Learning x86 assembly and making stupid puns.
Note: Some texts have been copied from other sites, full references are provided at the end of this document.
make allmake cleanThere is a helper tool written in Rust in the helper directory.
In order to build it, install a Rust toolchain and run make helper.
Sample usage:
bin/helper help
Fant-asm helper 1.0
Farzad FARID <[email protected]>
Helper functions for learning assembly
USAGE:
helper [SUBCOMMAND]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
SUBCOMMANDS:
help Prints this message or the help of the given subcommand(s)
ieee754 Floating point conversionbin/helper ieee754 0xC1440000
C1440000 = 11000001010001000000000000000000
Sign: 1, exponent: 3, fraction = 0b1.10001000000000000000000Most of the ASM samples I found so far were written for 32 bits systems. I replaced the registers with
the 64 bits versions and it worked so far…
For example eax becomes rax.
Be careful not to clobber memory by using a too big register when a 16 or 32 bits write is enough!
- The system call numbers are different!
- For
writeandexitat least, the same arguments are passed in the same registers
The reason why they use the same register is because both OS on 64 bits architectures adopted the System V AMD64 ABI reference calling convention.
Linking for macOS min version 10.7 needs the entry point to be named start and no dynamic library linking.
In order to compile & link for macOS min version 10.12 you need to:
- Remplace the symbol
startwith_main - Link to the
Systemdynamic library with-lSystem
- Go to https://opensource.apple.com/
- Find your OS X version
- Find the
xnudirectory and note the version
For example, for macOS 10.15.6 we have xnu-6153.141.1.
- Find the XNU version
- Navigate to the xnu source code
- Find the file
bsd/kern/syscalls.master
For example: https://opensource.apple.com/source/xnu/xnu-6153.141.1/bsd/kern/syscalls.master
- Arguments are passed on the registers
rdi,rsi,rdx,r10,r8andr9 - Syscall number is in the
raxregister - The call is done via the
syscallinstruction
Most sample codes that I found use absolute memory addressing, apparently because it's how it works on 32 bits systems.
64 bits macOS uses relative memory addressing by default in order to activate PIC ("position-independent code"), also called PIE ("position-independent executable").
If the compiled .o file contains absolute adresssing, ld complains with the following
message but compiles anyway:
ld: warning: PIE disabled. Absolute addressing (perhaps -mdynamic-no-pic) not allowed in code signed PIE, but used in _main from hello_macos.o. To fix this warning, don't compile with -mdynamic-no-pic or link with -Wl,-no_pie
In order to convert to PIE style addressing, add this line at the top of the source code:
default relThen convert these calls:
mov rsi, message ; address of string to outputto:
lea rsi, [message] ; address of string to outputCopyright 2020 Farzad FARID [email protected]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
- NASM tutorial
- ‘Hello World’ Assembly Program on macOS Mojave
- Making system calls from Assembly in Mac OS X
- System call conventions on macOS:
- 32-bit absolute addresses no longer allowed in x86-64 Linux?
- x86-64 Assembly Language Programming with Ubuntu
- Assembly Language Tutorials and Courses on Hackr.io
- Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4: 5038 pages! Updated in October 2019.
- System V AMD64 ABI reference