Module 7

Ace your homework & exams now with Quizwiz!

Please place the following components of the stack frame in the order in which they should be pushed (or room made for them) on the stack. - Saved registers - Old EBP Value - Local Variables - Passed parameters - Procedure Return Address

- Passed parameters - Procedure Return Address - Old EBP Value - Local Variables - Saved registers

Given the following declarations, assume that the memory address of balance is 44h. What is the hexadecimal address of the last element of history? HISTLIMIT = 100 .data balance DWORD 0 account WORD ? history WORD HISTLIMIT DUP(?) isValid BYTE 0

0110h

Write a statement to declares dwArr, an array of 76 DWORDs, which initializes the elements all to a value of 10. What would SIZEOF dwArr evaluate to?

304 76 x 4 = 304

Given the following declarations, assume that the memory address of balance is 44h. What is the hexadecimal address of the first element of history? HISTLIMIT = 100 .data balance DWORD 0 account WORD ? history WORD HISTLIMIT DUP(?) isValid BYTE 0

4Ah

For the following segment, what is SIZEOF myChecker1 in decimal? (ignore the .0000 from Canvas) .data myChecker1 BYTE 12h, BYTE 34h, BYTE 56h, BYTE 78h, BYTE 90h

5

Suppose that you are given the following partial data segment. What value does idLength contain, in decimal? (Ignore the .0000 from Canvas) .data idArray WORD 3546, 1534, 12, 3481, 154, 6423 idLength DWORD LENGTHOF idArray idSize DWORD SIZEOF idArray idType DWORD TYPE idArray

6

Write a statement to declares dwArr, an array of 76 DWORDs, which initializes the elements all to a value of 10. What would LENGTHOF dwArr evaluate to?

76

The following instruction will increment the stack pointer (ESP) by how many bytes? (Ignore the .0 after the number. Canvas insists on pushing decimals even when kindly asked not to). ret 4

8

Suppose that you are given the following data segment and code snippet. What hexadecimal value does EAX contain at Execution Point A? .data myPtrCheck BYTE 12h, 34h, 56h, 78h,90h, 0ABh, 0CDh, 0EFh .code main PROC ; ... MOV EAX, DWORD PTR [myPtrCheck + 2] ; Execution Point A ; ... exit main ENDP

AB907856

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP Challenge: MOV EAX, [EBX] EAX = ?h

EAX = 33CC11AAh Four bytes as doubleword (DWORD, implied by destination EAX), starting with the first byte of myArr1.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP Challenge: MOV EAX, [EDX+3] EAX = ?h

EAX = 54206F6Ch Four bytes as DWORD (implied by destination EAX), starting with the fourth byte of myArr2.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP Challenge: MOV EAX, [EBX+4] EAX = ?h

EAX = 654855EEh Four bytes as DWORD (implied by destination EAX), starting with the fifth byte of myArr1 and extending to the second byte of myArr2.

Which register is normally used for destination-operand operations (operations where you are using a register-offset addressing mode to overwrite memory)?

EDI

Which register is normally used for source-operand operations (operations where you are using a register-offset addressing mode to pull data from memory)?

ESI

(True/False) When passing parameters to a procedure on the stack, it is usually okay to change the value of the EBP register within the procedure after building the stack frame.

False

The following two instructions are equivalent. RET RET 4

False

(True/False) The instruction INC [EDI] is valid.

False [EDI] does not have an implied size, so this will cause an error.

Given the following register states, and using Indexed Operands addressing, which of the following lines of code will move the 11th element of the list array (of DWORDs) to the EAX register? EDX register contains the address (OFFSET) of the first element of list.ESI register contains the address (OFFSET) of the eleventh element of list.EBX register contains the value 40.

MOV EAX, list[EBX]

Given the following .data segment declarations and assuming code has executed to Execution Point A, write statements (in the requested addressing modes) to transfer the requested values into the specified registers. .data myArr1 WORD 123,248,300,400,500 myArr2 DWORD 223,562,762,955,1000 .code main PROC MOV EAX, 4 MOV ESI, OFFSET myArr1 MOV EDI, OFFSET myArr2 ; Execution Point A exit main ENDP Use Base+Offset addressing to transfer the value 955 from myArr2 to destination register EBX

MOV EBX, [EDI+12] or MOV EBX, [EDI + 3*EAX]

Write a statement to declares dwArr, an array of 76 DWORDs, which initializes the elements all to a value of 10.

dwArr DWORD 76 DUP(10)

Write a statement to declare wArr, an array of 150 WORDs, which does not initialize the values.

wArr WORD 150 DUP(?)

Given the following .data segment declarations and assuming code has executed to Execution Point A, write statements (in the requested addressing modes) to transfer the requested values into the specified registers. .data myArr1 WORD 123,248,300,400,500 myArr2 DWORD 223,562,762,955,1000 .code main PROC MOV EAX, 4 MOV ESI, OFFSET myArr1 MOV EDI, OFFSET myArr2 ; Execution Point A exit main ENDP Use Indexed Operands addressing to transfer the value 762 from myArr2 to destination register ECX

MOV ECX, myArr2[8] or MOV ECX, [myArr2 + 2 * TYPE myArr2

.data name BYTE "Margaret Hamilton",0 year WORD 2020 birthday DWORD 08171936 calcAge WORD ? .code main PROC PUSH OFFSET name PUSH year PUSH birthday PUSH OFFSET calcAge CALL ageCalc ;... main ENDP ageCalc PROC PUSH EBP MOV EBP, ESP PUSH EAX PUSH EDX ; Execution Point A POP EDX POP EAX POP EBP RET 14 ageCalc ENDP Address of name into EDX.

MOV EDX, [EBP+18] year (WORD, 2) + birthday (DWORD, 4) + OFFSET calcAge (address, 4) + return address (4) + old EBP (DWORD, 4) = 18

.data name BYTE "Margaret Hamilton",0 year WORD 2020 birthday DWORD 08171936 calcAge WORD ? .code main PROC PUSH OFFSET name PUSH year PUSH birthday PUSH OFFSET calcAge CALL ageCalc ;... main ENDP ageCalc PROC PUSH EBP MOV EBP, ESP PUSH EAX PUSH EDX ; Execution Point A POP EDX POP EAX POP EBP RET 14 ageCalc ENDP Address of calcAge into EDX

MOV EDX, [EBP+8] return address (4) + old EBP (DWORD, 4) = 8

The _________ operator returns the size, in bytes, of a single element of a data declaration.

TYPE

When passing procedure parameters on the stack, why are the following lines of code often necessary in a procedure? PUSH EBP MOV EBP, ESP

To keep additional usage of the stack within the procedure from invalidating the stack offsets.

(True/False) The instruction ADD DWORD PTR [EDI+3], 20 is valid.

True add mem, imm is an allowed instruction format.

If you reference a point beyond the end of an array in MASM (for example, the address of the what would be the 105th element of a 100-element array), what happens?

You attempt to access whatever data bytes are stored there.

Arrays elements are stored in ____________ memory.

Contiguous

Given the following partial listing file: MAX = 50 .data ;... 0300 list DWORD MAX DUP(0) ???? a DWORD 25 ???? b DWORD 15 ;... 0000 main PROC 0000 push a 0005 push b 000A push OFFSET list 000F call someProc 0014 ; More Code ... exit ;exit to operating system 006C main ENDP 006C someProc PROC 006C push ebp 006F mov ebp, esp 0072 ; Execution Point A, more code... 008B ret 12 ;return to calling procedure 008C someProc ENDP Assume the address of list is 0300h as seen above, and the initial values (at the top of main before executing any instructions) are ESP = 0A04h, EBP= 0BB8h. main has called someProc, and the first two statements of someProc have been executed, so execution is paused at Execution Point A. What is the (hexadecimal) address of the 33rd element of list ?(Hint: in Python or Java, the 33rd element is referenced by list[32] )

0380h 32 elements of list take 32 x 4 = 128 (decimal) bytes of memory = 80h bytes. So the address of the 33rd element is the address of list + the number of bytes taken by the first 32 elements = 0300h + 80h = 0380h

Given the following partial listing file: MAX = 50 .data ;... 0300 list DWORD MAX DUP(0) ???? a DWORD 25 ???? b DWORD 15 ;... 0000 main PROC 0000 push a 0005 push b 000A push OFFSET list 000F call someProc 0014 ; More Code ... exit ;exit to operating system 006C main ENDP 006C someProc PROC 006C push ebp 006F mov ebp, esp 0072 ; Execution Point A, more code... 008B ret 12 ;return to calling procedure 008C someProc ENDP Assume the address of list is 0300h as seen above, and the initial values (at the top of main before executing any instructions) are ESP = 0A04h, EBP= 0BB8h. main has called someProc, and the first two statements of someProc have been executed, so execution is paused at Execution Point A. What is the (hexadecimal) address of a?

03C8h list takes 200 (decimal) bytes of memory = 0xC8 bytes. So the address of a is the address of list + the size of list = 0300h + 0C8h = 03C8h

Given the following partial listing file: MAX = 50 .data ;... 0300 list DWORD MAX DUP(0) ???? a DWORD 25 ???? b DWORD 15 ;... 0000 main PROC 0000 push a 0005 push b 000A push OFFSET list 000F call someProc 0014 ; More Code ... exit ;exit to operating system 006C main ENDP 006C someProc PROC 006C push ebp 006F mov ebp, esp 0072 ; Execution Point A, more code... 008B ret 12 ;return to calling procedure 008C someProc ENDP Assume the address of list is 0300h as seen above, and the initial values (at the top of main before executing any instructions) are ESP = 0A04h, EBP= 0BB8h. main has called someProc, and the first two statements of someProc have been executed, so execution is paused at Execution Point A. At Execution Point A, what is the value the EBP register?

09F0h Value of ESP just after EBP was pushed, calculated as 0A04h - 4h (a value) - 4h (b value) - 4h ( list address) - 4h (return address) - 4h (old value of EBP) = 0A04h - 0014h = 09F0h

For the following segment, what is SIZEOF myChecker1 in decimal? (ignore the .0000 from Canvas) .data myChecker1 BYTE 12h BYTE 34h BYTE 56h BYTE 78h BYTE 90h

1

Suppose that you are given the following data segment and code snippet. What value does EAX contain at Execution Point A? (Ignore the .0000 that Canvas sticks on the end): .data idArray DWORD 1800, 1719, 1638, 1557, 1476, 1395, 1314, 1233, 1152, 1071, 990 idLength DWORD LENGTHOF idArray idSize DWORD SIZEOF idArray idType DWORD TYPE idArray .code main PROC ; ... MOV ESI, OFFSET idArray MOV EAX, [ESI+9*TYPE idArray] ; Execution Point A ; ... exit main ENDP

1071

Suppose that you are given the following partial data segment. What value does idSize contain, in decimal? (Ignore the .0000 from Canvas) .data idArray WORD 3546, 1534, 12, 3481, 154, 6423 idLength DWORD LENGTHOF idArray idSize DWORD SIZEOF idArray idType DWORD TYPE idArray

12

Suppose that you are given the following partial data segment. What value does idType contain, in decimal? (Ignore the .0000 from Canvas) .data idArray WORD 3546, 1534, 12, 3481, 154, 6423 idLength DWORD LENGTHOF idArray idSize DWORD SIZEOF idArray idType DWORD TYPE idArray

2

Write a statement to declare wArr, an array of 150 WORDs, which does not initialize the values. What would TYPE wArr evaluate to?

2 WORD is a 2-byte data type

Given the following .data segment declarations and assuming code has executed to Execution Point A, write statements (in the requested addressing modes) to transfer the requested values into the specified registers. .data myArr1 WORD 123,248,300,400,500 myArr2 DWORD 223,562,762,955,1000 .code main PROC MOV EAX, 4 MOV ESI, OFFSET myArr1 MOV EDI, OFFSET myArr2 ; Execution Point A exit main ENDP Write code using Register Indirect Addressing (which would appear starting at Execution Point A) to print all values of myArr2, separated by line breaks, in reverse order.

ADD EDI, TYPE myArr2 * (LENGTHOF myArr2 - 1) ; Point to last element of array MOV ECX, LENGTHOF myArr2 ; Init loop counter = elements of array _decPrintLoop: MOV EAX, [EDI] CALL WriteDec CALL CrLf SUB EDI, TYPE myArr2 ; Decrement by size of array type LOOP _decPrintLoop

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP MOV AL, [EBX+3] AL = ?h

AL = 33h One byte (implied by destination AL), starting with the fourth byte of myArr1.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP MOV AL, [EDX] AL = ?h

AL = 48h One byte (implied by destination AL), starting with the first byte of myArr2.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP MOV AL, [EDX+4] AL = ?h

AL = 6Fh One byte (implied by destination AL), starting with the fifth byte of myArr2.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP MOV AX, [EBX] AX = ?h

AX = 11AAh Two bytes as WORD (implied by destination AX), starting with the first byte of myArr1. Remember little endian.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP MOV AX, [EBX+2] AX = ?h

AX = 33CCh Two bytes as WORD (implied by destination AX), starting with the third byte of myArr1.

.data myArr1 WORD 11AAh, 33CCh, 55EEh ; 3-WORD array, in memory: ; AA 11 CC 33 EE 55 myArr2 BYTE "Hello There!",0 ; BYTE array in memory: ; 48 65 6C 6C 6F 20 54 68 65 72 65 21 00 .code main PROC MOV EBX, OFFSET myArr1 ; Address of myArr1 into EBX MOV EDX, OFFSET myArr2 ; Address of myArr2 into EDX ;... listed operations here exit main ENDP MOV AX, [EDX+6] AX = ?h

AX = 6854h Two bytes as WORD (implied by destination AX), starting with the seventh byte of myArr2.

Register Indirect addressing is defined as follows:

Accessing memory through an address stored in a register.

Which addressing mode is most often used to access stack-passed parameters?

BASE+OFFSET

Given the following .data segment declarations and assuming code has executed to Execution Point A, write statements (in the requested addressing modes) to transfer the requested values into the specified registers. .data myArr1 WORD 123,248,300,400,500 myArr2 DWORD 223,562,762,955,1000 .code main PROC MOV EAX, 4 MOV ESI, OFFSET myArr1 MOV EDI, OFFSET myArr2 ; Execution Point A exit main ENDP (CHALLENGE) What value is in the EAX register after the following operation? MOV EAX, [ESI + 1]

Hex: 2C00F800h Decimal: 738,260,992 myArr1 in memory (hex) would appear as...7B 00 F8 00 2C 01 90 01 F4 01 The line above would start accessing memory just after the 7B (the 00) and pull the next four bytes: ( 00 F8 00 2C ) which are ordered little endian. Converting this to more readable big-endian gives 2C 00 F8 00 , so the hex value stored in EAX is 2C00F800h. Converting this to decimal we get 738,260,992.

The _________ operator returns a count of the number of elements in a single data declaration.

LENGTHOF

.data name BYTE "Margaret Hamilton",0 year WORD 2020 birthday DWORD 08171936 calcAge WORD ? .code main PROC PUSH OFFSET name PUSH year PUSH birthday PUSH OFFSET calcAge CALL ageCalc ;... main ENDP ageCalc PROC PUSH EBP MOV EBP, ESP PUSH EAX PUSH EDX ; Execution Point A POP EDX POP EAX POP EBP RET 14 ageCalc ENDP Value of year into AX.

MOV AX, [EBP+16] birthday (DWORD, 4) + OFFSET calcAge (address, 4) + return address (4) + old EBP (DWORD, 4) = 16

Given the following .data segment declarations and assuming code has executed to Execution Point A, write statements (in the requested addressing modes) to transfer the requested values into the specified registers. .data myArr1 WORD 123,248,300,400,500 myArr2 DWORD 223,562,762,955,1000 .code main PROC MOV EAX, 4 MOV ESI, OFFSET myArr1 MOV EDI, OFFSET myArr2 ; Execution Point A exit main ENDP Use Base+Offset addressing to transfer the value 300 from myArr1 to destination register BX

MOV BX, [ESI+4] or MOV BX, [ESI+EAX]

Given the following .data segment declarations and assuming code has executed to Execution Point A, write statements (in the requested addressing modes) to transfer the requested values into the specified registers. .data myArr1 WORD 123,248,300,400,500 myArr2 DWORD 223,562,762,955,1000 .code main PROC MOV EAX, 4 MOV ESI, OFFSET myArr1 MOV EDI, OFFSET myArr2 ; Execution Point A exit main ENDP Use Indexed Operands addressing to transfer the value 400 from myArr1 to destination register DX

MOV DX, myArr1[3*TYPE myArr1] or MOV DX, myArr1[6]

.data name BYTE "Margaret Hamilton",0 year WORD 2020 birthday DWORD 08171936 calcAge WORD ? .code main PROC PUSH OFFSET name PUSH year PUSH birthday PUSH OFFSET calcAge CALL ageCalc ;... main ENDP ageCalc PROC PUSH EBP MOV EBP, ESP PUSH EAX PUSH EDX ; Execution Point A POP EDX POP EAX POP EBP RET 14 ageCalc ENDP Value of birthday into EAX

MOV EAX, [EBP+12]OFFSET calcAge (address, 4) + return address (4) + old EBP (DWORD, 4) = 12

Given the following register states, and using Base+Offset Addressing, which of the following lines of code will move the 11th element of the list array (of DWORDs) to the EAX register? EDX register contains the address (OFFSET) of the first element of list.ESI register contains the address (OFFSET) of the eleventh element of list.EBX register contains the value 40.

MOV EAX, [EDX + EBX]

Given the following register states, and using Register Indirect addressing, which of the following lines of code will move the 11th element of the list array (of DWORDs) to the EAX register? EDX register contains the address (OFFSET) of the first element of list.ESI register contains the address (OFFSET) of the eleventh element of list.EBX register contains the value 40.

MOV EAX, [ESI]

Given the following partial listing file: MAX = 50 .data ;... 0300 list DWORD MAX DUP(0) ???? a DWORD 25 ???? b DWORD 15 ;... 0000 main PROC 0000 push a 0005 push b 000A push OFFSET list 000F call someProc 0014 ; More Code ... exit ;exit to operating system 006C main ENDP 006C someProc PROC 006C push ebp 006F mov ebp, esp 0072 ; Execution Point A, more code... 008B ret 12 ;return to calling procedure 008C someProc ENDP Assume the address of list is 0300h as seen above, and the initial values (at the top of main before executing any instructions) are ESP = 0A04h, EBP= 0BB8h. main has called someProc, and the first two statements of someProc have been executed, so execution is paused at Execution Point A. At Execution Point A, write code to move the value of the b th element of list into the EBX register. (Consider b=0 to be the 1st element of list ). Global labels b and list are not permitted.

MOV ESI, [EBP + 8] ; move the OFFSET of list into ESI MOV EAX, 4 ; there are 4 bytes per DWORD MOV EBX, [EBP + 12] ; move the value of b into EBX MUL EBX ; Multiply EAX by b to (almost) get ; the offset to the b-th element SUB EAX, 4 ; EAX now holds the offset from ESI to ; the bth element of list MOV EBX, [ESI+EAX] ; move the element into EBX

The _________ operator overrides the default type of a label (variable), and can also be used to combine elements of a smaller data type and move them into a larger operand.

PTR

Which addressing mode is most suitable for iterating through an array?

Register Indirect, though the others work as well.

The _________ operator returns a value that is equivalent to multiplying the number of elements in a single data declaration by the size, in bytes, of a single element of a data declaration.

SIZEOF


Related study sets

Chapter 27 - Soft Tissue Injuries

View Set

Music of Multicultural America midterm

View Set

Operating Systems: Chapter 1 - Key Terms

View Set

Chapter 5: Native Americans (W choices)

View Set

Louisiana Life and Health Simulator

View Set

arteriosclerosis and atherosclerosis

View Set

Medical Assistant Pharmacology Pre-Test

View Set