13 hours 15 minutes
Hello. This is Dr Miller and this is Episode 14.10 of Assembly.
Today we're gonna talk about in line assembly adding extra arguments and then an in line function goal.
So in line assembly.
So the new compiler collection, or GCC, has the ability for us to
generate different types of code. And GCC uses a T and T syntax for both its X 86 X 64 code.
But there are a lot of different tools that will use standard intel. Syntex. So that includes I'd a buy near Ninja, Gauger, Nazem and Moazzam. And this is all because most of those stem from Nazem, which uses Intel, Syntex.
And so that's why in this class we have talked about using Intel Sin tax for X 86 code.
So in order to allow us to do that type of syntax there a couple of different ways that we can do this.
So the first way is that weaken basically state that we're going to use Intel syntax inside of our in line assembly.
And so to do in line assembly, we use a SM put Apprentice e, and then we put quotes for the code that we want to run.
And so here we've got a different A is some statement for each thing that we're going to do. So, for example, here we move zero into yea X, we load the address of Hvar into E X. We think we can then move one into the value pointed to by E S E X.
And then here we switch back to A T and t Syntex. And this is if you don't do this, the compiler will have trouble with the rest of the code generated because it's all 18 t syntax. And so this is one way where we can write some in line assembly code within our C program.
But we can't have extra arguments,
So there are complex arguments we can use for this. And so we have our assembly code, which we just saw, and this is separated by new lines. But we only did one in each line, so it wasn't a big deal.
We then have a list of output variables. So these air variables that are modified and that's variables inside the C program.
We have input variables, So these are inputs to ours and the compiler will set them up for us
and then we have the clobbers or the list of registers that are modified.
So we also have this complex variable substitution so we can have variables inside of our assembly code
and those are denoted by percent 0% 123 whatever upto end, however variables that we have.
But it's important to note that the output arguments are first and so all of the outputs will be listed
giving their numbers and then the inputs are given.
And so, for example, if we have to outputs and three inputs,
the outputs will be percent 0% 1 those are the outputs and then the inputs are percent 2% 3% 4 for the three inputs that we would have.
Um then additionally, we can have different constraints and I have not listed all of them. But the two that you might end up using are are for register and M for memory.
And then we also have modifiers. So equals means that we might be overriding and then pluses for reading and writing,
and all other outputs or operations assumed to be at least read. And so, if you're reading in a variable as an input.
Then it's assumed that that would be read.
Additionally, we can use the volatile keyword and in our assembly statement to make sure that the assembly code is not moved or changed by the compiler. And this might be due to different optimization ins based on loops that might have unused variables
they might be moved out or security checks. So, for example, if you want to put in assertion
that something is not changed, um, the compiler might remove that. But it's a security check of something that might is not supposed to happen but may happen.
So here we can see a sort of more complex example. So first of all, we have the volatile keyword,
and then we have that we're going to do are moving in and such now one of the things here is when we compile this, we know we use minus mass, um equals intel. So that way, all the code is generated, so we don't have to put that intel syntax in our in line assembly.
So here we are, moving into yea x percent one, and so that is going to be our input
we then move the number 99 in T A X And then we movie a X into the value pointed to by our output. So that's variable B. And so we can see that it will modify variable B
to be the value of variable A plus in 99
or the values the value of variable A plus 99
we can see that that is modified. And then we have our list of clobbers. So the clubbers is the variable that we have modified.
So in here we just modified yea x. And so we just tell the compiler, by the way, we're gonna modify
e x inside this code.
And so when we look inside of here, we can see that if we forget our clobbers. So in this example here, we didn't put our clubbers and we can see that we are loading this into yea X and then we're basically doing a lot of math with the ex.
Well, the assembler slash compiler doesn't know that we're modifying a X inside of there,
and so it's actually modifying a X to be the other value of V X. And so it doesn't work.
And so if we add in the fact that we're going to clobber E X, we can see that then a used e d X in order to store that variable. So it's moving that variable into ET X, and then everywhere that we reference that variable, Um, we'll get the right result. And so you have to make sure if you're modifying a register and your clobbering it,
that you put that in the list of clobbers registers. Otherwise it's not going to work,
so we can't have multiple inputs so we can have variables A and variables be right, and so those they're going to get moved into yea X and EBX. We go ahead and Adam together, store the result in C, and then we can use that. And again we have toe compile with the minus Moazzam equals until
and here we can see that example code with the multiple inputs, and we'll see that they get loaded into different registers. It is a little bit hard to read because you get one line of assembly code that ends up being put in the disassembly view,
and so you have to make sure you carefully read it cause each lining here is not going to correspond to the lines in here.
We can see that it did load are two inputs into registers e, d x and East TX and then did all of our moves. And so it replaced them, um, appropriately and did the set up for its that are variables get the right
values inside of them.
So a function pointer.
one we talked about function, pointers. And so here we're going to give an example using that.
And so we have a function called print A And so if we want to go on, go ahead and call that function.
Right. So here in assembly, we are pushing the number 20. We're moving our register are, um input, which is the value of the print function. So that's gonna be the address of the print function.
So that's going to get moved into yea X. We can then call yaks, and then this pop will race Teoh return value of that,
um, butter will fix the stack because we did push one item onto the stack for that function.
And so here we can see the disassembly output of that,
and so we can see that in the end,
our disassembly is going to pretty much mirror the disassembly of calling the normal function.
Um, other than the fact that they are aligning the stack on 12 or 16 byte by byte boundaries. By doing this, subtract by 12 and then the correction by 16 in orderto keep those byte boundaries the way that they want them.
And then we can do sort of, um or, um, complicated one where we have our clubbers. We're saving it to a variable,
right? So we have far which is going to get our result. So we call our function, which is an E X, and then we go ahead and store that result in percent zero, which is our output. And so the value is going to get saved in Hvar.
They're able to call our function, modify the variable var for our result
and then be able to exit the function appropriately.
And so again, it's just making sure you understand how the syntax works of where the percents go on what they relate to as faras if its argument. Zero argument one.
So today we talked about in line assembly. We talked about adding some extra arguments to those in line assembly calls. And then we looked at an in mine function call for
In the future, we're going to do an in line example, and then we're gonna look at external assembly code.
So you have questions you can email me, Miller, MJ at you and Kate I e to you, and you can find me on Twitter at no house 30.
How to Use GDB (BSWJ)
In this part of the Breaking Stuff with Joe (BSWJ) series, Joe Perry demonstrates how ...
Certificate of Completion Offered
How to Use IDA (BSWJ)
The IDA is used throughout the IT and cybersecurity industries by exploit developers, vulnerability analysts, ...
Certificate of Completion Offered