How To Dump The Registers In Assembly

x86 Associates Guide

Contents: Registers | Memory and Addressing | Instructions | Calling Convention

This is a version adjusted by Quentin Carbonneaux from David Evans' original document. The syntax was changed from Intel to AT&T, the standard syntax on UNIX systems, and the HTML code was purified.

This guide describes the basics of 32-bit x86 assembly language programming, covering a small only useful subset of the available instructions and assembler directives. There are several dissimilar assembly languages for generating x86 machine code. The one we will use in CS421 is the GNU Assembler (gas) assembler. We will uses the standard AT&T syntax for writing x86 associates code.

The full x86 instruction set up is large and complex (Intel's x86 instruction gear up manuals comprise over 2900 pages), and we do not cover it all in this guide. For example, at that place is a xvi-fleck subset of the x86 education set. Using the 16-bit programming model can be quite circuitous. It has a segmented retentivity model, more restrictions on register usage, and then on. In this guide, we will limit our attention to more modern aspects of x86 programming, and delve into the instruction set merely in enough item to go a basic experience for x86 programming.

Registers

Modern (i.e 386 and beyond) x86 processors take 8 32-flake general purpose registers, equally depicted in Effigy one. The register names are mostly historical. For case, EAX used to be called the accumulator since it was used past a number of arithmetics operations, and ECX was known equally the counter since it was used to hold a loop index. Whereas most of the registers have lost their special purposes in the modern education fix, by convention, two are reserved for special purposes — the stack arrow (ESP) and the base pointer (EBP).

For the EAX, EBX, ECX, and EDX registers, subsections may be used. For example, the least significant two bytes of EAX can be treated every bit a 16-flake register chosen AX. The least significant byte of AX can exist used as a unmarried 8-fleck annals called AL, while the most significant byte of AX can be used as a unmarried eight-chip register called AH. These names refer to the aforementioned physical register. When a two-byte quantity is placed into DX, the update affects the value of DH, DL, and EDX. These sub-registers are mainly concur-overs from older, 16-fleck versions of the instruction prepare. However, they are sometimes user-friendly when dealing with data that are smaller than 32-bits (e.g. ane-byte ASCII characters).

Figure ane. x86 Registers

Retention and Addressing Modes

Declaring Static Data Regions

You can declare static information regions (analogous to global variables) in x86 assembly using special assembler directives for this purpose. Data declarations should be preceded by the .data directive. Following this directive, the directives .byte, .brusque, and .long can be used to declare one, two, and four byte data locations, respectively. To refer to the address of the information created, we can label them. Labels are very useful and versatile in associates, they give names to retentiveness locations that will be figured out later past the assembler or the linker. This is similar to declaring variables by name, but abides by some lower level rules. For example, locations declared in sequence volition be located in memory next to one some other.

Example declarations:

.information
var:
	.byte 64	/* Declare a byte, referred to as location var, containing the value 64. */
	.byte x	/* Declare a byte with no label, containing the value ten. Its location is var + one. */
ten:
	.short 42	/* Declare a 2-byte value initialized to 42, referred to as location x. */
y:
	.long 30000	/* Declare a 4-byte value, referred to every bit location y, initialized to 30000. */

Unlike in high level languages where arrays tin accept many dimensions and are accessed past indices, arrays in x86 associates language are simply a number of cells located contiguously in memory. An array can be declared by just listing the values, as in the first case below. For the special case of an array of bytes, string literals can exist used. In case a large surface area of retention is filled with zeroes the .zero directive tin can be used.

Some examples:

s:
	.long one, 2, 3	/* Declare three iv-byte values, initialized to 1, 2, and 3. The value at location s + 8 volition be 3. */
barr:
	.zero ten	/* Declare 10 bytes starting at location barr, initialized to 0. */
str:
	.cord "hullo"	/* Declare vi bytes starting at the address str initialized to the ASCII character values for hello followed by a nul (0) byte. */

Addressing Retentiveness

Modern x86-compatible processors are capable of addressing upward to 2³² bytes of memory: retention addresses are 32-bits wide. In the examples above, where we used labels to refer to memory regions, these labels are actually replaced past the assembler with 32-bit quantities that specify addresses in memory. In add-on to supporting referring to memory regions by labels (i.e. abiding values), the x86 provides a flexible scheme for computing and referring to retention addresses: up to two of the 32-bit registers and a 32-fleck signed constant can be added together to compute a memory accost. One of the registers can be optionally pre-multiplied by 2, 4, or 8.

The addressing modes can be used with many x86 instructions (nosotros'll describe them in the next section). Here we illustrate some examples using the mov teaching that moves data betwixt registers and retentivity. This education has ii operands: the outset is the source and the second specifies the destination.

Some examples of mov instructions using address computations are:

mov (%ebx), %eax	/* Load iv bytes from the memory address in EBX into EAX. */
mov %ebx, var(,i)	/* Motion the contents of EBX into the 4 bytes at retentiveness address var. (Note, var is a 32-bit abiding). */
mov -4(%esi), %eax	/* Movement iv bytes at memory address ESI + (-4) into EAX. */
mov %cl, (%esi,%eax,1)	/* Motility the contents of CL into the byte at address ESI+EAX. */
mov (%esi,%ebx,4), %edx	/* Move the 4 bytes of data at address ESI+4*EBX into EDX. */

Some examples of invalid address calculations include:

mov (%ebx,%ecx,-1), %eax	/* Tin can but add register values. */
mov %ebx, (%eax,%esi,%edi,1)	/* At most two registers in address computation. */

Operation Suffixes

In general, the intended size of the of the data item at a given memory address can be inferred from the associates code instruction in which information technology is referenced. For instance, in all of the higher up instructions, the size of the retention regions could be inferred from the size of the register operand. When we were loading a 32-fleck register, the assembler could infer that the region of memory we were referring to was four bytes wide. When we were storing the value of a one byte register to retentivity, the assembler could infer that we wanted the address to refer to a single byte in memory.

However, in some cases the size of a referred-to memory region is cryptic. Consider the instruction mov $2, (%ebx). Should this didactics move the value 2 into the single byte at address EBX? Perhaps it should movement the 32-flake integer representation of 2 into the 4-bytes starting at accost EBX. Since either is a valid possible interpretation, the assembler must be explicitly directed as to which is right. The size prefixes b, w, and l serve this purpose, indicating sizes of i, two, and 4 bytes respectively.

For case:

movb $2, (%ebx)	/* Move two into the single byte at the address stored in EBX. */
movw $2, (%ebx)	/* Move the 16-bit integer representation of 2 into the 2 bytes starting at the address in EBX. */
movl $2, (%ebx)	/* Move the 32-flake integer representation of 2 into the iv bytes starting at the address in EBX. */

Instructions

Machine instructions generally fall into three categories: data movement, arithmetic/logic, and control-catamenia. In this section, nosotros will look at important examples of x86 instructions from each category. This section should not be considered an exhaustive listing of x86 instructions, but rather a useful subset. For a complete listing, see Intel's instruction set reference.

We use the following note:

<reg32>	Any 32-bit register (%eax, %ebx, %ecx, %edx, %esi, %edi, %esp, or %ebp)
<reg16>	Whatsoever 16-bit register (%ax, %bx, %cx, or %dx)
<reg8>	Any 8-bit annals (%ah, %bh, %ch, %dh, %al, %bl, %cl, or %dl)
<reg>	Any annals
<mem>	A retention address (e.g., (%eax), 4+var(,ane), or (%eax,%ebx,ane))
<con32>	Whatsoever 32-bit immediate
<con16>	Any 16-scrap immediate
<con8>	Any 8-bit immediate
<con>	Any eight-, xvi-, or 32-fleck immediate

In associates language, all the labels and numeric constants used equally immediate operands (i.e. non in an address calculation like 3(%eax,%ebx,8)) are always prefixed by a dollar sign. When needed, hexadecimal annotation tin be used with the 0x prefix (e.thou. $0xABC). Without the prefix, numbers are interpreted in the decimal basis.

Data Movement Instructions

mov — Move

The mov pedagogy copies the data item referred to by its starting time operand (i.e. register contents, memory contents, or a abiding value) into the location referred to by its 2nd operand (i.e. a register or retentivity). While register-to-register moves are possible, direct retentiveness-to-memory moves are not. In cases where memory transfers are desired, the source memory contents must first be loaded into a annals, then can exist stored to the destination memory address.

Syntax
mov <reg>, <reg>
mov <reg>, <mem>
mov <mem>, <reg>
mov <con>, <reg>
mov <con>, <mem>

Examples
mov %ebx, %eax — copy the value in EBX into EAX
movb $v, var(,one) — store the value 5 into the byte at location var

push — Button on stack

The button instruction places its operand onto the top of the hardware supported stack in memory. Specifically, push kickoff decrements ESP by 4, then places its operand into the contents of the 32-flake location at address (%esp). ESP (the stack arrow) is decremented by push button since the x86 stack grows downwardly — i.east. the stack grows from high addresses to lower addresses.

Syntax
push <reg32>
push <mem>
push <con32>

Examples
button %eax — push eax on the stack
button var(,i) — push the iv bytes at address var onto the stack

pop — Popular from stack

The pop pedagogy removes the 4-byte data chemical element from the acme of the hardware-supported stack into the specified operand (i.east. register or memory location). It first moves the 4 bytes located at retentiveness location (%esp) into the specified register or memory location, and so increments ESP by 4.

Syntax
popular <reg32>
pop <mem>

Examples
popular %edi — popular the superlative element of the stack into EDI.
popular (%ebx) — popular the top element of the stack into memory at the four bytes starting at location EBX.

lea — Load effective address

The lea instruction places the address specified by its commencement operand into the register specified by its second operand. Note, the contents of the memory location are not loaded, just the constructive address is computed and placed into the register. This is useful for obtaining a pointer into a retentiveness region or to perform simple arithmetic operations.

Syntax
lea <mem>, <reg32>

Examples
lea (%ebx,%esi,viii), %edi — the quantity EBX+8*ESI is placed in EDI.
lea val(,1), %eax — the value val is placed in EAX.

Arithmetic and Logic Instructions

add together — Integer add-on

The add together instruction adds together its ii operands, storing the result in its 2nd operand. Note, whereas both operands may be registers, at virtually i operand may be a memory location.

Syntax
add <reg>, <reg>
add <mem>, <reg>
add <reg>, <mem>
add <con>, <reg>
add together <con>, <mem>

Examples
add $x, %eax — EAX is set to EAX + ten
addb $10, (%eax) — add ten to the single byte stored at retention accost stored in EAX

sub — Integer subtraction

The sub instruction stores in the value of its second operand the event of subtracting the value of its first operand from the value of its second operand. Every bit with add, whereas both operands may be registers, at most one operand may exist a retentiveness location.

Syntax
sub <reg>, <reg>
sub <mem>, <reg>
sub <reg>, <mem>
sub <con>, <reg>
sub <con>, <mem>

Examples
sub %ah, %al — AL is ready to AL - AH
sub $216, %eax — subtract 216 from the value stored in EAX

inc, december — Increase, Decrement

The inc instruction increments the contents of its operand by one. The dec pedagogy decrements the contents of its operand by one.

Syntax
inc <reg>
inc <mem>
dec <reg>
dec <mem>

Examples
dec %eax — subtract one from the contents of EAX
incl var(,one) — add together one to the 32-fleck integer stored at location var

imul — Integer multiplication

The imul pedagogy has ii basic formats: two-operand (get-go two syntax listings to a higher place) and iii-operand (last two syntax listings higher up).

The two-operand form multiplies its two operands together and stores the result in the second operand. The result (i.e. second) operand must be a register.

The iii operand course multiplies its second and 3rd operands together and stores the result in its last operand. Over again, the consequence operand must be a register. Furthermore, the first operand is restricted to being a constant value.

Syntax
imul <reg32>, <reg32>
imul <mem>, <reg32>
imul <con>, <reg32>, <reg32>
imul <con>, <mem>, <reg32>

Examples

imul (%ebx), %eax — multiply the contents of EAX by the 32-flake contents of the retentivity at location EBX. Store the upshot in EAX.

imul $25, %edi, %esi — ESI is set to EDI * 25

idiv — Integer division

The idiv instruction divides the contents of the 64 bit integer EDX:EAX (constructed by viewing EDX as the about pregnant four bytes and EAX as the to the lowest degree significant four bytes) past the specified operand value. The quotient result of the division is stored into EAX, while the remainder is placed in EDX.

Syntax
idiv <reg32>
idiv <mem>

Examples

idiv %ebx — divide the contents of EDX:EAX by the contents of EBX. Place the quotient in EAX and the balance in EDX.

idivw (%ebx) — divide the contents of EDX:EAS by the 32-flake value stored at the memory location in EBX. Place the caliber in EAX and the remainder in EDX.

and, or, xor — Bitwise logical and, or, and exclusive or

These instructions perform the specified logical performance (logical bitwise and, or, and exclusive or, respectively) on their operands, placing the outcome in the first operand location.

Syntax
and <reg>, <reg>
and <mem>, <reg>
and <reg>, <mem>
and <con>, <reg>
and <con>, <mem>

or <reg>, <reg>
or <mem>, <reg>
or <reg>, <mem>
or <con>, <reg>
or <con>, <mem>

xor <reg>, <reg>
xor <mem>, <reg>
xor <reg>, <mem>
xor <con>, <reg>
xor <con>, <mem>

Examples
and $0x0f, %eax — clear all but the concluding 4 $.25 of EAX.
xor %edx, %edx — ready the contents of EDX to zero.

not — Bitwise logical non

Logically negates the operand contents (that is, flips all scrap values in the operand).

Syntax
not <reg>
not <mem>

Example
not %eax — flip all the $.25 of EAX

neg — Negate

Performs the two'due south complement negation of the operand contents.

Syntax
neg <reg>
neg <mem>

Example
neg %eax — EAX is set to (- EAX)

shl, shr — Shift left and correct

These instructions shift the bits in their first operand's contents left and right, padding the resulting empty flake positions with zeros. The shifted operand can exist shifted up to 31 places. The number of $.25 to shift is specified by the 2nd operand, which tin be either an eight-flake constant or the annals CL. In either case, shifts counts of greater and then 31 are performed modulo 32.

Syntax
shl <con8>, <reg>
shl <con8>, <mem>
shl %cl, <reg>
shl %cl, <mem>

shr <con8>, <reg>
shr <con8>, <mem>
shr %cl, <reg>
shr %cl, <mem>

Examples

shl $one, eax — Multiply the value of EAX past 2 (if the nearly significant bit is 0)

shr %cl, %ebx — Store in EBX the floor of result of dividing the value of EBX past 2 ^northward where n is the value in CL. Caution: for negative integers, it is dissimilar from the C semantics of division!

Control Flow Instructions

The x86 processor maintains an instruction pointer (EIP) register that is a 32-bit value indicating the location in memory where the current instruction starts. Normally, it increments to betoken to the side by side pedagogy in retentivity begins after execution an instruction. The EIP annals cannot be manipulated directly, only is updated implicitly by provided control flow instructions.

We use the notation <label> to refer to labeled locations in the program text. Labels can exist inserted anywhere in x86 associates lawmaking text past entering a characterization proper noun followed past a colon. For instance,

            mov 8(%ebp), %esi begin:        xor %ecx, %ecx        mov (%esi), %eax          

The second instruction in this lawmaking fragment is labeled begin. Elsewhere in the code, we can refer to the memory location that this educational activity is located at in retentiveness using the more user-friendly symbolic proper name brainstorm. This label is just a convenient way of expressing the location instead of its 32-fleck value.

jmp — Jump

Transfers programme control flow to the education at the memory location indicated by the operand.

Syntax
jmp <label>

Example
jmp brainstorm — Jump to the instruction labeled begin.

jstatus — Conditional jump

These instructions are conditional jumps that are based on the status of a ready of condition codes that are stored in a special annals called the machine status word. The contents of the motorcar status discussion include information about the concluding arithmetic functioning performed. For example, one bit of this give-and-take indicates if the last result was zero. Another indicates if the last issue was negative. Based on these condition codes, a number of conditional jumps can be performed. For instance, the jz instruction performs a jump to the specified operand label if the consequence of the last arithmetic operation was zero. Otherwise, command proceeds to the adjacent instruction in sequence.

A number of the conditional branches are given names that are intuitively based on the terminal operation performed beingness a special compare education, cmp (see below). For instance, provisional branches such as jle and jne are based on first performing a cmp operation on the desired operands.

Syntax
je <label> (jump when equal)
jne <characterization> (jump when not equal)
jz <label> (jump when terminal issue was zippo)
jg <label> (bound when greater than)
jge <label> (spring when greater than or equal to)
jl <label> (jump when less than)
jle <label> (leap when less than or equal to)

Example

cmp %ebx, %eax jle done          

If the contents of EAX are less than or equal to the contents of EBX, jump to the label done. Otherwise, continue to the side by side instruction.

cmp — Compare

Compare the values of the two specified operands, setting the condition codes in the car condition word appropriately. This instruction is equivalent to the sub instruction, except the result of the subtraction is discarded instead of replacing the first operand.

Syntax
cmp <reg>, <reg>
cmp <mem>, <reg>
cmp <reg>, <mem>
cmp <con>, <reg>

Example
cmpb $10, (%ebx)
jeq loop

If the byte stored at the memory location in EBX is equal to the integer constant x, jump to the location labeled loop.

telephone call, ret — Subroutine call and render

These instructions implement a subroutine phone call and render. The call instruction first pushes the current code location onto the hardware supported stack in memory (encounter the push instruction for details), and then performs an unconditional jump to the code location indicated by the label operand. Unlike the elementary spring instructions, the call instruction saves the location to render to when the subroutine completes.

The ret instruction implements a subroutine return mechanism. This teaching get-go pops a lawmaking location off the hardware supported in-retentiveness stack (encounter the popular instruction for details). Information technology then performs an unconditional bound to the retrieved code location.

Syntax
call <label>
ret

Calling Convention

To allow separate programmers to share code and develop libraries for use by many programs, and to simplify the employ of subroutines in general, programmers typically adopt a common calling convention. The calling convention is a protocol about how to phone call and return from routines. For example, given a set of calling convention rules, a programmer need non examine the definition of a subroutine to decide how parameters should be passed to that subroutine. Furthermore, given a set of calling convention rules, high-level language compilers can be made to follow the rules, thus allowing hand-coded assembly language routines and high-level language routines to phone call ane another.

In practice, many calling conventions are possible. Nosotros will draw the widely used C language calling convention. Following this convention volition permit y'all to write assembly language subroutines that are safely callable from C (and C++) lawmaking, and will too enable you to call C library functions from your assembly language lawmaking.

The C calling convention is based heavily on the utilize of the hardware-supported stack. Information technology is based on the button, pop, phone call, and ret instructions. Subroutine parameters are passed on the stack. Registers are saved on the stack, and local variables used by subroutines are placed in retentivity on the stack. The vast majority of high-level procedural languages implemented on nigh processors take used similar calling conventions.

The calling convention is broken into two sets of rules. The first set of rules is employed by the caller of the subroutine, and the second set of rules is observed past the writer of the subroutine (the callee). It should be emphasized that mistakes in the observance of these rules speedily result in fatal programme errors since the stack volition exist left in an inconsistent state; thus meticulous care should be used when implementing the phone call convention in your ain subroutines.

Stack during Subroutine Call

[Thank you to James Peterson for finding and fixing the bug in the original version of this effigy!]

A good fashion to visualize the performance of the calling convention is to draw the contents of the nearby region of the stack during subroutine execution. The image higher up depicts the contents of the stack during the execution of a subroutine with three parameters and three local variables. The cells depicted in the stack are 32-bit wide retentivity locations, thus the memory addresses of the cells are 4 bytes apart. The offset parameter resides at an offset of 8 bytes from the base of operations arrow. Higher up the parameters on the stack (and beneath the base pointer), the telephone call instruction placed the render address, thus leading to an extra 4 bytes of offset from the base of operations arrow to the commencement parameter. When the ret education is used to return from the subroutine, it volition jump to the render address stored on the stack.

Caller Rules

To make a subrouting call, the caller should:

1. Earlier calling a subroutine, the caller should save the contents of sure registers that are designated caller-saved. The caller-saved registers are EAX, ECX, EDX. Since the called subroutine is allowed to modify these registers, if the caller relies on their values after the subroutine returns, the caller must push the values in these registers onto the stack (so they can be restore after the subroutine returns.
2. To pass parameters to the subroutine, push them onto the stack earlier the call. The parameters should be pushed in inverted order (i.e. terminal parameter first). Since the stack grows down, the start parameter will be stored at the lowest accost (this inversion of parameters was historically used to allow functions to be passed a variable number of parameters).
3. To phone call the subroutine, use the call instruction. This teaching places the return address on top of the parameters on the stack, and branches to the subroutine code. This invokes the subroutine, which should follow the callee rules below.

Afterward the subroutine returns (immediately following the telephone call education), the caller can expect to notice the return value of the subroutine in the register EAX. To restore the machine state, the caller should:

1. Remove the parameters from stack. This restores the stack to its state before the telephone call was performed.
2. Restore the contents of caller-saved registers (EAX, ECX, EDX) by popping them off of the stack. The caller can presume that no other registers were modified by the subroutine.

Example

The lawmaking below shows a function call that follows the caller rules. The caller is calling a part myFunc that takes three integer parameters. First parameter is in EAX, the second parameter is the constant 216; the third parameter is in the memory location stored in EBX.

button (%ebx)    /* Push concluding parameter showtime */ push button $216      /* Push the second parameter */ push button %eax      /* Button offset parameter last */  call myFunc    /* Call the function (assume C naming) */  add $12, %esp          

Note that subsequently the call returns, the caller cleans upwards the stack using the add instruction. Nosotros have 12 bytes (iii parameters * 4 bytes each) on the stack, and the stack grows down. Thus, to get rid of the parameters, nosotros can only add 12 to the stack arrow.

The result produced by myFunc is now available for use in the register EAX. The values of the caller-saved registers (ECX and EDX), may have been changed. If the caller uses them later the call, it would have needed to salvage them on the stack before the phone call and restore them after it.

Callee Rules

The definition of the subroutine should adhere to the following rules at the beginning of the subroutine:

1. Button the value of EBP onto the stack, and then copy the value of ESP into EBP using the following instructions:

                 push %ebp     mov  %esp, %ebp            

   This initial action maintains the base pointer, EBP. The base pointer is used past convention as a point of reference for finding parameters and local variables on the stack. When a subroutine is executing, the base pointer holds a re-create of the stack pointer value from when the subroutine started executing. Parameters and local variables volition always be located at known, constant offsets away from the base pointer value. We button the old base arrow value at the start of the subroutine and so that we can afterwards restore the appropriate base pointer value for the caller when the subroutine returns. Remember, the caller is not expecting the subroutine to alter the value of the base of operations pointer. Nosotros then move the stack arrow into EBP to obtain our point of reference for accessing parameters and local variables.
2. Next, classify local variables by making space on the stack. Recall, the stack grows down, so to brand space on the tiptop of the stack, the stack pointer should be decremented. The amount by which the stack pointer is decremented depends on the number and size of local variables needed. For example, if three local integers (4 bytes each) were required, the stack pointer would need to be decremented by 12 to brand infinite for these local variables (i.e., sub $12, %esp). As with parameters, local variables volition exist located at known offsets from the base arrow.
3. Next, save the values of the callee-saved registers that will be used by the role. To save registers, push them onto the stack. The callee-saved registers are EBX, EDI, and ESI (ESP and EBP will likewise exist preserved by the calling convention, but need not be pushed on the stack during this pace).

After these three actions are performed, the body of the subroutine may go along. When the subroutine is returns, it must follow these steps:

1. Leave the return value in EAX.
2. Restore the old values of any callee-saved registers (EDI and ESI) that were modified. The register contents are restored by popping them from the stack. The registers should be popped in the inverse gild that they were pushed.
3. Deallocate local variables. The obvious way to exercise this might be to add the advisable value to the stack arrow (since the space was allocated by subtracting the needed amount from the stack arrow). In practice, a less error-decumbent style to deallocate the variables is to move the value in the base pointer into the stack pointer: mov %ebp, %esp. This works because the base pointer e'er contains the value that the stack pointer contained immediately prior to the resource allotment of the local variables.
4. Immediately before returning, restore the caller'south base pointer value by popping EBP off the stack. Recollect that the first thing we did on entry to the subroutine was to push the base pointer to save its erstwhile value.
5. Finally, return to the caller by executing a ret instruction. This didactics will find and remove the appropriate return address from the stack.

Note that the callee's rules autumn cleanly into 2 halves that are basically mirror images of one some other. The first one-half of the rules utilize to the get-go of the function, and are commonly said to define the prologue to the function. The latter half of the rules apply to the cease of the function, and are thus commonly said to define the epilogue of the role.

Example

Here is an case function definition that follows the callee rules:

            /* Start the lawmaking section */   .text    /* Define myFunc every bit a global (exported) function. */   .globl myFunc   .type myFunc, @part myFunc:    /* Subroutine Prologue */   push %ebp      /* Salve the old base pointer value. */   mov %esp, %ebp /* Set the new base pointer value. */   sub $4, %esp   /* Make room for i 4-byte local variable. */   button %edi      /* Save the values of registers that the function */   push %esi      /* will modify. This function uses EDI and ESI. */   /* (no need to save EBX, EBP, or ESP) */    /* Subroutine Body */   mov 8(%ebp), %eax   /* Move value of parameter 1 into EAX. */   mov 12(%ebp), %esi  /* Movement value of parameter 2 into ESI. */   mov 16(%ebp), %edi  /* Move value of parameter 3 into EDI. */    mov %edi, -4(%ebp)  /* Move EDI into the local variable. */   add %esi, -4(%ebp)  /* Add ESI into the local variable. */   add -iv(%ebp), %eax  /* Add the contents of the local variable */                       /* into EAX (concluding result). */    /* Subroutine Epilogue */   pop %esi       /* Recover annals values. */   pop %edi   mov %ebp, %esp /* Deallocate the local variable. */   pop %ebp       /* Restore the caller's base of operations arrow value. */   ret          

The subroutine prologue performs the standard actions of saving a snapshot of the stack pointer in EBP (the base pointer), allocating local variables by decrementing the stack pointer, and saving register values on the stack.

In the trunk of the subroutine nosotros can see the use of the base of operations pointer. Both parameters and local variables are located at constant offsets from the base of operations pointer for the duration of the subroutines execution. In item, nosotros notice that since parameters were placed onto the stack before the subroutine was called, they are always located below the base pointer (i.e. at higher addresses) on the stack. The beginning parameter to the subroutine can always be found at retentiveness location (EBP+eight), the second at (EBP+12), the third at (EBP+16). Similarly, since local variables are allocated after the base of operations pointer is set, they ever reside above the base of operations arrow (i.due east. at lower addresses) on the stack. In particular, the first local variable is always located at (EBP-iv), the 2nd at (EBP-eight), and so on. This conventional apply of the base arrow allows u.s. to quickly identify the utilise of local variables and parameters within a function body.

The function epilogue is basically a mirror image of the part prologue. The caller's register values are recovered from the stack, the local variables are deallocated by resetting the stack pointer, the caller'southward base pointer value is recovered, and the ret pedagogy is used to render to the appropriate code location in the caller.

Credits: This guide was originally created by Adam Ferrari many years ago,
and since updated by Alan Batson, Mike Lack, and Anita Jones.
It was revised for 216 Spring 2006 by David Evans.
It was finally modified past Quentin Carbonneaux to utilise the AT&T syntax for Yale'due south CS421.

How To Dump The Registers In Assembly,

Source: https://flint.cs.yale.edu/cs421/papers/x86-asm/asm.html

Posted by: samuelovens1982.blogspot.com

Share this post