Professional Documents
Culture Documents
X86 Assembly
X86 Assembly
X86 Assembly
Contents
1 Introduction 1.1 Why Learn Assembly? 1.2 Who is This Book For? 1.3 Ho is This Book !r"ani#ed? 2 Basic FA$ 2.1 Ho %oes the &om'uter (ead)*nderstand Assembly? 2.2 Is it the +ame !n Windo s)%!+)Linu,? 2.3 Which Assembler is Best? 2.- %o I .eed to /no Assembly? 2.0 Ho +hould I Format my &ode? 3 123 Family 3.1 Intel ,23 4icro'rocessors 3.2 A4% ,23 &om'atible 4icro'rocessors - 123 Architecture -.1 ,23 Architecture -.1.1 5eneral 6ur'ose (e"isters 756(8 -.1.2 +e"ment (e"isters -.1.3 9FLA5+ (e"ister -.1.- Instruction 6ointer -.1.0 4emory -.1.3 T o:s com'lement re'resentation -.1.; Addressin" modes -.2 +tack -.3 &6* !'eration 4odes -.3.1 (eal 4ode -.3.2 6rotected 4ode -.3.2.1 Flat 4emory 4odel -.3.2.2 4ulti<+e"mented 4emory 4odel 0 &omments 0.1 &omments 0.2 HLA &omments 3 13 32 and 3- Bits 3.1 The 2=23 (e"isters 3.1.1 9,am'le 3.2 The A2= 5ate +a"a 3.3 32<Bit Addressin" ; 123 Instructions ;.1 &on>entions 2 %ata Trans?er 2.1 %ata trans?er instructions 2.1.1 4o>e 2.1.2 %ata + a' 2.1.3 4o>e and 9,tend 2.1.- 4o>e by %ata +i#e
The Wikibook o?
x86 Assembly
instruction set. The second section ill talk about the di??erences bet een the synta, o? di??erent assemblers. The third section ill talk about some o? the additional instruction sets a>ailableC includin" the Floatin"<6oint o'erationsC the 441 o'erationsC and the ++9 o'erations. The ?ourth section ill talk about some ad>anced to'ics in ,23 assemblyC includin" some lo <le>el 'ro"rammin" tasks such as ritin" bootloaders. There are many tasks that cannot be easily im'lemented in a hi"her<le>el lan"ua"e such as & or &EE. For e,am'leC tasks such as enablin" and disablin" interru'tsC enablin" 'rotected modeC accessin" the &ontrol (e"istersC creatin" a 5lobal %escri'tor TableC etc. all need to be handled in assembly. The ?ourth section ill also talk about ho to inter?ace assembly lan"ua"e ith & and other hi"h<le>el lan"ua"es. !nce a ?unction is ritten in Assembly 7a ?unction to enable 'rotected modeC ?or instance8C e can inter?ace that ?unction to a lar"erC &<based 7or e>en &EE based8 kernel. The Fi?th section ill deal ith the standard ,23 chi'setC ill talk about the basic ,23 com'uter architectureC and ill "enerally deal ith the hard are side o? thin"s. The current layout o? the book is desi"ned to "i>e readers as much in?ormation as they needC ithout "oin" o>erboard. (eaders ho ant to learn assembly lan"ua"e on a "i>en assembler only need to read the ?irst section and the cha'ter in the second section that directly relates to their assembler. 6ro"rammers lookin" to im'lement the 441 or ++9 instructions ?or di??erent al"orithms only really need to read section 3. 6ro"rammers lookin" to im'lement bootloaders and kernelsC or other lo <le>el tasksC can read section -. 6eo'le ho really ant to "et to the nitty<"ritty o? the ,23 hard are desi"n can continue readin" on throu"h section 0.
"asic FA(
x86 Assembly
This 'a"e is "oin" to ser>e as a basic FA$ ?or 'eo'le ho are ne to assembly lan"ua"e 'ro"rammin".
Another ay kee's all the labels in one columnC and all the instructions in another columnB
Label1: mov add jmp Label2: mov ... ax, bx ax, bx Label3 ax, cx
Fet another ay ill se'arate labels and instructions into se'arate columnsC A.% kee' labels on their o n linesB
Label1: mov ax, bx add ax, bx jmp Label3 mov ax, cx
Label2: ...
+o there are a million di??erent ays to do itC but there are some "eneral rules that assembly 'ro"rammers "enerally ?ollo B 1. make your labels ob>iousC so other 'ro"rammers can see here they are 2. more structure 7indents8 ill make your code easier to read 3. use commentsC to e,'lain hat you are doin".
X86 Family
x86 Assembly
The ,23 ?amily o? micro'rocessors is a >ery lar"e ?amily o? chi's ith a lon" history. This 'a"e ill talk about the s'eci?ics o? each di??erent 'rocessor in this ?amily. ,23 micro'rocessors are also called JIA<32K 'rocessors.
6entium 6ro 71LL08 The 6entium 6ro as the si,th<"eneration architecture micro'rocessorC ori"inally intended to re'lace the ori"inal 6entium in a ?ull ran"e o? a''licationsC but later reduced to a more narro role as a ser>er and hi"h<end deskto' chi'. 6entium II 71LL;8 The 6entium II as based on a modi?ed >ersion o? the 63 core ?irst used ?or the 6entium 6roC but ith im'ro>ed 13<bit 'er?ormance and the addition o? the 441 +I4% instruction setC hich had already been introduced on the 6entium 441. 6entium III 71LLL8 Initial >ersions o? the 6entium III ere >ery similar to the earlier 6entium IIC the most notable di??erence bein" the addition o? ++9 instructions. 6entium - 72===8 The 6entium - had a ne ;th "eneration D.etBurstD architecture. It is currently the ?astest ,23 chi' on the market ith res'ect to clock s'eedC ca'able o? u' to 3.2 5H#. 6entium - chi's also introduced the notions JHy'er Threadin"KC and J4ulti< &oreK chi's. &ore 72==38 The architecture o? the &ore 'rocessors as actually an e>en more ad>anced >ersion o? the 3th "eneration architecture datin" back to the 1LL0 6entium 6ro. The limitations o? the .etBurst architectureC es'ecially in mobile a''licationsC ere too "reat to @usti?y creation o? more .etBurst 'rocessors. The &ore 'rocessors ere desi"ned to o'erate more e??iciently ith a lo er clock s'eed. All &ore branded 'rocessors had t o 'rocessin" coresM the &ore +olos had one core disabledC hile the &ore %uos used both 'rocessors. &ore 2 72==38 An u'"radedC 3-<bit >ersion o? the &ore architecture. All deskto' >ersions are multi<core. &eleron 7?irst model 1LL28 The &eleron chi' is actually a lar"e number o? di??erent chi' desi"nsC de'endin" on 'rice. &eleron chi's are the economy line o? chi'sC and are ?reAuently chea'er than the 6entium chi'sNe>en i? the &eleron model in Auestion is based o?? a 6entium architecture. 1eon 7?irst model 1LL28 The 1eon 'rocessors are modern Intel 'rocessors made ?or ser>ersC hich ha>e a much lar"er cache 7measured in me"abytes in com'arison to other chi's kilobyte si#e cache8 than the 6entium micro'rocessors.
se>enth<"eneration ,23 'rocessor andC in a ?irstC retained the initial 'er?ormance lead it had o>er Intel:s com'etin" 'rocessors ?or a si"ni?icant 'eriod o? time. Turion Turion 3- is the brand name A4% a''lies to its 3-<bit lo <'o er 7mobile8 'rocessors. Turion 3- 'rocessors 7but not Turion 3- 12 'rocessors8 are com'atible ith A4%:s +ocket ;0- and are eAui''ed ith 012 or 1=2- /iB o? L2 cacheC a 3-< bit sin"le channel on<die memory controllerC and an 2==4H# Hy'erTrans'ort bus. %uron The A4% %uron as an ,23<com'atible com'uter 'rocessor manu?actured by A4%. It as released as a lo <cost alternati>e to A4%:s o n Athlon 'rocessor and the 6entium III and &eleron 'rocessor lines ?rom ri>al Intel. +em'ron +em'ron isC as o? 2==3C A4%:s entry<le>el deskto' &6*C re'lacin" the %uron 'rocessor and com'etin" a"ainst Intel:s &eleron % 'rocessor. !'teron The A4% !'teron is the ?irst ei"hth<"eneration ,23 'rocessor 7/2 core8C and the ?irst o? A4%:s A4%3- 7,23<3-8 'rocessors. It is intended to com'ete in the ser>er marketC 'articularly in the same se"ment as the Intel 1eon 'rocessor.
X86 Architecture
x86 Assembly
x86 Architecture
The ,23 architecture has 2 5eneral<6ur'ose (e"isters 756(8C 3 +e"ment (e"istersC 1 Fla"s (e"ister and an Instruction 6ointer. Wiki'edia has related in?ormation at Processor register.
9ach o? the 56( are 32 bits ide and are said to be 9,tended (e"isters 7thus their 9,, name8. Their 13 Least +i"ni?icant Bits 7L+Bs8 can be accessed usin" their une,tended 'artsC namely A1C &1C %1C B1C +6C B6C +IC and %I. The e,tended re"isters can be se'arated into Dhi"hD 7the 13 4ost +i"ni?icant Bits8 and Dlo D 7the 13 Least +i"ni?icant Bits8 'ortions. Thus an e,tended re"ister has the ?ormB OHHHHHHHHHHHHHHHHLLLLLLLLLLLLLLLLP 7HereC an H or an L denotes a sin"le bit.8 hich can also be e,'ressed asB OHWQLWP Where HW and LW denote DHi"h WordD and DLo WordD res'ecti>ely. For the - ?irst re"isters 7A1C &1C %1C B18C the 2 4ost +i"ni?icant Bits 74+Bs8 and the 2 L+Bs o? their lo ord can also be accessed >ia AHC &HC %HC BH and ALC &LC %LC BL res'ecti>ely.
AH is an abbre>iation ?or DA1 Hi"hD. This term ori"inates ?rom the ?act that the lo ord o? the re"ister can be decom'osed into its hi"h and lo bytes. The &HC %HC and BH mnemonics are to be inter'reted in a similar ?ashion. Like iseC AL is an abbre>iation ?or DA1 Lo D. &LC %LC and BL are similiarily named.
-e&ment *e&isters
The 3 +e"ment (e"isters areB
++ B +tack +e"ment. 6ointer to the stack. &+ B &ode +e"ment. 6ointer to the code. %+ B %ata +e"ment. 6ointer to the data. 9+ B 9,tra +e"ment. 6ointer to e,tra data. 7:9: stands ?or D9,traD8 F+ B F +e"ment. 6ointer to more e,tra data. 7:F: comes a?ter :9:8 5+ B 5 +e"ment. 6ointer to still more e,tra data. 7:5: comes a?ter :F:8
4ost a''lications on most modern o'eratin" systems 7like Linu, or 4icroso?t Windo s8 use a memory model that 'oints nearly all se"ment re"isters to the same 'lace 7and uses 'a"in" instead8C e??ecti>ely disablin" their use. Ty'ically F+ or 5+ is an e,ce'tion to this ruleC to be used to 'oint at thread<s'eci?ic data.
5FLA1- *e&ister
The 9FLA5+ is a 32 bits re"ister used as a >ector to store and control the results o? o'erations and the state o? the 'rocessor. The names o? these bits areB 31 = 3= = 2L 22 2; = = = 23 = 20 2= = 23 = 22 = 21 2= I% GI6 1L GIF 12 A& 1; G4 13 (F
10 =
1.T
13 12 11 I%2L !F
1=
AF
3 =
2 6F
1 1
= &F
%F IF
TF +F RF =
The bits named = and 1 are reser>ed bits and shouldn:t be modi?ied. !he di66erent use o6 these 6la&s are7
&F B &arry Fla". +et i? the last arithmetic o'eration carried 7addition8 or borro ed 7subtraction8 a bit beyond the si#e o? the re"ister. This is then checked hen the =. o'eration is ?ollo ed ith an add< ith<carry or subtract< ith<borro to deal ith >alues too lar"e ?or @ust one re"ister to contain. 2. 6F B 6arity Fla". +et i? the number o? set bits in the least si"ni?icant byte is a multi'le o? 2. AF B Ad@ust Fla". &arry o? Binary &ode %ecimal 7B&%8 numbers arithmetic o'erations.
-.
3. RF B Rero Fla". +et i? the result o? an o'eration is Rero 7=8. ;. +F B +i"n Fla". +et i? the result o? an o'eration is ne"ati>e. 2. TF B Tra' Fla". +et i? ste' by ste' debu""in". L. IF B Interru'tion Fla". +et i? interru'ts are enabled. 1=. %F B %irection Fla". +tream direction. I? setC strin" o'erations ill decrement their 'ointer rather than incrementin" itC readin" memory back ards. !F B !>er?lo Fla". +et i? si"ned arithmetic o'erations result in a >alue too lar"e ?or the re"ister to contain.
11.
12<1 I!6L B I)! 6ri>ile"e Le>el ?ield 72 bits8. I)! 6ri>ile"e Le>el o? the current 'rocess. 3. 1-. .T B .ested Task ?la". &ontrols chainin" o? interru'ts. +et i? the current 'rocess is linked to the ne,t 'rocess.
13. (F B (esume Fla". (es'onse to debu" e,ce'tions. 1;. G4 B Girtual<2=23 4ode. +et i? in 2=23 com'atibility mode. 12. A& B Ali"nment &heck. +et i? ali"nment checkin" in o? memory re?erences are done.
1L. GIF B Girtual Interru't Fla". Girtual ima"e o? IF. 2=. GI6 B Girtual Interru't 6endin" ?la". +et i? an interru't is 'endin".
Instruction 2ointer
The 9I6 re"ister contains the address o? the next instruction to be e,ecuted i? no branchin" is done. 9I6 can only be read throu"h the stack a?ter a call instruction.
0emory
The ,23 architecture is Little 9ndianC meanin" that multi<byte >alues are ritten least si"ni?icant byte ?irst. This re?ers to the orderin" o? the bytesC not bits. +o the 32 bit >alue B3B2B1B= on an ,23 ould be re'resented in memory asB Little endian representation Byte = Byte 1 Byte 2 Byte 3 For e,am'leC the 32 bits ord =,1BA023%- 7the 8x denotes he,adecimal8 ould be ritten in memory asB Little endian example %- 23 A0 1B Thus seen as =,%- =,23 =,A0 =,1B hen doin" a memory dum'.
1110
1111
Addressin& modes
Addressin" modesB indicates the manner in hich the o'erand is accessed (e"ister Addressin" 7o'erand address ( is in the address ?ield8
mov ax, bx ; moves contents of register bx into ax
or
mov ax, 0x010C ; moves value of 0x10C into register ax
(e"ister Indirect 7?ield 'oints to a re"ister that contains the o'erand address8
mov ax, di"
The re"isters used ?or indirect addressin" are B1C B6C +IC %I Base %is'lacement
mov ax, arr bx" ,!ere bx is t!e displacement inside t!at arra'
Base<inde,
mov ax, bx & di"
For e,am'leC i? e are talkin" about an arrayC b, is the base o? the addressC and di is the inde, o? the array. Base<inde, ith dis'lacement
mov ax, bx & di & 10"
-tack
The stack is a Last In First !ut 7LIF!8 stackM data is 'ushed onto it and 'o''ed o?? o? it in the re>erse order.
mov ax, 00*#! mov bx, -./#! mov cx, 1120! pus! ax
Fou 'ush the >alue in A1 onto the to' o? the stackC hich no holds the >alue S==3A
pus! bx
Fou do the same thin" to the >alue in B1M the stack no has S==3A and SF;LA
pus! cx
%o some stu??. The ?unction is not ?orced to sa>e the re"isters it usesC hence us sa>in" them.
pop cx
6o' the last element 'ushed onto the stack into &1C S112-M the stack no has S==3A and SF;LA
pop bx
6o' the last element 'ushed onto the stack into B1C SF;LAM the stack no has @ust S==3A
pop ax
6o' the last element 'ushed onto the stack into A1C S==3AM the stack is em'ty The +tack is usually used to 'ass ar"uments to ?unctions or 'rocedures and also to kee' track o? control ?lo hen the call instruction is used. The other common use o? the +tack is tem'orarily sa>in" re"isters.
2rotected 0ode
Flat 0emory 0odel I? 'ro"rammin" in a modern o'eratin" system 7such as Linu,C Windo s8C you are basically 'ro"rammin" in ?lat 32<bit mode. Any re"ister can be used in addressin"C and it
is "enerally more e??icient to use a ?ull 32<bit re"ister instead o? a 13<bit re"ister 'art. AdditionallyC se"ment re"isters are "enerally unused in ?lat modeC and it is "enerally a bad idea to touch them. 0ulti--e&mented 0emory 0odel
Comments
x86 Assembly
Comments
When ritin" codeC it is >ery hel'?ul to use some comments to e,'lain hat is "oin" on. A comment is a section o? re"ular te,t that the assembler i"nores hen turnin" the assembly code into the machine code. In assemblyC comments are usually denoted ith a semicolon DMD. Here is an e,am'leB
Label1: mov ax, bx add ax, bx ... ;,e move bx into ax ;add t!e contents of bx into ax
9>erythin" a?ter the semicolonC on the same lineC is i"nored. Let:s sho another e,am'leB
Label1: mov ax, bx ;mov cx, ax ...
HereC the assembler ne>er sees the second instruction Dmo> c,C a,DC because it i"nores e>erythin" a?ter the semicolon.
#LA Comments
The HLA assembler also has the ability to rite comments in & or &EE styleC but e can:t use the semicolons. This is because in HLAC the semicolons are used at the end o? e>ery instructionB
mov1ax, bx2; 33+!is is a C&& comment. 34mov1cx, ax2; ever't!ing bet,een t!e slas!5stars is commented out. +!is is a C comment43
&EE comments "o all the ay to the end o? the lineC but & comments "o on ?or many lines ?rom the D)TD all the ay until the DT)D. For a better understandin" o? & and &EE comments in HLAC see 6ro"rammin"B& or the &EE Wikibooks.
x86 Assembly
,23 assembly has a number o? di??erences bet een architectures that are 13 bitsC 32 bitsC and 3- bits. This 'a"e ill talk about some o? the basic di??erences bet een architectures ith di??erent bit idths.
5xample
I? &+ U =,202& and I6 U =,==12 7the D=,D 're?i, denotes he,adecimal notation8C then &+BI6 ill 'oint to a 2= bit address eAui>alent to D&+ T 13 E I6D hich ill be U =,202& T =,1= E =,==12 7(ememberB 13 decimal U =,1=8 +o &+BI6 U &+,13 E I6 U =,202&T=,1= E =,==12 U =,202%2. The 2=<bit address is kno n as an Absolute address and the +e"mentB!??set re'resentation 7&+BI68 is kno n as a +e"mented Address. It is im'ortant to note that there is not a one<to<one ma''in" o? 'hysical addresses to se"mented addressesM ?or any 'hysical addressC there is more than one 'ossible se"mented address. For e,am'leB consider the se"mented re'resentations B===B2=== and B2==B3===. 9>aluatedC they both ma' to 'hysical address B2===. 7B===B2=== U B===,1=E2=== U B====E2=== U B2=== and B2==B3=== U B2==,1=E3=== U B2===E3=== U B2===8 Ho e>erC usin" an a''ro'riate ma''in" scheme a>oids this 'roblemB such a ma' a''lies a linear trans?ormation to the 'hysical addresses to create
'recisely one se"mented address ?or each. To re>erse the translationC the ma' O?7,8P is sim'ly in>erted. For e,am'leC i? the se"ment 'ortion is eAual to the 'hysical address di>ided by =,1= and the o??set is eAual to the remainderC only one se"mented address ill be "enerated. 7.o o??set ill be "reater than =,=?.8 6hysical address B2=== ma's to 7B2===)1=8B 7B2===V1=8 or B2==B=. This +e"mented re'resentation is "i>en a s'ecial nameB such addresses are said to be D.ormali#ed AddressesD. &+BI6 7&ode +e"mentB Instruction 6ointer8 re'resents the 2= bit address o? the 'hysical memory ?rom here the ne,t instruction ?or e,ecution ill be 'icked u'. Like iseC ++B+6 7+tack +e"mentB +tack 6ointer8 'oints to a 2= bit absolute address hich ill be treated as +tack To' 72=23 uses this ?or 'ushin")'o''in" >alues8
.o to see the ma,imum amount o? memory that can be addressedC let:s ?ill in both +e"ment and !??set to their ma,imum >alues and then con>ert that >alue to its 2=<bit absolute 'hysical address. +oC 4a, >alue ?or se"ment U FFFF H 4a, >alue ?or !??set U FFFF .o C lets con>ertC FFFFBFFFF into its 2=<bit linear addressC bearin" in mind 13 is re'resented as 1= in he,adecimal B< +o e "etC FFFFBFFFF U FFFF , 1=h E FFFF U FFFF= E FFFF U FFFF= E 7FFF= E F8 U FFFFF E FFF= U 14B E FFF=
.oteB FFFFF 3is hexadecimal4 and is e>ual to :0" 7one me"abyte8 and
0oral o6 the story7 From (eal mode a 'ro"ram can actually re?er to 714B E 3-/B < 138 bytes o? memory. .otice the use o? the ord Dre?erD and not DaccessD. 6ro"ram can re?er to this much memory but hether it can access it or not is de'endent on the number o? address lines actually 'resent. +o ith the 2=23 this as de?initely not 'ossible because hen 'ro"rams made re?erences to 14B 'lus memoryC the address that as 'ut on the address lines as actually more than 2=<bitsC and this resulted in ra''in" around o? the addresses. For e,am'leC i? a code is re?errin" to 14b E 1C this ill "et ra''ed around and 'oint to Reroth location in memoryC like ise 14BE2 ill ra' around to address 1 7or ====B===18. .o there ere some su'er ?unky 'ro"rammers around that time ho mani'ulated this ?eature in their codeC that the addresses "et ra''ed around and made their code a little ?aster and a ?e er bytes shorter. *sin" this techniAue it as 'ossible ?or them to access 32kb o? to' memory area 7that is 32kb touchin" 14B boundary8 and 32kb memory o? the bottom memory areaC ithout actually reloadin" their se"ment re"istersW +im'le maths you seeC i? in +e"mentB!??set re'resentation you make +e"ment constantC then since !??set is a 13<bit >alue there?ore you can roam around in a 3-/b 7or 2 to the 'o er 138 area o? memory. .o i? you make your se"ment re"ister 'oint to 32kb belo 14B mark you can access 32/B u' ards to touch 14B boundary and then 32kB ?urther hich ill ultimately "et ra''ed to the bottom most 32kb. .o these su'er ?unky 'ro"rammers o>erlooked the ?act that 'rocessors ith more address lines ould be created. 7.oteB Bill 5ates has been attributed ith sayin"C DWho ould need more than 3-=/B memory?DC these 'ro"rammers ere 'robably thinkin" similarly8. In 1L22C @ust 2 years a?ter 2=23C Intel released the 2=223 'rocessor ith 2address lines. Thou"h it as theoretically back ard com'atible ith le"acy 2=23 'ro"ramsC since it also su''orted (eal 4odeC many 2=23 'ro"rams did not ?unction correctly because they de'ended on out<o?<bounds addresses "ettin" ra''ed around to lo er memory se"ments. +o ?or the sake o? com'atibility IB4 en"ineers routed the A2= address line 72=23 had lines A= < A1L8 throu"h the /eyboard controller and 'ro>ided a mechanism to enable)disable the A2= com'atibility mode. .o i? you are onderin" hy the keyboard controllerC the ans er is that it had an unused 'in. +ince the 2=223 ould ha>e been marketed as ha>in" com'lete com'atibility ith the 2=23 7that asn:t e>en yet out >ery lon"8C u'"raded customers ould be ?urious i? the 2=223 as not bu"< ?or<bu" com'atible such that code desi"ned ?or the 2=23 ould o'erate @ust as ell on the 2=223C but ?aster.
;<-"it Addressin&
32<bit addresses can co>er memory u' to -5b in si#e. This means that e don:t need to use o??set addresses in 32<bit 'rocessors. InsteadC e use hat is called the DFlat addressin"D schemeC here the address in the re"ister directly 'oints to a 'hysical memory location. The se"ment re"isters are used to de?ine di??erent se"mentsC so that 'ro"rams don:t try to e,ecute the stack sectionC and they don:t try to 'er?orm stack o'erations on the data section accidentally.
X86 Instructions
x86 Assembly
Wiki'edia has related in?ormation at X86 instruction listings.
These 'a"es are "oin" to discussC in detailC the di??erent instructions a>ailable in the basic ,23 instruction set. For easeC and to decrease the 'a"e si#eC the di??erent instructions ill be broken u' into "rou'sC and discussed indi>idually. Wiki'edia has related in?ormation at X86 assembly language.
%ata Trans?er Instructions &ontrol Flo Instructions Arithmetic Instructions Lo"ic Instructions +hi?t and (otate Instructions !ther Instructions ,23 Interru'ts
Con?entions
The ?ollo in" tem'late ill be used ?or instructions that take no o'erandsB
Instr
The ?ollo in" tem'late ill be used ?or instructions that take 1 o'erandB
Instr ar"
The ?ollo in" tem'late ill be used ?or instructions that take 2 o'erands. .otice ho the ?ormat o? the instruction is di??erent ?or di??erent com'ilers.
)ata !rans6er
x86 Assembly
dest
(e"ister 4emory
0odi6ied 6la&s
5xample
.data value: .text .global (start (start: movl 8*, 9eax : 9eax is no, * mov, 9eax, value : value is no, * movl 0, 9ebx .long 2
: 9ebx is no, 0 movb 9al, 9bl : 9ebx is no, * movl value, 9ebx : 9ebx is no, 2 movl 8value, 9esi : 9esi is no, t!e address of value mov, value1, 9ebx, 12, 9bx : 9ebx is no, 0 : Linux s's(exit mov 81, 9eax xorl 9ebx, 9ebx int 80x;0
(e"ister 4emory
dest
(e"ister 4emory
0odi6ied 6la&s
5xample
.data value: .text .long 2
xc!gl value, 9ebx : 9ebx is no, 2 : value is no, )0 xc!g, 9ax, value : <alue is no, 0 : 9eax is no, )0 xc!gb 9al, 9bl : 9ebx is no, )0 : 9eax is no, 2 xc!g, value19eax2, 9a, : value is no, 0x00020000 7 1310.2 : 9eax is no, 0 : Linux s's(exit mov 81, 9eax xorl 9ebx, 9ebx int 80x;0
dest
(e"ister 4emory
0odi6ied 6la&s
5xample
.data value: .long b'teval: .b'te .text .global (start (start: mov=b, b'teval, 9ax : 9eax is no, 200 mov=,l 9ax, value : value is no, 200 mov=bl b'teval, 9esi : 9esi is no, 200 : Linux s's(exit mov 81, 9eax xorl 9ebx, 9ebx int 80x;0 30000 200
The movs instruction co'ies the src o'erand in the dest o'erand and 'ads the remainin" bits not 'ro>ided by src the si"n o? src. This instruction is use?ul ?or co'yin" a si"ned small >alue to a bi""er re"ister. %perands src
dest
(e"ister 4emory
0odi6ied 6la&s
5xample
.data value: .long b'teval: .b'te .text .global (start (start: movsb, b'teval, 9ax : 9eax is no, 5200 movs,l 9ax, value : value is no, 5200 movsbl b'teval, 9esi : 9esi is no, 5200 : Linux s's(exit mov 81, 9eax xorl 9ebx, 9ebx int 80x;0 30000 5200
5xample
section .code ; cop' m'str into m'str2 mov esi, m'str mov edi, m'str2 cld rep movsb section .bss
mo?s$
4o>e ord The movs, instruction co'ies one ord 7t o bytes8 ?rom the location s'eci?ied in esi to the location s'eci?ied in edi. %perands .one. 0odi6ied 6la&s
5xample
section .code ; cop' m'str into m'str2 mov esi, m'str mov edi, m'str2 cld rep movs, ; due to endianess, t!e resulting m'str2 ,ould be a#b@cCA0a section .bss m'str2: resb ; section .data m'str db >#a@bCca>, 0x0
Control Flo$
x86 Assembly
Comparison Instructions
test ar"1C ar"2 test ar"1C ar"2
1A- -yntax Intel syntax
'er?orms a bit< ise A.% on the t o o'erands and sets the ?la"sC but does not store a result.
'er?orms a subtraction bet een the t o o'erands and sets the ?la"sC but does not store a result.
@ump Instructions
,nconditional @umps Amp loc
loads 9I6 ith the s'eci?ied address 7i.e. the ne,t instruction e,ecuted ill be the one s'eci?ied by @m'8.
Ane loc
Loads 9I6 ith the s'eci?ied addressC i? o'erands o? 're>ious &46 instruction are not eAual.
A&e loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is "reater than or eAual to the second 7'er?orms si"ned com'arison8.
Aa loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is "reater than the second. ja is the same as jgC e,ce't that it 'er?orms an unsi"ned com'arison.
Aae loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is "reater than or eAual to the second. jae is the same as jgeC e,ce't that it 'er?orms an unsi"ned com'arison.
Ale loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less than or eAual to the second 7'er?orms si"ned com'arison8.
Ab loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less than the second. jb is the same as jlC e,ce't that is 'er?orms an unsi"ned com'arison.
Abe loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less than or eAual to the second. jbe is the same as jleC e,ce't that is 'er?orms an unsi"ned com'arison.
A' loc
Loads 9I6 ith the s'eci?ied addressC i? the #ero bit is set ?rom a 're>ious arithmetic e,'ression. j= is identical to je.
Function Calls
call 'roc
'ushes the >alue 9I6E- onto the to' o? the stackC and @um's to the s'eci?ied location. This is used mostly ?or subroutines.
ret O>alP
Loads the ne,t >alue on the stack into 9I6C and then 'o's the stack the s'eci?ied number o? times. I? val is not su''liedC the instruction ill not 'o' any >alues o?? the stack a?ter
returnin".
Loop Instructions
loop ar"
The loop instruction decrements 9&1 and @um's to the address s'eci?ied by arg unless decrementin" 9&1 caused its >alue to become #ero. For e,am'leB
mov ecx, ) start(loop: ; t!e code !ere ,ould be executed ) times loop start(loop
loopx ar"
These loo' instructions decrement 9&1 and @um' to the address s'eci?ied by arg i? their condition is satis?iedC unless decrementin" 9&1 caused its >alue to become #ero.
lea?e
destroys the current stack ?rameC and restores the 're>ious ?rame
nop
D.o !'erationD. This instruction doesnt do anythin"C but astes an instruction cycle in the 'rocessor. This instruction is o?ten translated to an XC#1 o'eration ith the o'erands 5AX and 5AX.
lock
asserts XL!&/
$ait
aits ?or the &6* to ?inish its last calculation
Arithmetic
x86 Assembly
Arithmetic instructions
Arithmetic instructions take t o o'erandsB a destination and a source. The destination must be a re"ister or a memory location. The source may be either a memory locationC a re"isterC or a constant >alue. .ote that at least one o? the t o must be a re"isterC because o'erations may not use a memory location as both a source and a destination.
This adds src to dest. I? you are usin" the .A+4 synta,C then the result is stored in the ?irst ar"umentC i? you are usin" the 5A+ synta,C it is stored in the second ar"ument.
mul ar"
This multi'lies Dar"D by the >alue o? corres'ondin" byte<len"th in the A re"isterC see table belo . o'erand si#e other o'erand 1 byte 2 bytes - bytes AL A1 %1 9A1 9%1
A1
9A1
In the second caseC the tar"et is not 9A1 ?or back ard com'atibility ith code ritten ?or older 'rocessors.
imul ar"
di? ar"
This di>ides the >alue in the di>idend re"ister7s8 by Dar"DC see table belo . di>isor si#e di>idend remainder stored inB 1 byte 2 bytes - bytes A1 %1BA 9%1B9A1 1 %1 A1 9%1 9A1
AH
I? Auotient does not ?it into Auotient re"isterC arithmetic o>er?lo interru't occurs. All ?la"s are in unde?ined state a?ter the o'eration.
idi? ar"
As %IGC only si"ned.
ne& ar"
Arithmetically ne"ates the ar"ument 7i.e. t o:s com'lement ne"ation8.
Add ith carry. Adds src E carr' flag to destC storin" result in dest. *sually ?ollo s a normal add instruction to deal ith >alues t ice as lar"e as the si#e o? the re"ister.
+ubtract ith borro . +ubtracts src E carr' flag ?rom destC storin" result in
dest. *sually ?ollo s a normal sub instruction to deal ith >alues t ice as lar"e as the si#e o? the re"ister.
dec ar"
%ecrements the re"ister >alue in the ar"ument by 1.
Lo&ic
x86 Assembly
Lo&ical instructions
The instructions on this 'a"e deal ith bit< ise lo"ical instructions. For more in?ormation about bit< ise lo"icC see %i"ital &ircuits)Lo"ic !'erations.
'er?orms a bit< ise A.% o? the t o o'erandsC and stores the result in dest. For e,am'leB
movl 80x1, movl 80x0, andl 9edx, ; !ere ecx 9edx 9ecx 9ecx ,ould be 0 because 1 #C$ 0 7 0
'er?orms a bit< ise !( o? the t o o'erandsC and stores the result in dest. For e,am'leB
movl 80x1, movl 80x0, orl 9edx, ; !ere ecx 9edx 9ecx 9ecx ,ould be 1 because 1 6D 0 7 1
'er?orms a bit< ise 1!( o? the t o o'erandsC and stores the result in dest. For e,am'leB
movl 80x1, movl 80x0, xorl 9edx, ; !ere ecx 9edx 9ecx 9ecx ,ould be 1 because 1 E6D 0 7 1
not ar"
'er?orms a bit< ise in>ersion o? ar". For e,am'leB
movl 80x1, 9edx notl 9edx ; !ere edx ,ould be 0x-------F because a bit,ise C6+ 0x00000001 7 0x-------F
x86 Assembly
shr ar"
Lo"ical shi?ts ar" to the ri"ht
shl ar"
Lo"ical shi?t ar" to the le?t
sar ar"
arithmetic shi?t to the ri"ht. s'aces are ?illed ith si"n bit 7to maintain si"n o? ori"inal >alue8.
sal ar"
arithmetic shi?t to the le?t. s'aces are ?illed ith #eros
scr ar"
shi?t ith carry to the ri"ht
scl ar"
shi?t ith carry to the le?t
*otate Instructions
In a rotate instructionC the bits that slide o?? the end o? the re"ister are ?ed back into the s'aces.
ror ar"
rotate to the ri"ht
rol ar"
rotate to the le?t
%ther Instructions
x86 Assembly
-tack Instructions
push ar"
This instruction decrements the stack 'ointer and loads the data s'eci?ied as the ar"ument into the location 'ointed to by the stack 'ointer.
pop ar"
This instruction loads the data stored in the location 'ointed to by the stack 'ointer into the ar"ument s'eci?ied and then increments the stack 'ointer. For e,am'leB
mov eax, ) mov ebx, *
pus! eax
the stack ould beB O0P the stack ould beB O3P O0P the to'most item 7 hich is 38 ould be stored in ea,. the stack ould beB O0P eb, ould be eAual to 0. the stack ould no be em'ty.
pus! ebx
pop eax
pop ebx
push6
This instruction decrements the stack 'ointer and then loads the location 'ointed to by the stack 'ointer ith the contents o? the ?la" re"ister.
pop6
This intruction loads the ?la" re"ister ith the contents o? the memory location 'ointed to by the stack 'ointer and then increments the contents o? the stack 'ointer.
Fla&s instructions
Interrupt Fla& sti
+ets the interru't ?la". 6rocessor can acce't interru'ts ?rom 'eri'heral hard are. This ?la" should be ke't set under normal e,ecution.
cli
&lears the interru't ?la". Hard are interru'ts cannot interru't e,ecution. 6ro"rams can still "enerate interru'tsC called so?t are interru'tsC and chan"e the ?lo o? e,ecution. .on<maskable interru'ts 7.4I8 cannot be blocked usin" this instruction.
cld
clears the direction ?la"
clc
clears the carry ?la"
cmc
&om'lement the carry ?la"
%ther sah6
+tores the content o? AH re"ister into the lo er byte o? the ?la" re"ister.
lah6
Loads the AH re"ister ith the contents o? the lo er byte o? the ?la" re"ister.
I+% Instructions
in srcC dest in destC src
1A- -yntax Intel syntax
The I. instruction almost al ays has the o'erands A1 and %1 7or 9A1 and 9%18 associated ith it. %1 7src8 ?reAuently holds the 'ort address to readC and A1 7dest8 recei>es the data ?rom the 'ort. In 6rotected 4ode o'eratin" systemsC the I. instruction is ?reAuently lockedC and normal users can:t use it in their 'ro"rams.
The %,! instruction is >ery similar to the I. instruction. !*T out'uts data ?rom a "i>en re"ister 7src8 to a "i>en out'ut 'ort 7dest8. In 'rotected modeC the !*T instruction is ?reAuently locked so normal users can:t use it.
-ystem Instructions
These instructions ere added ith the 6entium II.
sysenter
This instruction causes the 'rocessor to enter 'rotected system mode.
sysexit
This instruction causes the 'rocessor to lea>e 'rotected system modeC and enter user mode.
X86 Interrupts
x86 Assembly
Interru'ts are s'ecial routines that are de?ined on a 'er<system basis. This means that the interru'ts on one system mi"ht be di??erent ?rom the interru'ts on another system. There?oreC it is usually a bad idea to rely hea>ily on interru'ts hen you are ritin" code that needs to be 'ortable.
What is an Interrupt
Interru'ts do e,actly hat the name su""estsB they interru't the control ?lo o? the ,23 'rocessor. When an interru't is tri""eredC the current 'ro"ram sto'sC and the 'rocessor @um's to a s'ecial 'ro"ram called an DInterru't +er>ice (outineD 7I+(8. 9ach I+( is a 'ro"ram in memory that handles a 'articular interru't. When the I+( is ?inishedC the micro'rocessor normally @um's ri"ht back to here it as in the ori"inal 'ro"ram 7ho e>erC there are interru'ts that don:t do this8. In the case o? hard are interru'tsC the 'ro"ram doesn:t e>en ha>e to kno that it "ot interru'tedB the chan"e is seamless. In modern o'eratin" systemsC the 'ro"rammer doesn:t o?ten need to use interru'ts. In Windo sC ?or e,am'leC the 'ro"rammer conducts business ith the Win32 A6I. Ho e>erC these A6I calls ill inter?ace ith the kernelC and o?ten times the kernel ill tri""er interru'ts to 'er?orm di??erent tasks. Ho e>erC in older o'eratin" systems 7s'eci?ically %!+8C the 'ro"rammer didn:t ha>e an A6I to useC and so they had to do all their ork throu"h interru'ts.
Interrupt Instruction
int ar"
This instruction calls the s'eci?ied interru't. ?or instanceB
int 80x0#
!ypes o6 Interrupts
There are 3 ty'es o? interru'tsB Hard are Interru'tsC +o?t are Interru'ts and 9,ce'tions.
#ard$are Interrupts
Hard are interru'ts are tri""ered by hard are de>ices. For instanceC hen you ty'e on
your keyboardC the keyboard tri""ers a hard are interru't. The 'rocessor sto's hat it is doin"C and e,ecutes the code that handles keyboard in'ut 7ty'ically readin" the key you 'ressed into a bu??er in memory8. Hard are interru'ts are ty'ically asynchronous < their occurrance is unrelated to the instructions bein" e,ecuted at the time they are raised.
-o6t$are Interrupts
There are also a series o? so?t are interru'ts that are usually used to trans?er control to a ?unction in the o'eratin" system kernel. +o?t are interru'ts are tri""ered by the instruction int. For e,am'leC the instruction Dint 1-hD tri""ers interru't =,1-. The 'rocessor then sto's the current 'ro"ramC and @um's to the code to handle interru't 1-. When interru't handlin" is com'leteC the 'rocessor returns ?lo to the ori"inal 'ro"ram.
5xceptions
9,ce'tions are caused by e,ce'tional conditions in the code hich is e,ecutin"C ?or e,am'le an attem't to di>ide by #ero or access a 'rotected memory area. The 'rocessor ill detect this 'roblemC and trans?er control to a handler to ser>ice the e,ce'tion. This handler may re<e,ecute the o??endin" code a?ter chan"in" some >alue 7?or e,am'leC the #ero di>idend8 orC i? this cannot be doneC may terminate the 'ro"ram causin" the e,ce'tion.
Further *eadin&
A "reat list o? interru'ts 6or )%- and related systems is at (al'h Bro n:s Interru't List.
x86 Assemblers
x86 Assembly
Wiki'edia has related in?ormation at Assembler. There are a number o? di??erent assemblers a>ailable ?or ,23 architectures. This 'a"e ill list some o? themC and ill discuss here to "et the assemblersC hat they are "ood ?orC and here they are used the most.
5xternal Links
htt'B)) htt'B))
.masm?orum.com .mo>sd.com
&ross 'lat?ormB Like 5asC this assembler runs on nearly e>ery 'lat?ormC su''osedly e>en on 6o er6& 4acs 7thou"h the code "enerated ill only run on an ,23 'lat?orm8 !'en +ource 4acro lan"ua"e 7code that rites code8
this assembler &lean .A+4<like synta, Gery >ery ?ast Has 4acro lan"ua"e 7code that rites code8 Built<in I%9 ?or %!+ and Windo s &reates binaryC 4RC 69C 9LFC &!FF < no linker needed
5xternal Links
htt'B))?latassembler.net)
CA-0 Assembler
FA+4 is a "round<u' re rite o? .A+4 under the ne B+% licence. FA+4 is desi"ned to understand multi'le synta,es nati>ely 7.A+4 and 5A+C currently8. The 'rimary ?ocus o? FA+4 is to 'roduce DlibyasmDC a reusable library that can ork ith code at a lo le>elC and can be easily inte"rated into other so?t are 'ro@ects.
5xternal Links
htt'B))
.tortall.net)'ro@ects)yasm)
1A- -yntax
x86 Assembly
1eneral In6ormation
9,am'les in this article are created usin" the ATHT assembly synta, used in 5.* A+. The main ad>anta"e o? usin" this synta, is its com'atibility ith the 5&& inline assembly synta,. Ho e>erC this is not the only synta, that is used to re'resent ,23 o'erations. For e,am'leC .A+4 uses a di??erent synta, to re'resent assembly mnemonicsC o'erands and addressin" modesC as do some Hi"h<Le>el Assemblers. The ATHT synta, is the standard on *ni,<like systems but some assemblers use the Intel synta,C or can acce't both. 5A+ instructions "enerally ha>e the ?orm mnemonic sourceC destination. For instanceC the ?ollo in" mo? instructionB
movb 80x0), 9al
%peration -u66ixes
5A+ assembly instructions are "enerally su??i,ed ith the letters DbDC DsDC D DC DlDC DAD or DtD to determine hat si#e o'erand is bein" mani'ulated.
b U byte 72 bit8 s U short 713 bit inte"er8 or sin"le 732<bit ?loatin" 'oint8 U ord 713 bit8 l U lon" 732 bit inte"er or 3-<bit ?loatin" 'oint8 A U Auad 73- bit8 t U ten bytes 72=<bit ?loatin" 'oint8
I? the su??i, is not s'eci?iedC and there are no memory o'erands ?or the instructionC 5A+ in?ers the o'erand si#e ?rom the si#e o? the destination re"ister o'erand 7the ?inal o'erand8.
2re6ixes
When re?erencin" a re"isterC the re"ister needs to be 're?i,ed ith a DVD. &onstant numbers need to be 're?i,ed ith a DSD.
It is ?reely a>ailable. It is a>ailable on many o'eratin" systems. It inter?aces nicely ith the other 5.* 'ro"rammin" toolsC includin" the 5.* & com'iler 7"cc8 and 5.* linker 7ld8.
I? you are usin" a com'uter ith the Linu, o'eratin" systemC chances are you already ha>e "as installed on your system. I? you are usin" a com'uter ith the Windo s o'eratin" systemC you can install "as and other use?ul 'ro"rammin" utilities by installin" &y" in or 4in" . The remainder o? this introduction assumes you ha>e installed "as and kno ho to o'en a command<line inter?ace and edit ?iles.
This should com'ile the & ?ile and create an e,ecutable ?ile called DhelloYc.e,eD. I? you
"et an errorC make sure that the contents o? Dhello.cD are correct. .o you should be able to ty'e at the 'rom'tB
.3!ello(c.exe
and the 'ro"ram should 'rint DHelloC orldWD to the console. .o that e kno that Dhello.cD is ty'ed in correctly and does hat e antC let:s "enerate the eAui>alent ,23 assembly lan"ua"e. Ty'e the ?ollo in" at the 'rom'tB
gcc 5% !ello.c
This should create a ?ile called Dhello.sD 7D.sD is the ?ile e,tension that the 5.* system "i>es to assembly ?iles8. To com'ile the assembly ?ile into an e,ecutableC ty'eB
gcc 5o !ello(asm.exe !ello.s
7.ote that "cc calls the assembler 7as8 and the linker 7ld8 ?or us.8 .o C i? you ty'e the ?ollo in" at the 'rom'tB
.3!ello(asm.exe
this 'ro"ram should also 'rint DHelloC orldWD to the console. .ot sur'risin"lyC it does the same thin" as the com'iled & ?ile. Let:s take a look at hat is inside Dhello.sDB
.file .def .text >!ello.c> (((main; .scl 2; .t'pe 32; .endef
LC0:
.ascii >?ello, ,orldJA12A0> .globl (main .def (main; .scl 2; (main: pus!l 9ebp movl 9esp, 9ebp subl 8;, 9esp andl 851*, 9esp movl 80, 9eax movl 9eax, 5019ebp2 movl 5019ebp2, 9eax call ((alloca call (((main movl 8LC0, 19esp2 call (printf movl 80, 9eax leave ret .def (printf; .scl
.t'pe
32;
.endef
2;
.t'pe
32;
.endef
The contents o? Dhello.sD may >ary de'endin" on the >ersion o? the 5.* tools that are installedM this >ersion as "enerated ith &y" inC usin" "cc >ersion 3.3.1.
The lines be"innin" ith 'eriodsC like D.?ileDC D.de?DC or D.asciiD are assembler directi>es << commands that tell the assembler ho to assemble the ?ile. The lines be"innin" ith some te,t ?ollo ed by a colonC like DYmainBDC are labelsC or named locations in the code. The other lines are assembly instructions. The D.?ileD and D.de?D directi>es are ?or debu""in". We can lea>e them outB
LC0: .text
.ascii >?ello, ,orldJA12A0> .globl (main (main: pus!l 9ebp movl 9esp, 9ebp subl 8;, 9esp andl 851*, 9esp movl 80, 9eax movl 9eax, 5019ebp2 movl 5019ebp2, 9eax call ((alloca call (((main movl 8LC0, 19esp2 call (printf movl 80, 9eax leave ret
DhelloEsD line-by-line
.text
This line declares the start o? a section o? code. Fou can name sections usin" this directi>eC hich "i>es you ?ine<"rained control o>er here in the e,ecutable the resultin" machine code "oesC hich is use?ul in some casesC like ?or 'ro"rammin" embedded systems. *sin" D.te,tD by itsel? tells the assembler that the ?ollo in" code "oes in the de?ault sectionC hich is su??icient ?or most 'ur'oses.
LC0: .ascii >?ello, ,orldJA12A0>
This code declares a labelC then 'laces some ra A+&II te,t into the 'ro"ramC startin" at the label:s location. The DZ12D s'eci?ies a line<?eed characterC hile the DZ=D s'eci?ies a null character at the end o? the strin"M & routines mark the end o? strin"s ith null charactersC and since e are "oin" to call a & strin" routineC e need this character here.
.globl (main
This line tells the assembler that the label DYmainD is a "lobal labelC hich allo s other 'arts o? the 'ro"ram to see it. In this caseC the linker needs to be able to see the DYmainD labelC since the startu' code ith hich the 'ro"ram is linked calls DYmainD as a subroutine.
(main:
This line declares the DYmainD labelC markin" the 'lace that is called ?rom the startu' code.
pus!l movl subl 9ebp 9esp, 9ebp 8;, 9esp
These lines sa>e the >alue o? 9B6 on the stackC then mo>e the >alue o? 9+6 into 9B6C then subtract 2 ?rom 9+6. The DlD on the end o? each o'code indicates that e ant to use the >ersion o? the o'code that orks ith Dlon"D 732<bit8 o'erandsM usually the assembler is able to ork out the correct o'code >ersion ?rom the o'erandsC but @ust to be sa?eC it:s a "ood idea to include the DlDC D DC DbDC or other su??i,. The 'ercent si"ns desi"nate re"ister namesC and the dollar si"n desi"nates a literal >alue. This seAuence o? instructions is ty'ical at the start o? a subroutine to sa>e s'ace on the stack ?or local >ariablesM 9B6 is used as the base re"ister to re?erence the local >ariablesC and a >alue is subtracted ?rom 9+6 to reser>e s'ace on the stack 7since the Intel stack "ro s ?rom hi"her memory locations to lo er ones8. In this caseC ei"ht bytes ha>e been reser>ed on the stack. We shall see hy this s'ace is needed later.
andl 851*, 9esp
This code DandDs 9+6 ith =,FFFFFFF=C ali"nin" the stack ith the ne,t lo est 13<byte boundary. An e,amination o? 4in" :s source code re>eals that this may be ?or +I4% instructions a''earin" in the DYmainD routineC hich o'erate only on ali"ned addresses. +ince our routine doesn:t contain +I4% instructionsC this line is unnecessary.
movl movl movl 80, 9eax 9eax, 5019ebp2 5019ebp2, 9eax
This code mo>es #ero into 9A1C then mo>es 9A1 into the memory location 9B6<-C hich is in the tem'orary s'ace e reser>ed on the stack at the be"innin" o? the 'rocedure. Then it mo>es the memory location 9B6<- back into 9A1M clearlyC this is not o'timi#ed code. .ote that the 'arentheses indicate a memory locationC hile the number in ?ront o? the 'arentheses indicates an o??set ?rom that memory location.
call call ((alloca (((main
These ?unctions are 'art o? the & library setu'. +ince e are callin" ?unctions in the & libraryC e 'robably need these. The e,act o'erations they 'er?orm >ary de'endin" on the 'lat?orm and the >ersion o? the 5.* tools that are installed.
movl call 8LC0, 19esp2 (printf
This code 7?inallyW8 'rints our messa"e. FirstC it mo>es the location o? the A+&II strin" to the to' o? the stack. It seems that the & com'iler has o'timi#ed a seAuence o? D'o'l Vea,M 'ushl SL&=D into a sin"le mo>e to the to' o? the stack. ThenC it calls the Y'rint? subroutine in the & library to 'rint the messa"e to the console.
movl
80, 9eax
This line stores #eroC our return >alueC in 9A1. The & callin" con>ention is to store return >alues in 9A1 hen e,itin" a routine.
leave
This lineC ty'ically ?ound at the end o? subroutinesC ?rees the s'ace sa>ed on the stack by co'yin" 9B6 into 9+6C then 'o''in" the sa>ed >alue o? 9B6 back to 9B6.
ret
This line returns control to the callin" 'rocedure by 'o''in" the sa>ed instruction 'ointer ?rom the stack.
IdeallyC you:d ant check the return codes o? D5et+tdHandleD and DWriteFileD to make sure they are orkin" correctlyC but this is su??icient ?or our 'ur'oses. Here is hat the "enerated assembly looks likeB
.file .def .text >!ello2.c> (((main; .scl 2; .t'pe 32; .endef
LC0:
.ascii >?ello, ,orldJA12A0> .globl (main .def (main; .scl 2; (main: pus!l 9ebp movl 9esp, 9ebp subl 800, 9esp andl 851*, 9esp movl 80, 9eax movl 9eax, 51*19ebp2 movl 51*19ebp2, 9eax
.t'pe
32;
.endef
call call movl movl call subl movl movl leal movl movl movl movl movl movl call subl movl leave ret
((alloca (((main 8LC0, 5019ebp2 8511, 19esp2 (Net%td?andleQ0 80, 9esp 9eax, 51219ebp2 80, 1*19esp2 5;19ebp2, 9eax 9eax, 1219esp2 810, ;19esp2 5019ebp2, 9eax 9eax, 019esp2 51219ebp2, 9eax 9eax, 19esp2 (Mrite-ileQ20 820, 9esp 80, 9eax
9>en thou"h e ne>er use the & standard libraryC the "enerated code initiali#es it ?or us. AlsoC there is a lot o? unnecessary stack mani'ulation. We can sim'li?yB
LC0: .text
.ascii >?ello, ,orldJA12> .globl (main (main: pus!l 9ebp movl 9esp, 9ebp subl 80, 9esp pus!l 8511 call (Net%td?andleQ0 pus!l 80 leal 5019ebp2, 9ebx pus!l 9ebx pus!l 810 pus!l 8LC0 pus!l 9eax call (Mrite-ileQ20 movl 80, 9eax leave ret
Analy#in" line<by<lineB
pus!l movl subl 9ebp 9esp, 9ebp 80, 9esp
We sa>e the old 9B6 and reser>e ?our bytes on the stackC since the call to WriteFile needs some here to store the number o? characters rittenC hich is a -<byte >alue.
pus!l call 8511 (Net%td?andleQ0
We 'ush the constant >alue +T%Y!*T6*TYHA.%L9 7<118 to the stack and call 5et+tdHandle. The returned handle >alue is in 9A1.
pus!l leal 80 5019ebp2, 9ebx
We 'ush the 'arameters to WriteFile and call it. .ote that the Windo s callin" con>ention is to 'ush the 'arameters ?rom ri"ht<to<le?t. The load<e??ecti>e<address 7DleaD8 instruction adds <- to the >alue o? 9B6C "i>in" the location e sa>ed on the stack ?or the number o? characters 'rintedC hich e store in 9B1 and then 'ush onto the stack. Also note that 9A1 still holds the return >alue ?rom the 5et+tdHandle callC so e @ust 'ush it directly.
movl leave 80, 9eax
Here e set our 'ro"ram:s return >alue and restore the >alues o? 9B6 and 9+6 usin" the Dlea>eD instruction.
Ca?eats
From The 5A+ manual:s ATHT +ynta, Bu"s sectionB The *ni,Ware assemblerC and 'robably other ATHT deri>ed i,23 *ni, assemblersC "enerate ?loatin" 'oint instructions ith re>ersed source and destination re"isters in certain cases. *n?ortunatelyC "cc and 'ossibly many other 'ro"rams use this re>ersed synta,C so e:re stuck ith it. For e,am'le
fsub 9st,9st132
results in 9st132 bein" u'dated to 9st 5 9st132 rather than the e,'ected 9st132 5 9st. This ha''ens ith all the non<commutati>e arithmetic ?loatin" 'oint o'erations ith t o re"ister o'erands here the source re"ister is 9st and the destination re"ister is 9st1i2. .ote that e>en ob@dum' <d <4 intel still uses re>ersed o'codesC so use a di??erent disassembler to check this. +ee htt'B))bu"s.debian.or")3;2022 ?or more in?o.
0A-0 -yntax
x86 Assembly
This 'a"e ill e,'lain ,23 6ro"rammin" usin" 4A+4 synta,C and ill also discuss ho to use the macro ca'abilities o? 4A+4. !ther assemblersC such as .A+4 and FA+4C use synta, di??erent ?rom 4A+4C similar only in usa"e o? o'erands order and instruction su??i,es.
Instruction %rder
4A+4 instructions ty'ically ha>e o'erands re>ersed ?rom 5A+ instructions. ?or instanceC instructions are ty'ically ritten as Instruction )estination, -ource. The mo? instructionC ritten as ?ollo sB
mov al, 0x0)
Instruction -u66ixes
4A+4 does not use instruction su??i,es to di??erentiate bet een si#es 7byteC ordC d ordC etc8.
0acros
4A+4 is kno n as either the D4acro AssemblerDC or the D4icroso?t AssemblerDC de'endin" on ho you talk to. But no matter here your ans ers are comin" ?romC the ?act is that 4A+4 has a 'o er?ul macro en"ineC and a number o? built<in macros a>ailable immediately.
0A-0 directi?es
4A+4 has a lar"e number o? directi>es that can control certain settin"s and beha>iorsC it has more o? them com'ared to .A+4 or FA+4 ?or e,am'le.
#LA -yntax
x86 Assembly
#LA -yntax
HLA is an assembler ?ront<end created by (andall Hyde. HLA acce'ts assembly ritten usin" a hi"h<le>el ?ormatC and con>erts the code into another ?ormat 74A+4 or 5A+C usually8. Another assembler 74A+4 or 5A+8 ill then assemble the instructions into machine code. In 4A+4C ?or instanceC e could rite the ?ollo in" codeB
mov F#E, 0x0)
HLA uses the same order<o?<o'erations as 5A+ synta,C but doesnt reAuire any o? the name decoration o? 5A+. AlsoC HLA uses the 'arenthesis notation to call an instruction. HLA terminates its lines ith a semicolonC similar to & or 6ascal.
#i&h-Le?el Constructs
+ome 'eo'le critici#e HLA because it Disn:t lo <le>el enou"hD. This is ?alseC because HLA can be as lo <le>el as 4A+4 or 5A+C but it also o??ers the o'tions to use some hi"her<le>el abstractions. For instanceC HLA can use the ?ollo in" synta, to 'ass ea, as an ar"ument to the Function1 ?unctionB
pus!1eax2; call1-unction12;
But HLA also allo s the 'ro"rammer to sim'li?y the 'rocessC i? they antB
-unction11eax2;
This is called the D'arenthesis notationD ?or callin" ?unctions. HLA also contains a number o? di??erent loo's 7do< hileC ?orC untilC etc..8 and control structures 7i?<then<elseC s itch<case8 that the 'ro"rammer can use. Ho e>erC these hi"h< le>el constructs come ith a ca>eatB *sin" them may be sim'leC but they translate into 4A+4 code instructions. It is usually ?aster to im'lement the loo's by hand.
FA-0 -yntax
x86 Assembly
!his book or module has been nominated 6or cleanup because7 'a"e needs "eneral ork
6lease edit this module to im'ro>e it. +ee this module:s talk 'a"e ?or discussion.
FA-0 is an assembler ?or the IA<32 architecture. The name stands ?or D?lat assemblerD. FA+4 itsel? is ritten in assembly lan"ua"e and is also a>ailable on %!+C %e,!+C Linu,C Windo sC and 4enuet!+ systems. It shatters the Dassembly is not 'ortable at allD myth. FA+4 has some ?eatures that are ad>anced ?or assembly lan"ua"esC such as macrosC structuresC and D>irtual dataD. FA+4 contains bindin"s to the 4+Windo s 5*I and !'en5L.
GG G6 Gb
Anonymous labels are su''orted. 9,am'leB
QQ: inc eax pus! eax jmp Qb
F
S describes current location. *se?ul ?or determinin" the si#e o? a block o? code or data. 9,am'le o? useB
m'string m'string.lengt! db eBu >+!is is m' string>, 0 85m'string
Local Labels
Local LabelsC hich be"in ith a . 7a 'eriod8
globallabel: .locallabelone: .locallabelt,o: globallabel2: .locallabelone:
.locallabelt,o:
Fou can re?erence local labels ?rom their "lobal label. For e,am'leB
globallabel.locallabelone
0acros
4acros in FA+4 are described in a &<like manner and are created like thisB
macro 1name2 1parameters2 I macro code. K
For e,am'leC the ?ollo in" could be used to o>erload the mov instruction to acce't three 'arameters in FA+4B
macro mov op1,op2,op3 I if op3 eB mov op1,op2 else mov op1,op2 mov op2,op3 end if K
i? o'3 eA means DI? the 3rd 'arameter 7o'38 eAuals nothin"C or blankD then do a normal mo> o'eration. 9lseC do the 3 ay mo>e o'eration.
5xternal links
.A-0 -yntax
x86 Assembly
This section of the x86 Assembly book is a st b! "o can help by expanding this section!
.A-0 -yntax
Wiki'edia has related in?ormation at NASM.
This loads the number L into re"ister a,. .otice that the instruction ?ormat is DdestC srcD. This ?ollo s the Intel style ,23 instruction ?ormattin"C as o''osed to the ATHT style used by the 5.* Assembler. .ote ?or 'eo'le usin" "db ith nasmC you can set "db to use Intel<style disassembly by issuin" the commandB
set disassembl'5flavor intel
.A-0 Comments
A sin"le semi<colon is used ?or commentsC and can be used like a double slash in &)&EE.
mov eax, mov ecx, mov ebx, mov edx, int 0x;0
0 variable 1 0
; ; ; ;
t!e s'stem interprets 0 as >output> pointer to t!e value being passed standard output 1print to terminal2 lengt! of output 1in b'tes2
6assin" >alues to the re"isters in di??erent orders on:t a??ect the e,ecution hen the kernel is calledC but decidin" on a methodolo"y can make it drastically easier to read.
Floatin& 2oint
x86 Assembly
x8H Coprocessor
The ori"inal ,23 ?amily members had a se'arate math co'rocessor that ould handle the ?loatin" 'oint arithmetic. The ori"inal co'rocessor as the 2=2;C and all F6*s since ha>e been dubbed D,2;D chi's. Later >ariants inte"rated the ?loatin" 'oint unit 7F6*8 into the micro'rocessor itsel?. Ha>in" the ca'ability to mana"e ?loatin" 'oint numbers means a ?e thin"sB 1. The micro'rocessor must ha>e s'ace to store ?loatin" 'oint numbers 2. The micro'rocessor must ha>e instructions to mani'ulate ?loatin" 'oint numbers This 'a"e ill talk about these 2 'oints in detail. The F6*C e>en hen it is inte"rated into an ,23 chi' is still called the D,2;D sectionC e>en thou"h it is 'art o? the ,23 chi'. For instanceC literature on the sub@ect ill ?reAuently call the F6* (e"ister +tack the D,2; +tackDC and the F6* o'erations ill ?reAuently be called the D,2; instruction setD.
F+*BC F+*B6C F+*B(C F+*B(6C FT+TC FWAITC F1A4C F1&HC F1T(A&TC FFL21C FFL2161
Further *eadin&
00X
x86 Assembly
-aturation Arithmetic
Wiki'edia has related in?ormation at MMX. In an 2<bit "rayscale 'ictureC 200 is the >alue ?or 'ure hiteC and = is the >alue ?or 'ure black. In a re"ular re"ister 7A1C B1C &1 ...8 i? e add one to hiteC e "et blackW This is because the re"ular re"isters Droll<o>erD to the ne,t >alue. 441 re"isters "et around this by a techniAue called D+aturation ArithmeticD. In saturation arithmeticC the >alue o? the re"ister ne>er rolls o>er to = a"ain. This means that in the 441 orldC e ha>e the ?ollo in" eAuationsB
2)) & 100 7 2)) 200 & 100 7 2)) 0 5 100 7 0; // 5 100 7 0;
This may seem counter<intuiti>e at ?irst to 'eo'le ho are used to their re"isters rollin" o>erC but it makes "ood senseB i? e make hite bri"hterC it shouldnt become black.
The 441 re"isters cannot easily be used ?or 3- bit arithmeticC so it:s a aste o? time to e>en try. Let:s say that e ha>e - Bytes loaded in an 441 re"isterB 1=C 20C 122C 200. We ha>e them arran"ed as suchB
SS0: T 10 T 2) T 12; T 2)) T
(emember that in the last bo,C our arithmetic DsaturatesDC and doesn:t "o o>er 200. *sin" 441C e are essentially 'er?ormin" - additionsC in the time it takes to 'er?orm 1
addition usin" the re"ular re"isters. The 'roblem is that the 441 instructions run sli"htly slo er then the re"ular arithmetic instructionsC the F6* can:t be used hen the 441 re"ister is runnin"C and 441 re"isters use saturation arithmetic.
00X *e&isters
There are 2 3-<bit 441 re"isters. These re"isters o>erlay the F6* stack re"ister. !he 00X instructions and the F2, instructions cannot be used simultaneously. 441 re"isters are addressed directlyC and do not need to be accessed by 'ushin" and 'o''in" in the same ay as the F6* re"isters. 44; 443 440 44- 443 442 441 44= These re"isters corres'ond to to same numbered F6* re"isters on the F6* stack. *sually hen you initiate an assembly block in your code that contains 441 instructionsC the &6* automatically ill disallo ?loatin" 'oint instructions. To re<allo F6* o'erations you must end all 441 code ith emms here is an e,am'le o? a & routine callin" assembly lan"ua"e ith 441 code 7.!T9B Borland com'atible &EE 9,am'le8....
33555555555555555555555555555555555555555555555555555 33 # simple example using SSE to cop' ; b'tes of data 33 -rom source s2 to destination s1 33555555555555555555555555555555555555555555555555555 void ((fastcall Cop'Semor';1c!ar 4s1, const c!ar 4s22 I ((asm I pus! edx mov ecx, s2 mov edx, s1 movB mm0, ecx " movB edx ", mm0 pop edx emms K K
--5
x86 Assembly
This section of the x86 Assembly book is a st b! "o can help by expanding this section!
++9 stands ?or -treamin& -I0) 5xtensions. ++9 is essentially the ?loatin"<'oint eAui>alent o? the 441 instructions. ++9 re"isters are 122 bitsC and can be used to 'er?orm o'erations on either t o 3- bit ?loatin" 'oint numbers 7& double8C or - 32<bit ?loatin" 'oint numbers 7& ?loat8.
--5
122<bit re"isters 144= 1441 1442 1443 144- 1440 1443 144;
--5<
+ame as 441 and ++9
--5;
+ame as 441 and ++9
;) .o$
x86 Assembly
This section of the x86 Assembly book is a st b! "o can help by expanding this section! Wiki'edia has related in?ormation at #DNo$ %&'. ;d .o$I is A4%:s e,tension o? the 441 instruction set 7/3<2 and more recent8 ?or ith ?loatin"<'oint instruction. This 'a"e ill talk about the 3% .o W instruction setC and ho it is used.
Ad?anced x86
x86 Assembly
The cha'ters in the ,23 Assembly ikibook labled DAd>anced ,23D cha'ters are all s'eciali#ed to'ics that mi"ht not be o? interest to the a>era"e assembly 'ro"rammer. Ho e>erC these cha'ters ill be o? some interest to 'eo'le ho ould like to ork on lo <le>el 'ro"rammin" tasksC such as bootloadersC de>ice dri>ersC and !'eratin" +ystem kernels. A reader does not need to read the ?ollo in" cha'ters to say they Dkno assemblyDC althou"h they certainly are interestin".
#i&h-Le?el Lan&ua&es
x86 Assembly
Compilers
The ?irst com'ilers ere sim'ly te,t translators that con>erted a hi"h<le>el lan"ua"e into assembly lan"ua"e. The assembly lan"ua"e code as then ?ed into an assemblerC to create the ?inal machine code out'ut. The 5&& com'iler still 'er?orms this seAuence 7code is com'iled into assemblyC and ?ed to the A+ assembler8. Ho e>erC many modern com'ilers ill ski' the assembly lan"ua"e and create the machine code directly. Assembly lan"ua"e code has the bene?it that it has a one<to<one correlation ith the underlyin" machine code. 9ach machine instruction is ma''ed directly to a sin"le Assembly instruction. Because o? thisC e>en hen a com'iler directly creates the machine codeC it is still 'ossible to inter?ace that code ith an assembly lan"ua"e 'ro"ram. The im'ortant 'art is kno in" e,actly ho the lan"ua"e im'lements its data structuresC control structuresC and ?unctions. The method in hich ?unction calls are im'lemented by a hi"h<le>el lan"ua"e com'iler is called a callin& con?ention.
C Callin& Con?entions
C)5CL
In most & com'ilersC the &%9&L callin" con>ention is the de ?acto standard. Ho e>erC the 'ro"rammer can s'eci?y that a ?unction be im'lemented usin" &%9&L by 're'endin" the ?unction declaration ith the key ord JJcdecl. +ometimes a com'iler can be instructed to o>erride cdecl as the de?ault callin" con>entionC and this declaration ill ?orce the com'iler not to o>erride the de?ault settin". &%9&L callin" con>ention s'eci?ies a number o? di??erent reAuirementsB 1. Function ar"uments are 'assed on the stackC in ri&ht-to-le6t order. 2. Function result is stored in 9A1)A1)AL 3. The ?unction name is 're'ended ith an underscore. &%9&L ?unctions are ca'able o? acce'tin" >ariable ar"ument lists.
-!)CALL
+T%&ALL is the callin" con>ention that is used hen inter?acin" ith the Win32 A6I on 4icroso?t Windo s systems. +T%&ALL as created by 4icroso?tC and there?ore isn:t al ays su''orted by non<microso?t com'ilers. +T%&ALL ?unctions can be declared usin" the JJstdcall key ord on many com'ilers. +T%&ALL has the ?ollo in"
reAuirementsB 1. 2. 3. -. Function ar"uments are 'assed on the stack in ri"ht<to<le?t order. Function result is stored in 9A1)A1)AL Function name is 're'ended ith an underscore Function name is su??i,ed ith an D[D si"nC ?ollo ed by the number o? bytes o? ar"uments bein" 'assed to it.
+T%&ALL ?unctions are not ca'able o? acce'tin" >ariable ar"ument lists. For e,am'leC the ?ollo in" ?unction declaration in &B
(stdcall void S'-unction1int, int, s!ort2;
(ememberC on a 32 bit machineC 'assin" a 13 bit ar"ument on the stack 7& DshortD8 takes u' a ?ull 32 bits o? s'ace.
FA-!CALL
FA+T&ALL ?unctions can ?reAuently be s'eci?ied ith the JJ6astcall key ord in many com'ilers. FA+T&ALL ?unctions 'ass the ?irst t o ar"uments to the ?unction in re"istersC so that the time<consumin" stack o'erations can be a>oided. FA+T&ALL has the ?ollo in" reAuirementsB 1. The ?irst 32<bit 7or smaller8 ar"ument is 'assed in 9A1)A1)AL 2. The second 32<bit 7or smaller8 ar"ument is 'assed in 9%1)%1)%L 3. The remainin" ?unction ar"uments 7i? any8 are 'assed on the stack in ri"ht<to<le?t order -. The ?unction result is returned in 9A1)A1)AL 0. The ?unction name is a''ended ith an D[D symbol 3. The ?unction name is su??i,ed ith an D[D symbolC ?ollo ed by the si#e o? 'assed ar"umentsC in bytes.
'asses it in 9&1. 5&& 'asses it as i? it ere the ?irst 'arameter o? the ?unction. 7i.e. bet een the return address and the ?irst ?ormal 'arameter.8
Further *eadin&
For an in de'th discussion as to ho hi"h<le>el 'ro"rammin" constructs are translated into assembly lan"ua"eC see (e>erse 9n"ineerin".
x86 Assembly
71 bit8 %irection. 1 U (e"ister is %estinationC = U (e"ister is source. !'code the o'code is a 3 bit Auantity that determines hat instruction ?amily the code is 4!% 72 bits8 (e"ister mode. (e" 73 bits8 (e"ister. 9ach re"ister has an identi?ier. ()4 73 bits8 (e"ister)4emory o'erand .ot all instructions ha>e W or % bitsM in some casesC the idth o? the o'eration is either irrele>ant or im'licitC and ?or other o'erations the data direction is irrele>ant. .otice that Intel instruction ?ormat is little<endianC hich means that the lo est< si"ni?icance bytes are closest to absolute address =. ThusC ords are stored lo <byte ?irstM the >alue 123-H is stored in memory as 3-H 12H. By con>entionC most<si"ni?icant bits are al ays sho n to the le?t ithin the byteC so 3-H ould be ==11=1==B. A?ter the initial 2 bytesC each instruction can ha>e many additional addressin")immediate data bytes.
B1 +6 B6 +I %I
r)m !'erand address === 7B18 E 7+I8 E dis'lacement ==1 7B18 E 7%I8 E dis'lacement =1= 7B68 E 7+I8 E dis'lacement =11 7B68 E 7%I8 E dis'lacement 1== 7+I8 E dis'lacement 1=1 7%I8 E dis'lacement 11= 7B68 E dis'lacement unless mod U == 7see mod table8
111 7B18 E dis'lacement .ote the s'ecial meanin" o? 4!% ==C r)m 11=. .ormallyC this ould be e,'ected to be the o'erand OB6P. Ho e>erC instead the 13<bit dis'lacement is treated as the absolute address. To encode the >alue OB6PC you ould use mod U =1C r)m U 11=C 2<bit dis'lacement U =.
E6D CL,
12?"
.ote that this is 1!(in" &L ith the contents o? address 12H \ the sAuare brackets are a common indirection indicator. The o'code ?or 1!( is D==11==d D. % is 1 because the &L re"ister is the destination. W is = because e ha>e a byte o? data. !ur ?irst byte there?ore is D==11==1=D. .o C e kno that the code ?or &L is ==1. (e" thus has the >alue ==1. The address is s'eci?ied as a sim'le dis'lacementC so the 4!% >alue is == and the ()4 is 11=. Byte 2 is thus 7== ==1 11=b8. Byte 3 and - contain the e??ecti>e addressC lo <order byte ?irstC ==12H as 12H ==HC or 7===1==1=b8 7========b8 All to"etherC
E6D CL, 12?" 7 00110010 00001110 00010010 00000000 7 32? 0F? 12? 00?
In this caseC because there are no sAuare bracketsC 12H is immediateB it is the number e are "oin" to 1!( a"ainst. The o'code ?or an immediate 1!( is 1====== M in this caseC e are usin" a byteC so is =. +o our ?irst byte is 71=======b8. The second byteC ?or an immediate o'erationC takes the ?orm Dmod 11= r)mD. +ince the destination is a re"isterC mod is 11C makin" the r)m ?ield a re"ister >alue. We already kno that the re"ister >alue ?or &L is ==1C so our second byte is 711 11= ==1b8. The third byte 7and ?ourth byteC i? this ere a ord o'eration8 are the immediate data. As it is a byteC there is only one byte o? dataC 12H U 7===1==1=b8. All to"etherC thenB
E6D CL, 12? 7 10000000 11110001 00010010 7 ;0? -1? 12?
2rotected 0ode
x86 Assembly
This 'a"e is "oin" to discuss the di??erences bet een real mode and 'rotected mode o'erations in the ,23 'rocessors. This 'a"e ill also discuss ho to enter 'rotected modeC and ho to e,it 'rotected mode. 4odern !'eratin" +ystems 7Windo sC *ni,C Linu,C B+%C etc...8 all o'erate in 'rotected modeC so most assembly lan"ua"e 'ro"rammers on:t need this in?ormation. Ho e>erC this in?ormation ill be 'articularly use?ul to 'eo'le ho are tryin" to 'ro"ram kernels or bootloaders.
Lon& 0ode
Wiki'edia has related in?ormation at X86 assembly programming in long
mo(e . Lon" mode as introduced by A4% ith the ad>ent o? the Athlon3- 'rocessor. Lon" mode allo s the micro'rocessor to access 3-<bit memory s'aceC and access 3-<bit lon" re"isters. 4any 13 and 32<bit instructions do not ork 7or ork correctly8 in Lon" 4ode. ,23<3- 'rocessors in (eal mode act e,actly the like 13 bit chi'sC and ,23<3- chi's in 'rotected mode act e,actly like 32<bit 'rocessors. To unlock the 3-<bit ca'abilities o? the chi'C the chi' must be s itched into Lon" 4ode.
3. -. 0. 3.
+et IA32Y9F9(.L49 U 1. Load &(3 ith a >alid 64L- table. 9nable 'a"in". At this 'oint you ill be in com'atiblity mode. A ?ar @um' may be e,ecuted to s itch to lon" mode. Ho e>erC the o??set must not e,ceed 32<bit.
C*8
The &(= (e"ister has 3 bits that are o? interest to us. The lo 0 bits o? the &(= re"isterC and the hi"hest bit. Here is a re'resentation o? &(=B
CD0: TLNT5555DF%FD<F$5555TF+T+%TFSTSLTLFT
We reco"ni#e the 69 ?la" as bein" the ?la" that 'uts the system into 'rotected mode. 65 The 65 ?la" turns on memory 'a"in". We ill talk more about that in a second. 46 The D4onitor &o'rocessorD ?la". This ?la" controls the o'eration o? the DWAITD instruction. 9T The 9,tension Ty'e Fla". 9T 7also called D(D8 tells us hich ty'e o? co'rocessor is installed. I? 9T U =C an 2=22; is installed. i? 9T U 1C an 2=32; is installed. 94 The 9mulate Fla". When this ?la" is setC co'rocessor instructions ill "enerate an e,ce'tion. T+ The Task + itched ?la". This ?la" is set automatically hen the 'rocessor s itches to a ne task.
C*<
&(2 contains a >alue called the 2a&e Fault Linear Address 76FLA8. When a 'a"e ?ault occursC the address accessed is stored in &(2.
C*;
The u''er 2= bits o? &(3 are called the 2a&e )irectory "ase *e&ister 76%B(8. The 6%B( holds the 'hysical address o? the 'a"e directory.
C*=
&(- contains se>eral ?la"s controllin" ad>anced ?eatures o? the 'rocessor.
2a&in&
6a"in" is a s'ecial @ob that the micro'rocessor ill 'er?ormC in order to make the a>ailable amount o? memory in a system a''ear lar"er than it actually isC and be more dynamic than it actually is. In a 'a"in" systemC a certain amount o? s'ace is laid aside on the harddri>e 7or on any secondary stora"e8 called the pa&in& 6ile 7or s$ap partition8. The 'hysical (A4C combined ith this 'a"in" ?ile are called the ?irtual memory o? the system. The total >irtual memory is broken do n into chunks or pa&es o? memoryC each usually bein" -=L3 bytes 7althou"h this number can be di??erent on di??erent systems8. These 'a"es can then be mo>ed around throu"hout the >irtual memoryC and all 'ointers inside those 'a"es ill be automatically u'dated to 'oint to the ne locations by re?erencin" them to a "lobal 'a"in" directoryC that the micro'rocessor maintains. The 'ointer to the current 'a"in" directory is stored in the &(3 re"ister. 'a"es that aren:t in ?reAuent use may be mo>ed to the 'a"in" ?ile on the harddisk dri>eC to ?ree u' s'ace in the 'hysical (A4 ?or 'a"es that need to be accessed more ?reAuentlyC or that reAuire ?aster access. (eadin" and ritin" 'a"es to the harddri>e is a slo o'erationC and ?reAuent 'a"in" may increase the strain on the diskC so in some systems ith older dri>esC it may be a "ood 'recaution to turn the 'a"in" ca'abilities o? the 'rocessor o??. This is accom'lished by to""lein" the 65 ?la" in the &(= re"ister. A pa&e 6ault occurs hen the system attem'ts to read ?rom a 'a"e that is marked as Dnot 'resentD in the 'a"in" directory)tableC hen the system attem'ts to rite data beyond the boundaries o? a currently a>ailable 'a"eC or hen any number o? other errors occur in the 'a"in" system. When a 'a"e ?ault occursC the accessed memory address is stored in the &(2 re"ister.
%ther 0odes
In addition to realC 'rotectedC and lon" modesC there are other modes that ,23 'rocessors can enterC ?or di??erent uses B
< Girtual 4odeB This is a mode in hich a''lication so?t are that as ritten to run in real mode is e,ecuted under the su'er>ision o? a 'rotected<modeC multi<taskin" !+. < +ystem 4ana"ement 4odeB This mode enables the 'rocessor to 'er?orm system tasksC ?or instance 'o er mana"ement relatedC ithout disru'tin" the o'eratin" system or other so?t are.
x86 Assembly
The 5lobal %escri'tor Table 75%T8 is a table in memory that de?ines the actions o? the 'rocessor se"ment re"isters. The 5%T ill de?ine the characteristics o? the di??erent se"ment re"istersC it ill de?ine the characteristics o? "lobal memoryC and it hel's to ensure that the 'rotected mode o'erates smoothly.
1)!*
The 5%T is 'ointed to by a s'ecial re"ister in the ,23 chi'C the 1)! *e&isterC or sim'ly the 5%T(. The 5%T( is -2 bits lon". The lo er 13 bits tell the si#e o? the 5%TC and the u''er 32 bits tell the location o? the 5%T in memory. Here is a layout o? the 5%T(B
TLUSU+T5555@#%F5555T
LI4IT is the si#e o? the 5%TC and BA+9 is the startin" address. LI4IT is 1 less than the len"th o? the tableC so i? LI4IT has the >alue 10C then the 5%T is 13 bytes lon". To load the 5%T(C the instruction L1)! is usedB
lgdt gdtr"
.ote that to com'lete the 'rocess o? loadin" a ne 5%TC the se"ment re"isters need to be reloaded. The C- re"ister must be loaded usin" a ?ar @um'B
flus!(gdt: lgdt gdtr" jmp 0x0;:complete(flus! complete(flus!: mov ax, 0x10 mov ds, ax mov es, ax mov fs, ax mov gs, ax mov ss, ax ret
1)!
The 5%T table contains a number o? entries called -e&ment )escriptors. 9ach is 2 bytes lon" and contains in?ormation on the startin" 'oint o? the se"mentC the len"th o? the se"mentC and the access ri"hts o? the se"ment. The ?ollo in" .A+4<synta, code re'resents a sin"le 5%T entryB
struc gdt(entr'(struct limit(lo,: base(lo,: resb 2 resb 2
1 1 1 1
L)!
9ach se'arate 'ro"ram ill recei>eC ?rom the o'eratin" systemC a number o? di??erent memory se"ments ?or use. The characteristics o? each local memory se"ment are stored in a data structure called the Local )escriptor !able 7L%T8. The 5%T contains 'ointers to each L%T.
Ad?anced Interrupts
x86 Assembly
In the cha'ter on Interru'tsC e mentioned the ?act that there are such a thin" as so?t are interru'tsC and they can be installed by the system. This 'a"e ill "o more in<de'th about that 'rocessC and ill talk about ho I+(s are installedC ho the system ?inds the I+(C and ho the 'rocessor actually 'er?orms an interru't. Wiki'edia has related in?ormation at Interrupt.
When e tri""er the interru'tC the 'rocessor "oes to the 2=th location in the IGT 71-h U 2=8. +ince each table entry is - bytes 72 bytes I6C 2 bytes &+8C the micro'rocessor ould "o to location O-T1-HPUO0=HP. At location 0=H ould be the ne I6 >alueC and at location 02H ould be the ne &+ >alue. Hard are and so?t are interru'ts ould all be stored in the IGTC so installin" a ne I+( is as easy as ritin" a ?unction 'ointer into the IGT. In ne er ,23 modelsC the IGT as re'laced ith the Interru't %escri'tor Table. When interru'ts occur in real modeC the FLA5+ re"ister is 'ushed onto the stackC ?ollo ed by &+C then I6. The iret instruction restores &+BI6 and FLA5+C allo in" the interru'ted 'ro"ram to continue una??ected. For hard are interru'tsC all other re"isters 7includin" the "eneral<'ur'ose re"isters8 m st be e,'licitly 'reser>ed 7e.". i? an interru't
routine makes use o? A1C it should 'ush A1 hen it be"ins and 'o' A1 hen it ends8. It is "ood 'ractice ?or so?t are interru'ts to 'reser>e all re"isters e,ce't those containin" return >alues. 4ore im'ortantlyC any re"isters that are modi?ed must be documented.
Task 5atesB These cause a task s itchC allo in" the I+( to run in its o n conte,t 7 ith its o n L%TC etc.8. .ote that I(9T may still be used to return ?rom the I+(C since the 'rocessor sets a bit in the I+(:s task se"ment that causes I(9T to 'er?orm a task s itch to return to the 're>ious task. Interru't 5atesB These are similar to the ori"inal interru't mechanismC 'lacin" 9FLA5+C &+ and 9I6 on the stack. The I+( may be located in a se"ment o? eAual or hi"her 'ri>ile"e to the currently e,ecutin" se"mentC but not o? lo er 'ri>ile"e 7hi"her 'ri>ile"es are n merically lo%erC ith le>el = bein" the hi"hest 'ri>ile"e8. Tra' 5atesB These are identical to interru't "atesC e,ce't do not clear the interru't ?la".
Interrupt 1ate
!rap 1ate
!ask 1ate
*nused
+e"ment selector o? I+( Bits 0C 3C and ; should be =. Bits =<- are unused and can be le?t as #ero.
al$ays8
6la&s
Lo 0 bits are 74+B ?irst8B =111=C bits 0 and 3 ?orm the %6LC bit ; is the 6resent bit.
Lo 0 bits are 74+B ?irst8B =1111C bits 0 and 3 ?orm the %6LC bit ; is the 6resent bit.
Lo 0 bits are 74+B ?irst8B ==1=1C bits 0 and 3 ?orm the %6LC bit ; is the 6resent bit.
*nused
%6L is the %escri'tor 6ri>ile"e Le>el 7= to 3C ith = bein" hi"hest 'ri>ile"e8 The 6resent bit indicates hether the se"ment is 'resent in (A4. I? this bit is =C a -e&ment .ot 2resent ?ault 79,ce'tion 118 ill ensue i? the interru't is tri""ered.
These I+(s are usually installed and mana"ed by the o'eratin" system. !nly tasks ith su??icient 'ri>ile"e to modi?y the I%T:s contents may directly install I+(s. The I+( itsel? must be 'laced in a''ro'riate se"ments 7andC i? usin" task "atesC the a''ro'riate T++ must be set u'8C 'articularly so that the 'ri>ile"e is ne>er lo er than that o? e,ecutin" code. I+(s ?or un'redictable interru'ts 7such as hard are interru'ts8 should be 'laced in 'ri>ile"e le>el = 7 hich is the hi"hest 'ri>ile"e8C so that this rule is not >iolated hile a 'ri>ile"e<= task is runnin". .ote that I+(sC 'articularly hard are<tri""ered onesC should al%ays be 'resent in memory unless there is a "ood reason ?or them not to be. 4ost hard are interru'ts need to be dealt ith 'rom'tlyC and s a''in" causes si"ni?icant delay. AlsoC some hard are I+(s 7such as the hard disk I+(8 mi"ht be re& ired durin" the s a''in" 'rocess. +ince hard are<tri""ered I+(s interru't 'rocesses at un'redictable timesC de>ice dri>er 'ro"rammers are encoura"ed to kee' I+(s >ery short. !?ten an I+( sim'ly or"anises ?or a kernel task to do the necessary orkM this kernel task ill be run at the ne,t suitable o''ortunity. As a result o? thisC hard are<tri""ered I+(s are "enerally >ery small and little is "ained by s a''in" them to the disk. Ho e>erC it may be desirable to set the 'resent bit to =C e>en thou"h the I+( actually is 'resent in (A4. The !+ can use the +e"ment .ot 6resent handler ?or some other ?unctionC ?or instance to monitor interru't calls.
I)! *e&ister
The ,23 contains a re"ister hose @ob is to kee' track o? the I%T. This re"ister is called the I)! *e&isterC or sim'ly DI%T(D. the I%T re"ister is -2 bits lon". The lo er 13 bits are called the LI4IT section o? the I%T(C and the u''er 32 bits are called the BA+9 section o? the I%T(B
TLUSU+T5555@#%F5555T
The BA+9 is the base address o? the I%T in memory. The I%T can be located any here in memoryC so the BA+9 needs to 'oint to it. The LI4IT ?ield contains the current len"th o? the I%T. To load the I%T(C the instruction LI)! is usedB
lidt idtr"
Interrupt Instructions
int ar"
calls the s'eci?ied interru't
into 8x8=
calls interru't - i? the o>er?lo ?la" is set
iret
returns ?rom an interru't ser>ice routine 7I+(8.
)e6ault I-*
A "ood 'ro"rammin" 'ractice is to 'ro>ide a de?ault I+( that can be used as 'laceholder ?or unused interru'ts. This is to 're>ent e,ecution o? random code i? an unreco"ni#ed interru't is raised. The de?ault I+( can be as sim'le as a sin"le iret instruction. .ote ho e>er that under %!+ 7 hich is in real mode8C certain IGT entries contain 'ointers to im'ortantC but not necessarily e,ecutableC locations. For instanceC entry =,1% is a ?ar 'ointer to a >ideo initialisation 'arameter table ?or >ideo controllersC entry =,1F is a 'ointer to the "ra'hical character bitma' table.
)isablin& Interrupts
In ,23C interru'ts can be disabled usin" the cli command. This command takes no ar"uments. To enable interru'tsC the 'ro"rammer can use the sti command. Interru'ts need to be disabled hen 'er?ormin" im'ortant system tasksC because you don:t ant the 'rocessor to o'erate in an unkno n state. For instanceC hen enterin" 'rotected modeC e ant to disable interru'tsC because e ant the 'rocessor to s itch to 'rotected mode
be?ore anythin" else ha''ens. Another thin" you may ant to do is load an I%T 'seudo< descri'tor ith a null limit i? ?or e,am'leC you are s itchin" to real<mode to 'rotected mode because the I%T ?ormat is di??erent bet een the t o modes.
"ootloaders
x86 Assembly
Wiki'edia has related in?ormation at )ootloa(er. When a com'uter is turned onC there is some bee'in"C and some ?lashin" li"htsC and then a loadin" screen a''ears. And then ma"icallyC the o'eratin" system loads into memory. The Auestion is then raisedC ho does the o'eratin" system load u'? What "ets the ball rollin"? The ans er is DBootloadersD.
What is a "ootloader
Bootloaders are small 'ieces o? so?t are that 'lay a role in "ettin" an o'eratin" system loaded and ready ?or e,ecution hen a com'uter is turned on. The ay this ha''ens >aries bet een di??erent com'uter desi"ns 7early com'uters o?ten reAuired a 'erson to manually set the com'uter u' hene>er it as turned on8C and o?ten there are se>eral sta"es in the 'rocess o? boot loadin". !n IB4 6& com'atiblesC the ?irst 'ro"ram to load is the Basic In'ut)!ut'ut +ystem 7BI!+8. The BI!+ 'er?orms many tests and initialisationsC then the BI!+ boot loader be"ins. Its 'ur'ose is to load another boot loaderW It selects a disk 7or some other stora"e media8 ?rom hich it loads a secondary boot loader. This boot loader ill either load yet another boot loader some here elseC or load enou"h o? an !'eratin" +ystem to start runnin" it. The main ?ocus o? this article ill be the ?inal sta"e be?ore the !+ is loaded. +ome tasks that this last boot loader may 'er?ormB
Allocate more stack s'ace 9stablish a 5%T 9nter 6rotected 4ode Load the /ernel
Bootloaders are almost e,clusi>ely ritten in assembly lan"ua"e 7or e>en machine code8C because they need to be com'actC they don:t ha>e access to !+ routines 7such as memory allocation8 that other lan"ua"es mi"ht reAuireC they need to ?ollo some unusual reAuirementsC and they bene?it ?rom 7or reAuire8 access to some lo <le>el ?eatures. 4any bootloaders ill be >ery sim'leC and ill only load the kernel into memoryC lea>in" the kernel:s initialisation 'rocedure to create a 5%T and enter 'rotected mode. I? the 5%T is >ery lar"e or com'licatedC the bootloader may not be 'hysically lar"e enou"h to create it. +ome boot loaders are hi"hly !+<s'eci?icC hile others are less so < certainly the BI!+ boot loader is not !+<s'eci?ic. The 4+<%!+ boot loader 7 hich as 'laced on all 4+< %!+ ?ormatted ?lo''y disks8 sim'ly checks i? the ?iles I%E-C- and 0-)%-E-C- e,istM
i? they are not 'resent it dis'lays the error D.on<+ystem disk or disk errorD other ise it loads and be"ins e,ecution o? I%E-C-.
!he "ootsector
The ?irst 012 bytes o? a disk are kno n as the bootsector or 0aster "oot *ecord. The boot sector is an area o? the disk reser>ed ?or bootin" 'ur'oses. I? the bootsector o? a disk contains a >alid boot sector 7the last ord o? the sector must contain the si"nature =,AA008C then the disk is treated by the BI!+ as bootable.
di??erent ays. IndeedC some embedded systems hose so?t are is com'act enou"h to be stored on (!4 chi's may not need bootloaders at all.
-peci6ications
A bootloader runs under certain conditions that the 'ro"rammer must a''reciate in order to make a success?ul bootloader. The ?ollo in" 'ertains to bootloaders initiated by the 6& BI!+B 1. The ?irst sector o? a dri>e contains its boot loader. 2. !ne sector is 012 bytes < the last t o bytes m st be =,AA00 7i.e. =,00 ?ollo ed by =,AA8C or else the BI!+ ill treat the dri>e as unbootable. 3. I? e>erythin" is in orderC said ?irst sector ill be 'laced at (A4 address ====B;&==C and the BI!+:s role is o>er as it trans?ers control to ====B;&==. 7I.e. it I46s to that address8 -. &+C %+ and 9+ ill be set to ====. 0. There are some con>entions that need to be res'ected i? the disk is to be readable under certain o'eratin" systems. For instance you may ish to include a BI!+ 6arameter Block on a ?lo''y disk to render the disk readable under most 6& o'eratin" systems 7thou"h you must also ensure the rest o? the disk holds a >alid FAT12 ?ile system as ell8. 3. While standard routines installed by the BI!+ are a>ailable to the bootloaderC the o'eratin" system has not been loaded yetC and you cannot rely on loaders or !+ memory mana"ement. Any data the boot loader needs must either be included in the ?irst sector 7be care?ul not to e,ecute itW8 or manually loaded ?rom another sector o? the diskC to some here in (A4. Because the !+ is not runnin" yetC most o? the (A4 ill be unusedC ho e>er you must take care not to inter?ere ith (A4 that may be reAuired by interru'ts. ;. The !+ code itsel? 7or the ne,t bootloader8 ill need to loaded some here into (A4 as ell. 2. The 012<byte stack allocated by the BI!+ may be too small ?or some 'ur'oses 7remember that unless interru'ts are disabledC they can ha''en at any time8. It may be necessary to create a lar"er stack. 4ost assemblers ill ha>e a command or directi>e similar to !(5 ;&==h that in?orms the assembler that the code ill be loaded startin" at o??set ;&==h. The assembler ill take this into account hen calculatin" instruction and data addresses. *sin" this ill make it easier to use 'rocedures and data ithin the bootloader 7you ill not need to add ;&== to all the addresses8. Another o'tion is to set some se"ment re"isters to =;&=hC so that the o??sets actually start at = relati>e to those se"ment. AlsoC some bootloaders co'y themsel>es to other locations in (A4. *suallyC the bootloader ill load the kernel into memoryC and then @um' to the kernel. The kernel ill then be able to reclaim the memory used by the bootloader 7because it has already 'er?ormed its @ob8. Ho e>er it is not im'ossible to include !+ code ithin the
boot sector and kee' it resident a?ter the !+ be"ins. Here is a sim'le boot sector demo desi"ned ?or .A+4B
6DN .C00! VSL s!ort %+#D+ ;Vump over t!e data 1t!e Ws!ortW Re',ord maRes t!e VSL code smaller2 S%N: $@ >?ello MorldJ > FC$S%N: %+#D+: S6< CE, 1 S6< @E, 000-! E6D $E, $E ;Mrite 1 c!aracter ;Colour attribute 1) 1,!ite2 ;%tart at top left corner
L1: S6< %U, S%N ;Loads t!e address of t!e first b'te of t!e message 1Un t!is case, .C02!2 L2: S6< #?, 02 UC+ 10! ;%et cursor position L6$%@ ;Load a b'te of t!e message into #L. ;Demember t!at $% is 0 and %U !olds t!e ;offset of one of t!e b'tes of t!e message. S6< #?, / UC+ 10! ;Mrite c!aracter UCC $L ;#dvance cursor CSL $L, ;0 ;Mrap around edge of screen VCF %XUL E6D $L, $L UCC $? CSL $?, 2) ;Mrap around bottom of screen VCF %XUL E6D $?, $? %XUL: ;Uf ,eWre not at end of message, continue ;loading c!aracters ot!er,ise return %U ;to t!e start of t!e message CSL %U, FC$S%N VCF L2 VSL L1 +USF% 0200! 5 2 5 18 5 882 $@ 0 ;Yerofill up to )10 b'tes $M 0##))! ;@oot %ector signature ;6L+U6C#L: ;+o Yerofill up to t!e si=e of a standard 1.00S@, 3.)> flopp' disR ;+USF% 10.0)*0 5 18 5 882 $@ 0
To com'ile the abo>e ?ileC su''ose it is called :?lo''y.asm:C you can use ?ollo in" commandB
nasm 5f bin 5o flopp'.img flopp'.asm
While strictly s'eakin" this is not a bootloaderC it is bootableC and demonstrates se>eral thin"sB
Ho to include and access data in the boot sector Ho to ski' o>er included data 7this is reAuired ?or a BI!+ 6arameter Block8 Ho to 'lace the =,AA00 si"nature at the end o? the sector 7also .A+4 ill
issue an error i? there is too much code to ?it in a sector8 The use o? BI!+ interru'ts
to rite the ima"e to the ?lo''y disk 7the ima"e may be smaller than the si#e o? the disk in hich case only as much in?ormation as is in the ima"e ill be ritten to the disk8. *nder Windo s you can use so?t are such as (AW(IT9.
#ard disks
Hard disks usually add an e,tra layer to this 'rocessC since they may be 'artitioned. The ?irst sector o? a hard disk is kno n as the 4aster Boot (ecord 74B(8. &on>entionallyC the 'artition in?ormation ?or a hard disk is included at the end o? the 4B(C @ust be?ore the =,AA00 si"nature. The role o? the BI!+ is no di??erent to be?oreB to read the ?irst sector o? the disk 7that isC the 4B(8 into (A4C and trans?er e,ecution to the ?irst byte o? this sector. The BI!+ is obli>ious to 'artitionin" schemes < all it checks ?or is the 'resence o? the =,AA00 si"nature. While this means that one can use the 4B( in any ay one ould like 7?or instanceC omit or e,tend the 'artition table8 this is seldom done. %es'ite the ?act that the 'artition table desi"n is >ery old and limited < it is limited to ?our 'artitions < >irtually all o'eratin" systems ?or IB4 6& com'atibles assume that the 4B( ill be ?ormatted like this. There?ore to break ith con>ention is to render your disk ino'erable e,ce't to o'eratin" systems s'eci?ically desi"ned to use it. In 'racticeC the 4B( usually contains a boot loader hose 'ur'ose is to load another boot loader < to be ?ound at the start o? one o? the 'artitions. This is o?ten a >ery sim'le 'ro"ram hich ?inds the ?irst 'artition marked ActiveC loads its ?irst sector into (A4C and commences its e,ecution. +ince by con>ention the ne boot loader is also loaded to adress ;&==hC the old loader may need to relocate all or 'art o? itsel? to a di??erent location be?ore doin" this. AlsoC 9+B+I is e,'ected to contain the address in (A4 o? the 'artition tableC and %L the boot dri>e number. Breakin" such con>entions may render a bootloader incom'atible ith other bootloaders. Ho e>erC many boot mana"ers Oso?t are that enables the user to select a 'artitionC and sometimes e>en kernelC to boot ?romP use custom 4B( code hich loads the remainder o? the boot mana"er code ?rom some here on diskC then 'ro>ides the user ith o'tions on ho to continue the bootstra' 'rocess. It is also 'ossible ?or the boot mana"er to reside ithin a 'artitionC in hich case it must ?irst be loaded by another boot loader.
4ost boot mana"ers su''ort chain loadin" 7that isC startin" another boot loader >ia the usual ?irst<sector<o?<'artition<to<address<;&== 'rocess8 and this is o?ten used ?or systems such as %!+ and Windo s. Ho e>erC some boot mana"ers 7notably 5(*B8 su''ort the loadin" o? a user<selected kernel ima"e. This can be used ith systems such as 5.*)Linu, and +olarisC allo in" more ?le,ibility in startin" the system. The mechanism may di??er some hat ?rom that o? chain loadin". &learlyC the 'artition table 'resents a chicken<and<e"" 'roblem that is 'lacin" unreasonable limitations on 'artitionin" schemes. !ne solution "ainin" momentum is the 5*I% 6artition TableM it uses a dummy 4B( 'artition table so that le"acy o'eratin" systems ill not inter?ere ith the 56TC hile ne er o'eratin" systems can take ad>anta"e o? the many im'ro>ements o??ered by the system.
T 1.00Sb disRs: sectors 7 1; T 1.2Sb disRs: T sectors 7 1) T .20R@ disRs: T sectors 7 / .globl begtext, begdata, begbss, endtext, enddata, endbss .text
begtext: .data begdata: .bss begbss: .text @66+%FN UCU+%FN %Z%%FN FC$%FN 7 7 7 7 0x0.c0 0x/000 0x1000 %Z%%FN & %Z%%UYF
entr' start start: mov mov mov mov mov sub sub rep mov, jmpi go: mov mov mov mov mov mov xor int mov mov mov mov int
ax,:@66+%FN ds,ax ax,:UCU+%FN es,ax cx,:2)* si,si di,di go,UCU+%FN ax,cs ds,ax es,ax ss,ax sp,:0x000 a!,:0x03 b!,b! 0x10 cx,:20 bx,:0x000. bp,:msg1 ax,:0x1301 0x10
T oR, ,eWve ,ritten t!e message, no, T ,e ,ant to load t!e s'stem 1at 0x100002 mov mov call call ax,:%Z%%FN es,ax read(it Rill(motor T segment of 0x010000
T if t!e read ,ent ,ell ,e get current cursor position ans save it for T posterit'. mov xor int mov a!,:0x03 b!,b! 0x10 )10",dx T read cursor pos T save it in Rno,n place, con(init fetc!es T it from 0x/0)10.
T first ,e move t!e s'stem to itWs rig!tful place mov cld do(move: mov add cmp j= mov sub ax,:0x0000 es,ax ax,:0x1000 ax,:0x/000 end(move ds,ax di,di T WdirectionW70, movs moves for,ard T destination segment
T source segment
T t!en ,e load t!e segment descriptors end(move: mov mov lidt lgdt ax,cs ds,ax idt(0; gdt(0; T rig!t, forgot t!is at first. didnWt ,orR :52 T load idt ,it! 0,0 T load gdt ,it! ,!atever appropriate
T t!at ,as painless, no, ,e enable #20 call mov out call mov out call T T T T T T T empt'(;002 al,:0x$1 :0x*0,al empt'(;002 al,:0x$:0x*0,al empt'(;002 T command ,rite T #20 on
,ell, t!at ,ent oR, U !ope. Co, ,e !ave to reprogram t!e interrupts :51 ,e put t!em rig!t after t!e intel5reserved !ard,are interrupts, at int 0x2050x2-. +!ere t!e' ,onWt mess up an't!ing. %adl' U@S reall' messed t!is up ,it! t!e original LC, and t!e' !avenWt been able to rectif' it after,ards. +!us t!e bios puts interrupts at 0x0;50x0f, ,!ic! is used for t!e internal !ard,are interrupts as ,ell. Me just !ave to reprogram t!e ;2)/Ws, and it isnWt fun. mov out .,ord out .,ord mov out .,ord mov out .,ord mov out .,ord mov out .,ord mov out .,ord out .,ord mov out .,ord out al,:0x11 :0x20,al 0x00eb,0x00eb :0x#0,al 0x00eb,0x00eb al,:0x20 :0x21,al 0x00eb,0x00eb al,:0x2; :0x#1,al 0x00eb,0x00eb al,:0x00 :0x21,al 0x00eb,0x00eb al,:0x02 :0x#1,al 0x00eb,0x00eb al,:0x01 :0x21,al 0x00eb,0x00eb :0x#1,al 0x00eb,0x00eb al,:0x-:0x21,al 0x00eb,0x00eb :0x#1,al T T T T initiali=ation seBuence send it to ;2)/#51 jmp 8&2, jmp 8&2 and to ;2)/#52
T start of !ard,are intWs 10x202 T start of !ard,are intWs 2 10x2;2 T ;2)/51 is master T ;2)/52 is slave T ;0;* mode for bot!
T T T T T T T T T
,ell, t!at certainl' ,asnWt fun :51. ?opefull' it ,orRs, and ,e donWt need no steenRing @U6% an',a' 1except for t!e initial loading :52. +!e @U6%5routine ,ants lots of unnecessar' data, and itWs less >interesting> an',a'. +!is is !o, DF#L programmers do it. Mell, no,Ws t!e time to actuall' move into protected mode. +o maRe t!ings as simple as possible, ,e do no register set5up or an't!ing, ,e let t!e gnu5compiled 325bit programs do t!at. Me just jump to absolute address 0x00000, in 325bit protected mode. mov ax,:0x0001 T protected mode 1LF2 bit
lms, jmpi
ax 0,;
T +!is routine c!ecRs t!at t!e Re'board command Bueue is empt' T Co timeout is used 5 if t!is !angs t!ere is somet!ing ,rong ,it! T t!e mac!ine, and ,e probabl' couldnWt proceed an',a'. empt'(;002: .,ord 0x00eb,0x00eb in al,:0x*0 T ;002 status port test al,:2 T is input buffer full[ jn= empt'(;002 T 'es 5 loop ret T +!is routine loads t!e s'stem at address 0x10000, maRing sure T no *0R@ boundaries are crossed. Me tr' to load it as fast as T possible, loading ,!ole tracRs ,!enever ,e can. T T in: es 5 starting address segment 1normall' 0x10002 T T +!is routine !as to be recompiled to fit anot!er drive t'pe, T just c!ange t!e >sectors> variable at t!e start of t!e file T 1originall' 1;, for a 1.00Sb drive2 T sread: .,ord 1 T sectors read of current tracR !ead: .,ord 0 T current !ead tracR: .,ord 0 T current tracR read(it: mov ax,es test ax,:0x0fff die: jne die T es must be at *0R@ boundar' xor bx,bx T bx is starting address ,it!in segment rp(read: mov ax,es cmp ax,:FC$%FN T !ave ,e loaded all 'et[ jb oR1(read ret oR1(read: mov ax,:sectors sub ax,sread mov cx,ax s!l cx,:/ add cx,bx jnc oR2(read je oR2(read xor ax,ax sub ax,bx s!r ax,:/ oR2(read: call read(tracR mov cx,ax add ax,sread cmp ax,:sectors jne oR3(read mov ax,:1 sub ax,!ead jne oR0(read inc tracR oR0(read: mov !ead,ax xor ax,ax oR3(read: mov sread,ax s!l cx,:/ add bx,cx jnc rp(read mov ax,es add ax,:0x1000 mov es,ax xor bx,bx jmp rp(read
read(tracR: pus! ax pus! bx pus! cx pus! dx mov dx,tracR mov cx,sread inc cx mov c!,dl mov dx,!ead mov d!,dl mov dl,:0 and dx,:0x0100 mov a!,:2 int 0x13 jc bad(rt pop dx pop cx pop bx pop ax ret bad(rt: mov ax,:0 mov dx,:0 int 0x13 pop dx pop cx pop bx pop ax jmp read(tracR 34 4 +!is procedure turns off t!e flopp' drive motor, so 4 t!at ,e enter t!e Rernel in a Rno,n state, and 4 donWt !ave to ,orr' about it later. 43 Rill(motor: pus! dx mov dx,:0x3f2 mov al,:0 outb pop dx ret gdt: .,ord .,ord .,ord .,ord .,ord .,ord .,ord .,ord .,ord idt(0;: .,ord .,ord .,ord .,ord 0,0,0,0 0x0.-0x0000 0x/#00 0x00C0 0x0.-0x0000 0x/200 0x00C0 0 0,0 0x;00 gdt,0x/ T dumm' T T T T T T T T ;Sb 5 limit7200. 1200;400/*7;Sb2 base address70 code read3exec granularit'700/*, 3;* ;Sb 5 limit7200. 1200;400/*7;Sb2 base address70 data read3,rite granularit'700/*, 3;* T idt limit70 T idt base70L T gdt limit7200;, 2)* N$+ entries T gdt base 7 0E/xxxx
gdt(0;:
msg1:
.text endtext:
6urther readin&
9mbedded +ystems)Bootloaders and Bootsectors describes bootloaders ?or a >ariety o? embedded systems. 74ost embedded systems do not ha>e a ,23 'rocessor8.
x86 Chipset
x86 Assembly
Chipset
The ori"inal IB4 com'uter as based around the 2=22 micro'rocessorC althou"h the 2=22 alone as not enou"h to handle all the com'le, tasks reAuired by the system. A number o? other chi's ere de>elo'ed to su''ort the micro'rocessor unit 746*8C and many o? these other chi's<<in one ay or another<<sur>i>e to this day. The cha'ters in this section ill talk about some o? the additional chi's in the standard ,23 chi'setC includin" the %4A chi'C the interru't controllerC and the Timer. This section currently only contains 'a"es about the 'ro"rammable 'eri'heral chi'sC althou"h e>entually it could also contain 'a"es about the non<'ro"rammable com'onents o? the ,23 architectureC such as the (A4C the .orthbrid"eC etc. 4any o? the com'onents discussed in these cha'ters ha>e been inte"rated onto lar"er die throu"h the years. The %4A and 6I& controllersC ?or instanceC are both usually inte"rated into the +outhbrid"e A+I&. I? the 6&I 9,'ress standard becomes ides'readC many o? these same ?unctions could be inte"rated into the 6&I 9,'ress controllerC instead o? into the traditional .orthbrid"e)+outhbrid"e chi's.
x86 Assembly
)0A %peration
The %4A chi' can be used to mo>e lar"e blocks o? data bet een t o memory locationsC or it can be used to mo>e blocks o? data ?rom a 'eri'heral de>ice to memory. For instanceC %4A is used ?reAuently to mo>e data bet een the 6&I bus to the e,'ansion cardsC and it is also used to mana"e data transmissions bet een 'rimary memory 7(A48 and the secondary memory 7H%%8. While the %4A is o'erationalC it has control o>er the memory busC and the 46* may not access the bus ?or any reason. The 46* may continue o'eratin" on the instructions that are stored in it:s cachesC but once the caches are em'tyC or once a memory access instruction is encounteredC the 46* must ait ?or the %4A o'eration to com'lete. The %4A can mana"e memory o'erations much more Auickly than the 46* canC so the ait times are usually not a lar"e s'eed 'roblem.
)0A Channels
The %4A chi' has u' to 2 %4A channelsC and one o? these channels can be used to cascade a second %4A chi' ?or a total o? 1- channels a>ailable. 9ach channel can be 'ro"rammed to read ?rom a s'eci?ic sourceC to rite to a s'eci?ic sourceC etc. Because o? thisC the %4A has a number o? dedicated I)! addresses a>ailableC ?or ritin" to the necessary control re"isters. The %4A uses addresses =,====<=,===F ?or standard control re"istersC and =,==2=<=,==23 ?or 'a"e re"isters.
x86 Assembly
This section of the x86 Assembly book is a st b! "o can help by expanding this section! The ori"inal IB4 6& contained a chi' kno n as the 2ro&rammable Interrupt Controller to handle the incomin" interru't reAuests ?rom the systemC and to send them in an orderly ?ashion to the 46* ?or 'rocessin". The ori"inal interru't controller as the 220L<A chi'C althou"h modern com'uters ill ha>e a more modern >ariant. The most common re'lacement is the A6I&OO2PP 7Ad>anced 6ro"rammale Inerru't &ontroller8 hich is essentially an e,tended >ersion o? the old 6I& chi' to maintain back ards com'atibility.
x86 Assembly
This section of the x86 Assembly book is a st b! "o can help by expanding this section! The 2ro&rammable Interrupt !imer 76IT8 is an essential com'onent o? modern com'utersC and is an essential 'art o? a multi<taskin" en>ironment. The 6IT chi' can be made<<by settin" >arious re"ister >alues<<to count u' or do nC at certain ratesC and to tri""er interru'ts at certain times. The timer can be set into a cyclic modeC so that hen it tri""ers it automatically starts countin" a"ainC or it can be set into a one<time<only countdo n mode.
x86 Assembly
This section of the x86 Assembly book is a st b! "o can help by expanding this section! The !ri"inal ,23 6& had another 'eri'heral chi' onboard kno n as the 2200A 2ro&rammable 2eripheral Inter6ace 766I8. The 2200AC and >ariants 722&00AC 22B00AC etc.8 controlled the communications tasks ith the outside orld. The 66I chi's can be 'ro"rammed to o'erate in di??erent I)! modes.
*esources
x86 Assembly
Wikimedia -ources
Wiki'edia has related in?ormation at Assembly language. Wiki'edia has related in?ormation at "86.
Wiki'edia Assembler Article & 6ro"rammin" &EE 6ro"rammin" !'eratin" +ystem %esi"n 9mbedded +ystems ,23 %isassembly Floatin" 6oint
"ooks
&arterC 6aulC D6& Assembly TutorialD. !nline book. htt'B)) .dr'aulcarter.com) 'casm)inde,.'h' HydeC (andallC DThe Art o? Assembly Lan"ua"eDC .o +tarch 6ressC 2==3. I+B. 1223-11L;2. htt'B)) .arto?assembly.com Triebel and +i"nhC DThe 2=22 and 2=23 4icro'rocessorsB 6ro"rammin"C Inter?acin"C +o?t areC Hard areC and A''licationsDC -th 9ditionC 6rentice HallC 2==3. I+B. =13=L3=21Ionathan BartlettC D6ro"rammin" ?rom the 5round *'DC Bartlett 6ublishin"C Iuly 31C 2==-. I+B. =L;02232-;. A>ailable online at htt'B))do nload.sa>annah."nu.or")releases)'"ubook) TambeC 6ratikC D6rimiti>easmB Learn Assembly Lan"ua"e in 10 daysWWWDC 1st 9dition. 6resently ?ree cha'ters A>ailable online. 9book in 'ro"ressC htt'B))'ratik.tambe.ebooksu''ort."oo"le'a"es.com)
Web *esources
htt'B))de>elo'er.intel.com)desi"n)'entiumii)manuals)2-31L1.htm A4%:s A4%3- documentation on &%<(!4 7*.+. and &anada only8 and do nloadable 6%F ?ormat < maybe not inde'endent but com'lete descri'tion o? A4%3- throu"h Assembly. htt'B)) .amd.com)us< en)6rocessors)6roductIn?ormation)=CC3=Y112Y-3LLY;L2=V092;0V09-322C==.ht ml
A &ommon (I+& assembly set that is both 'o er?ulC and relati>ely easy to learn The Assembly lan"ua"e used by the 4otorola 32=== series o? micro'rocessors The Assembly lan"ua"e used by the IB4 6o er6& architecture
The Assembly lan"ua"e used by +6A(& +ystems and main?rames The 30=2 is a 'o'ular 2<bit microcontroller that is chea' and easy to use. This is the instruction set used ith the TI 23 6lus brand o? 'ro"rammable "ra'hin" calculators. This is the instruction set used ith the IB4 33= ) 3;= ) L3,, and #)
This is the instruction set used ith most 32<bit embedded &6*sC includin" most 6%AsC 463 'layersC and handheld "amin" units.
7edit tem'late8
Licensin&
x86 Assembly
6ermission is "ranted to co'yC distribute and)or modi?y this document under the terms o? the 1., Free )ocumentation LicenseC Gersion 1.2 or any later >ersion 'ublished by the Free +o?t are FoundationM ith no In>ariant +ectionsC no Front<&o>er Te,tsC and no Back<&o>er Te,ts. A co'y o? the license is included in the section entitled D5.* Free %ocumentation License.D
8E 2*5A0"L5
The 'ur'ose o? this License is to make a manualC te,tbookC or other ?unctional and use?ul document D?reeD in the sense o? ?reedomB to assure e>eryone the e??ecti>e ?reedom to co'y and redistribute itC ith or ithout modi?yin" itC either commercially or noncommercially. +econdarilyC this License 'reser>es ?or the author and 'ublisher a ay to "et credit ?or their orkC hile not bein" considered res'onsible ?or modi?ications made by others. This License is a kind o? Dco'yle?tDC hich means that deri>ati>e orks o? the document must themsel>es be ?ree in the same sense. It com'lements the 5.* 5eneral 6ublic LicenseC hich is a co'yle?t license desi"ned ?or ?ree so?t are. We ha>e desi"ned this License in order to use it ?or manuals ?or ?ree so?t areC because ?ree so?t are needs ?ree documentationB a ?ree 'ro"ram should come ith manuals 'ro>idin" the same ?reedoms that the so?t are does. But this License is not limited to so?t are manualsM it can be used ?or any te,tual orkC re"ardless o? sub@ect matter or hether it is 'ublished as a 'rinted book. We recommend this License 'rinci'ally ?or orks hose 'ur'ose is instruction or re?erence.
:E A22LICA"ILI!C A.) )5FI.I!I%.This License a''lies to any manual or other orkC in any mediumC that contains a notice 'laced by the co'yri"ht holder sayin" it can be distributed under the terms o? this License. +uch a notice "rants a orld< ideC royalty<?ree licenseC unlimited in durationC to use that ork under the conditions stated herein. The D%ocumentDC belo C re?ers to any such manual or ork. Any member o? the 'ublic is a licenseeC and is addressed as DyouD. Fou acce't the license i? you co'yC modi?y or distribute the ork in a ay reAuirin" 'ermission under co'yri"ht la . A D4odi?ied GersionD o? the %ocument means any ork containin" the %ocument or a 'ortion o? itC either co'ied >erbatimC or ith modi?ications and)or translated into another lan"ua"e. A D+econdary +ectionD is a named a''endi, or a ?ront<matter section o? the %ocument that deals e,clusi>ely ith the relationshi' o? the 'ublishers or authors o? the %ocument to the %ocument:s o>erall sub@ect 7or to related matters8 and contains nothin" that could ?all directly ithin that o>erall sub@ect. 7ThusC i? the %ocument is in 'art a te,tbook o? mathematicsC a +econdary +ection may not e,'lain any mathematics.8 The relationshi' could be a matter o? historical connection ith the sub@ect or ith related mattersC or o? le"alC commercialC 'hiloso'hicalC ethical or 'olitical 'osition re"ardin" them. The DIn>ariant +ectionsD are certain +econdary +ections hose titles are desi"natedC as bein" those o? In>ariant +ectionsC in the notice that says that the %ocument is released under this License. I? a section does not ?it the abo>e de?inition o? +econdary then it is not allo ed to be desi"nated as In>ariant. The %ocument may contain #ero In>ariant +ections. I? the %ocument does not identi?y any In>ariant +ections then there are none. The D&o>er Te,tsD are certain short 'assa"es o? te,t that are listedC as Front<&o>er Te,ts or Back<&o>er Te,tsC in the notice that says that the %ocument is released under this License. A Front<&o>er Te,t may be at most 0 ordsC and a Back<&o>er Te,t may be at most 20 ords. A DTrans'arentD co'y o? the %ocument means a machine<readable co'yC re'resented in a ?ormat hose s'eci?ication is a>ailable to the "eneral 'ublicC that is suitable ?or re>isin" the document strai"ht?or ardly ith "eneric te,t editors or 7?or ima"es com'osed o? 'i,els8 "eneric 'aint 'ro"rams or 7?or dra in"s8 some idely a>ailable dra in" editorC and that is suitable ?or in'ut to te,t ?ormatters or ?or automatic translation to a >ariety o? ?ormats suitable ?or in'ut to te,t ?ormatters. A co'y made in an other ise Trans'arent ?ile ?ormat hose marku'C or absence o? marku'C has been arran"ed to th art or discoura"e subseAuent modi?ication by readers is not Trans'arent. An ima"e ?ormat is not Trans'arent i? used ?or any substantial amount o? te,t. A co'y that is not DTrans'arentD is called D!'aAueD. 9,am'les o? suitable ?ormats ?or Trans'arent co'ies include 'lain A+&II ithout marku'C Te,in?o in'ut ?ormatC LaTe1 in'ut ?ormatC +54L or 14L usin" a 'ublicly
a>ailable %T%C and standard<con?ormin" sim'le HT4LC 6ost+cri't or 6%F desi"ned ?or human modi?ication. 9,am'les o? trans'arent ima"e ?ormats include 6.5C 1&F and I65. !'aAue ?ormats include 'ro'rietary ?ormats that can be read and edited only by 'ro'rietary ord 'rocessorsC +54L or 14L ?or hich the %T% and)or 'rocessin" tools are not "enerally a>ailableC and the machine<"enerated HT4LC 6ost+cri't or 6%F 'roduced by some ord 'rocessors ?or out'ut 'ur'oses only. The DTitle 6a"eD meansC ?or a 'rinted bookC the title 'a"e itsel?C 'lus such ?ollo in" 'a"es as are needed to holdC le"iblyC the material this License reAuires to a''ear in the title 'a"e. For orks in ?ormats hich do not ha>e any title 'a"e as suchC DTitle 6a"eD means the te,t near the most 'rominent a''earance o? the ork:s titleC 'recedin" the be"innin" o? the body o? the te,t. A section D9ntitled 1FRD means a named subunit o? the %ocument hose title either is 'recisely 1FR or contains 1FR in 'arentheses ?ollo in" te,t that translates 1FR in another lan"ua"e. 7Here 1FR stands ?or a s'eci?ic section name mentioned belo C such as DAckno led"ementsDC D%edicationsDC D9ndorsementsDC or DHistoryD.8 To D6reser>e the TitleD o? such a section hen you modi?y the %ocument means that it remains a section D9ntitled 1FRD accordin" to this de?inition. The %ocument may include Warranty %isclaimers ne,t to the notice hich states that this License a''lies to the %ocument. These Warranty %isclaimers are considered to be included by re?erence in this LicenseC but only as re"ards disclaimin" arrantiesB any other im'lication that these Warranty %isclaimers may ha>e is >oid and has no e??ect on the meanin" o? this License.
;E C%2CI.1 I. (,A.!I!C
I? you 'ublish 'rinted co'ies 7or co'ies in media that commonly ha>e 'rinted co>ers8 o? the %ocumentC numberin" more than 1==C and the %ocument:s license notice reAuires
&o>er Te,tsC you must enclose the co'ies in co>ers that carryC clearly and le"iblyC all these &o>er Te,tsB Front<&o>er Te,ts on the ?ront co>erC and Back<&o>er Te,ts on the back co>er. Both co>ers must also clearly and le"ibly identi?y you as the 'ublisher o? these co'ies. The ?ront co>er must 'resent the ?ull title ith all ords o? the title eAually 'rominent and >isible. Fou may add other material on the co>ers in addition. &o'yin" ith chan"es limited to the co>ersC as lon" as they 'reser>e the title o? the %ocument and satis?y these conditionsC can be treated as >erbatim co'yin" in other res'ects. I? the reAuired te,ts ?or either co>er are too >oluminous to ?it le"iblyC you should 'ut the ?irst ones listed 7as many as ?it reasonably8 on the actual co>erC and continue the rest onto ad@acent 'a"es. I? you 'ublish or distribute !'aAue co'ies o? the %ocument numberin" more than 1==C you must either include a machine<readable Trans'arent co'y alon" ith each !'aAue co'yC or state in or ith each !'aAue co'y a com'uter<net ork location ?rom hich the "eneral net ork<usin" 'ublic has access to do nload usin" 'ublic<standard net ork 'rotocols a com'lete Trans'arent co'y o? the %ocumentC ?ree o? added material. I? you use the latter o'tionC you must take reasonably 'rudent ste'sC hen you be"in distribution o? !'aAue co'ies in AuantityC to ensure that this Trans'arent co'y ill remain thus accessible at the stated location until at least one year a?ter the last time you distribute an !'aAue co'y 7directly or throu"h your a"ents or retailers8 o? that edition to the 'ublic. It is reAuestedC but not reAuiredC that you contact the authors o? the %ocument ell be?ore redistributin" any lar"e number o? co'iesC to "i>e them a chance to 'ro>ide you ith an u'dated >ersion o? the %ocument.
=E 0%)IFICA!I%.Fou may co'y and distribute a 4odi?ied Gersion o? the %ocument under the conditions o? sections 2 and 3 abo>eC 'ro>ided that you release the 4odi?ied Gersion under 'recisely this LicenseC ith the 4odi?ied Gersion ?illin" the role o? the %ocumentC thus licensin" distribution and modi?ication o? the 4odi?ied Gersion to hoe>er 'ossesses a co'y o? it. In additionC you must do these thin"s in the 4odi?ied GersionB AE *se in the Title 6a"e 7and on the co>ersC i? any8 a title distinct ?rom that o? the %ocumentC and ?rom those o? 're>ious >ersions 7 hich shouldC i? there ere anyC be listed in the History section o? the %ocument8. Fou may use the same title as a 're>ious >ersion i? the ori"inal 'ublisher o? that >ersion "i>es 'ermission. "E List on the Title 6a"eC as authorsC one or more 'ersons or entities res'onsible ?or authorshi' o? the modi?ications in the 4odi?ied GersionC to"ether ith at least ?i>e o? the 'rinci'al authors o? the %ocument 7all o? its 'rinci'al authorsC i? it has ?e er than ?i>e8C unless they release you ?rom this reAuirement. CE +tate on the Title 'a"e the name o? the 'ublisher o? the 4odi?ied GersionC as the 'ublisher. )E 6reser>e all the co'yri"ht notices o? the %ocument.
5E Add an a''ro'riate co'yri"ht notice ?or your modi?ications ad@acent to the other co'yri"ht notices. FE IncludeC immediately a?ter the co'yri"ht noticesC a license notice "i>in" the 'ublic 'ermission to use the 4odi?ied Gersion under the terms o? this LicenseC in the ?orm sho n in the Addendum belo . 1E 6reser>e in that license notice the ?ull lists o? In>ariant +ections and reAuired &o>er Te,ts "i>en in the %ocument:s license notice. #E Include an unaltered co'y o? this License. IE 6reser>e the section 9ntitled DHistoryDC 6reser>e its TitleC and add to it an item statin" at least the titleC yearC ne authorsC and 'ublisher o? the 4odi?ied Gersion as "i>en on the Title 6a"e. I? there is no section 9ntitled DHistoryD in the %ocumentC create one statin" the titleC yearC authorsC and 'ublisher o? the %ocument as "i>en on its Title 6a"eC then add an item describin" the 4odi?ied Gersion as stated in the 're>ious sentence. @E 6reser>e the net ork locationC i? anyC "i>en in the %ocument ?or 'ublic access to a Trans'arent co'y o? the %ocumentC and like ise the net ork locations "i>en in the %ocument ?or 're>ious >ersions it as based on. These may be 'laced in the DHistoryD section. Fou may omit a net ork location ?or a ork that as 'ublished at least ?our years be?ore the %ocument itsel?C or i? the ori"inal 'ublisher o? the >ersion it re?ers to "i>es 'ermission. /E For any section 9ntitled DAckno led"ementsD or D%edicationsDC 6reser>e the Title o? the sectionC and 'reser>e in the section all the substance and tone o? each o? the contributor ackno led"ements and)or dedications "i>en therein. LE 6reser>e all the In>ariant +ections o? the %ocumentC unaltered in their te,t and in their titles. +ection numbers or the eAui>alent are not considered 'art o? the section titles. 0E %elete any section 9ntitled D9ndorsementsD. +uch a section may not be included in the 4odi?ied Gersion. .E %o not retitle any e,istin" section to be 9ntitled D9ndorsementsD or to con?lict in title ith any In>ariant +ection. %E 6reser>e any Warranty %isclaimers. I? the 4odi?ied Gersion includes ne ?ront<matter sections or a''endices that Auali?y as +econdary +ections and contain no material co'ied ?rom the %ocumentC you may at your o'tion desi"nate some or all o? these sections as in>ariant. To do thisC add their titles to the list o? In>ariant +ections in the 4odi?ied Gersion:s license notice. These titles must be distinct ?rom any other section titles. Fou may add a section 9ntitled D9ndorsementsDC 'ro>ided it contains nothin" but endorsements o? your 4odi?ied Gersion by >arious 'arties<<?or e,am'leC statements o? 'eer re>ie or that the te,t has been a''ro>ed by an or"ani#ation as the authoritati>e de?inition o? a standard. Fou may add a 'assa"e o? u' to ?i>e ords as a Front<&o>er Te,tC and a 'assa"e o? u' to 20 ords as a Back<&o>er Te,tC to the end o? the list o? &o>er Te,ts in the 4odi?ied Gersion. !nly one 'assa"e o? Front<&o>er Te,t and one o? Back<&o>er Te,t may be
added by 7or throu"h arran"ements made by8 any one entity. I? the %ocument already includes a co>er te,t ?or the same co>erC 're>iously added by you or by arran"ement made by the same entity you are actin" on behal? o?C you may not add anotherM but you may re'lace the old oneC on e,'licit 'ermission ?rom the 're>ious 'ublisher that added the old one. The author7s8 and 'ublisher7s8 o? the %ocument do not by this License "i>e 'ermission to use their names ?or 'ublicity ?or or to assert or im'ly endorsement o? any 4odi?ied Gersion.
ME C%0"I.I.1 )%C,05.!Fou may combine the %ocument ith other documents released under this LicenseC under the terms de?ined in section - abo>e ?or modi?ied >ersionsC 'ro>ided that you include in the combination all o? the In>ariant +ections o? all o? the ori"inal documentsC unmodi?iedC and list them all as In>ariant +ections o? your combined ork in its license noticeC and that you 'reser>e all their Warranty %isclaimers. The combined ork need only contain one co'y o? this LicenseC and multi'le identical In>ariant +ections may be re'laced ith a sin"le co'y. I? there are multi'le In>ariant +ections ith the same name but di??erent contentsC make the title o? each such section uniAue by addin" at the end o? itC in 'arenthesesC the name o? the ori"inal author or 'ublisher o? that section i? kno nC or else a uniAue number. 4ake the same ad@ustment to the section titles in the list o? In>ariant +ections in the license notice o? the combined ork. In the combinationC you must combine any sections 9ntitled DHistoryD in the >arious ori"inal documentsC ?ormin" one section 9ntitled DHistoryDM like ise combine any sections 9ntitled DAckno led"ementsDC and any sections 9ntitled D%edicationsD. Fou must delete all sections 9ntitled D9ndorsements.D
6E C%LL5C!I%.- %F )%C,05.!Fou may make a collection consistin" o? the %ocument and other documents released under this LicenseC and re'lace the indi>idual co'ies o? this License in the >arious documents ith a sin"le co'y that is included in the collectionC 'ro>ided that you ?ollo the rules o? this License ?or >erbatim co'yin" o? each o? the documents in all other res'ects. Fou may e,tract a sin"le document ?rom such a collectionC and distribute it indi>idually under this LicenseC 'ro>ided you insert a co'y o? this License into the e,tracted documentC and ?ollo this License in all other res'ects re"ardin" >erbatim co'yin" o? that document.
HE A11*51A!I%. WI!# I.)525.)5.! W%*/A com'ilation o? the %ocument or its deri>ati>es ith other se'arate and inde'endent documents or orksC in or on a >olume o? a stora"e or distribution mediumC is called an Da""re"ateD i? the co'yri"ht resultin" ?rom the com'ilation is not used to limit the le"al ri"hts o? the com'ilation:s users beyond hat the indi>idual orks 'ermit. When the %ocument is included in an a""re"ateC this License does not a''ly to the other orks in the a""re"ate hich are not themsel>es deri>ati>e orks o? the %ocument. I? the &o>er Te,t reAuirement o? section 3 is a''licable to these co'ies o? the %ocumentC then i? the %ocument is less than one hal? o? the entire a""re"ateC the %ocument:s &o>er Te,ts may be 'laced on co>ers that bracket the %ocument ithin the a""re"ateC or the electronic eAui>alent o? co>ers i? the %ocument is in electronic ?orm. !ther ise they must a''ear on 'rinted co>ers that bracket the hole a""re"ate.
8E !*A.-LA!I%.
Translation is considered a kind o? modi?icationC so you may distribute translations o? the %ocument under the terms o? section -. (e'lacin" In>ariant +ections ith translations reAuires s'ecial 'ermission ?rom their co'yri"ht holdersC but you may include translations o? some or all In>ariant +ections in addition to the ori"inal >ersions o? these In>ariant +ections. Fou may include a translation o? this LicenseC and all the license notices in the %ocumentC and any Warranty %isclaimersC 'ro>ided that you also include the ori"inal 9n"lish >ersion o? this License and the ori"inal >ersions o? those notices and disclaimers. In case o? a disa"reement bet een the translation and the ori"inal >ersion o? this License or a notice or disclaimerC the ori"inal >ersion ill 're>ail. I? a section in the %ocument is 9ntitled DAckno led"ementsDC D%edicationsDC or DHistoryDC the reAuirement 7section -8 to 6reser>e its Title 7section 18 ill ty'ically reAuire chan"in" the actual title.
NE !5*0I.A!I%.
Fou may not co'yC modi?yC sublicenseC or distribute the %ocument e,ce't as e,'ressly 'ro>ided ?or under this License. Any other attem't to co'yC modi?yC sublicense or distribute the %ocument is >oidC and ill automatically terminate your ri"hts under this License. Ho e>erC 'arties ho ha>e recei>ed co'iesC or ri"htsC ?rom you under this License ill not ha>e their licenses terminated so lon" as such 'arties remain in ?ull com'liance.