Essentials of 80x86 Assembly Language

1
Chapter 6 Procedures
2
6.1 The 80x86 Stack
3
Hardware Stack

• Allocated with directive, for example.STACK
  4096allocates 4096 uninitialized memory bytes
• Visual Studio project setting can also be used to
  allocate stack space
• Most access is indirect, through the stack point
  register ESP
• Operating system initializes ESP to point to byte
  above stack
• As program executes, it points to the last item
  pushed on the stack

4
push instruction

• Usual format push source
• source can in memory, register or immediate
• doubleword or word pushed on the stack
• Formats to use when the assembler cannot
  determine operand size
• pushd source
• pushw source

5
push execution

• ESP decremented by size of operand
• Operand stored in stack where ESP points after
  being decremented
• Flags not changed

6
push Example
7
pop instruction and execution

• Usual format pop destination
• doubleword or word destination can in memory or
  register
• Operand stored in stack where ESP points is
  copied to destination
• ESP incremented by size of operand after the
  value is copied
• Flags not changed

8
pop Example
9
Pushing/Popping Flags

• pushfd pushes EFLAGS register contents onto stack
• popfd pops doubleword from top of stack into
  EFLAGS

10
Viewing the Stack with Debugger

• Stop at breakpoint
• View registers
• ESP contains address of byte above stack
• Subtract number of bytes to view from the address
  in ESP
• Use this as the starting address at which to view
  memory
• Example if ESP contains 0042FFC4, using
  0042FFC4 20 0042FFA4 lets you see the top 32
  (2016) bytes of the stack

11
6.2 32-bit Procedures with Value Parameters
12
Terminology

• Procedure - a subprogram that is essentially a
  self-contained unit
• Main program or another subprogram calls a
  procedure
• A procedure may simply do a task or it may return
  a value
• value-returning procedure is sometimes called a
  function

13
Procedure Concepts

• Transfer of control from calling program to
  procedure and back
• Passing parameter values to procedure and results
  back from the procedure
• Having procedure code that is independent of the
  calling program
• The cdecl protocol provides one standard
  implementation scheme

14
Procedure Definition

• In a code segment with body statements bracketed
  by PROC and ENDP directives giving procedure name
• .CODE
• procName PROC
• procedure body
• ...
• procName ENDP

15
Transferring Control to a Procedure

• In the main program, use
• call procName
• The next instruction executed will be the first
  one in the procedure

16
Returning from a Procedure

• In the procedure, use
• ret
• The next instruction executed will be the one
  following the call in the main program

17
How call Works

• The address of the instruction following the call
  is pushed on the stack
• The instruction pointer register EIP is loaded
  with the address of the first instruction in the
  procedure

18
How ret Works

• The doubleword on the top of the stack is popped
  into the instruction pointer register EIP
• Assuming that this was the address of the
  instruction following the call, that instruction
  will be executed next
• If the stack has been used for other values after
  the call, these must be removed before the ret
  instruction is executed

19
Alternative ret Format

• ret n
• n is added to ESP after the return address is
  popped
• This is most often used to logically remove
  procedure parameters that have been pushed onto
  the stack
• Not used in cdecl protocol

20
Parameter Terminology

• A procedure definition often includes parameters
  (also called formal parameters)
• These are associated with arguments (also called
  actual parameters) when the procedure is called
• For a procedure's in (pass-by-value) parameters,
  values of the arguments are copied to the
  parameters when the procedure is called
• These values are referenced in the procedure
  using their local names (the identifiers used to
  define the parameters)

21
Implementing Value Parameters

• Parameter values normally passed on the stack
• Pushed in reverse order from argument list
• Example
• Design or high-level code sum add2(value1,
  value2)
• 80x86 implementationpush ecx assuming
  value2 in ECXpush value1 assuming value1
  in memorycall add2 call procedure to
  find sumadd esp, 8 remove parameters
  from stackmov sum, eax sum in memory
• With the cdecl protocol the calling program must
  remove parameters from the stack
• A single integer value normally returned in EAX

22
Procedure Entry Code

• Since the stack pointer ESP may change, a
  procedure starts with entry code to set the base
  pointer EBP to an address in the stack
• This location is fixed until exit code restores
  EBP right before returning
• In the procedure body, parameters are located
  relative to EBP
• Entry code also saves contents of registers that
  are used locally within the procedure body
• Exit code restores these registers

23
Example Procedure

• add2 PROC add two words passed on the
  stack
• return the sum in the EAX
  register
• push ebp save EBP
• mov ebp,esp establish stack
  frame
• mov eax,ebp8 copy first
  parameter value
• add eax,ebp12 add second
  parameter value
• pop ebp restore EBP
• ret return
• add2 ENDP

24
parameter 2 parameter 2
parameter 2 parameter 2
parameter 2 parameter 2
parameter 2 parameter 2
parameter 1 ? parameter 1
parameter 1 increasing parameter 1
parameter 1 addresses parameter 1
parameter 1 parameter 1
return address return address
return address return address
return address return address
ESP ? return address return address
old value of EBP
old value of EBP
old value of EBP
ESP,EBP ? old value of EBP

stack upon procedure entry stack upon procedure entry stack upon procedure entry stack upon procedure entry after EBP established after EBP established after EBP established
Stack frame upon entry to procedure add2 and
after EBP established in entry code
25
Accessing Parameters in a Procedure

• Use based addressing
• Since the value is actually on the stack, EBPn
  references the value
• Examplemov eax,ebp8 copies the last
  parameter pushed to EAX

26
Saving/Restoring Registers

• Push registers in entry code after EBP is
  established
• Exit code pops registers in the opposite order
• Calling programs flag values from can be saved
  with pushfd/popfd

27
Entry and Exit Code Summary

• Entry code
• push ebp establish stack frame
• mov ebp, esp
• push ... save registers
• ...
• push ...
• pushfd save flags
• Exit code
• popfd restore flags
• pop ... restore registers
• ...
• pop ...
• pop ebp restore EBP
• ret return

28
Procedure Call Summary
calling program code procedure code
push arguments on stack in right-to-left order call procedure add number of bytes of parameters to ESP for value-returning procedure, use value in EAX save EBP and establish stack frame save registers used by procedure access parameter values using based addressing in procedure body return value, if any, goes in EAX restore saved registers and EBP return
29
6.3 Additional 32-bit Procedure Options
30
Reference Parameters

• The address of the argument instead of its value
  is passed to the procedure
• Reference parameters are used
• To send a large argument (for example, an array
  or a structure) to a procedure
• To send results back to the calling program as
  argument values

31
Passing an Address

• lea instruction can put address of an argument in
  a register, and then the contents can be pushed
  on the stack
• lea eax, minimum 3rd parameter
• push eax

32
Returning a Value in a Parameter

• Get address from stack
• Use register indirect addressing
• mov ebx, ebp16 get addr of min
• ...
• mov ebx, eax min ai

33
Allocating Local Variable Space

• save EBP and establish stack frame
• subtract number of bytes of local space from ESP
• save registers used by procedure
• Access both parameters and local variables in
  procedure body using based addressing
• return value, if any, goes in EAX
• restore saved registers
• copy EBP to ESP
• restore EBP
• return

New entry and exit code actions are bold
34
Recursive Procedure

• Calls itself, directly or indirectly
• Many algorithms are very difficult to implement
  without recursion
• A recursive call is coded just like any other
  procedure call

35
Separate Assembly

• Procedure code can be in a separate file from the
  calling program
• File with call has an EXTERN directive to
  describe procedure that is defined in another
  file
• ExampleEXTERN minMaxPROC

36
64-bit procedures
37
Stack Usage

• Normally push and pop quadwords
• call pushes a 64-bit address on the stack
• ret pops a 64-bit address into RIP
• Calling procedures entry code must reserve space
  on the stack for arguments.
• Typical code includes sub rsp,120

38
64-bit protocol

• Different from cdecl
• First four arguments passed in registers
• Later arguments copied to stack
• Fifth argument is copied to RSP32

Argument Register
1 RCX
2 RDX
3 R8
4 R9
39
Register Usage

• RAX, RCX, RDX, and R8-R11 are called volatile
• A called procedure is free to change them
• RBX, RDI, RSI, RBP, RSP and R12-R15 are called
  nonvolatile
• A called procedure has the responsibility of
  preserving them
• In practice, it is safest to preserve any
  register that you dont want destroyed by a
  called procedure

40
Procedure to Add Five Integers

• void add5(int x1,int x2,int x3,int x4,int x5)
• returns sum of arguments
• add5 PROC
• mov eax, ecx x1
• add eax, edx x2
• add eax, r8d x3
• add eax, r9d x4
• add eax, DWORD PTR rsp40 x5
• ret return
• add5 ENDP

41
6.5 Macro Definition and Expansion
42
Macro

• Expands to the statements it represents
• Expansion then assembled
• Resembles a procedure call, but is different
• Each time a macro appears in code, it is expanded
• There is only one copy of procedure code

43
Macro Definition

• name MACRO list of parameters
• assembly language statements
• ENDM
• Parameters in the MACRO directive are ordinary
  symbols, separated by commas
• The assembly language statements may use the
  parameters as well as registers, immediate
  operands, or symbols defined outside the macro

44
Macro Example 1

• Given the definition
• add2 MACRO nbr1, nbr2
• put sum of two doubleword parameters in EAX
• mov eax, nbr1
• add eax, nbr2
• ENDM
• the macro call
• add2 value, 30 value 30
• expands to
• put sum of two doubleword parameters in EAX
• mov eax, value
• add eax, 30

45
Macro Example 2

• Given the definition
• add2 MACRO nbr1, nbr2
• put sum of two doubleword parameters in EAX
• mov eax, nbr1
• add eax, nbr2
• ENDM
• the macro call
• add2 eax, ebx sum of two values
• expands to
• put sum of two doubleword parameters in EAX
• mov eax, eax
• add eax, ebx

46
Macro Example 3

• Given the definition
• add2 MACRO nbr1, nbr2
• put sum of two doubleword parameters in EAX
• mov eax, nbr1
• add eax, nbr2
• ENDM
• the macro call
• add2 value
• expands to
• put sum of two doubleword parameters in EAX
• mov eax, value
• add eax, (wont assemble)

47
Macros in IO.H

• Each expands to a statement that calls a
  procedure, for example
• atod MACRO source convert ASCII string
• to integer in EAX
• lea eax,source source address to AX
• push eax source parameter on
  stack
• call atodproc call atodproc(source)
• add esp, 4 remove parameter
• ENDM