Program Encoding, Data Access, and Assembly

Questions and Answers

Which of the following is NOT a typical use case for understanding assembly language?

• Cybersecurity analysis
• Writing portable applications (correct)
• Reverse engineering executable files
• Debugging optimized code

Machine code is designed to be easily understood and modified by humans.

False (B)

What is the primary role of a disassembler in the context of program encoding?

Translating machine code into assembly language

In instruction encoding, the part that specifies the action to be performed is called the ______.

operation

Match the following x86-64 registers with their common uses:

rax = Return values and system calls rsp = Top of stack pointer rdi = Destination index for string operations rcx = Loop counters

Which of the following is NOT a valid data size suffix in x86-64 assembly?

d (A)

In AT&T assembly syntax, the destination operand comes before the source operand.

False (B)

What is the purpose of the leaq instruction?

Load effective address

An ______ is a word or name that serves as an alias for a memory address, resolved by the assembler or linker.

immediate label

Match the data transfer types with their corresponding examples:

Code to register = movq $42, %rax Register to memory = movq %rdx, (%rsi) Memory to register = movq (%rsp), %rax Memory to memory = pushq (%rax)

Which of the following registers is commonly used to store the top of the stack?

%rsp (C)

The x86-64 architecture is an example of RISC (Reduced Instruction Set Computing).

False (B)

In the context of assembly, what is an operand?

Data manipulated by the instruction

In indirect memory access, the effective address is calculated using the formula: Imm + Rb + Ri * ______.

s

Match the following assembly concepts with their descriptions:

Registers = Storage locations within the CPU used for fast data access Opcodes = Represent the operations that assembly instructions perform Operands = Represent the data used by the instruction Addressing Modes = Specify how operands are accessed

Which of the following best describes the role of inline assembly?

Embedding assembly code within a high-level language program (C)

When using inline assembly in GCC, registers that are modified by the assembly code but not listed as outputs do not need to be 'clobbered'.

False (B)

What does the + constraint signify in the output section of GCC inline assembly?

Read-write operand

In GCC inline assembly, the ______ section is used to list registers modified by the assembly code that aren't outputs.

clobber

Match the following indirect memory access components with their descriptions:

Imm = An immediate value representing a constant offset Rb = The base register providing a starting address Ri = The index register used for array-like access s = A scale factor that multiplies the index register

Which of the following is the main advantage of using registers for data access?

Faster access times (C)

Data can be directly moved from one memory location to another in a single x86-64 instruction.

False (B)

Explain the difference between immediate and register addressing modes.

Immediate addressing uses constant values while register addressing uses registers.

In assembly syntax, a memory location is indicated by enclosing the register in ______.

parentheses

Match the x86-64 register with its size.

%rax = 64-bit %eax = 32-bit %ax = 16-bit %al = 8-bit

In inline assembly syntax, what is the purpose of specifying 'inputs'?

Defining the variables to be used by the assembly code (C)

Assembly language code directly translates to instructions executed by the operating system.

False (B)

Why is it important to 'clobber' registers in inline assembly?

To inform the compiler about modified registers

The x86-64 architecture provides ______ 64-bit general-purpose registers.

16

Match the correct instruction suffix with the register used.

b = %al w = %ax l = %eax q = %rax

Which of the following is NOT a typical component of an Assembly instruction?

Operating System (A)

The MOV instruction copies data, but does not modify the original data.

True (A)

What is the difference between assembly code and machine code?

Assembly uses mnemonics; machine code uses binary.

The default scale (s) is ______, in Indirect Memory Access when scale(s) is not present .

1

Match the AT&T syntax and what the registers mean.

movq $42, %rax = Place the value 42 into register %rax Source = $42 Destination = %rax

Which of the following best describes the role of the instruction?

AND (C)

LEA expression do affect flag

False (B)

Why do we need to know what an immidiate vs a register vs memory access is?

Yes!

The Intel microprocessors, beginning with the 80386, use ______ addressing.

flat

Match the type with form of memory.

Memory = Imm(r) Base displacement = mImm R[R] Indirect = MR[R]

Which of the following is a valid reason to use assembly instead of a high-level language?

To perform hardware manipulation. (A)

Machine code is portable across different CPUs.

False (B)

In instruction encoding, what are the two primary components?

Operation and operands

In x86-64 assembly, which of the following registers is commonly used for storing function arguments?

%rdi (C)

In AT&T assembly syntax, the data flows from _____ to _____. Fill in the blanks.

left to right

Which of the following is NOT a valid addressing mode in x86-64 assembly?

Abstract (B)

It is possible to directly move data from one memory location to another with a single instruction.

False (B)

What is the purpose of 'clobbering' in inline assembly?

To list registers that the assembly code modifies. (B)

What does the acronym CISC stand for?

Complex Instruction Set Computer

Given the instruction leaq (%rax,%rbx), %rdx, if %rax holds 5 and %rbx holds 3, after execution, what value will %rdx hold? Enter the numerical value only without '0x'.

8

Flashcards

Machine Code

A C program translated into machine code, specific to the CPU, easier to read in assembly than machine instructions

Operation

Part of the machine language which tells the CPU what to do

Operands

Registers and data used in the function defined in the instruction encoding

Assembly Syntax

An AT&T assembly in which the data flows from left to right

MOV instruction

An instruction that moves data between the code, memory and registers.

Code

Immediate values (constants) that are hard coded into the program.

Registers

Values stored directly on the CPU.

Memory

The location of memory in RAM.

Width Suffix in MOV

Specify the size of data being moved MOVQ(64), MOVL(32), MOVW(16), MOVB(8)

Immediate Access

Values are constants in the code, encoded with the instruction for CPU access.

Register Access

Fast due to few registers with short encodings, registers store data on the CPU.

Absolute Memory References

Reference a value in memory using immediate values.

Indirect Memory Access

Uses registers as pointers to access a location in memory.

Inline Assembly

Assembly code is inserted directly into C code

asm() statement

Included in the statement, includes Assembly code, Inputs to the assembly code, Outputs, Registers that are used by the AS

LEA

Statement that can be used for calculating some mathematical operations (additions and small multiplications) without affecting flags

Definition of the x86-64 Architecture

A complex instruction set that can manipulate data at the byte, 16-bit, 32-bit, and 64-bit level

Study Notes

Program Encoding and Data Access

• To run, C programs must be translated into machine code.
• Machine code is CPU-specific.
• Machine Code:Encodes instructions so that it's easy for the CPU to decode.
• Machine Code: Has a one-to-one correspondence with assembly instructions.

Why Assembly?

• Debugging: Optimized code flow differs from program code; statements execute out of order.
• Code Optimization: To find areas suitable for hand optimization and write code that's easy to optimize.
• Hardware Manipulation: Manipulation of special registers and memory locations.
• Reverse Engineering: To analyze executables when source code isn't available.
• Cybersecurity: Computer virus analysis and exploit correction.

What to Understand

• The basic architecture of the CPU, including RISC vs CISC, register sizes and purposes, and types of instructions
• Addressing modes such as Immediate, Register, and Memory
• Assembly instruction format (e.g., AT&T vs Intel)
• How to mix assembly with high-level languages like C using standalone or inline assembly

Instruction Encoding

• Instruction encoding comprises operation (what to do) and operands (what data to use).
• Operation is typically encoded as leading bytes.
• The operation dictates the operands needed.
• Instructions can have 0 to 4 operands.
• Operands can have three forms: Immediate (constant), Register (direct), or Memory (indirect).

Register Encodings

• Common registers include rax, rbx, rcx, rdx, rsp, rbp, rsi, and rdi, with variations for 32-bit (e.g., eax), 16-bit, and 8-bit operations.
• Each register has a specific name and common use such as return values/system calls (rax), loop counters (rcx), data (rdx), base pointer for memory access (rbx).
• Instructions such as mov use register encodings to specify source and destination.

Looking up Information

• AT&T assembly style reference is available for Assembly and Machine Code, with free ebook and author's website.
• Intel style list of opcodes and Software Developer Manuals are available for Intel 64 and IA-32 Architectures.
• Online translators are available to translate assembly into machine code.

Disassembler

• Use a disassembler to inspect assembly code.
• Write the C program and compile with debugging information gcc -g -o main main.c
• Debug with GDB via gdb ./main.
• Disassemble the main function using (gdb) disassemble main or use objdump -d main.

x86-64 Architecture

• To use a CPU, understanding available resources is crucial.
• Key aspects include register architecture, general assumptions about the instruction set, and basic assembly syntax.

Registers

• The x86-64 architecture provides 16 64-bit general-purpose registers like %rax, %rcx, %rdx, %rbx, %rsi, %rdi, %rsp, %rbp, and %r08-%r15.
• %rsp and %rbp are reserved for stack and base pointers, respectively.
• Registers %r08-%r15 were added in the 64-bit architecture, with variations for 32-bit, 16-bit and 8-bit.
• Special-purpose registers like %rsp and %rbp are only directly manipulated during function calls and cannot be loaded or stored like general-purpose registers.

Instruction Set for x86-64

• The x86-64 uses the CISC instruction set with a variety of available instructions.
• Instructions include data transfer, arithmetic operations, bitwise manipulation, and branch instructions.
• The data transfer and manipulation instructions require operands of immediate, registers, or memory type.
• An add instruction modifies memory directly.
• Instructions typically have only one memory (indirect) operand.
• Instructions cannot move data from one memory location to another in one instruction.

Basic Assembly Syntax

• Assembly code consists of instructions, typically one per line.
• Instructions start with an operation mnemonic like "mov", "add", or "call".
• Operands can be immediate constants (e.g., $42), immediate labels, registers (e.g., %rax), absolute memory, or indirect memory (enclosed in parentheses).
• Lines starting with . are assembler directives.

AT&T Assembly Syntax

• The AT&T assembly syntax (from Bell Labs) flows data from left to right, with the source preceding the destination operand.

Data Access in x86-64

• Most instructions transfer data, involving loading, modifying, or storing data.
• Data can be stored as Code(immediate values, constants), Registers (on the CPU), or Memory(RAM).
• The CPU can perform five kinds of data transfers between code, register and memory
• Code cannot change.

Data Access- q, I, w, b

• Instruction suffixes like q, l, w, and b specify the size of the data being moved (64-bit, 32-bit, 16-bit, and 8-bit, respectively).
• The assembler can infer the width from the operands if not specified.

Data Access- Fast v's Easy

• Immediate values are constants encoded as part of the instruction and begin with a $ sign.
• Registers are on the CPU, indicated by %, allowing for fast data access.
• Absolute memory references uses an immediate value as a direct reference to a memory location.

Indirect memory access in x86-64

• Indirect memory access in x86 is designed with arrays in mind; uses one or more registers as pointers to access a location in memory.
• The general format for indirect access is Imm(R♭,Rᵢ,s)
  • Imm is an immediate constant, such as 42.
  • R♭ is the base register (e.g., %rsi).
  • Rᵢ is the index register (e.g., %rax).
  • s is a scale factor (1, 2, 4, or 8).
• To calculate the address = Imm + R♭ + Rᵢ*s
• If an Imm or R is not present, treat it as O in the general formula. If scale (s) is not present, the default is 1.
• Common uses of simple indirect addressing include simple indirect & indirect with displacement

Inline Assembly in GCC

• Inline assembly is writing assembly code within C code.
• Inline assembly avoids writing assembly on its own.
• An asm(...) statement includes assembly code, inputs, outputs and registers clobbered by the assembly code.
• The compiler insertes assembly code into compilation output, to provide the inputs and the outputs.

Inline Assembly Details

• The asm(...) statement includes assembly code, inputs, outputs, and registers clobbered by the assembly code.
• Output variables have result that are after the assembly, Inputs variables are listed as read-only, Clobbers registers are restored by the compiler
• Observations
  • % is the escape character, so registers in inline assembly are prefixed with %% instead of just %.
  • Each assembly line is its own string and ends with a ‘;’ -The %0, %1, and %2 are place holders for the inputs and outputs
• Assembly code is written in AT&T syntax with each line terminated by a semicolon.
• Clobbering registers includes "rax" and "rdx" (tells the compiler to reload the registers after the assembly).
• Register is only clobbered if by name is used in the ASM code and the contents are being modified, unless the compiler might assume a register is unchanged.

Mathematical Expressions

• The LEA (load effective address) statement calculates mathematical operations (additions and small multiplications) without affecting flags, unlike arithmetic expressions.