ALP-notes1.txt

Assembly Language Instructions:
======================
1.An assembly language has 2 parts:
	Part1: Defines the operation to be performed and is represented by the memonic of the instruction:
		example: movl %eax, %ebx
		In the above example movl is the operation to be performed 
	Part2: Defines the operands for the instruction

2. Operands of Instructions are 2 Types:
	Type1: Source Operands: Provides Input values to the operation to be performed.
	Type: Destination Operands: Results of the operation are stored in destination Operands

3. In an Instruction destination & Source operands:
	A. May be same	: addl %ebx, %ebx (addl the current values of %ebx and store the result in %ebx)
	B. May be different   : addl %ebx, %ecx (add the values in ebx and ecx and store the result in ecx)

4. As instructions are assembled by the assembler, A track of Memory addresses of instructions are maintained. 

5. Some instructions such as "jump" or "call" have the memory address of anohter instructions as argument. It's difficult for programmer to keep track of
these addresses , So instructions are labelled, and this label is referred in Other instructions:

1. .section .data
2. .section .text
3. .globl _start
4. _start:
5.        movl $1, %eax  
6.        movl $100, %ebx 
7,.       int $0x80      
 the above code , the instructions from lines 5,6,7 are labelled with "_start": 

6. _start defines the address of the instruction in line 5:

Example:

08048054 <_start>:
 8048054:       b8 01 00 00 00          mov    $0x1,%eax
 8048059:       bb 64 00 00 00          mov    $0x64,%ebx
 804805e:       cd 80                   int    $0x80
 
7. An assembly instructions also several Non-Processor instructions used in the program, which are called pseudo-ops or assembler directives. 

example: ".section data" , ".section .text"  etc.

8. _start is a symbol to define address of the instruction in the program that is executed first. Thus the execution of the program always starts from location "_start" 
and carries on till the program makes a call to exit system call in GNU/Linux

Example:

08048054 <_start>:
 8048054:       b8 01 00 00 00          mov    $0x1,%eax
 8048059:       bb 64 00 00 00          mov    $0x64,%ebx
 804805e:       cd 80                   int    $0x80
 
 As you see from the above example: _start symbol is pointing to  "08058054", "08058054" is the starting addres of the first instruction to be executed that is Line:5

Operand Sizes:
==========
1. In IA-32 Architecture: instructions can have operands of variable sizes. 
	Example: 
		i)8-bit operands	known as: byte
		ii) 16-bit 			known as: word
		iii)32-bit			known as: long

	
2. Instructions in IA32 architecture of 0,1 or 2 Operands

3. Operands may be:
	i) Registers		Example: movl %eax, %ebx
	ii) Memory		Example: movl myval, %ebx
	iii) Constants		Example: addl 5,%ebx

4. Register operands can be: 
	8-bit registers: al,ah,bl,bh,cl,ch,dl,dh	
	16-bit registers: ax, bx,cx,dx,di,si,sp, bp
	
5. Instructions can have:
	i) No operand
	ii) Multiple Operands

6. All instructions can have only 1 Memory operand. 

	examples:
	A.  if instruction has only 1 operand:
		incl myval  (value in myval will be incremented by 1)
	B. Multiple operands:
		incl %ebx, myval

7. For instructions which have 2 operands , they can have 1 memory , & other may be constant or register
	examples: 
	addl %ebx, myval
	addl 5,myval

Memory Model:
===========
1. Memory in a computer system can be thought as an Array of bytes:
	
|--------------------------------------------------------------------------------------------------------------------------------------------------|
|   A	|   B	|   C	|    1	|   2	|   3	|    4	|   @	|   S	|   8	|   11	|   1	|  13	|  15	|  H	|  E	|   L	|   L	|   O |   B 	|  Y 	|  E	|
|---0-----1-----2------3-----4-----5-----6------7-----8----9-----10----11----12---13---14----15----16----17---18----19---20---21--|

Index of this array: (example, 0,1,2,3) are known as address:
Value of the Array element : A, B,C are known as content of the memory location

So Address 0,the value A is stored
Address 1, Value B i stored
Address 17, Value L is stored. 

2. Instructions may have operands in the memory, so memory addresses of the operands are specified in the instruction, Ways to specify address in , instruction will
be dealt later

3. IA32 supports 2 kinds of Addressing mechanism
	1. 16-bit wide: 
	Leave this, Not Important
	2. 32-bit wide addressing 
4. OS ues only 1 kind of addressing mechanism., GNU/Linux uses 32-bit addressing Mechanism. In this addressing mechanism, the range of memory addressability
is 2^32 bytes

|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|   A	|   B	|   C	|    1	|   2	|   3	|    4	|   @	|   S	|   8	|   11	|   1	|  13	|  15	|  H	|  E	|   L	|   L	|   O |   B 	|  Y 	|  E	|	|	|	|	|	| 
|---0-----1-----2------3-----4-----5-----6------7-----8----9-----10----11----12---13---14----15----16----17---18----19---20---21------------------------------2^32-

5. Operands can be of  1 or more size bytes:
	If operand is 1 byte: 1 memory location is used
	If operand is more than 1 byte, Multiple memory locations will be used. 
	
	Example: 16-bit operand will use 2 memory locations:

Example: In the above diagram, to store HELLO, 5 Memory locations are used. 5 bytes are used. 

6. The memory operands are specified using 2 Attributes:
	A. Start Address (Specifically Mechanism to compute the start Address)
	B. size 
	
7. 16-bit Operands has 2 bytes: The most significant byte and Least significant byte. 

8. IA32 use Little-endian, LSB is stored in Lower Address. 

9. Example:
16-bit number: 0x1245	, So 0x45 will be stored in lower order : 0x23C8 , and 0x12 will be stored in 0x23C9

|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|   A	|   B	|   C	|    1	|   2	|   3	|    4	|   @	|   S	|   8	|   11	|   1	|  13	|  15	|  H	|  E	|   L	|   L	|   O |   B 	|  Y 	|  E	|	|	|	|	|	| 
|---0-----1-----2------3-----4-----5-----6------7-----8----9-----10----11----12---13---14----15----16----17---18----19---20---21------------------------------2^32-

In the above representation
If the number 1513 has to be stored:

Lowest address: 12: will have 13
Next higher address: 13: will have 15
===================================================================================================
Operand Addressing:

1. Instructions in IA32 processor operate on operands & generate at most 1 result. Results are then stored on memory or as specified in location

Instruction----->Processor->(Get operands, as per instruction & do operation)
				| Output
			____|__________
                        |                         |
               Memory                    Registers

2. Instructions can have :
	A. No destination operand
	B. Implied destination operand
	C. 1 destination Operand 

3. Instructions can have:
	A. 0 Source operand
	B. 1 Source operand
	C. 2 source operands
	
4. Mechanism of addressing operands indicates the way operands are found during the execution of instructions . Also known as addressing mode
of processors

5. Addressing modes are encoded in instruction. During execution of instruction the actual values are taken using the addressing modes specified:

6. Categories of operands:
	A. Constant 
		Example: add $5, %eax 
	All constants have $ sign prefixed 
	
	B. Registers
		examples: incl %eax, 
		add %ebx, %ecx
		movl %eax, %ebx
	All registers in the instruction are prefixed with % 
	
	C. Memory
		Examples: 
		movl data_items(,%ecx,4), %eax
		movl  data_items, %eax


Different Addressing modes
------------------------------------
1. Immediate Addressing : All constant operations of an instruction are specified using the immediate addressing mode. Constant operands are
prefixed with $sign

Examples: 
addl $5, %eax

In the above example 5 is added to the value stored in %eax and result is saved in eax register

cmpl $5, %eax
In the above example 5 is compared with value stored in eax register and eflags register is used to store the result

2. Register Addressing mode: 

Register operands (%eax, %ebx) are specified in instruction by name of registers. 

examples:
addl %eax, %ebx
cmpl %eax, %ebx
movl %eax, %ebx
32-bit registers: eax, ebx,ecx,edx,
16-bit, ax,cx,dx,si,di,sp & bp 
8-bit: al,ah, cl, ch, dl,dh 

3. Memory Addressing: 
	i)When an operand of the instruction is stored in memory, It is read from (or written to) to the memory during the execution 
	ii) Instruction should also specify the method to compute memory address also known as effective address

Methods to compute the address:	

3.1: Direct Addressing:
------------------------------
1. Simplest method of Providing the address is to specify that address in the instruction:
	Example: addl 0x8048054, %eax
	In the above example 0x8048054 is theaddress in memory having a value 5(for example) which will be added to the contents of eax and the result tant
	value is stored in eax
	
2. 	Since it's difficult to memorize the addresses , we use symbolic names for addresses , Linker then assigns the final address before execution

Example: addl data_items, %eax
data_items is a symbolic name for an address that contains 5(for example) that will be added to eax

3. Example: addl 20, %eax 

In the above example there is no $ prefixed for 20, so it's treated as address, Since the second operand is %eax, which is 32-bit register, the first operand
is also treated as 4 byte operands, So values stored from starting from 20,21,22,23 are fetched. 

4. While using memory addressing, the effective address provides just the starting address of the operand in the memory. 

5. The instruction should also provide the size of the operand , In most cases size of the operand is implicit
Examples:
	addl 20, %eax (In this case the size of the memory operand is implicit, which is actually based on 2nd operand)
	movb 20, %al  (in this case the size of the memory opeand is 1 byte,)
	incl 20 (In this case the size of the memory operand is 4 bytes starting from 20)
	incb 20  (size of memory operand is 1 byte which address 20)

Components of Effective Address
------------------------------------------
1. Effective address can be provided by specifying 4 different components:
	A. 2 Registers
	B. 2 constants

2. Two Registers are used as "base" & "index" component  , while the constants are used as "scale" & "displacement" . 

base(Register) ,  Index (Register), Scale (Constant), Displacement (Constant)

3. Scale can have values: 	1,2,4,8

4. Displacement can have values of : 8-bit or 32-bit

5. From the 4 values we defined above (base, index,scale, displacement) up to 3 can be ommitted 

6. Direct Addressing is an example where effective address is computed by omitting base, index & scale and only 32-bit displacement being used. 

7. Any of the 8 General Purpose registers can be used for "base" component  (eax,ebx,ecx,edx,esi,ebp,esp,ebp)

8. For Index only 7 General Purpose registers can be used : eax,ebx,ecx,edx,esi,edi,ebp. 

9. Displacement is a signed Number: so values range from -128 to +127 

10. In GNU/Linux Assembly language  Memory operand can be computed using below syntax:

Effective address: displacement(base,index,scale)

3.2 Indirect Addressing: (Base/Registers) Or Register Indirect method
------------------------------------------------------------------------------------------

1. If the memory operand is specified using just the base component (i.e only registers) 

example:
mov (%eax), %ebx 

In the above example Memory address is stored in eax , size is 32-bit 
add eax, (%ecx)

Note: addl (%ecx), (%ebx) is not allowed as assembly instruction can have only 1 memory operand 

Assume the memory image:

| 0x50BF	| 0x50C0	| 0x50C1	| 0x50C2	| 0x50C3	|
-------------------------------------------------------------------
| 0x10	| 0xE3	|0x20	| 0x00	| 0x10	|
-------------------------------------------------------------------

Consider:
	eax: 0x20 
	ecx: 0x50C0
	
	Instruction addl %eax, (%ecx) 
	The above causes 32-bit number from 0x50C0 to be read , and 0x20 be added to that value , and then stored back the result from 0x50C0
	Since it's 32-bit so 0x50C0 to 0x50C3 will be read and also the same is used to store the result. 
	 
3.3 Base + Displacement:
-------------------------------------

1. If the memory operand is computed using base & Displacement , then 
	effective address: displacement + base

2. Example: addl 2(%ebp) 

In the above example: displacement=2, base is ebp 

3. Consider the below memory Image:

| 25		| 26		| 27		| 28		| 29		|
-------------------------------------------------------------------
| 0x10	| 0xE3	|0x20	| 0x00	| 0x10	|
-------------------------------------------------------------------

If the ebp has 25 ,  then 25 is added to 2  , so the effective address is 27, since it's 32-bit register 4 bytes from 27 is read. 

Consider example:

addb 10, 2(%ebp)

In the above example:  the effective address of 2nd operand is (if ebp is 25), 27 (25 + 2) , since the instruction has "movb" , then only 1 byte is read starting from 
27 and added to 10 and result is stored in ebp 


Example Code 1:

.section .data
var1:
.int 25,27,28,29,30
.section .text
.globl _start
        _start:
                movl $var1, %ecx
                movl 8(%ecx), %ebx
                movl $1, %eax
                int $0x80

Example Code: 2
----------------------
.section .data
var1:
.long 25,26,27,28
.section .text
.globl _start
        _start:
                movl $var1, %edi 
                movl (%edi), %eax
                movl 4(%edi), %ebx 
                movl 8(%edi), %ecx 
                movl 12(%edi), %edx
                movl $1, %eax    
                int $0x80       
====================================================================================================
Index*Scale+ displacement:
 
1. If the memory operand is specified using index,scale & displacement components, the effective address is computed by multiplying the index by scale 
& then adding the displacement. 

2. Scale can take values: 1,2,4,8 

3. Index can have all General purpose registers except "esp"

4. If an array is used where the size of the element is 1,2,4 or 8 bytes , then element of array can be accessed using this mode. 

Consider Example:

# Registers:
# %edi points to starting address of an array
# %esi will be used as index register

.section .data
var1:
.int 10,11,12,13
.section .text
.globl _start
        _start:
                movl $var1, %edi			#we are passing address of var1[0] to %edi
                						#Assume the address of var1[0]=134516928/0x80490c0 
                						
                movl $0, %esi          		 #Since Index should be a register, We access first element var[0], so esi gets 0
                addl $1, var1(,%esi,4)  		#index(%ecx)=0,scale=4 , because 4 is total storage location taken by each element of array
				                                #displacement=var1 i,e starting address(134516928)
			                                        # var1(,%ecx,4) ==>> starting address(,0,4)
                        			                #=>>displacement(startingaddres)[0+0*4]=> starting address(134516928)
                        			                
                        			                
                movl (%edi), %eax			# here %edi=0x80490c0/134516928 , %eax will have 11

                movl $1, %esi        			   #We need to move to next array element %esi=1
                addl $1, var1(,%esi,4)  		  #displacment(starting address)[0+1*4]=>(starting address+4) now adding 1 to the value (134516928 + 4)
                						  # 134516928 + 4=134516932, Value stored at address 134516932 is 11,  Add 1 to 11 and store it  back at 134516932
                  		                                  # stored in (Starting address+4) 134516932, so 12 is stored 

                movl 4(%edi), %ebx      		#copy the net result in %eax , edi=134516928, 4+134516928=134516932, value at 134516932 is 12 

                movl $2, %esi           		#we move to var1[2] now, i.e 3rd element. 
                addl $1, var1(,%esi,4)  		#displacement(0+2*4)  134516928(0+2*4) 134516928(0+8)=>134516928 + 8 => 134516936
                						# Value stored at 134516936 is 12, Add 1 to 12 and result is stored back at 134516936 ie. 13. 

                movl 8(%edi), %ecx			# Access 3rd element and store it in ecx. %edi=134516928, 134516928+8=134516936,i.e get value 13 and store it in ecx
                
                
                movl $3, %esi         			# we move to var1[3] now
                
                addl $1, var1(,%esi,4)		# displacement=var1 (starting address), %esi=3(index), scale=4  
                						#	134516928(0+3*4)
                						# effective address=displacement+[base+index * scale]
                						# EA=displacement+[0+3*4]
                						# EA=displacement+[0+12] => displacement+12 134516928 + 12=134516940
               movl 12(%edi), %edx		

                movl $1, %eax
                int $0x80

Another Example:

We are adding all the values in the array var1 and store it in %ebx, var1 is accessed using displacement(index*scale)
.section .data
var1:
.int 10,11,12,13
.section .text
.globl _start
        _start:
                movl $var1, %edi
                movl %edi, %ecx
                movl $0, %esi   #Since Index should be a register, %esi will be index register
                addl $12, %ecx  # we need ending address to come out of loop
                movl (%edi), %ebx
        start_loop:
                cmpl %edi, %ecx
                je loop_exit
                incl %esi
                addl var1(,%esi,4), %ebx
                addl $4, %edi
                jmp start_loop
        loop_exit:
                movl $1, %eax
                int $0x80

===================================================================================================                
Base+index*scale:
1. In this addressing mode, 3 components base, index & scale are provided and effective address is computed by the processor while executing the instruction. 

2. Two components base & index are provided by registers , Scale is constant

Examples:
.section .data
var1:
.int 10,11,12,13
.section .text
.globl _start
        _start:
                movl $var1, %edi        #we copy the starting address in %edi
                movl $0, %esi           #Since Index should be a register, The first element var[0], so ecx gets 0

                addl $1, (%edi,%esi,4)  #index(%esi)=0,scale=4 , because 4 is total storage location taken by each element of array
                                        #displacement=0 
                                        # var1(%edi,%esi,4) ==>> starting address(starting address+0*4)
                                        #[0+0*4]=> starting address=>%edi
                movl (%edi), %eax
                movl $1, %esi           #We need to move to next array element
                addl $1, (%edi,%esi,4)  #[starting+1*4]=>(starting address+4) now adding 1 to the value
                                        # stored in (Starting address+4)

                movl 4(%edi), %ebx      #copy the net result in %eax

                movl $2, %esi           #we move to var1[2] now
                addl $1, (%edi,%esi,4)  #displacement(0+2*4)
                movl 8(%edi), %ecx

                movl $3, %esi           # we move to var1[3] now
                addl $1, (%edi,%esi,4)
                movl 12(%edi), %edx

                movl $1, %eax
                int $0x80

====================================================================================================
Base+Index*scale+Displacement:

1. This mode of addressing in IA32 processors is most powerful mode, In this mode all the four components are specified & the effective address is computed
using 2 additions & 1 multiplication 

2. This addressing involves 2 registers and 2 constants
3. Registers are used for address information
4. Constants are used for displacement & scaling

5. This addressing mode can be used to address an element from a 2-D Array 

Example:

Consider 2 * 4 Matrix as below:

		j	0		1		2		3
		-----------------------------------------------------
	0	|	12	|	13	|	14	|	15	|
i		------------------------------------------------------
	1	|	16	|	17	|	18	|	19	|
		------------------------------------------------------

Size of the Array => 2 * 4 

In memory the above array is stored in Row major format, in which the array elements are stored in memory in the row-first order.  Example as below:

matrix		value	Address;
----------------------------------------------
A0,0	|	12	|	20
A0,1	|	13	|	21
A0,2	|	14	|	22
A0,3	|	15	|	23
A1,0	|	16	|	24
A1,1	|	17	|	25
A1,2	|	18	|	26
A1,3	|	19	|	27

Assuming the size of each element is denoted by "s"

A[0][0] is denoted as "A" and size is 1 byte, then Address of A[0][1]=A +s ===> So if A[0][0]=20, then A[0][1]=>20+1=21

Address of A[0][j]	is (A+j)*s, So address of A[0][n-1] or A[0][4-1] ==>A[0][3]= (A+j)*s=> (20+3)*1=> 20+3=23

Each Row of the array occupies n*s bytes Which implies from the above example: each row occupies 4 bytes
Address of Row 1 (j) will be A+n*s
Address of first element of  Row i is A* i*n*s
Generalized form of A[i][j] => A+i*n*s+j*s

1 Registers is to keep i*n*s, this provides offset of the starting address of row i
Index register is used to keep j

s or size is represented by scale 

Starting Address of array(A) can be given by displacement 

====================================================================================================
Functions:
------------
1. To assist programmers in working together in groups, It is necessary to break programs apart into separate pieces,  Which communicate with each
other through well-defined interfaces

2. Functions are units of code that do a defined piece of work on specified types of data. 

3. Data items(inputs) a function is given to process are called it's parameters

4. A typical program is composed of thousands of functions, each with a small, well-defined task to perform. However ulitmately there are things that 
one cannot write functions for which must be provided by the system. Those are called primitive functions. They are basics which everything else is built
of. 

Functions are composed of below Elements:
--------------------------------------------------------
A. Function Name:
B. Function Parameters
C. Local variables
D. Static variables
E. Global Variables
F Return Address
G. Return Value
									---------------------------
									|				|
									|	Functions		|	
									----------------------------
											|
|---------------------------------------------------------------------------------------------------------------------------------------------------------------|									
		|				|			|			|			|			|				|
	Function Name		Function 		      local		      static 	 	     Global		Return Address	Return Value
					Parameters	      variables	     variables          variables


A. Function name:
-----------------------
	i.	Functions name is a symbol that represents the address where the function's code starts
	ii.	In ALP symbol is defined by typing the functions name followed by colon immediately before function's code. 
	
	Example:

	.section .text
	.globl _start
		_start:		<-------------------_start is a function which symbolises address of the instruction "movl $101, %ebx"
				movl $101, %ebx
				movl $1,	%eax
				int $0x80
	objdump -d ./exit

	./exit:     file format elf32-i386

	Disassembly of section .text:

	08048054 <_start>:
	 8048054:       b8 01 00 00 00          mov    $0x1,%eax
	 8048059:       bb 64 00 00 00          mov    $0x64,%ebx
	 804805e:       cd 80                   int    $0x80
	 
	 As we can see from the above dissembly, _start points to Address 8048054 which is the address of the instruction "mov   $0x1,%eax"

B. Function Paramters
----------------------------
	i.	A function's parameters are the data items that are explicitly given to the function for processing
		example:
			 sine(2) = 0.34
			 
			 sine is the name of the function
			 2 is the paramter 
	ii.	Some functions have many parameters
	iii.	Some functions have no parameters

C. local variables
-----------------------
	i.	Local variables are data storage that a function uses while processing
	
	ii.	This data storage  is thrown away when function execution is completed (or returned)
	
	iii.	It's like rough paper which we get everytime function is evoked, Once completed , the rough paper is discareded. 
	
	iv.	Local variables of a function cannot be accesssed by any other function 

D. Static variables
-------------------------
	i.	Static Variables are data storage that function uses while processing

	ii.	This data storage is not thrown away when function completes it's execution
	
	iii.	This data storage is re-used everytime the function is activated 
	
	iv.	This data stroage cannot be accessed outside of the function. 
	
	v.	This data storage should be used with caution

E. Global Variables
------------------------
	i.	Global Variables are data storage that function uses while processing
	
	ii.	This data storage is available outside of the function execution, i.e this data storage is available to other functions also
	
	iii.	This data storage is thrown away when the whole program completes execution
	
	Examples:
	
	i.	A simple text editor may put the entire contents of the file it is working on a global variable so it doesn't have to be passed to every function that 
	operates on it. 
	
	ii.	Configuration values are often stored in global variables.

F. Return Address
-----------------------
	i.	Return Address is an invisible parameter 
	
	ii.	Return Address is not directly Used by the function during execution
	
	iii.	Return address is used to find where the processor should start executing after the function completes it's execution
	
	iv.	This is needed because function can be called to execute from different parts of the program , once the function completes execution, it should 
		go back to where it was called from. 
	
	v.	In most programming languages, this parameter is passed automatically when the function is called

G. Return Value
---------------------
	
	i.	Return Value is main method of tranferring data back to main program
	
	ii.	Most programming languages allow a single return value for a program 
	


5. The above pieces of a function are mostly same for different programming languages , How each pieces are specified are different in each one. 

6. The variables(local,global &  Static), Function Paramters & Return values are tranferred between functions vary from language to language. This variance 
is called "calling convention"	

7. Calling convention describes how functions expect to get & receive data when they are called

8. Assembly language can use any calling convention 

9. C calling Convention is mostly used 

10. To understand how functions work, It's important to understand how "stack" work.  

11. Each computer program that runs uses a region of memory called the stack to enable functions to work properly.

Stack:
--------
A.	IA32 processors implement stack in memory:
B.	Stack is a data structure in which data items are added and removed in the last in first out(lifo) order

Example:
	Function f1		Function f3	Function f2		functionf4
	-----------	    |-->----------   |->-----------	     |->-----------
	statement1	    |	statement 1  |	statement1	     |	statement1
	statement2	    |	statement 2  |	statement2	     |	statement2
	...		    |	End function |	call functionf4------|	statement3
	----		    |	^	     |	Statement X<-----------	end function
	..		    |	|	     |	......			
	call functionf2:<---|---|------------|	Statement N	
	statement X <-------|---|--------------end function
	call to functionf3--|   |
	statement N		|
	end function<-----------|

	->In the above example, functionf1 makes 2 calls to function f2 & function f3 respectively
	->Function f2 in turn makes one call to function f4 
	->The execution starts with function f1 , execution continues till call is made to f2, 
	->At this time, the execution control is transferred to function f2,
	->After execution of f2 is completed, it execution control is transferred back to f1
	
	->The above semantics is maintained when function f2 makes a call to function f4. 
	->While executing fuction f4, the execution path can be traced as:
		f1->f2->f4
	->When f4 function finishes, its execution control is returned back to f2, 
	->Similarly when fuction f2 completes, execution control is handed back to f1

	->There is a natural order of passing control upon calls to function and the reverse order
	of passing control upon return from the function. Stack is an obvious choice here.

C. Each time a function is called , the return address is pushed to stack. 

D. The top of the stack therefore provides address within the function to which control must returnwhen execution of 
the called function is over

E. IA32 Processors provide a mechanism to implement stack and several instructions that use this stack implicitly

F. The actual storage of the stack is created in the processor memory along with other items such as program instructions,
data etc. 

G. The top of the stack is represented by register esp, which stores the memory address of the location where the last
data item was added. 

H.Upon each push register esp is first decremented by the number of bytes in the data item. The value of the data item is 
then stored in the memory location whose address is available in register esp


Example:
1. If we wish to push contents of register eax on to stack , registers esp will be decremented by 4 and then value of register
eax will be stored in memory whose address is given in esp. 

Example:

	0x11BC		0x11BD		0x11BE		0X11BF		0X11C0
										

Assume Current address of %esp is 0x11C0, 

Before push
%eax:	0x13579BDF

After push operation
        0x11BC          0x11BD          0x11BE          0X11BF          0X11C0
        0XDF		0X9B		0X57		0x13		
%eax: 0x13579BDF
The contents of the memory operation is shwon above

I. Pop operation is reverse of push operation. In the case of pop operation, first the appropriate number of bytes are read
from memory addressed by register esp and then the register esp is incremented in sisze of the data operand . 

J. Machine stack in IA32 processors is very powerful and can be used in several ways:
	-> The most important use of stack is to keep the return address for the function calls
	-> Another use of stack is to temporarily save the contents register & recover them later
	-> Implementations of high-level Programming languages typically use stack to pass parameters to functions 
	-> Local variables of high-level langauge function are typically alloted on to the stack. 
	-> Execution control of recursive function is implemented using a stack where the functions are returned in reverse
order of the call. The function that is called at the end returns first and the function invocation that is done in the beginning
is concluded last.


	i.	Stack is a pile of papers on desk , which can be added to indefinitely 
	
	ii.	Things that we are working currently is always on the top. 

	iii.	Computers have stack too, computers stack lives at the very top address of Memory 

	iv.	we can add values (also called push) values on to the stack using instruction called "pushl" 
	
	v.	pushl pushes either a register(eax,ebx,ecx...etc) or value on to the top of the stack.
	
	vi.	Nomencalature used in stack like "top" is actually (physically) the bottom of the stack's Memory
	
		________________________________________________________________________________________________
		|29 		|28		|27		|26		|25		|25	 	|
		| ----------	| ----------	| --------	| ----------	| ----------	| ----------	| <--------Stack
		|23		|22		|21		|20		|19		|18		|<--------------------------------Top
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	|
		|17	@	|16	!	|15	F	|14	)	|13	G	|12	H	|
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	|
		|11	H	|10	E	|9	L	|8	L	|7	O	|6	W	|
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	| 
		|5	O	|4	R	|3	L	|2	D	|1	!	|0	!	|	
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	| 
		_________________________________________________________________________________________________	
	vii. 	From the above Memory representation We can see that 
		A. Memory addressing starts from 29 and moves down to 0 (more like fffffff to 0000000)
		B. Top is bottom of the memory 
		C. Memory grows Downwards
 
	viii. When we are referring top of the	stack we are actually referring to bottom of the memory
	
	ix.	We can also remove values from the stack , which is called as "pop" , instruction used is "popl"
	
	x.	When we push a value on to the stack, the top of the stack moves to accomdate the addition value. 
	
	xi.	Stack can be kept on pushing until we hit our code or data. 
	
	xii. 	To know where the "top" of the stack is , we use a stack register %esp , which always points to the current top of the stack
	
	Examples:

		-----------------------------------------------------------------------------------------------
		|29 	H	|28		|27		|26		|25		|25	 	|
		| ----------	| ----------	| --------	| ----------	| ----------	| ----------	| <--------Stack
		|23		|22		|21		|20		|19		|18		|
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	|
			
			In the above example We added H to the stack, So now top (%esp) points to address 29

		------------------------------------------------------------------------------------------------
		|29 	H	|28	E	|27		|26		|25		|25	 	|
		| ----------	| ----------	| --------	| ----------	| ----------	| ----------	| <--------Stack
		|23		|22		|21		|20		|19		|18		|
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	|			

		We added(pushed) E to the stack, So now top (%esp) points to E
		
		------------------i-----------------------------------------------------------------------------
		|29 	H	|28	E	|27	L	|26	L	|25	O	|25	W 	|
		| ----------	| ----------	| --------	| ----------	| ----------	| ----------	| <--------Stack
		|23	O	|22	R	|21	L	|20	D	|19		|18		|
		| ----------	| ----------	| ----------	| ----------	| ----------	| ----------	|

		As you can see from the above example we kept pushing characters to stack. 
		Now top(%esp) of the stack points to Address 20 (or value D)				

	xiii.	pushl instruction pushes 4 bytes of value on to the stack , Since we are moving down the memory , Pushing value is basically subtracting by 4 
		when we do pushl, %esp gets subtracted by 4 , 
		note: pushl (push long i.e 4 bytes)

	xiv.	To  remove something from stack , we simply popl from the stack , which is basically adding 4 bytes to %esp

	xv.	To access current value (or topmost value in stack) , We can access %esp register
		
		example:
			movl (%esp), %eax
		The above will move what ever value is in the top of the stack to %eax register
		
	xvi.	If we do the operation, 
			movl %esp, %eax
		The above will copy the address to which currently top points to %eax register. 

	xvii.	In the C language calling convention, stack is the key element for implementing a functions local variables, parameters & return address.

	xix.	Before executing a function, Program pushes all the parameters for the function on to the stack in the reverse order that they are documented.
		Example: if we sum(a,b), then 

                ------------------------------------------------------------------------------------------------
                |29     b       |28     a       |27             |26             |25             |25             |
                | ----------    | ----------    | --------      | ----------    | ----------    | ----------    | <--------Stack
                |23             |22             |21             |20             |19             |18             |
                | ----------    | ----------    | ----------    | ----------    | ----------    | ----------    |

		As we can see we have b first pushed and then a, so now top points to 28 (i.e esp register has address 28)

	xx.	The program uses call function indicating which function to start. 

Stack related data Movements:
------------------------------
1. The stack related data movements instructions in IA32 processors implement push and pop operations on the stack
2. Syntax of push and pop are:
	push src
	pop dest
3. The src operand in the case of "push" instruction can be 
	->Immediate constant
	->Register
	->Memory variable
4. The size of the operand can only be 16-bits or 32-bits, 8-bit operands cannot be pushed

5. If the operand of the "push"instruction is specified using immediate addressing or memory addressing , the size
of the operand is not implicitly known 

6. In order to specify the size of the operand, the "push" instruction can we suffixed with "w" or "l" to indicate 16-bit or
32-bit operations respectively (ex: pushl, pushw)

7.If the operand is an immediate constant or is a memory variable w or l in pushw or pushl instruction must be used to 
provide the size of the operand

8. In programs often several registers are saved on the stack at the same time & later restored. IA32 provides another 
set of push and pop instructions for this purpose

9. "pusha" pushes all eight general purpose registers on the stack. 

10. popa instructoin removes 32-bit registers from the stack in reverse order of the push 

11. pushf instruction pushes 32-bit eflags register on to stack and popf instruction is not opposite of pushf. 



Handling Unsigned Numbers:
-------------------------
1. IA32 architecture supports both unsigned & signed numbers. 
2. For the signed numbers, 2's complement notation is used. 
3. In 2's complement representation the most significant bit of an operand is 1 for negative 
numbers and 0 for positive numbers

4. IA 32 architecutre provies several instructions that change the size of the signed numbers.
Ex: 8-bit data item can be converted in to 16-bit data item using instruction "cbw"

5. while converting data item to a larger size, the sign bit can be duplicated to all the extra bits. 

Example: consider a byte value 0x08,  the equivalent 16-bit size is 0x0008, which is obtained  by duplicating
sign bit(0) to all the extra bits in 16-bit number.

If the number originally was negative , the extra bit will have all bits set to 1. 

6. Following instructions in IA32 architecture are provided to convert data sizes for the signed numbers:
	cbtw
	cwtd
	cwtl
	cltd
	movsbw src, dest
	movsbl src, dest
	movswl src, dest

7. cbtw: (also known as cbw) converts 8-bit signed numbers stored in al to 16-bit signed number and stores it in ax

8. cwtd(cwd): converts 16-bit signed number stored in ax to 32-bit number , Most significant 16-bits of resultant 32-bit number are returned in 
register dx while register ax represents lower 16bits 

9. cwtl(cwde) perfrms similar operation as of cwtd execept that it returns 32-bit number in register eax

10. cltd (cdg) converts 32-bit number to 64-bit number. input 32-bit number in eax and output goes in edx and eax

11. movs.. instructions are generic as they conver 8-bit - 16-bit (movsbw), 8-bit to 32-bit (movsbl) and 16-bit to 32bit (movswl)

12. There are few more instructions in IA32 architecture to convert data sizes for unsigned numbers
movzbw	src, dest
movzbl	src, dest
movzwl 	src, dest
	src can be register or memory
	dest can only be a register

====================================================================================================
Chapter 3:	Basic Data Manipulation
-----------------------------------------------------
1. IA32 instructions can be divided in several categories:
	A. Data manipulation
	B. Data Movement etc. 
	
2. The most commonly used instruction in IA32 processors is "mov" instruction. 

3. "mov" instruction can be used for following purposes:
	-> initialize a register
	-> initialize a memory location
	-> copy a value from register to memory
	-> copy value from memory to register
	-> copy from register to register

4. Syntax of "mov" instruction is as follows:
	mov src, dest

5. During the execution of the above instruction the value of the src operand is copied to "dest" operand. 

6. "src" operand may be immediate constant in which case it causes initialization of "dest" operand

7. IA32 processors also have an restriction on type of operands. like the instruction can have only 1 memory operand. So it cannot copy value 
from a memory variable to another memory location. 

8. To perform such an operation (memory to memory) more than 1 instruction has to be done. 

	Example1:
1		movl 0x100, %eax
2		movl 0x200, %ebx
3		movl %ebx, 0x100
4		movl %eax, 0x200

Assume %eax had the value: 0xabcdabcd, %ebx had 0xdeafdeaf prior to execution

Memory Image Before execution:

		0x100	0x101	0x102	0x103
		0x10002000						<-----------Value
		
		0x200	0x201	0x202	0x203
		0x30004000						<----------Value
		
After execution of line1:	%eax	- 0x10002000

		0x100	0x101	0x102	0x103
		0x10002000						<-----------Value
		
		0x200	0x201	0x202	0x203
		0x30004000						<----------Value			

After Execution of line2: %ebx	= 0x30004000
		0x100	0x101	0x102	0x103
		0x10002000						<-----------Value
		
		0x200	0x201	0x202	0x203
		0x30004000						<----------Value		
 
After execuion of Line3: %eax = 0x10002000, %ebx=0x30004000
		0x100	0x101	0x102	0x103
		0x30004000						<-----------Value
		
		0x200	0x201	0x202	0x203
		0x30004000						<----------Value		
After execuion of Line3: %eax = 0x10002000, %ebx=0x30004000
		0x100	0x101	0x102	0x103
		0x30004000						<-----------Value
		
		0x200	0x201	0x202	0x203
		0x10002000						<----------Value						
		
As seen in the above example, initial contents of %eax and %ebx are overwritten. 

	Example2:				A[1,2,3,4]
	init:
1		movl $0, %esi
2		movl %esi, A(,%esi,4) 
3		incl %esi
4		movl %esi, A(,%esi,4)
5		incl %esi
6		movl %esi A(,%esi, 4)
7		incl %esi
8		movl %esi A(,%esi, 4)


In the above program:			
	-> %esi is used as index register
	-> index i(%esi) is initialized to 0
	-> we store this value in array A by accessing A[0] using base+index*scale 
	->Since each element is 4 bytes, scale is 4 bytes. 

Line 1:	 %esi=0

Line 2:	%esi=0,  Memory location .base=0, index=0, scale=4 
				Memory A[0+0*4] = A[0] , So copy 0 to A[0]

Line 3:	%esi=1

Line4 	%esi=1, Memory Location, base=0, index=1, scale=4
				A[0+1*4] => A[4], So copy 1 to A[4]

Line 5:	%esi=2

Line 6: 	%esi=2, Memory location, base=0, index=2, scale=4
			A[0+2*4]=>A[8], So copy 2 to A[8]

Line 7	%esi=3

Line 8:	%esi=3, Memory location: base=0, index=3, scale=4
			A[0+3*4]=>A[12], So copy 3 to A[12]

							
9. IA32 processors also have an interesting instruction that exchanges the values of two operands 
		xchg src, dest

10. None of the two operands in the above instruction can be specified using immediate addressing (i.e we cannot use constants) and we can only use 
1 memory operand

	Example:
1		xchg 0x100, %eax
2		xchg 0x200, %eax
3		xchg 0x100, %eax

Prior to execution
%eax=0x11223344

		0x100	0x101	0x102	0x103
		0x88	0x77	0x66	0x55	<-----------Value
		
		0x200	0x201	0x202	0x203
		0xCC	0xBB	0x AA	0x99	<----------Value			
		

	
After Line 1
%eax=0x55667788
		0x100	0x101	0x102	0x103
		0x44	0x33	0x22	0x11		<-----------Value
		
		0x200	0x201	0x202	0x203
		0xCC	0xBB	0x AA	0x99	<----------Value					

After Line2

%eax=0x99AABBCC
		0x100	0x101	0x102	0x103
		0x44	0x33	0x22	0x11		<-----------Value
		
		0x200	0x201	0x202	0x203
		0x88	0x77	0x66	0x55	<----------Value					

After Line3
%eax=0x11223344

		0x100	0x101	0x102	0x103
		0xCC	0xBB	0xAA	0x99	<-----------Value
		
		0x200	0x201	0x202	0x203
		0x88	0x77	0x66	0x55	<----------Value					

11. IA32 Processors also provide an instruction to change the endianity of 32-bit number

12. IA32 Processors implement little-endian storage for multi-byte data elements in the memory 

13. In little-Endian Mode:
	->Least Significant byte (LSB) is stored in lowest address
	->The most significant byte (HSB/MSB) is stored in Highest Address of a memory
	
	Example:
		Consider 0x100 has value 0x55667788
		
		LSB of the above value is 0x88, which is stored in 0x100
		0x77 is stored in 0x101
		0x66 stored in 0x102
		0x55 stored in 0x55

14. In big-Endian Mode bytes are stored in reverse order:
	->Least significant byte (LSB) is stored in Highest address
	->Most significant byte is stored in Lowest address of Memory
	
	example 0x100 has 0x55667788
		LSB is 0x88, which is stored in 0x103
		0x77 is stored in 0x102
		0x66 is stored in 0x101
		0x55 is stored in 0x55

15. IA32 process provides a bswap instruction that swaps the bytes of 32-bit register to change the order of the storage. 
	Syntax: bswap r32 
		ie. bswap <register>

16. bswap instruction takes only 1 single 32-bit operand specifying using register addressing mode , 

17. Operands of bswap cannot be immediate addressing mode or Memory operand. 

18. bswap instruction along with mov instruction can be used to change the byte order of a memory variable. 

19,. These type of instructions are needed when the data that is provided from other sources like network are sent in Big-Endian and we want it to convert it
to little endian. 

	Example:
1		xchg (%ebx), %eax
2		bswap %eax
3		xchg (%ebx), %eax

Explanation :

Before Execution			
Assume %eax = 0x11223344
%ebx had 0x100  value:0x55667788

		0x100	0x101	0x102	0x103
		0x88	0x77	0x66	0x55	<-----------Value

After Line 1
%eax=0x55667788

		0x100	0x101	0x102	0x103
		0x44	0x33	0x22	0x11	<-----------Value

After Line 2 

%eax=0x88776655

		0x100	0x101	0x102	0x103
		0x44	0x33	0x22	0x11	<-----------Value

After Line 3

%eax=0x11223344

%ebx-0x100=0x88776655

		0x100	0x101	0x102	0x103
		0x55	0x66	0x77	0x88	<-----------Value					

====================================================================================================
Condition Flags & their use.
----------------------------------
1. eflags register in an IA32 processor stores various flags corresponding to the result of last instruction executed. 

2. Some Instructions do not modify the flags, for example bswap, xchg & mov , but instructions like "inc"	 changes few flags in eflags registers

Flags:

carry flag(cf):
------------------
	A.	Keeps the status of the final carry-out while computing the result of the last instruction set. 
		Example: "add" instruction 
	B.	While adding 2-numbers the carry flag contains the carry-out of the most significant bit.
		Example: addl $4, %al
		%al = %3f , 
		%3f in decimal is 63 , 63 +4 = 67. so there is no -overflow, so carry flag will be zero. Which Means CF is not set 
		
	C. 	adding 4 to 0xFD , addl $4, 0xFD , the final value of register al will be 0x0 and CF is set 1, (which mean CF is enabled)
		
		when 0xFD is stored to al,  the actual value that is being stored is -3 (incase of signed) or 253 (unsigned),
		253 when converted to binary is: 11111101, and 3 in binary is 00000011, 
		11111101
	+	00000011
		--------
	       100000000
		---------
		1 is carried out 


(gdb) break 3
Breakpoint 1 at 0x8048054: file cf1.s, line 3.
(gdb) list
Line number 8 out of range; cf1.s has 7 lines.
(gdb) r
Starting program: /home/ashok/practice/test/cf1 

Breakpoint 1, _start () at cf1.s:4
4			movb $0xfd, 
(gdb) n
5			addb $3, %al
(gdb) p/u $al
$1 = 253			<-----------------al is 253 (unsigned)
(gdb) p/d $al
$2 = -3				<------------------al is -3 (signed)
(gdb) n
6			movl $1, %eax
(gdb) p/d $al
$3 = 0			<------------------------------(-3 + 3=0) signed
(gdb) p/u $al
$4 = 0			<-------------------------------(253 + 3 256, i.e since 255 can only be stored, we have a carry out 
							making eax register to all zerors 
(gdb) info reg eflags
eflags         0x257	[ CF PF AF ZF IF ]	<-------------we could see carry flag set in eflags register

		
		Breakpoint 1, _start () at a1.s:5
5               mov $0xfd, %al
(gdb) n
6               add $3, %al
(gdb) info reg
eax            0xfd     253  <-------------------------eax has 253
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048056        0x8048056 <_start+2>
eflags         0x212    [ AF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0

	(gdb) info reg al
al             0xfd     -3	<---------------------LSB of %eax, i.e al has -3

when $3 is added to al ,  -3 + 3, So al is set to 0 , i,e the whole eax register will be 0x00000000
253 + 3 , 256 , since we can store only 255 value, 1 gets carry forward  so 
(gdb) n
7               mov %al, %bl
(gdb) info reg al
al             0x0      0 	<-----------------al is set 0
(gdb) info reg eax
eax            0x0      0 <-----------------------------eax is set 0
(gdb) info reg 
eax            0x0      0
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048058        0x8048058 <_start+4>
eflags         0x257    [ CF PF AF ZF IF ]  <----------------------As we can see CF is set
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0

	
		127	7f
		-128	80
		-127	81
		-126	82
		-125	83
		-124	84
		-123	85
		-122	86
		-121	87
		-120	88
		-119	89
		-118	8a
		-117	8b
		-116	8c
		-115	8d
		-114	8e
		-113	8f
		-112	90
		-111	91
		-110	92
		-109	93
		-108	94
		-107	95
		-106	96
		-105	97
		-104	98
		-103	99
		-102	9a
		-101	9b
		-100	9c
		-99	9d
		-98	9e
		-97	9f
		-96	a0
		-95	a1
		-94	a2
		-93	a3
		-92	a4
		-91	a5
		-90	a6
		-89	a7
		-88	a8
		-87	a9
		-86	aa
		-85	ab
		-84	ac
		-83	ad
		-82	ae
		-81	af
		-80	b0
		-79	b1
		-78	b2
		-77	b3
		-76	b4
		-75	b5
		-74	b6
		-73	b7
		-72	b8
		-71	b9
		-70	ba
		-69	bb
		-68	bc
		-67	bd
		-66	be
		-65	bf
		-64	c0
		-63	c1
		-62	c2
		-61	c3
		-60	c4
		-59	c5
		-58	c6
		-57	c7
		-56	c8
		-55	c9
		-54	ca
		-53	cb
		-52	cc
		-51	cd
		-50	ce
		-49	cf
		-48	d0
		-47	d1
		-46	d2
		-45	d3
		-44	d4
		-43	d5
		-42	d6
		-41	d7
		-40	d8
		-39	d9
		-38	da
		-37	db
		-36	dc
		-35	dd
		-34	de
		-33	df
		-32	e0
		-31	e1
		-30	e2
		-29	e3
		-28	e4
		-27	e5
		-26	e6
		-25	e7
		-24	e8
		-23	e9
		-22	ea
		-21	eb
		-20	ec
		-19	ed
		-18	ee
		-17	ef
		-16	f0
		-15	f1
		-14	f2
		-13	f3
		-12	f4
		-11	f5
		-10	f6
		-9	f7
		-8	f8
		-7	f9
		-6	fa
		-5	fb
		-4	fc
		-3	fd
		-2	fe
		-1	ff

Zero Flag:
	A.  Zero flag is set to 1 if the result of the last instruction (flag modifying) is 0 
	
	Example:
			mov $0xfd, %al  # al has value -3
			addl $3, %al   # -3 + 3  is 0 , so result of this instruction is 0 so, ZF is set 
	
		
	B. Zero flag is set to 0 , if the result of the last instruction is not 0
	
			movl $0xfd , %al 	# al has -3
			addl $2, %al   # -3 + 2  is -1,  So zero flag is not set. 
			
Sign Flag:
	
	A. Sign Flag stores the sign of the result of the last flag-modifying instruction. 
	
	B. This flag is used for implementing arithmetic using 2's complement representation for the numbers
	
	C. most significant bit of number is 1 if the number is negative. 
	
	d. Positive numbers are represented when Most significant bit is set to 0
	
	E. Sign Flag is set 1 , if the result of a last flag-modifying instruction is a negative number
	
	F. Sign  flag is set 0, if the result of the lsat flag-modifying instruction is postivie number
	
	Example:
		mov $0xfd, %al
		movl $2, %al , #-3 + 2 is -1 , so sign flag is set 
		
		(gdb) list
1       .section .data
2       .section .text
3       .globl _start
4               _start:
5                       mov $0xfd, %al
6                       add $2, %al
7                       movl $1, %eax
8                       int $0x80
9
(gdb) b 4
Breakpoint 1 at 0x8048054: file a3.s, line 4.
(gdb) r
Starting program: /home/ashok/practice/new/a3 

Breakpoint 1, _start () at a3.s:5
5                       mov $0xfd, %al
(gdb) n
6                       add $2, %al

(gdb) n
7                       movl $1, %eax
(gdb) info reg
eax            0xff     255
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048058        0x8048058 <_start+4>
eflags         0x286    [ PF SF IF ] <----------------------Sign flag is set 
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0
(gdb) info reg al
al             0xff     -1

(gdb) info reg
eax            0xfd     253
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048056        0x8048056 <_start+2>
eflags         0x212    [ AF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0

	

Parity Flag:
	
	A. 		Parity Flag stores the parity status of the least significant byte of the result of the last flag-modifying instruction 
			PF is set to 1  if the LSB of the result has even number of 1's is set to 0 if the number is odd
			
			Example:
			1       .section .data
2       .section .text
3       .globl _start
4               _start:
5                       mov $0xfd, %al
6                       add $2, %al
7                       movl $1, %eax
8                       int $0x80
9
(gdb) b 4
Breakpoint 1 at 0x8048054: file a3.s, line 4.
(gdb) r
Starting program: /home/ashok/practice/new/a3

Breakpoint 1, _start () at a3.s:5
5                       mov $0xfd, %al
(gdb) n
6                       add $2, %al
(gdb) info reg
eax            0xfd     253
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048056        0x8048056 <_start+2>
eflags         0x212    [ AF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0
(gdb) n
7                       movl $1, %eax
(gdb) info reg
eax            0xff     255
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048058        0x8048058 <_start+4>
eflags         0x286    [ PF SF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0

Example:2
2       .section .text
3       .globl _start
4               _start:
5                       mov $0xfd, %al
6                       add $3, %al
7                       movl $1, %eax
8                       int $0x80
9
(gdb) b 4
Breakpoint 1 at 0x8048054: file a3.s, line 4.
(gdb) r
Starting program: /home/ashok/practice/new/a3

Breakpoint 1, _start () at a3.s:5
5                       mov $0xfd, %al
(gdb) n
6                       add $3, %al
(gdb) info reg
eax            0xfd     253
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048056        0x8048056 <_start+2>
eflags         0x212    [ AF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0
(gdb) info reg al
al             0xfd     -3
(gdb) n
7                       movl $1, %eax
(gdb) info reg al
al             0x0      0
(gdb) info reg
eax            0x0      0
ecx            0x0      0
edx            0x0      0
ebx            0x0      0 
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048058        0x8048058 <_start+4>
eflags         0x257    [ CF PF AF ZF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0


Overflow Condition:
Over flow flag stores the overflow condition of the result of the last flag-modifying instruction. 
while sensing the overflow, signed arithmetic is taken in to consideration. 


(gdb) list
1       .section .text
2       .globl _start
3               _start:
4                       mov $0x7f, %al
5                       add $1, %al
6                       movl $1, %eax
7                       int $0x80
8
(gdb) b 4
Breakpoint 1 at 0x8048054: file a4.s, line 4.
(gdb) r
Starting program: /home/ashok/practice/new/a4

Breakpoint 1, _start () at a4.s:4
4                       mov $0x7f, %al
(gdb) n
5                       add $1, %al
(gdb) info reg
eax            0x7f     127
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048056        0x8048056 <_start+2>
eflags         0x212    [ AF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0
(gdb) info reg al
al             0x7f     127
(gdb) n
6                       movl $1, %eax
(gdb) info reg al
al             0x80     -128
(gdb) info reg
eax            0x80     128
ecx            0x0      0
edx            0x0      0
ebx            0x0      0
esp            0xbffff5a0       0xbffff5a0
ebp            0x0      0x0
esi            0x0      0
edi            0x0      0
eip            0x8048058        0x8048058 <_start+4>
eflags         0xa92    [ AF SF IF OF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x0      0


Auxiliary Flag (AF)
--------------------
1. This flag contains carry-out from bit 3 of the result of the flag modifying instruction . 

2. This flag is primary used for implementing Binary coded decimal representation. 

====================================================================================================
conditions:
1. Several instructions have a conditional  execution in IA32 processors

2. Instructions behave in one way if the condition is true & in another way if the condition is false. 

3. Conditions are determined by CPU flags

4. Many conditions combine various flags in certain ways. 

5. There are 16 number of conditions supported by IA32 processors by combining various flags. 


1. Equal (E) or Zero (Z)
	
	-> This condition is true if Zero Flag (ZF) is set to 1
	-> Example: test if 2 numbers are equal or not.  This is checked  by subtracing one by another , If two numbers are equal ZF is set 1
	
2. Not Equal (NE) or Not Zero(NZ)
	-> Condition is opposite of previous condition. 
	-> This condition is true when ZF is not set or ZF is 0

3. Above (a) or Neither Below or Equal (nbe)

	-> This condition is primarily used for the comparision of unsinged Numbers		
	->  Example:  Consider numbers 52 & 25 , if  when 25 is subtracted from 52 , it should not result in a borrow or zero. 
	-> This condition is true if CF=0 & ZF=0 , if any of the two flags is 1, condition is false

4. Below or Eual (be) or Not Above (na)
	->This condition is inverse of above condition (nbe) and refers to condition when CF=1 or ZF=1 
	
5. Above or Equal (ae) or Not Below (nb) or No carry (nc) 

	-> This condition is also used in connection with comparition of unsinged numbers
	-> Comparision evaluates to true if CF=0 
	-> For unsgned numbers "above or equal" to condition is true when subtraction of a number from another does not result in any carry

6. Below (b) or Neither Above or Equal (nae) or carry
	-> This condition is inverse of previous condition & refers to case when CF=1

7. Greater(g) or Neigher less Nor equal (nle)

	-> This condition is used in implementing decisions based on signed arithmetic & represents the case when comparision of two numbers  results
	in a number that is positive (no overflow) & is not zero. 
		when ZF=0, SF=0

8. Less or Equal (le) or Not Greater	(ng)
	->This condition is inverse of above condition (nle) , and refers to case when ZF=1 or SF is set. 
	
9. Greater or Equal (ge) or Not less (nl)
	->This is used for signed number comparision & represents the case  when Sign Flag & OF is set 

10. Less(1) or Neither Greater Nor Equal (nge)
	->This condition is inverse of above condition (9th condition), when SF & OF is not set 

11. Overflow (o)
	->This condition refers to the case when OF=1 , used primarily in signed arithmetic
12. Not Overflow (no)
	->This condition is inverse of above condition (11th) , when OF is not set
13. Sign (s)
	-> Refers to case when result of last flag-modifying instruction resulted in a negative number (SF)
14. No sign (ns)
	-> Inverse of above condition . where result of last flag modifying instruction resulted in positive number 
15. Parity (p) or Parity Even (pe)
	-> PF stores the even parity status of the last flag-modifying instruction  , when PF =1
16.  No parity or Parity odd (po)
	-> Inverse of 15th condition , when PF = 0

Conditional Data Movements:
--------------------------------------

1. IA32 processors also support conditional data movement instructions

2. Instructions can be used conditionally for moving 16-bit or 32-bit value from one general purpose register to another

3. These instructions can also be used to move conditionally from one memory location to a 16-bit or 32-bit register

4. These conditional move instructions cannot be used on 8-bit registers

	Example: cmovcc source, dest

5. Source can be register or memory (16 or 32-bit in size)
6. dest can only be a register (16 or 32) 

7. The condition is specified using the cc field in the instruction.

Example:
	1. set a value in the register eax according to memory variable "cond"
	2. If the value in "cond" is between 1 & 5 (both inclusive) , the register is set to 0, else it is set to -1

Example1:
### This example illustrates conditional move 
### We declare a memory variable "cond" which has value 3
# we are using conditional move to check if the value in cond is between 1 & 5 
# if it's between 1 & 5, %ebx will have 0, else it will have -1
.section .data
cond:
.long 3
.section .text
.globl _start
_start:
        mov $0, %ebx
        mov $-1, %ecx
        cmpl $1, cond
        cmovb %ecx, %ebx
        cmpl $5, cond
        cmova %ecx, %ebx

        movl $1, %eax
        int $0x80

Example2:

.section .data
lower:
.long 10
upper:
.long 20
num:
.long 11
.section .text
.globl _start
_start:
        movl $0, %ebx
        movl $-1, %ecx
        movl num, %edx
        cmpl lower, %edx
        cmovb %ecx, %ebx
        cmpl upper, %edx
        cmova %ecx, %ebx

        movl $1, %eax
        int $0x80 
=======================================================================================================
Chapter-4:  Control Transfer

1. IA32 processors provide a special purpose register called eip

2. This register stores the address of Memory location from where the next Machine instruction is read

	CPU							Memory
-------------------------------			--------------------------------------------------------------------		
eip	| Instruction decoder	
0x100						0x100		0x101		0x102		0x103		0x104 <---Address
------------------------------			----------------------------------------------------------------------
eax|ebx|ecx|edx|ebp|esp|edi|esi			incl %eax							      <---value
-------------------------------
Arithmatic Logical Unit
----------------------------------


3. Each assembly language instruction is first translated in to machine instruction by an assembler

4. After machine instruction is fetched from memory, the register eip is incremented by the size of the instruction 

Step1: start
	|
Step2:	Read EIP
	|
Step3:	Fetch instruction from the memory 
	|
Step4:	execute instruction
	|
Step5:	Increment the address to the size of the instruction executed
	|
Step6:	Update EIP with next address
	|
Step7:	Repeat Step2



5. When the execution of the instruction is completed, the next instruction is read from the memory (which is immediate address) 

6. Control transfer instruction modifies "eip" register implicitly so that next instruction is read from the location different from 
immediate address

Step1: start
        |
Step2:  Read EIP
        |
Step3:  Fetch instruction from the memory  
        |
Step4:  Check if the instruction contains control transfer instruction
        |
Step5:  Update EIP with the address (memory address) specified by control transfer instruction
        |
Step7:  Execute step-2

Specifying Target Address:
===========================
1. There are several ways in which the destination addres may be specified in the control transfer instruction
2. In assembly language address of the instructions are typically defined by the use of labels attached 
to the instruction

Example:
.section .text
.globl _start
_start:
	movl $2, %ebx
	movl $1, %eax
	int $0x80

In the above program _start label defines(symbolises) the address of the first instruction "movl $2,%ebx"


3. Symbolic names are replaced by the address of the instruction when assembler translates to machine language

4. IA32 process, the target address can be specified to control transfer instructions in following ways:
	4.1->Immediate constant (Immediate address)
	4.2->Address specified in register (Register/indirect addressing)
	4.3->Addresses specified in memory (Memory addressing , pointers)

4.1: Immediate Addressing
-------------------------

1. In immediate addressing mode, the address of the target instruction is specified in the instruction as constant
	ex:	jmp 0x8042521

2. Since in the assemly language we use symbolic names(for addresses), or labels (_start), these labels can be used
as immediate constants in the control transfer instructions
	ex:
		.section .text
		.globl _start
		_start:
			movl $2, %ebx
			jmp end_program
			movl $1, %ecx
			movl $2, %edx
		end_program:
			movl $1, %eax
			int $0x80

3. In GNU/Linux assembly language, the syntax used to specify the operand as immediate constant is different for control transfer
instruction when compared to other instructions

		Example:
			.section .data
			data:
			.long 5
			.section .text
			.globl _start
			_start:
			movl $data, %ebx
                        jmp end_program
                        movl $1, %ecx
                        movl $2, %edx
                end_program:
                        movl $1, %eax
                        int $0x80

In the above program movl $data, %ebx is also immediate addressing mode, but it's different form instruction jmp end_program


4. Immediate operands of the control transfer instruction are specified without using a $ before the immediate operand
		Example:
		1	.section .data
		2	data:
		3	.long 4,3,2,1
		4	.section .text
		5	.globl _start
		6	_start:
		7		movl $0,%edi
		8		movl data_items(,%edi,4), %ebx
		9	start_loop:
		10		cmpl $1, %ebx
		11		je end_loop
		12		incl %edi
		13		addl data(,%edi,4), %ebx
		14		jmp start_loop
		15	end_loop:
		16		movl $1, %eax
		17		int $0x80

In the above program jmp start_loop in line 14 transfers the control to the first instruction "cmpl $1, %ebx" as start_loop is
a label or a symbol which translates to address of instruction "cmpl $1, %eax"


5. The machine instruction for IA32 processors converts(encodes) the target address differently when it's is specifed as immediate constant in 
assembly language

6. The conversion(encoding) mechanism of the machine instruction can specify the the address in following ways
	a. As an offset relative to the address of jmp instruction (also called eip relative address)
	b. As an absolute address


In the first case(a), the offset is with respect o the address of the next instruction(i.e immediately after jmp instruction), 
This simplifies the execution because:
	->value stored in register eip will be address of the next instruction
	->During execution the offset can be added to the eip register

The above method is called eip relative addressing mode:

eip relative addressing mode:
	
1. The address of the target instruction can be specified as an offset from the address of the current instruction(in reality
as an offset from the address of next instruction)

2. Since eip contains the address of the next instruction , the address of the target instruction is obtained by adding offset 
to the value of eip register

Examples:
1. 

(gdb) list
1       .section .data
2       data:
3       .long 5
4       .section .text
5       .globl _start
6       _start:
7               movl $data, %ebx
8               jmp end_program
9               movl $1, %ecx
10              movl $2, %edx
(gdb) x/6i $pc
=> 0x8048074 <_start>:  mov    $0x804908c,%ebx
   0x8048079 <_start+5>:        jmp    0x8048085 <end_program>
   0x804807b <_start+7>:        mov    $0x1,%ecx
   0x8048080 <_start+12>:       mov    $0x2,%edx
   0x8048085 <end_program>:     mov    $0x1,%eax
   0x804808a <end_program+5>:   int    $0x80


As one can see the address that "start" symbolises is 0x8048074, that is at address 0x8048074, the instruction "movl $data, %ebx" 
exists, this instruction starts from "0x8048074" and ends at "0x8048079", the next instruction "jmp end_program" starts from 0x8048079
and ends at 0x804807b

(gdb) info line *0x8048074
Line 7 of "eip-relative1.s" starts at address 0x8048074 <_start> and ends at 0x8048079 <_start+5>.
(gdb) info line *0x8048079
Line 8 of "eip-relative1.s" starts at address 0x8048079 <_start+5> and ends at 0x804807b <_start+7>.
(gdb) 


when the line eip is at instruction "jmp end_program" which starts from 0x8048079, , the next immediate instruction after this is "0x804807b"
, but the code needs to jump to address that end_program symbolises , which is at address "0x8048085", so in eip relative addressing what happens
is

The destination address that should be jumped is "0x8048085", the next instruction that should have been executed after jmp starts at "0x804807b" 
so offset is calculated using 0x8048085-0x804807b, which is "a", (10 bytes), so an offset 10 is added to eip (which will be 0x804807b) 



Absolute address:

When  the addres of the target instruction is directly coded in the machine instruction, it is called absolute address.

In GNU/Linux assembly language, the use of absolute address is specified by putting *


Example:

(gdb) list
1       ### This program illustrates eip absloute addressing 
2       ###
3       .section .data
4       data:
5       .long 5
6       .section .text
7       .globl _start
8       _start:
9               movl $data, %ebx
10              jmp *end_program
(gdb) break 8
Breakpoint 1 at 0x8048074: file eip-relative2.s, line 8.
(gdb) r
Starting program: /home/ashok/practice/test/eip-relative2 

Breakpoint 1, _start () at eip-relative2.s:9
9               movl $data, %ebx
(gdb) x/6i $pc
=> 0x8048074 <_start>:  mov    $0x8049090,%ebx
   0x8048079 <_start+5>:        jmp    *0x8048089
   0x804807f <_start+11>:       mov    $0x1,%ecx
   0x8048084 <_start+16>:       mov    $0x2,%edx
   0x8048089 <end_program>:     mov    $0x1,%eax
   0x804808e <end_program+5>:   int    $0x80
(gdb) info line *0x8048089
Line 14 of "eip-relative2.s" starts at address 0x8048089 <end_program> and ends at 0x804808e <end_program+5>.
(gdb) p *0x8048089
$1 = 440
(gdb) p/x *0x8048089
$2 = 0x1b8
(gdb) p/x *0x8048089
$2 = 0x1b8
(gdb) n
10              jmp *end_program
(gdb) n
0x000001b8 in ?? ()
(gdb) info reg eip
eip            0x1b8    0x1b8


As we can see when the program is at line 10, jmp *end program , where "end_program" symbolises address 0x8048089 , what happens it assumesthat it has to transfer the control to address specified at address 0x8048089 , and it will try to jump to that address.

Register Addressing:
--------------------
The target address of a control transfer instruction may be specified using a register. 

Upon execution of such a control transfer instruction, the contents of the specified register are copied to eip register
there by transferring the control to an address given in the register

syntax jmp *%eax

Memory Addressing
------------------
1. In Memory addressing, the address of the target instruction is read from memory , 

2. In GNU/Linux operating system, all addresses are 32-bit wide and therefore the address of the target instruction takes 4 memory
locations for storage. 

3. A * is required to prefixed to the memory operand as it is an indirect mode of specifying the target instruction

Example:

A. jmp *(%eax) specifies the base addressing, where the address of the target instruction is stored in memory location whose address
is available in %eax

example: if %eax had 0x8048084, and 0x8048084 contains 0x8048089, it would assume that address of the tar get instruction to be executed 
is at 0x8048089

B. jmp *(memvar)

Assume memvar is at location 0x8048084 , and memvar has value "0x8048089" which is memory address, which contains the actual instruction, then
jmp *(memvar) would read the address 0x8048089 and jump to location 0x8048089 to read the instruction

C. Similarly jmp *table(%eax) , 

%eax has 0x8048084
0x8048084=10
table = 0x8048079
At location 0x8048079= 0x804807f

first execute (%eax), that is get the contents of the location 0x8048084 , and go to memory location 0x8048084 and fetch value 10, 
then *table is computed, which first get value 0x8048079 and get the value fetched at address 0x8048079, which is 0x804807f, 
add 0x8048079+10 and jump to that address. 

D. *table(%eax,%esi)

E. *table(%eax,%esi,4)
=========================================================================================================
Some control transfer instructions

1. Most commonly used control transfer instruction is jmp , syntax:
	jmp target

2. Target can be specified using any of the above addressing modes described earlier

3. upon execution of jmp instruction, register eip is set to the new value. since the next instruction is read from the location whose address 
is stored in eip register, the jmp instruction causes control of the program to be transferred to the new location


4. IA32 also supports conditional control transfer. upon execution of such instructions, control is transferred to the new location only after specified 
condition is evaluated to true.