flat assembler
Message board for the users of flat assembler.

Index > Main > simple newbie question

Author
Thread Post new topic Reply to topic
sloppy



Joined: 10 Nov 2007
Posts: 6
sloppy 11 Nov 2007, 20:32
Hi,

I am new to assembly programming, I made this simple program (under linux):


Code:
   
format ELF  executable
     mov ecx, 100
begin_loop:
     push ecx
     xor eax,eax
     pop ecx
     loop begin_loop
     mov eax, 1
     xor ebx,ebx 
     int 80h
    


When I disassemble the executable (with ndisasm) I get:
Code:
00000000  7F45              jg 0x47
00000002  4C                dec sp
00000003  46                inc si
00000004  0101              add [bx+di],ax
00000006  0100              add [bx+si],ax
00000008  0000              add [bx+si],al
0000000A  0000              add [bx+si],al
0000000C  0000              add [bx+si],al
0000000E  0000              add [bx+si],al
00000010  0200              add al,[bx+si]
00000012  0300              add ax,[bx+si]
00000014  0100              add [bx+si],ax
00000016  0000              add [bx+si],al
00000018  54                push sp
00000019  800408            add byte [si],0x8
0000001C  3400              xor al,0x0
0000001E  0000              add [bx+si],al
00000020  0000              add [bx+si],al
00000022  0000              add [bx+si],al
00000024  0000              add [bx+si],al
00000026  0000              add [bx+si],al
00000028  3400              xor al,0x0
0000002A  2000              and [bx+si],al
0000002C  0100              add [bx+si],ax
0000002E  2800              sub [bx+si],al
00000030  0000              add [bx+si],al
00000032  0000              add [bx+si],al
00000034  0100              add [bx+si],ax
00000036  0000              add [bx+si],al
00000038  54                push sp
00000039  0000              add [bx+si],al
0000003B  005480            add [si-0x80],dl
0000003E  0408              add al,0x8
00000040  54                push sp
00000041  800408            add byte [si],0x8
00000044  1400              adc al,0x0
00000046  0000              add [bx+si],al
00000048  1400              adc al,0x0
0000004A  0000              add [bx+si],al
0000004C  07                pop es
0000004D  0000              add [bx+si],al
0000004F  0000              add [bx+si],al
00000051  1000              adc [bx+si],al
00000053  00B96400          add [bx+di+0x64],bh
00000057  0000              add [bx+si],al
00000059  51                push cx
0000005A  31C0              xor ax,ax
0000005C  59                pop cx
0000005D  E2FA              loop 0x59
0000005F  B80100            mov ax,0x1
00000062  0000              add [bx+si],al
00000064  31DB              xor bx,bx
00000066  CD80              int 0x80
    


so my question is: what are all that lines for?
I tried porting the same code under nasm and I get even more lines... I am a little confused, I understood in assembly language when I write an instruction that is *only one* instruction...

Another question: why registers are 16 bit? (ax instead of eax) and shouldn't it be faster using eax on a 32bit processor?
Post 11 Nov 2007, 20:32
View user's profile Send private message Reply with quote
Plue



Joined: 15 Dec 2005
Posts: 151
Plue 11 Nov 2007, 21:26
I think that those are the elf headers, but ndisasm interprets them as asm instructions.
Post 11 Nov 2007, 21:26
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 11 Nov 2007, 22:53
Quote:
RESTRICTIONS
ndisasm only disassembles binary files: it has no understanding of the
header information present in object or executable files. If you want
to disassemble an object file, you should probably be using objdump(1).


The above supports what Plue says. Any time I dissasembled under Linux I used objdump as the quote suggest but the problem is that it uses AT&T syntax (any way to make it use Intel?). The freewere version of IDApro is capable of disassemble ELFs but it runs under Windows only.
Post 11 Nov 2007, 22:53
View user's profile Send private message Reply with quote
sloppy



Joined: 10 Nov 2007
Posts: 6
sloppy 12 Nov 2007, 08:37
Ok thanks,

I tried objdump (it's not a problem at&t syntax) but I get no output... but I looked quickly, maybe I try again later.

As for IDA it works (more or less) with wine under linux, and it does give me my code, but it seems too much stuff for a beginner like me Smile

Thanks again,
Luca
Post 12 Nov 2007, 08:37
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 12 Nov 2007, 16:41
That is because you have not published "_start". Instead of making executables directly you could make an elf object and then make the executable (or just use objdump on the object).

Here an example where objdump works:
Code:
loco@athlon64:~/Desktop$ cat test.asm
struc PascalString [chars]
{
common
  . db 0, chars
  
  store byte $-. at .
}

format ELF

section '.text' executable

public _start

_start:
        mov     ecx, helloMsg
        mov     eax,4
        mov     ebx,1
        movzx   edx, byte [ecx]
        inc     ecx
        int     0x80

        mov     eax,1
        xor     ebx,ebx
        int     0x80

helloMsg PascalString "Hello world!", 10
loco@athlon64:~/Desktop$ fasm test.asm && ld -m elf_i386 test.o
flat assembler  version 1.67.23  (16384 kilobytes memory)
2 passes, 386 bytes.
loco@athlon64:~/Desktop$ ./a.out 
Hello world!
loco@athlon64:~/Desktop$ objdump -d a.out 

a.out:     file format elf32-i386

Disassembly of section .text:

08048054 <_start>:
 8048054:       b9 72 80 04 08          mov    $0x8048072,%ecx
 8048059:       b8 04 00 00 00          mov    $0x4,%eax
 804805e:       bb 01 00 00 00          mov    $0x1,%ebx
 8048063:       0f b6 11                movzbl (%ecx),%edx
 8048066:       41                      inc    %ecx
 8048067:       cd 80                   int    $0x80
 8048069:       b8 01 00 00 00          mov    $0x1,%eax
 804806e:       31 db                   xor    %ebx,%ebx
 8048070:       cd 80                   int    $0x80
 8048072:       0e                      push   %cs
 8048073:       48                      dec    %eax
 8048074:       65                      gs
 8048075:       6c                      insb   (%dx),%esSad%edi)
 8048076:       6c                      insb   (%dx),%esSad%edi)
 8048077:       6f                      outsl  %dsSad%esi),(%dx)
 8048078:       20 77 6f                and    %dh,0x6f(%edi)
 804807b:       72 6c                   jb     80480e9 <_start+0x95>
 804807d:       64 21 0a                and    %ecx,%fsSad%edx)    


But as you can see, objdump is not as smart as IDApro is. Using Google I found http://lida.sourceforge.net/ . I have not tested it but perhaps you can give it a try.
Post 12 Nov 2007, 16:41
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.