is an associate RET statement with every call
* Call pushes the next instruction address onto the stack
.data
HelloWorld:
.asciz "Hello Earth!"
CallDemo:
.asciz "CallDemo got called!"
.text
.globl _start
_start:
nop
#JMP ExitProgram #This to be enabled for JMP eg
call Callme
# Write HelloWorld
movl $4, %eax
movl $1, %ebx
movl $HelloWorld, %ecx
movl $12, %edx
int $0x80
ExitProgram:
# Exit the program
movl $1, %eax
movl $10, %ebx
int $0x80
Callme:
# Write CallDemo
movl $4, %eax
movl $1, %ebx
movl $CallDemo, %ecx
movl $20, %edx
int $0x80
ret
JUMP Example
==========
0x00000000004000b3 <+3>: mov $0x4,%eax
0x00000000004000b8 <+8>: mov $0x1,%ebx
0x00000000004000bd <+13>: mov $0x6000ec,%ecx
0x00000000004000c2 <+18>: mov $0xc,%edx
0x00000000004000c7 <+23>: int $0x80
End of assembler dump.
(gdb) disas ExitProgram
Dump of assembler code for function ExitProgram:
0x00000000004000c9 <+0>: mov $0x1,%eax
0x00000000004000ce <+5>: mov $0xa,%ebx
0x00000000004000d3 <+10>: int $0x80
End of assembler dump.
(gdb) s
ExitProgram () at ProgramExecutionFlow.s:19
19 movl $1, %eax
(gdb) print /x $rip
$4 = 0x4000c9
(gdb)
CALL Example
==========
bala@bala-laptop:~/ASM$ as -ggstabs -o ProgramExecFlow.o ProgramExecutionFlow.s
bala@bala-laptop:~/ASM$ ld -o ProgramExecFlow ProgramExecFlow.o
bala@bala-laptop:~/ASM$ ./ProgramExecFlow
CallDemo got called!Hello Earth!bala@bala-laptop:~/ASM$ gdb ./ProgramExecFlow
(gdb) list
8 _start:
9 nop
10 #JMP ExitProgram #This to be enabled for JMP eg
(gdb) break *_start+1
Breakpoint 1 at 0x4000b1: file ProgramExecutionFlow.s, line 11.
(gdb) run
Starting program: /home/bala/ASM/ProgramExecFlow
Breakpoint 1, _start () at ProgramExecutionFlow.s:11
11 call Callme
(gdb) disassemble _start
Dump of assembler code for function _start:
0x00000000004000b0 <+0>: nop
=> 0x00000000004000b1 <+1>: callq 0x4000d8
0x00000000004000b6 <+6>: mov $0x4,%eax
0x00000000004000bb <+11>: mov $0x1,%ebx
0x00000000004000c0 <+16>: mov $0x6000f0,%ecx
0x00000000004000c5 <+21>: mov $0xc,%edx
0x00000000004000ca <+26>: int $0x80
End of assembler dump.
(gdb) disas Callme
Dump of assembler code for function Callme:
0x00000000004000d8 <+0>: mov $0x4,%eax
0x00000000004000dd <+5>: mov $0x1,%ebx
0x00000000004000e2 <+10>: mov $0x6000fd,%ecx
0x00000000004000e7 <+15>: mov $0x14,%edx
0x00000000004000ec <+20>: int $0x80
0x00000000004000ee <+22>: retq
End of assembler dump.
(gdb) print /x $rsp
$2 = 0x7fffffffe3b0
(gdb) print /x $rip
$3 = 0x4000b1
(gdb) s
Callme () at ProgramExecutionFlow.s:25
25 movl $4, %eax
(gdb) print /x $rip
$4 = 0x4000d8
(gdb) print /x $rsp
$5 = 0x7fffffffe3a8
(gdb) x/1xx 0x7fffffffe3a80x7fffffffe3a8: 0x004000b6
(gdb) s
26 movl $1, %ebx
(gdb) s
27 movl $CallDemo, %ecx
(gdb) s
28 movl $20, %edx
(gdb) s
29 int $0x80
(gdb) s
CallDemo got called!Callme () at ProgramExecutionFlow.s:30
30 ret
(gdb) s
_start () at ProgramExecutionFlow.s:13
13 movl $4, %eax
(gdb) s
14 movl $1, %ebx
(gdb) s
15 movl $HelloWorld, %ecx
(gdb) s
16 movl $12, %edx
(gdb) s
17 int $0x80
(gdb) s
Hello Earth!ExitProgram () at ProgramExecutionFlow.s:20
20 movl $1, %eax
(gdb) s
21 movl $10, %ebx
(gdb) s
22 int $0x80
(gdb) s
Program exited with code 012.
(gdb)
1 JMP:
* Analogous to goto statement in C program
* Syntax - JMP label
* Short - JMP within +or-128 bytes
* Near - Is jumping between both, Short & Far
* Far - JMP from one segment to another segment
2 Call
* Just like calling a function in C
* Syntax - Call location
* There is an associate RET statement with every call
* Call pushes the next instruction address onto the stack
Program Code starts here
.data
HelloWorld:
.asciz "Hello Earth!"
CallDemo:
.asciz "CallDemo got called!"
.text
.globl _start
_start:
nop
#JMP ExitProgram #This to be enabled for JMP eg
call Callme
# Write HelloWorld
movl $4, %eax
movl $1, %ebx
movl $HelloWorld, %ecx
movl $12, %edx
int $0x80
ExitProgram:
# Exit the program
movl $1, %eax
movl $10, %ebx
int $0x80
Callme:
# Write CallDemo
movl $4, %eax
movl $1, %ebx
movl $CallDemo, %ecx
movl $20, %edx
int $0x80
ret
JUMP Example
==========
(gdb) break *_start+1
Breakpoint 2 at 0x4000b1: file ProgramExecutionFlow.s, line 10.
(gdb) info break
Num Type Disp Enb Address What
2 breakpoint keep y 0x00000000004000b1 (gdb) run
Starting program: /home/bala/ASM/ProgramExecFlow
Breakpoint 2, _start () at ProgramExecutionFlow.s:10
10 JMP ExitProgram
(gdb) print /x $rbp
$2 = 0x0
(gdb) print /x $rip
$3 = 0x4000b1
(gdb) disas _start
Dump of assembler code for function _start:
0x00000000004000b0 <+0>: nop
=> 0x00000000004000b1 <+1>: jmp 0x4000c9 0x00000000004000b3 <+3>: mov $0x4,%eax
0x00000000004000b8 <+8>: mov $0x1,%ebx
0x00000000004000bd <+13>: mov $0x6000ec,%ecx
0x00000000004000c2 <+18>: mov $0xc,%edx
0x00000000004000c7 <+23>: int $0x80
End of assembler dump.
(gdb) disas ExitProgram
Dump of assembler code for function ExitProgram:
0x00000000004000c9 <+0>: mov $0x1,%eax
0x00000000004000ce <+5>: mov $0xa,%ebx
0x00000000004000d3 <+10>: int $0x80
End of assembler dump.
(gdb) s
ExitProgram () at ProgramExecutionFlow.s:19
19 movl $1, %eax
(gdb) print /x $rip
$4 = 0x4000c9
(gdb)
CALL Example
==========
bala@bala-laptop:~/ASM$ as -ggstabs -o ProgramExecFlow.o ProgramExecutionFlow.s
bala@bala-laptop:~/ASM$ ./ProgramExecFlow
CallDemo got called!Hello Earth!bala@bala-laptop:~/ASM$ gdb ./ProgramExecFlow
(gdb) list
8 _start:
9 nop
10 #JMP ExitProgram #This to be enabled for JMP eg
(gdb) break *_start+1
Breakpoint 1 at 0x4000b1: file ProgramExecutionFlow.s, line 11.
(gdb) run
Starting program: /home/bala/ASM/ProgramExecFlow
Breakpoint 1, _start () at ProgramExecutionFlow.s:11
11 call Callme
(gdb) disassemble _start
Dump of assembler code for function _start:
0x00000000004000b0 <+0>: nop
=> 0x00000000004000b1 <+1>: callq 0x4000d8
0x00000000004000b6 <+6>: mov $0x4,%eax
0x00000000004000bb <+11>: mov $0x1,%ebx
0x00000000004000c0 <+16>: mov $0x6000f0,%ecx
0x00000000004000c5 <+21>: mov $0xc,%edx
0x00000000004000ca <+26>: int $0x80
End of assembler dump.
(gdb) disas Callme
Dump of assembler code for function Callme:
0x00000000004000d8 <+0>: mov $0x4,%eax
0x00000000004000dd <+5>: mov $0x1,%ebx
0x00000000004000e2 <+10>: mov $0x6000fd,%ecx
0x00000000004000e7 <+15>: mov $0x14,%edx
0x00000000004000ec <+20>: int $0x80
0x00000000004000ee <+22>: retq
End of assembler dump.
(gdb) print /x $rsp
$2 = 0x7fffffffe3b0
(gdb) print /x $rip
$3 = 0x4000b1
(gdb) s
Callme () at ProgramExecutionFlow.s:25
25 movl $4, %eax
(gdb) print /x $rip
$4 = 0x4000d8
(gdb) print /x $rsp
$5 = 0x7fffffffe3a8
(gdb) x/1xx 0x7fffffffe3a80x7fffffffe3a8: 0x004000b6
(gdb) s
26 movl $1, %ebx
(gdb) s
27 movl $CallDemo, %ecx
(gdb) s
28 movl $20, %edx
(gdb) s
29 int $0x80
(gdb) s
CallDemo got called!Callme () at ProgramExecutionFlow.s:30
30 ret
(gdb) s
_start () at ProgramExecutionFlow.s:13
13 movl $4, %eax
(gdb) s
14 movl $1, %ebx
(gdb) s
15 movl $HelloWorld, %ecx
(gdb) s
16 movl $12, %edx
(gdb) s
17 int $0x80
(gdb) s
Hello Earth!ExitProgram () at ProgramExecutionFlow.s:20
20 movl $1, %eax
(gdb) s
21 movl $10, %ebx
(gdb) s
22 int $0x80
(gdb) s
Program exited with code 012.
(gdb)
No comments:
Post a Comment