ia32 cheat sheet

note a great book for learning ia32 assembly is Professional Assembly Language by Richard Blum published by Wrox

how do you do a Linux system call?

To perform a Linux system call requires you load EAX with the value of the system call, then use the int opcode with a value of 0x80

int 0x80

You pass the parameters to the system called with the registers

EBX = parameter 1
ECX = parameter 2
EDX = parameter 3
ESI = parameter 4
EDI = parameter 5

Once the system call is complete EAX should contain the return value

Example:

  movl %4, %eax         ; write system call = 4
  movl %1, %ebx         ; write to STDOUT (file discriptor 1)
  movl $output, %ecx    ; write the value that is located
                        ; at the memory address of output label
  movl %12, %edx        ; write 12 bytes
  int 0x80              ; do the system call

How do you receive command line arguments in Linux.

When entering the program the value stored in the memory location pointed to by ESP will be the number of arguments (programs have at least 1 argument (program name)). working up the stack will be pointers to the other command line arguments. The pointers to arguments are terminated by 32 bits of 0 (0x00000000) after that are pointers to environmental variables. The environmental variables will also be terminated by 0 (0x00000000). Somewhere above that memory on the stack with actually be the null terminated character values that are the various command line arguments and environmental variables.

Stack
...	Strings of Environmental variables and Command line arguments
ESP - 4(n+2+m+1)	0x00000000 (delimiter)
ESP - 4(n+2+m)	pointer to environmental variable m
...	pointer to environmental variable .
...	pointer to environmental variable .
ESP - 4(n+4)	pointer to environmental variable 2
ESP - 4(n+3)	pointer to environmental variable 1
ESP - 4(n+2)	0x00000000 (delimiter)
ESP - 4(n+1)	pointer to cmd arg n
...	pointer to cmd arg .
...	pointer to cmd arg .
ESP -12	pointer to cmd arg 2
ESP -8	pointer to cmd arg 1
ESP -4	pointer to program name
ESP	# of arguments

How do make a C library call from assembly

Push the data on the stack in reverse order that the function requires. Then do

call function_name

EAX will hold the return value (if return value is 32 bits)

Once your done, you should add back to the stack to offset the values pushed onto it before the function call. example:

c function:
int myfunction(int x,int y)

assembly code to call it:

pushl y
pushl x
call myfunction
addl $8, %esp	; add 8 to the stack to "remove" y and x

How do I use local variable in a routine

use the stack! when entering a routine push the EBP register to the stack, then copy ESP to EBP then use a negative offset of EBP ro refer to your local variables

For Example

pushl %ebp
movl %esp, %ebp
		; now assume we want 3 32 bit local variables
subl $12, %esp	; move stack beneath your local variables
		; remember when pushing to the stack the
		; stack will decrease by the number of required bytes
		; BEFORE writing the data! so you only have to -12 
		; rather than -16
		; now var1 = -4(%ebp)
		; now var2 = -8(%ebp)
		; now var1 = -12(%ebp)
... do stuff ...
movl %ebp, %esp	; restore the ESP
popl %esp	; restore the EBP

Random stuff that's easy to forget

Intel operand ordering
opcode dest src

ATT&T operand ordering
opcode src dest

Push and Pop ordering
Push: first decrements ESP, then writes the data to the new address of ESP
so ESP-, [ESP] <= data NOT [ESP] <= data; ESP-

Pop: first reads the data at ESP, then adds to ESP
so data<=[ESP]; ESP+ NOT [ESP]+; data<=[ESP]