Assembly

Course
Time
13 hours 15 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:03
Hello. This is Dr Miller, and this is Episode 14.13 of Assembly.
00:08
Today we're gonna talk about interrupts and system calls,
00:12
interrupts.
00:14
So interrupt is an event that signals to the CPU that something occurred that it needs to handle.
00:20
And so a couple examples of this are device is ready or a timer goes off.
00:25
And so examples of different types of interrupts might include hardware interrupts. And this would include a mouse, a keyboard in our interface,
00:33
any sort of device that is connected to the computer that is running at a slower speed than the computer. And that is
00:40
generally almost anything right, so computers run at four billion cycles a second, and so there's a lot of things that can go on while the computer is waiting. And so, instead of pulling it to say, Are you ready? Are you ready? Are you ready?
00:53
It says you can go ahead and interrupt me when you're ready.
00:57
We also have software interrupts, and that's the into instruction on X 86. And then we have exceptions. So something happens that we don't know what to deal with. Order cause a catastrophic air with the system we have exceptions, and so an example of that would be trying to divide by zero. So if you try and divide by zero on a computer,
01:15
it'll keep dividing forever and never
01:18
get out of that loop. And so we make an exception to not allow that to occur.
01:23
And the way that interrupts are handled is that the colonel handles thes interrupts. So the colonel has what we call either an interrupt service routine or interrupt handler. And so what that does is so it's gonna look up. Which routine is bound to a specific interrupt number.
01:41
It will then
01:42
disable interrupts within that routine, run the code that it needs to run and then re enable interrupts. And it does this so that way that code can get to completion without getting interrupted by another interrupt handler. So you don't want both of them toe happen at the same time. And so then when the device is ready again, it will again raise another interrupt, and then they
02:01
OS will be able to handle it.
02:04
And so we have two different X 86 instructions. So we have the S t I and the c T. I and the S T I is to set the interrupt flag,
02:13
and so this will enable interrupts to occur. And then we have the c t I. So we have
02:17
disable, interrupts or clear the interrupt flag. And so normally, Writeth e interrupt handler will do the CT i to clearly interfax so that no interrupts concomitant do its code and then s t i to enable it.
02:31
And so these are privileged x 86 instructions, and so you can't actually do them from normal assembly for not running as the colonel
02:42
and then we have system calls.
02:44
So the system calls provide a way for a regular users program in order to interrupt with the operating system kernel.
02:51
And so if there is a particular action that you want to be done and it needs to be done by the kernel, then we go ahead and use a system call. And these again are privileged instructions. So there are certain instructions where we don't want the user to just really nearly be able to
03:06
modify something. So, for example, you don't want to allow one user to change another using users instruction pointer or stack or modify somebody else's file if that's not allowed.
03:15
And so we go through the process of using a system call,
03:20
Um, and this also includes access to privileged data structures. So, for example, the list of processes you wouldn't want a regular user to modify those
03:29
and then if we have any shared resource is like a network of disk, a USB drive, anything that shared among all of the uses of a computer. You would go through a system call in order to write data or read data from those devices, or interact with them in some way.
03:44
So some examples
03:46
most of us are probably familiar with creating a file reading a file, writing a file, a pending or adding to the end of a file closing a file
03:53
so most people are sort of familiar with. If you have a USB drive and you want to be done with it, you have to eject it. Well, that's going through a system called to say I would like to remove this device, so if you have any cash data, you need toe
04:06
um, right that to the device and then close or for a process, we can create new processes execute processes, weight on a process,
04:15
kill processes or just even exit.
04:19
And so
04:20
operating systems will provide different types of instructions in order to do a system call within the system.
04:28
And so, back in the day when we just had 32 bit machines, Lennox uses the interrupt 80 to make a system call, and so you'll see in code. If you look for interrupts, you'll see into 80 code. And so that's how Lennix
04:43
implements doing a system call is we do an interrupt
04:46
with 64 bit architectures, we added. The CIS call instruction so
04:51
into is an instruction and Siskel's instruction. And both of these are ways to do system calls within, for example, Lennix.
05:00
Um, and this Siskel is not supported on 32 big code. So if you're running just a plain 32 bit machine, that won't run. But if you're running 30 to 2 big code on a 64 bit machine than assist, call walks actually work.
05:13
And so when we have ah, interrupt 80 we have different parameters. So yea X is going to be our system called number, and then we've got parameter one parameter to parameter three all the way up to perimeter six on those air stored in these specific registers. And so, if you're going to make use of that system call, you have to set thes registers to the appropriate values.
05:32
When we do a 64 bit sis call Lennox instruction, then we use these sort of our registers. So the extended ones or 64 bit ones. So the system called number goes into our X, and then we have our D i R s I r D x are 10 or eight or nine. Go figure as to why they picked,
05:50
um, those registers. But that's just how they had set it up.
05:56
And if you want to look up any of these numbers, you can basically look inside the Lennox source code and figure out what Siskel number you want.
06:02
And so, for example, if you have a 32 or 64 bit Lennox, you'll have a couple different files. So one is for 32 bit system calls, and we can see here that we have numbers associated with different operations. So if we want to do exit, we use this call one. If we want to do break. We use this call 17.
06:21
And so, for example, if we want to use the right function,
06:25
we have some code here. So we have our normal code, and then we go and say, Well, is this called? Ah, four is for right. So we move into the exit number four. We want to use standard out. Here's a pointer to our string And then here's how many characters
06:41
we went toe to print. And then we do into Etisalat all executed, interrupt and do the service 13 for the right system call that we would like to run.
06:53
And then if you're on 64 bit, you again can look in your include directory and so we can find that we have a 64 bit header, and again it's gonna have the list of system call numbers.
07:04
And so then we can use that with this this call.
07:08
And so here we had to do a little extra work. So, for example, when you build this, you have to do Nazem minus elf 64 in order to get a 64 bit version of your L file. And so then we have to use the R registers. So we got our E X versus called That's a right here is standard. Out here is our string pointer.
07:27
And then here is how many characters are going to do. And then we go ahead and say, Siskel
07:30
and again, that's a way that we can interact with the system on a 64 bit machine using assembly.
07:39
So today we talked about interrupts and system calls.
07:43
In the future, we're gonna talk, do an interrupt example using fork.
07:47
And here's our quiz. What types of system calls are allowed on 64 bit hardware under Lennox.
07:55
So we got into 80 and Siskel,
07:58
if you have questions, you can email me Miller, MJ at you and Keita et you, and you can find me on Twitter at Milhouse 30.

Up Next

Assembly

This course will provide background and information related to programming in assembly. Assembly is the lowest level programming language which is useful in reverse engineering and malware analysis.

Instructed By

Instructor Profile Image
Matthew Miller
Assistant Professor at the University of Nebraska at Kearney
Instructor