NASM汇编教程 - asm.jamaccao.cn

Top

学习汇编

原项目是原作者为自学NASM而设立的,本项目是译者为自学NASM而翻译的。

原项目的Github翻译版的Github

Lesson 1

The obligatory 'Hello, world!'
经典的 'Hello, world!'

Introduction to the Linux System Call Table. In this lesson we use software interrupts to request system functions from the kernel in order to print out 'Hello World!' to the console.

对Linux系统调用的引入。本课程中我们将使用软件中断(软中断)来请求Linux内核打印'Hello Word!'到控制台。

View lesson »

Lesson 2

Proper program exit

正确的程序退出

A very brief lesson about memory addresses, sequential code execution and how to properly terminate a program without errors.

关于内存地址简要的介绍,指出了如何没有错误地终止程序。

View details »

Lesson 3

Calculate string length
计算字符串长度

What if we wanted to output something that we don't know the length of? Like user input? Learn about loops, labels and pointer arithmic.

我们该如何输出一个像是用户输入这样的不知道长度的字符串? 本课介绍循环、标签和指针算术运算。

View details »

Lesson 4

Subroutines
子程序

Introduction to the stack and how to write clean, reusable code in assembly.

关于栈的介绍、以及如何在汇编中写出清晰且具有可复用性的代码

View lesson »

Lesson 5

External include files
包含外部文件

To further simplify our code we can move our subroutines into an external include file.

为了化简我们的代码,我们可以将一些子程序移动带外部文件中。

View details »

Lesson 6

NULL terminating bytes

A quick lesson on how memory is handled. This lesson also fixes the duplication bug we added in lesson 5.

View details »

Lesson 7

Linefeeds

How you can use the stack to print linefeeds after strings and an introduction to the Extended Stack Pointer ESP.

View lesson »

Lesson 8

Passing arguments

Passing arguments to your program from the command line.

View lesson »

Lesson 9

User input

Introduction to the BSS section and how to trigger a call to sys_read to process user input.

View lesson »

Lesson 10

Count to 10

Introduction to numbers and counting in assembly.

View lesson »

Lesson 11

Count to 10 (itoa)

Introduction to ASCII and how to convert integers to their string representations in assembly.

View lesson »

Lesson 12

Calculator - addition

Introduction to calulating numbers in assembly. This tutorial describes a simple program to add two numbers together.

View lesson »

Lesson 13

Calculator - subtraction

Introduction to calulating numbers in assembly. This tutorial describes a simple program to subtract one number from another.

View lesson »

Lesson 14

Calculator - multiplication

Introduction to calulating numbers in assembly. This tutorial describes a simple program to multiply two numbers together.

View lesson »

Lesson 15

Calculator - division

Introduction to calulating numbers in assembly. This tutorial describes a simple program to divide one number by another.

View lesson »

Lesson 16

Calculator (atoi)

This program takes a series of passed string arguments, converts them to integers and adds them all together.

View lesson »

Lesson 17

Namespace

Introduction to how NASM handles namespace when it comes to global and local labels.

View lesson »

Lesson 18

Fizz Buzz

The Fizz Buzz programming challenge recreated in NASM.

View lesson »

Lesson 19

Execute Command

In this lesson we replace the currently running process with a new process that executes a command.

View lesson »

Lesson 20

Process Forking

In this lesson we create a new process that duplicates our current process.

View lesson »

Lesson 21

Telling the time

In this lesson we ask the kernel for the current unix timestamp.

View lesson »

Lesson 22

File Handling - Create

In this lesson we learn how to create a new file in Assembly.

View lesson »

Lesson 23

File Handling - Write

In this lesson we write content to a newly created text file.

View lesson »

Lesson 24

File Handling - Open

In this lesson we open a text file and print it's file descriptor.

View lesson »

Lesson 25

File Handling - Read

In this lesson we read content from a newly created text file.

View lesson »

Lesson 26

File Handling - Close

In this lesson we close a newly created text file using it's file descriptor.

View lesson »

Lesson 27

File Handling - Update

In this lesson we update the content of an included text file using seek.

View lesson »

Lesson 28

File Handling - Delete

In this lesson we learn how to delete a file.

View lesson »

Lesson 29

Sockets - Create

In this lesson we learn how to create a new socket in assembly and store it's file descriptor.

View lesson »

Lesson 30

Sockets - Bind

In this lesson we learn how to bind a socket to an IP Address & Port Number.

View lesson »

Lesson 31

Sockets - Listen

In this lesson we learn how to make a socket listen for incoming connections.

View lesson »

Lesson 32

Sockets - Accept

In this lesson we learn how to make a socket accept incoming connections.

View lesson »

Lesson 33

Sockets - Read

In this lesson we learn how to read incoming requests on a socket.

View lesson »

Lesson 34

Sockets - Write

In this lesson we learn how to make a socket respond to incoming requests.

View lesson »

Lesson 35

Sockets - Close

In this lesson we learn how to shutdown and close an open socket connection.

View lesson »

Lesson 36

Download a Webpage

In this lesson we're going to connect to a webserver and send a HTTP request for a webpage. We'll then print the server's response to our terminal.

View lesson »

Lesson 1

Hello, world!

First, some background
一些背景知识

Assembly language is bare-bones. The only interface a programmer has above the actual hardware is the kernel itself. In order to build useful programs in assembly we need to use the linux system calls provided by the kernel. These system calls are a library built into the operating system to provide functions such as reading input from a keyboard and writing output to the screen.

汇编语言是裸机编程语言。汇编程序员所接触的除了硬件就是内核。通过使用Linux内核提供的系统调用,我们可以用汇编构建各种有用的程序。系统调用被设计成了操作系统提供的一些功能,例如从键盘中读取输入或者输出到屏幕。

When you invoke a system call the kernel will immediately suspend execution of your program. It will then contact the necessary drivers needed to perform the task you requested on the hardware and then return control back to your program.

当你触发系统调用时,内核将立即暂停你的程序的执行。接着内核会调用必要的驱动以在硬件层面执行你所请求的任务,接着将控制权返回给你的程序。

Note: Drivers are called drivers because the kernel literally uses them to drive the hardware.

注意: 驱动(Drivers) 之所以被叫做drivers 是因为内核字面上地使用它们来“驱动”硬件设备。

We can accomplish this all in assembly by loading EAX with the function number (operation code OPCODE) we want to execute and filling the remaining registers with the arguments we want to pass to the system call. A software interrupt is requested with the INT instruction and the kernel takes over and calls the function from the library with our arguments. Simple.

我们通过将想要执行的系统调用编号(操作数OPCODE)写入EAX寄存器并将其他要传递给系统调用的参数传入其余寄存器以在汇编中执行系统调用。软中断是由INT命令触发的,紧接着内核就会接管程序并以我们传递的参数调用相应的系统调用。

For example requesting an interrupt when EAX=1 will call sys_exit and requesting an interrupt when EAX=4 will call sys_write instead. EBX, ECX & EDX will be passed as arguments if the function requires them. Click here to view an example of a Linux System Call Table and its corresponding OPCODES.

举例来说,请求sys_exit(程序退出)需要将EAX设置为1再触发中断;请求sys_write(写入)需要将EAX设置为4。这个链接指向了一份Linux系统调用表

Writing our program
写程序

Firstly we create a variable 'msg' in our .data section and assign it the string we want to output in this case 'Hello, world!'. In our .text section we tell the kernel where to begin execution by providing it with a global label _start: to denote the programs entry point.

首先我们在data段创建了变量msg并指定其为'Hello World!'。我们在text段我们通过global标签告诉内核_start是程序的入口点。

We will be using the system call sys_write to output our message to the console window. This function is assigned OPCODE 4 in the Linux System Call Table. The function also takes 3 arguments which are sequentially loaded into EDX, ECX and EBX before requesting a software interrupt which will perform the task.

我们将使用sys_write来输出文本到控制台窗口。sys_write在x86架构的Linux系统调用表中是4号。此外,在触发系统调用之前,我们需要将其他三个参数写入EDX,ECX和EBX.

The arguments passed are as follows:

  • EDX will be loaded with the length (in bytes) of the string.
  • ECX will be loaded with the address of our variable created in the .data section.
  • EBX will be loaded with the file we want to write to – in this case STDOUT.
The datatype and meaning of the arguments passed can be found in the function's definition.

参数如下:

  • EDX 存入字符串长度
  • ECX 存入.data段字符串变量的地址
  • EBX 存入写入文件句柄,传入1意味着写入到标准输出(STDOUT)
具体的数据类型和参数含义可以在函数定义里面找。 (译者注:man 2 write可以查看sys_write调用的具体内容)

We compile, link and run the program using the commands below.

通过如下的命令编译、链接和运行我们的程序。

helloworld.asm 
                            ; Hello World Program - asmtutor.com
                            ; 编译: nasm -f elf helloworld.asm
                            ; 链接 (64位系统需要指定elf_i386): ld -m elf_i386 helloworld.o -o helloworld
                            ; 运行: ./helloworld

                            SECTION .data
                            msg     db      'Hello World!', 0Ah     ; 声明msg变量来储存字符串

                            SECTION .text
                            global  _start

                            _start:

                                mov     edx, 13     ; 要写入的字节数,每个字母加上0Ah(换行符)
                                mov     ecx, msg    ; 将要写入的内容的地址传递到ECX
                                mov     ebx, 1      ; 写入到STDOUT
                                mov     eax, 4      ; 将SYS_WRITE的系统调用编号写入EAX
                                int     80h
~$ nasm -f elf helloworld.asm ~$ ld -m elf_i386 helloworld.o -o helloworld ~$ ./helloworld Hello World! Segmentation fault

Error: Segmentation fault

Lesson 2

Proper program exit

正确的程序退出

Some more background
更多的背景知识

After successfully learning how to execute a system call in Lesson 1 we now need to learn about one of the most important system calls in the kernel, sys_exit.

在第一课学完如何执行系统调用后,我们将学习最重要的系统调用之一——sys_exit

Notice how after our 'Hello, world!' program ran we got a Segmentation fault? Well, computer programs can be thought of as a long strip of instructions that are loaded into memory and divided up into sections (or segments). This general pool of memory is shared between all programs and can be used to store variables, instructions, other programs or anything really. Each segment is given an address so that information stored in that section can be found later.

我们的HelloWorld程序运行完之后会触发Segmentation fault(段错误)。计算机程序可以理解为加载到内存中的一系列的指令并且被分为了若干段。内存池被全部的程序共享,用以储存变量、指令以及其他各种东西。每一个段都有着段地址,所以段中储存的信息可以被找到(寻址)。

To execute a program that is loaded in memory, we use the global label _start: to tell the operating system where in memory our program can be found and executed. Memory is then accessed sequentially following the program logic which determines the next address to be accessed. The kernel jumps to that address in memory and executes it.

为了执行加载到内存中的程序,我们使用了global _start告诉操作系统我们的程序从哪里开始执行。接着会访问内存,并按照程序逻辑依次确定接下来要访问的地址。内核会调转到相应的地址并将其执行。

It's important to tell the operating system exactly where it should begin execution and where it should stop. In Lesson 1 we didn't tell the kernel where to stop execution. So, after we called sys_write the program continued sequentially executing the next address in memory, which could have been anything. We don't know what the kernel tried to execute but it caused it to choke and terminate the process for us instead - leaving us the error message of 'Segmentation fault'. Calling sys_exit at the end of all our programs will mean the kernel knows exactly when to terminate the process and return memory back to the general pool thus avoiding an error.

很重要的一件事是告诉操作系统我们的程序从什么地方执行、从什么地方结束。在第1课中我们没有告诉内核何时停止执行。因此,在我们的程序中,调用sys_write之后会紧接着执行内存中紧随其后的地址,可能存放着各种东西。我们不知道内核尝试执行了什么,但是这引发了问题并且导致我们的程序被终止,报错是Segmentation fault。在程序末尾执行sys_exit可以精确地告诉内核什么时候结束我们的程序并且将我们程序所占用的内存返回给内存池,以此避免触发错误。

Writing our program
写程序

Sys_exit has a simple function definition. In the Linux System Call Table it is allocated OPCODE 1 and is passed a single argument through EBX.

sys_exit是非常简单的一个系统调用。在x86 Linux系统调用表中编号为1,只需要向EBX传入一个数字作为程序退出的状态。(译者注:相当于C语言main函数的返回值)

In order to execute this function all we need to do is:

  • Load EBX with 0 to pass zero to the function meaning 'zero errors'.
  • Load EAX with 1 to call sys_exit.
  • Then request an interrupt on libc using INT 80h.

为了执行这个函数,我们要做的事情如下:

  • 将EBX设置为0,意味着程序没问题.
  • 将EAX设置为1,以调用sys_exit
  • 通过INT 80h调用C标准库调用

We then compile, link and run it again.

我们再次编译、链接和运行。

Note: Only new code added in each lesson will be commented.

注意: 只注释了新增的代码

helloworld.asm 
                            ; Hello World Program - asmtutor.com
                            ; Compile with: nasm -f elf helloworld.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld.o -o helloworld
                            ; Run with: ./helloworld

                            SECTION .data
                            msg     db      'Hello World!', 0Ah

                            SECTION .text
                            global  _start

                            _start:

                                mov     edx, 13
                                mov     ecx, msg
                                mov     ebx, 1
                                mov     eax, 4
                                int     80h

                                mov     ebx, 0      ; return 0 status on exit - 'No Errors'
                                mov     eax, 1      ; invoke SYS_EXIT (kernel opcode 1)
                                int     80h
~$ nasm -f elf helloworld.asm ~$ ld -m elf_i386 helloworld.o -o helloworld ~$ ./helloworld Hello World!

Lesson 3

Calculate string length

计算字符串长度

Firstly, some background
一些背景知识

Why do we need to calculate the length of a string?

计算字符长长度的必要性:

Well sys_write requires that we pass it a pointer to the string we want to output in memory and the length in bytes we want to print out. If we were to modify our message string we would have to update the length in bytes that we pass to sys_write as well, otherwise it will not print correctly.

sys_write系统调用需要传入我们想要输出的字符串指针以及输出长度。如果我们想要修改输出的字符串,就得相应地修改输出长度,否则会出问题。

You can see what I mean using the program in Lesson 2. Modify the message string to say 'Hello, brave new world!' then compile, link and run the new program. The output will be 'Hello, brave ' (the first 13 characters) because we are still only passing 13 bytes to sys_write as its length. It will be particularly necessary when we want to print out user input. As we won't know the length of the data when we compile our program, we will need a way to calculate the length at runtime in order to successfully print it out.

举例来说,你把上一课中的程序的字符串修改为“Hello, brave new world!”,接着编译链接运行。它只会输出'Hello, brave '(也就是前13个字符)。这是因为你传递给sys_write的参数是13。此外,计算字符串长度在处理用户输入数据时尤其重要。如果在编译时不知道字符串会有多长,那么就需要有办法来在运行的时候计算字符串的长度。

Writing our program
写程序

To calculate the length of the string we will use a technique called pointer arithmetic. Two registers are initialised pointing to the same address in memory. One register (in this case EAX) will be incremented forward one byte for each character in the output string until we reach the end of the string. The original pointer will then be subtracted from EAX. This is effectively like subtraction between two arrays and the result yields the number of elements between the two addresses. This result is then passed to sys_write replacing our hard coded count.

为了计算字符串长度,我们需要使用指针的算术运算技术。两个寄存器最初被设置为指向相同的地址。其中一个(本例中是EAX)将会在读取到输出字符串末尾之前逐个递增。接着我们使用这个减去另外一个寄存器中原有的值,差值就是字符串长度。这个方法类似两个数组的减法运算,结果是两个地址之间元素的数量。运算的结果被传递给sys_write代替硬编码的字符串长度。

The CMP instruction compares the left hand side against the right hand side and sets a number of flags that are used for program flow. The flag we're checking is the ZF or Zero Flag. When the byte that EAX points to is equal to zero the ZF flag is set. We then use the JZ instruction to jump, if the ZF flag is set, to the point in our program labeled 'finished'. This is to break out of the nextchar loop and continue executing the rest of the program.

CMP指令比较两个传入数据,并为程序流设置一个ZF标记。在本例中,当EAX指向的地址存入的数据为0时,会设置ZF标记。我们使用JZ命令在有ZF标记时跳转到finished标签。这将打破原有的nextchar无条件循环。

helloworld-len.asm 
                            ; Hello World Program (Calculating string length)
                            ; Compile with: nasm -f elf helloworld-len.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-len.o -o helloworld-len
                            ; Run with: ./helloworld-len

                            SECTION .data
                            msg     db      'Hello, brave new world!', 0Ah ; 可以任意修改msg,而且不用修改其他位置。

                            SECTION .text
                            global  _start

                            _start:

                                mov     ebx, msg        ; 将msg的地址传入ebx
                                mov     eax, ebx        ; 将ebx的内容传入eax。

                            nextchar:
                                cmp     byte [eax], 0   ; 将eax所指向的内存地址的内容与字符串结束符0做比较
                                jz      finished        ; 如果相等上一行,ZF标记会激活jz跳转,执行finished标签之后的命令。
                                inc     eax             ; 如果没能跳转,那么eax自增。
                                jmp     nextchar        ; 回到nextchar语句开头处

                            finished:
                                sub     eax, ebx        ; EAX减去EBX
                                                        ; 在开始的时候,两个寄存器的值是相同的(参见第15行)
                                                        ; 但是EAX随着字符串中每个字符递增
                                                        ; 当你使用同类型的内存地址相减时
                                                        ; 算出来的结果是两地址之间的个数差,本例中是文本长度

                                mov     edx, eax        ; EAX 现在等于字符串长度
                                mov     ecx, msg        ; 此后的代码不需要额外解释
                                mov     ebx, 1
                                mov     eax, 4
                                int     80h

                                mov     ebx, 0
                                mov     eax, 1
                                int     80h
~$ nasm -f elf helloworld-len.asm ~$ ld -m elf_i386 helloworld-len.o -o helloworld-len ~$ ./helloworld-len Hello, brave new world!

Lesson 4

Subroutines

子程序

Introduction to subroutines
对子程序的介绍

Subroutines are functions. They are reusable pieces of code that can be called by your program to perform various repeatable tasks. Subroutines are declared using labels just like we've used before (eg. _start:) however we don't use the JMP instruction to get to them - instead we use a new instruction CALL. We also don't use the JMP instruction to return to our program after we have run the function. To return to our program from a subroutine we use the instruction RET instead.

子程序是由可复用的执行各种重复功能的函数构成的。子程序依旧通过此前我们使用的标签来声明。但是这次不使用JMP命令来调用子程序,我们将使用新指令 CALL.此外,我们也不使用JMP从子程序跳转回主程序,而是使用RET指令。

Why don't we JMP to subroutines?
为什么不用JMP来调用子程序?

The great thing about writing a subroutine is that we can reuse it. If we want to be able to use the subroutine from anywhere in the code we would have to write some logic to determine where in the code we had jumped from and where we should jump back to. This would litter our code with unwanted labels. If we use CALL and RET however, assembly handles this problem for us using something called the stack.

子程序的强大之处在于可复用性。如果我们想在代码的任意地方调用我们的子程序,我们应该写一些额外的代码来记录我们从什么地方跳转的、应该回到哪里。这些将会让我们的代码被若干非预期的标签所污染。如果我们使用 CALL 和 RET 指令, 汇编将使用栈来自动处理这些问题。

Introduction to the stack
对栈的简要介绍

The stack is a special type of memory. It's the same type of memory that we've used before however it's special in how it is used by our program. The stack is what is call Last In First Out memory (LIFO). You can think of the stack like a stack of plates in your kitchen. The last plate you put on the stack is also the first plate you will take off the stack next time you use a plate.

栈是特殊的内存空间。从底层上讲,栈和一般的内存空间也没别的区别。栈特殊在我们的程序以后进先出(LIFO)的原则来使用。你可以理解栈为厨房里一系列叠起来的盘子,你最后放的那个盘子是下次取出来的第一个盘子。

The stack in assembly is not storing plates though, its storing values. You can store a lot of things on the stack such as variables, addresses or other programs. We need to use the stack when we call subroutines to temporarily store values that will be restored later.

不过汇编里面的栈储存的东西是值。你可以用栈储存变量、地址甚至是其他程序。我们接下来使用栈来储存调用子程序时需要用到的东西。

Any register that your function needs to use should have it's current value put on the stack for safe keeping using the PUSH instruction. Then after the function has finished it's logic, these registers can have their original values restored using the POP instruction. This means that any values in the registers will be the same before and after you've called your function. If we take care of this in our subroutine we can call functions without worrying about what changes they're making to our registers.

函数用到的任何寄存器都应该先使用PUSH指令将现在的值安全地存入到栈中。接下来函数可以完成它自己的任务,最后再通过POP指令读取栈中储存的数据到各个寄存器中。这意味着调用函数前后各个寄存器中的值都保持不变。如果我们看重这一点,那我们就可以调用子程序,而不用担心子程序破坏了我们原有的寄存器数据情况。

The CALL and RET instructions also use the stack. When you CALL a subroutine, the address you called it from in your program is pushed onto the stack. This address is then popped off the stack by RET and the program jumps back to that place in your code. This is why you should always JMP to labels but you should CALL functions.

CALL 和 RET 指令也使用了栈。当你CALL一个子程序时,你现在的地址将会入栈。当执行RET指令时,这个地址将会出栈并调转到你程序原有的位置。这也是为什么要通过CALL来调用子程序的原因。

helloworld-len.asm 
                            ; Hello World Program (Subroutines)
                            ; Compile with: nasm -f elf helloworld-len.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-len.o -o helloworld-len
                            ; Run with: ./helloworld-len

                            SECTION .data
                            msg     db      'Hello, brave new world!', 0Ah

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, msg        ; 将要输出的字符串的地址写入EAX
                                call    strlen          ; 调用我们编写好的字符串长度函数

                                mov     edx, eax        ; 我们的函数使用EAX来保存字符串长度的结果
                                mov     ecx, msg        ; 剩下的就和之前类似了
                                mov     ebx, 1
                                mov     eax, 4
                                int     80h

                                mov     ebx, 0
                                mov     eax, 1
                                int     80h

                            strlen:                     ; 这个是我们的字符串长度函数的声明
                                push    ebx             ; 将EBX的值入栈,以此来保护EBX中原有的值。
                                mov     ebx, eax        ; 将EBX的值赋值为EAX

                            nextchar:                   ; 下文就和第三课内容类似了
                                cmp     byte [eax], 0
                                jz      finished
                                inc     eax
                                jmp     nextchar

                            finished:
                                sub     eax, ebx
                                pop     ebx             ; 将刚才存入栈的EBX的内容出栈回EBX
                                ret                     ; 通过RET语句回到调用函数的地方
~$ nasm -f elf helloworld-len.asm ~$ ld -m elf_i386 helloworld-len.o -o helloworld-len ~$ ./helloworld-len Hello, brave new world!

Lesson 5

External include files

引用外部文件

External include files allow us to move code from our program and put it into separate files. This technique is useful for writing clean, easy to maintain programs. Reusable bits of code can be written as subroutines and stored in separate files called libraries. When you need a piece of logic you can include the file in your program and use it as if they are part of the same file.

引用外部文件允许我们将程序中的代码分离到单独的文件中。这对编写清晰、易于维护的程序相当重要。可复用的代码可以被编写为子程序并且储存在被称作库的独立文件中。当你需要使用其中的代码时,你可以include这个文件,这样就犹如这些代码本来就是同一个文件的一部分。

In this lesson we will move our string length calculating subroutine into an external file. We fill also make our string printing logic and program exit logic a subroutine and we will move them into this external file. Once it's completed our actual program will be clean and easier to read.

在本课中,我们将移动我们的字符串长度函数到一个单独的文件中。同时,我们也一同将字符串输出和程序退出编写为子程序并移动到这个外部文件中。这样之后,我们实际的程序将会清晰可读。

We can then declare another message variable and call our print function twice in order to demonstrate how we can reuse code.

我们可以另外声明一个字符串变量,通过输出新的字符串变量以展示代码的可复用性。

Note: I won't be showing the code in functions.asm after this lesson unless it changes. It will just be included if needed.

注意: functions.asm这个文件在后文有新的修改之前将不再赘述。

functions.asm 
                            ;------------------------------------------
                            ; int slen(String message)
                            ; 字符串长度计算函数
                            slen:
                                push    ebx
                                mov     ebx, eax

                            nextchar:
                                cmp     byte [eax], 0
                                jz      finished
                                inc     eax
                                jmp     nextchar

                            finished:
                                sub     eax, ebx
                                pop     ebx
                                ret


                            ;------------------------------------------
                            ; void sprint(String message)
                            ; 字符串输出函数
                            sprint:
                                push    edx
                                push    ecx
                                push    ebx
                                push    eax
                                call    slen

                                mov     edx, eax
                                pop     eax

                                mov     ecx, eax
                                mov     ebx, 1
                                mov     eax, 4
                                int     80h

                                pop     ebx
                                pop     ecx
                                pop     edx
                                ret


                            ;------------------------------------------
                            ; void exit()
                            ; 退出程序
                            quit:
                                mov     ebx, 0
                                mov     eax, 1
                                int     80h
                                ret
helloworld-inc.asm 
                            ; Hello World Program (External file include)
                            ; Compile with: nasm -f elf helloworld-inc.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-inc.o -o helloworld-inc
                            ; Run with: ./helloworld-inc

                            %include        'functions.asm'                             ; 引入外部文件

                            SECTION .data
                            msg1    db      'Hello, brave new world!', 0Ah              ; 字符串1
                            msg2    db      'This is how we recycle in NASM.', 0Ah      ; 字符串2

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, msg1       ; 将字符串1的地址写入EAX
                                call    sprint          ; 调用字符串输出函数

                                mov     eax, msg2       ; 将字符串2的地址写入EAX
                                call    sprint          ; 调用字符串输出函数

                                call    quit            ; 调用退出函数
~$ nasm -f elf helloworld-inc.asm ~$ ld -m elf_i386 helloworld-inc.o -o helloworld-inc ~$ ./helloworld-inc Hello, brave new world! This is how we recycle in NASM. This is how we recycle in NASM.

Error: Our second message is outputted twice. This is fixed in the next lesson.

错误: 第二个字符串被输出了两次。这个问题将在下一课修正。

Lesson 6

NULL terminating bytes

NULL终止符

Ok so why did our second message print twice when we only called our sprint function on msg2 once? Well actually it did only print once. You can see what I mean if you comment out our second call to sprint. The output will be both of our message strings.

想知道为什么我们只输出了msg2一次但是而打印了两次吗?事实上的确输出了一次。你可以输出msg2的代码注释掉。实际上,输出字符串1的时候两个字符串都被输出了。

But how is this possible?

为什么?

What is happening is we weren't properly terminating our strings. In assembly, variables are stored one after another in memory so the last byte of our msg1 variable is right next to the first byte of our msg2 variable. We know our string length calculation is looking for a zero byte so unless our msg2 variable starts with a zero byte it keeps counting as if it's the same string (and as far as assembly is concerned it is the same string). So we need to put a zero byte or 0h after our strings to let assembly know where to stop counting.

以上问题归咎于我们未能正确地终止字符串。在汇编语言中,变量在内存中是连续储存的,因此,msg1的末尾紧接着msg2的开头。我们的取字符串长度函数的原理是寻找值为0的字符,所以除非msg2以0字符开头,否则两个字符串会被视作同一个字符串而持续统计长度。我们通过在字符串末尾放置一个0值字符表明字符串的结束。

Note: In programming 0h denotes a null byte and a null byte after a string tells assembly where it ends in memory.

注意: 在编程中,0h的值意味着NULL。而字符串末尾的NULL告诉汇编字符串结束了。

helloworld-inc.asm 
                            ; Hello World Program (NULL terminating bytes)
                            ; Compile with: nasm -f elf helloworld-inc.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-inc.o -o helloworld-inc
                            ; Run with: ./helloworld-inc

                            %include        'functions.asm'

                            SECTION .data
                            msg1    db      'Hello, brave new world!', 0Ah, 0h          ; 新增了NULL终止符
                            msg2    db      'This is how we recycle in NASM.', 0Ah, 0h  ; 新增了NULL终止符

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, msg1
                                call    sprint

                                mov     eax, msg2
                                call    sprint

                                call    quit
~$ nasm -f elf helloworld-inc.asm ~$ ld -m elf_i386 helloworld-inc.o -o helloworld-inc ~$ ./helloworld-inc Hello, brave new world! This is how we recycle in NASM.

Lesson 7

Linefeeds

换行符

Linefeeds are essential to console programs like our 'hello world' program. They become even more important once we start building programs that require user input. But linefeeds can be a pain to maintain. Sometimes you will want to include them in your strings and sometimes you will want to remove them. If we continue to hard code them in our variables by adding 0Ah after our declared message text, it will become a problem. If there's a place in the code that we don't want to print out the linefeed for that variable we will need to write some extra logic remove it from the string at runtime.

换行符对于像是'Hello world!'这样的控制台程序是必要的,在程序需要用户输入时,换行符更重要了。但是换行符对于维护不太友好:有时你想要在字符末尾输出换行符,有时候不想。如果我们继续硬编码换行符0Ah到字符串变量里面,将造成维护问题。如果我们什么地方不想换行,那就需要额外的逻辑来在运行时移除这个换行符。

It would be better for the maintainability of our program if we write a subroutine that will print out our message and then print a linefeed afterwards. That way we can just call this subroutine when we need the linefeed and call our current sprint subroutine when we don't.

更好的方案是写一个新的子程序在输出完字符串后多输出一个换行符。我们在需要时调用这个子程序,其他情况下调用原来那个。

A call to sys_write requires we pass a pointer to an address in memory of the string we want to print so we can't just pass a linefeed character (0Ah) to our print function. We also don't want to create another variable just to hold a linefeed character so we will instead use the stack.

调用sys_write需要传递一个指向要输出的字符串的地址而不能单单传入一个换行符。我们也不想单独为换行符创建一个变量,因此因为使用栈来解决这个问题。

The way it works is by moving a linefeed character into EAX. We then push EAX onto the stack and get the address pointed to by the Extended Stack Pointer. ESP is another register. When you push items onto the stack, ESP is decremented to point to the address in memory of the last item and so it can be used to access that item directly from the stack. Since ESP points to an address in memory of a character, sys_write will be able to use it to print.

我们首先传入EAX一个换行符,接着我们将EAX入栈,通过ESP寄存器(扩展栈指针寄存器)获取到栈的地址。当你将数据入栈时,ESP寄存器会自动指向栈的末项因此ESP可以被用于直接找到栈里面的数据。因为ESP指向的是内存地址,所以sys_write可以将其输出。

Note: I've highlighted the new code in functions.asm below.

注意: 下文高亮了新增的代码

functions.asm 
                            ;------------------------------------------
                            ; int slen(String message)
                            ; 计算字符串长度
                            slen:
                                push    ebx
                                mov     ebx, eax

                            nextchar:
                                cmp     byte [eax], 0
                                jz      finished
                                inc     eax
                                jmp     nextchar

                            finished:
                                sub     eax, ebx
                                pop     ebx
                                ret


                            ;------------------------------------------
                            ; void sprint(String message)
                            ; 输出字符串
                            sprint:
                                push    edx
                                push    ecx
                                push    ebx
                                push    eax
                                call    slen

                                mov     edx, eax
                                pop     eax

                                mov     ecx, eax
                                mov     ebx, 1
                                mov     eax, 4
                                int     80h

                                pop     ebx
                                pop     ecx
                                pop     edx
                                ret


                            ;------------------------------------------
                            ; void sprintLF(String message)
                            ; 输出字符串和换行符
                            sprintLF:
                                call    sprint

                                push    eax         ; 将EAX入栈以保护原来EAX的值
                                mov     eax, 0Ah    ; 将换行符0Ah写入EAX
                                                    ; 因为EAX是四字节宽(32bit),现在EAX的值为0000000Ah
                                push    eax         ; 将换行符入栈,这样栈内存就含有换行符
                                                    ; 因为我们的架构是小端序架构,这意味着EAX的值是逐字节反序存入内存中的
                                                    ; 这意味着现在栈内存存放的东西是0Ah,0h,0h,0h
                                                    ; 这本身就构成了我们需要的换行符后接着终止符的情况
                                mov     eax, esp    ; 将栈地址esp寄存器移动到EAX中,用来输出栈上现有的字符串(即换行符)
                                call    sprint      ; 调用原有的输出函数
                                pop     eax         ; 将换行符从栈中弹出
                                pop     eax         ; 恢复在运行我们的函数之前EAX的值
                                ret                 ; 将程序的控制返回到主线程


                            ;------------------------------------------
                            ; void exit()
                            ; 退出程序
                            quit:
                                mov     ebx, 0
                                mov     eax, 1
                                int     80h
                                ret
helloworld-lf.asm 
                            ; Hello World Program (Print with line feed)
                            ; Compile with: nasm -f elf helloworld-lf.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-lf.o -o helloworld-lf
                            ; Run with: ./helloworld-lf

                            %include        'functions.asm'

                            SECTION .data
                            msg1    db      'Hello, brave new world!', 0h          ; NOTE we have removed the line feed character 0Ah
                            msg2    db      'This is how we recycle in NASM.', 0h  ; 注意,我们现在移除了字符串中的换行符

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, msg1
                                call    sprintLF    ; NOTE we are calling our new print with linefeed function

                                mov     eax, msg2
                                call    sprintLF    ; 注意,我们现在使用新的函数来输出字符串和换行符

                                call    quit
~$ nasm -f elf helloworld-lf.asm ~$ ld -m elf_i386 helloworld-lf.o -o helloworld-lf ~$ ./helloworld-lf Hello, brave new world! This is how we recycle in NASM.

Lesson 8

Passing arguments

传递参数

Passing arguments to your program from the command line is as easy as popping them off the stack in NASM. When we run our program, any passed arguments are loaded onto the stack in reverse order. The name of the program is then loaded onto the stack and lastly the total number of arguments is loaded onto the stack. The last two stack items for a NASM compiled program are always the name of the program and the number of passed arguments.

在NASM汇编中,通过命令行给你的程序传递参数就和从栈取数据出栈一样容易。当我们运行程序时,任何传入的参数都会以反序的方式入栈,接着是程序名,最后是传入参数个数。通过NASM汇编器编译的程序的栈最初时最后两个值一定是程序名和参数个数。

So all we have to do to use them is pop the number of arguments off the stack first, then iterate once for each argument and perform our logic. In our program that means calling our print function.

所以我们需要做的事情就是将参数个数从栈中弹出,然后对每一个参数迭代执行我们的程序逻辑。本例中,我们仅仅调用输出函数。

Note: We are using the ECX register as our counter for the loop. Although it's a general-purpose register it's original intention was to be used as a counter.

注意: 我们使用ECX寄存器作为循环的计数器。虽然ECX是通用寄存器,但是在设计之初的确是为了作为计数器的。

helloworld-args.asm 
                            ; Hello World Program (Passing arguments from the command line)
                            ; Compile with: nasm -f elf helloworld-args.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-args.o -o helloworld-args
                            ; Run with: ./helloworld-args

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                pop     ecx             ; 栈中第一个值是参数个数

                            nextArg:
                                cmp     ecx, 0h         ; 将ecx与0比较,判断是否有参数剩余
                                jz      noMoreArgs      ; 如果等于0,也就是没有参数了,就跳转到noMoreArgs标签,结束循环
                                pop     eax             ; 将栈中目前最后一项的数据出栈,存入EAX以待输出
                                call    sprintLF        ; 调用输出函数
                                dec     ecx             ; ECX自减
                                jmp     nextArg         ; 循环

                            noMoreArgs:
                                call    quit
~$ nasm -f elf helloworld-args.asm ~$ ld -m elf_i386 helloworld-args.o -o helloworld-args ~$ ./helloworld-args "This is one argument" "This is another" 101 ./helloworld-args This is one argument This is another 101

Lesson 9

User input

用户输入

Introduction to the .bss section
对.bss段的介绍

So far we've used the .text and .data section so now it's time to introduce the .bss section. BSS stands for Block Started by Symbol. It is an area in our program that is used to reserve space in memory for uninitialised variables. We will use it to reserve some space in memory to hold our user input since we don't know how many bytes we'll need to store.

目前我们已经用到了.text段和.data段,现在要介绍.bss段。BSS是符号起始块(Block Started by Symbol)的缩写,是程序中为未初始化的数据保留的内存空间。我们使用bss来储存我们不知道会有多长的用户输入。

The syntax to declare variables is as follows:

bss段语法如下

.bss section example 
                            SECTION .bss
                            variableName1:      RESB    1       ; reserve space for 1 byte (字节,8bit)
                            variableName2:      RESW    1       ; reserve space for 1 word (字,长度取决于架构,x86架构是32bit)
                            variableName3:      RESD    1       ; reserve space for 1 double word (双字)
                            variableName4:      RESQ    1       ; reserve space for 1 double precision float (quad word) (双精度浮点数,四字)
                            variableName5:      REST    1       ; reserve space for 1 extended precision float (扩展精度浮点数)
Writing our program
写程序

We will be using the system call sys_read to receive and process input from the user. This function is assigned OPCODE 3 in the Linux System Call Table. Just like sys_write this function also takes 3 arguments which will be loaded into EDX, ECX and EBX before requesting a software interrupt that will call the function.

我们将使用系统调用sys_read来接收和处理用户输入。这个函数在x86架构Linux系统调用表中是3号调用。与sys_write类似,需要在触发调用之前通过寄存器接收3个参数。

The arguments passed are as follows:

  • EDX will be loaded with the maximum length (in bytes) of the space in memory.
  • ECX will be loaded with the address of our variable created in the .bss section.
  • EBX will be loaded with the file we want to read from – in this case STDIN.
As always the datatype and meaning of the arguments passed can be found in the function's definition.

参数如下所示:

  • EDX接收最大读取长度.
  • ECX接收读入数据的缓冲区地址,这里传入.bss段地址
  • EBX是我们读取的文件,这里从STDIN读取
以上可以参考系统调用的函数定义。

When sys_read detects a linefeed, control returns to the program and the users input is located at the memory address you passed in ECX.

当sys_read读取到换行符时,程序的控制权将返回你的程序,同时用户输入被储存到ECX中。

helloworld-input.asm 
                            ; Hello World Program (Getting input)
                            ; Compile with: nasm -f elf helloworld-input.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-input.o -o helloworld-input
                            ; Run with: ./helloworld-input

                            %include        'functions.asm'

                            SECTION .data
                            msg1        db      'Please enter your name: ', 0h      ; 要求用户输入名称
                            msg2        db      'Hello, ', 0h                       ; 在用户输入完名称后输出你好

                            SECTION .bss
                            sinput:     resb    255                                 ; 为用户输入保留255字节来储存

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, msg1
                                call    sprint

                                mov     edx, 255        ; 最多读取的字节数
                                mov     ecx, sinput     ; 储存用户输入的缓冲区位置
                                mov     ebx, 0          ; 从STDIN(0)中读取
                                mov     eax, 3          ; 向EAX填入sys_read的系统调用编号
                                int     80h

                                mov     eax, msg2
                                call    sprint

                                mov     eax, sinput     ; 将用户输入缓冲区输出。注意:最后的换行符也被存入了缓冲区
                                call    sprint          ; 调用原来的输出函数

                                call    quit
~$ nasm -f elf helloworld-input.asm ~$ ld -m elf_i386 helloworld-input.o -o helloworld-input ~$ ./helloworld-input Please enter your name: Daniel Givney Hello, Daniel Givney

Lesson 10

Count to 10

数到10

Firstly, some background
一些背景信息

Counting by numbers is not as straight forward as you would think in assembly. Firstly we need to pass sys_write an address in memory so we can't just load our register with a number and call our print function. Secondly, numbers and strings are very different things in assembly. Strings are represented by what are called ASCII values. ASCII stands for American Standard Code for Information Interchange. A good reference for ASCII can be found here. ASCII was created as a way to standardise the representation of strings across all computers.

在汇编中数数并不直接。首先,我们需要向sys_write传递的是地址,因此不能只向寄存器存入数字就调用输出函数。其次,数字和字符串在汇编中是截然不同的两种事物。字符串通过ASCII码来编码。ASCII全称American Standard Code for Information Interchange. 可以前往这个网站参考。

Remember, we can't print a number - we have to print a string. In order to count to 10 we will need to convert our numbers from standard integers to their ASCII string representations. Have a look at the ASCII values table and notice that the string representation for the number '1' is actually '49' in ASCII. In fact, adding 48 to our numbers is all we have to do to convert them from integers to their ASCII string representations.

注意!我们不能输出(print)一个数字,我们只能够输出字符串。为了数到10,我们需要将数字转换成ASCII码编码的字符串。查阅ASCII码表可知,数字转换成相应的字符串只需要加48,比如'1'对应ASCII码的49号。

Writing our program
写程序

What we will do with our program is count from 1 to 10 using the ECX register. We will then add 48 to our counter to convert it from a number to it's ASCII string representation. We will then push this value to the stack and call our print function passing ESP as the memory address to print from. Once we have finished counting to 10 we will exit our counting loop and call our quit function.

我们的程序将使用ECX寄存器储存1到10的数字。接着我们将数字加48以转换为ASCII编码的字符串。接着我们将这个值入栈再通过给打印函数传递ESP寄存器来将这个字符输出。一旦我们成功数到10了,就结束循环并退出程序。

helloworld-10.asm 
                            ; Hello World Program (Count to 10)
                            ; Compile with: nasm -f elf helloworld-10.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-10.o -o helloworld-10
                            ; Run with: ./helloworld-10

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                mov     ecx, 0          ; ECX被初始化为0

                            nextNumber:
                                inc     ecx             ; ECX自增

                                mov     eax, ecx        ; 将要输出的数写入EAX
                                add     eax, 48         ; 加48转换成相应的ASCII字符
                                push    eax             ; 入栈
                                mov     eax, esp        ; 通过ESP获取栈中字符串的地址
                                call    sprintLF        ; 调用输出函数

                                pop     eax             ; 将栈中用于输出的字符弹出
                                cmp     ecx, 10         ; 判断是否到10
                                jne     nextNumber      ; jne命令:不相等则跳转

                                call    quit
~$ nasm -f elf helloworld-10.asm ~$ ld -m elf_i386 helloworld-10.o -o helloworld-10 ~$ ./helloworld-10 1 2 3 4 5 6 7 8 9 :

Error: Our number 10 prints a colon (:) character instead. What's going on?

错误: 应该输出10的地方输出了一个冒号。

Lesson 11

Count to 10 (itoa)

通过itoa函数来数到十

So why did our program in Lesson 10 print out a colon character instead of the number 10?. Well lets have a look at our ASCII table. We can see that the colon character has a ASCII value of 58. We were adding 48 to our integers to convert them to their ASCII string representations so instead of passing sys_write the value '58' to print ten we actually need to pass the ASCII value for the number 1 followed by the ASCII value for the number 0. Passing sys_write '4948' is the correct string representation for the number '10'. So we can't just simply add 48 to our numbers to convert them, we first have to divide them by 10 because each place value needs to be converted individually.

所以为什么第十课应该输出数字10的地方输出了一个冒号?请参阅ASCII码表,ASCII值为58的地方是冒号。当我们让10加上48时,得到的是58.所以为了输出一个10,我们应该输出1再输出0。也就是向sys_write传递49 48.因此我们不能简单的给数字加48来完成转换,我们首先应该按各个位将数字分离因为每位的数字都应该单独转换。

We will write 2 new subroutines in this lesson 'iprint' and 'iprintLF'. These functions will be used when we want to print ASCII string representations of numbers. We achieve this by passing the number in EAX. We then initialise a counter in ECX. We will repeatedly divide the number by 10 and each time convert the remainder to a string by adding 48. We will then push this onto the stack for later use. Once we can no longer divide the number by 10 we will enter our second loop. In this print loop we will print the now converted string representations from the stack and pop them off. Popping them off the stack moves ESP forward to the next item on the stack. Each time we print a value we will decrease our counter ECX. Once all numbers have been converted and printed we will return to our program.

在本课程中,我们将编写两个新的子程序'iprint'和'iprintLF'。这两个函数将用于输出代表传递到EAX寄存器中的数字的ASCII字符串。我们初始化ECX寄存器,重复地用数字去除10,将余数加上48转换为字符入栈待稍后使用,当我们剩下的数字不够除10,我们便进入第二个循环——将栈中的数字打印并弹出。弹出的操作意味着ESP也会前移一项,我们每次输出一个值也会减少ECX的一个值。当所有的数字都被转换和输出之后,我们返回到程序中。

How does the divide instruction work?
除法指令是如何工作的。

The DIV and IDIV instructions work by dividing whatever is in EAX by the value passed to the instruction. The quotient part of the value is left in EAX and the remainder part is put into EDX (Originally called the data register). DIV和IDIV指令使用EAX来除传入的值,商被存入EAX而余数被存入EDX。这也是EDX得名数据寄存器的原因。(译者注:DIV、IDIV的操作数只能为寄存器,不能传入立即数)

For example.

举例来说

IDIV instruction example 
                            mov     eax, 10         ; EAX = 10
                            mov     esi, 10         ; ESI = 10
                            idiv    esi             ; 使用EAX除ESI(10),现在EAX=1,EDX=0
                            idiv    esi             ; 使用EAX除ESI(10),现在EAX=0,EDX=1
If we are only storing the remainder won't we have problems?
如果只储存余数是否会发生问题?

No, because these are integers, when you divide a number by an even bigger number the quotient in EAX is 0 and the remainder is the number itself. This is because the number divides zero times leaving the original value as the remainder in EDX. How good is that?

一般不会,因为你使用某个数去除更大的数,EAX会变为0而EDX会变成原来的被除数。这不挺好的吗?(译者注:译者未能理解这段话在讲什么,大意应该是只将EDX入栈不用担心EAX的值会影响程序逻辑)

Note: Only the new functions iprint and iprintLF have comments.

注意: 只有新的函数iprint和iprintLF有注释。

functions.asm 
                            ;------------------------------------------
                            ; void iprint(Integer number)
                            ; 通过整数转换为字符的方式来打印数字
                            iprint:
                                push    eax             ; 保护EAX、ECX、EDX、ESI
                                push    ecx
                                push    edx
                                push    esi
                                mov     ecx, 0          ; ECX是记录要输出字符数的寄存器

                            divideLoop:
                                inc     ecx             ; ECX自增来统计要输出的字符数
                                mov     edx, 0          ; 每次是哟之前清空EDX
                                mov     esi, 10         ; 设置ESI为10
                                idiv    esi             ; 使用EAX除去ESI
                                add     edx, 48         ; 将除10的余数加48转换为相应的ASCII字符
                                push    edx             ; 将转换为字符的值入栈
                                cmp     eax, 0          ; 将EAX同0比较判断是否除净
                                jnz     divideLoop      ; JNZ是非零情况跳转,也就是未除净继续循环。

                            printLoop:
                                dec     ecx             ; ECX递减
                                mov     eax, esp        ; 将esp传入eax以输出栈里面存放的字符
                                call    sprint          ; 调用字符串输出函数
                                pop     eax             ; 将最后一个字符弹出,esp前移
                                cmp     ecx, 0          ; 比较是否输出完全部的字符
                                jnz     printLoop       ; 如果没有,就继续

                                pop     esi             ; 恢复ESI、EDX、ECX、EAX在使用之前的值
                                pop     edx
                                pop     ecx
                                pop     eax
                                ret


                            ;------------------------------------------
                            ; void iprintLF(Integer number)
                            ; 有换行符的iprint
                            iprintLF:
                                call    iprint          ; 调用以上的iprint函数

                                push    eax             ; 保护EAX
                                mov     eax, 0Ah        ; 将换行符写入EAX
                                push    eax             ; 换行符入栈
                                mov     eax, esp        ; 将esp写入eax,以此来打印栈中换行符
                                call    sprint          ; 输出换行符
                                pop     eax             ; 将换行符弹出
                                pop     eax
                                ret


                            ;------------------------------------------
                            ; int slen(String message)
                            ; String length calculation function
                            slen:
                                push    ebx
                                mov     ebx, eax

                            nextchar:
                                cmp     byte [eax], 0
                                jz      finished
                                inc     eax
                                jmp     nextchar

                            finished:
                                sub     eax, ebx
                                pop     ebx
                                ret


                            ;------------------------------------------
                            ; void sprint(String message)
                            ; String printing function
                            sprint:
                                push    edx
                                push    ecx
                                push    ebx
                                push    eax
                                call    slen

                                mov     edx, eax
                                pop     eax

                                mov     ecx, eax
                                mov     ebx, 1
                                mov     eax, 4
                                int     80h

                                pop     ebx
                                pop     ecx
                                pop     edx
                                ret


                            ;------------------------------------------
                            ; void sprintLF(String message)
                            ; String printing with line feed function
                            sprintLF:
                                call    sprint

                                push    eax
                                mov     eax, 0AH
                                push    eax
                                mov     eax, esp
                                call    sprint
                                pop     eax
                                pop     eax
                                ret


                            ;------------------------------------------
                            ; void exit()
                            ; Exit program and restore resources
                            quit:
                                mov     ebx, 0
                                mov     eax, 1
                                int     80h
                                ret
helloworld-itoa.asm 
                            ; Hello World Program (Count to 10 itoa)
                            ; Compile with: nasm -f elf helloworld-itoa.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 helloworld-itoa.o -o helloworld-itoa
                            ; Run with: ./helloworld-itoa

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                mov     ecx, 0

                            nextNumber:
                                inc     ecx
                                mov     eax, ecx
                                call    iprintLF        ; 现在调用我们的整数输出函数
                                cmp     ecx, 10
                                jne     nextNumber

                                call    quit
~$ nasm -f elf helloworld-itoa.asm ~$ ld -m elf_i386 helloworld-itoa.o -o helloworld-itoa ~$ ./helloworld-itoa 1 2 3 4 5 6 7 8 9 10

Lesson 12

Calculator - addition

计算器 - 加法

In this program we will be adding the registers EAX and EBX together and we'll leave our answer in EAX. Firstly we use the MOV instruction to load EAX with an integer (in this case 90). We then MOV an integer into EBX (in this case 9). Now all we need to do is use the ADD instruction to perform our addition. EBX & EAX will be added together leaving our answer in the left most register in this instruction (in our case EAX). Then all we need to do is call our integer printing function to complete the program.

在本程序中,我们将EAX和EBX的值加在一起,结果储存到EAX中。首先我们使用MOV指令来为寄存器赋值为90和9.接着我们只需要使用ADD指令即可。最后调用我们的整数输出函数。

calculator-addition.asm 
                            ; Calculator (Addition)
                            ; Compile with: nasm -f elf calculator-addition.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 calculator-addition.o -o calculator-addition
                            ; Run with: ./calculator-addition

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, 90     ; 为EAX赋值
                                mov     ebx, 9      ; 为EBX赋值
                                add     eax, ebx    ; EAX = EAX + EBX
                                call    iprintLF    ; 调用整数输出函数

                                call    quit
~$ nasm -f elf calculator-addition.asm ~$ ld -m elf_i386 calculator-addition.o -o calculator-addition ~$ ./calculator-addition 99

Lesson 13

Calculator - subtraction

计算器 - 减法

In this program we will be subtracting the value in the register EBX from the value in the register EAX. Firstly we load EAX and EBX with integers in the same way as Lesson 12. The only difference is we will be using the SUB instruction to perform our subtraction logic, leaving our answer in the left most register of this instruction (in our case EAX). Then all we need to do is call our integer printing function to complete the program.

在本程序中,我们将会使用EAX的值减去EBX的值。首先我们参照第12课的方式向EAX和EBX加载数字,仅有的差异就是本课使用SUB指令来执行减法,指令会将结果存在放左侧的EAX寄存器中,接着我们只需要输出就行。

calculator-subtraction.asm 
                            ; Calculator (Subtraction)
                            ; Compile with: nasm -f elf calculator-subtraction.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 calculator-subtraction.o -o calculator-subtraction
                            ; Run with: ./calculator-subtraction

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, 90     ; 为EAX赋值
                                mov     ebx, 9      ; 为EBX赋值
                                sub     eax, ebx    ; 减法指令
                                call    iprintLF    ; 输出

                                call    quit
~$ nasm -f elf calculator-subtraction.asm ~$ ld -m elf_i386 calculator-subtraction.o -o calculator-subtraction ~$ ./calculator-subtraction 81

Lesson 14

Calculator - multiplication

计算器 - 乘法

In this program we will be multiplying the value in EBX by the value present in EAX. Firstly we load EAX and EBX with integers in the same way as Lesson 12. This time though we will be calling the MUL instruction to perform our multiplication logic. The MUL instruction is different from many instructions in NASM, in that it only accepts one further argument. The MUL instruction always multiples EAX by whatever value is passed after it. The answer is left in EAX.

本程序中,我们将使用EAX寄存器的值乘上EBX寄存器的值。和第12课一样,我们先赋值。这次使用MUL指令来完成乘法操作。注意:MUL与NASM的其他很多指令不同,MUL只接受一个参数,通过使用EAX来乘传入参数,结果储存在EAX中。

calculator-multiplication.asm 
                            ; Calculator (Multiplication)
                            ; Compile with: nasm -f elf calculator-multiplication.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 calculator-multiplication.o -o calculator-multiplication
                            ; Run with: ./calculator-multiplication

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, 90
                                mov     ebx, 9
                                mul     ebx         ; EAX = EAX * EBX
                                call    iprintLF

                                call    quit
~$ nasm -f elf calculator-multiplication.asm ~$ ld -m elf_i386 calculator-multiplication.o -o calculator-multiplication ~$ ./calculator-multiplication 810

Lesson 15

Calculator - division

计算器 - 除法

In this program we will be dividing the value in EBX by the value present in EAX. We've used division before in our integer print subroutine. Our program requires a few extra strings in order to print out the correct answer but otherwise there's nothing complicated going on.

在本课中,我们将使用EAX的值去除EBX的值。在此前的整数输出函数中,我们已经用过除法指令了。这个程序需要额外的字符串用来表示“余”。

Firstly we load EAX and EBX with integers in the same way as Lesson 12. Division logic is performed using the DIV instruction. The DIV instruction always divides EAX by the value passed after it. It will leave the quotient part of the answer in EAX and put the remainder part in EDX (the original data register). We then MOV and call our strings and integers to print out the correct answer.

首先和12课一样,给EAX和EBX赋值。除法指令是DIV,DIV总是使用EAX作为被除数,传入参数作为除数,整除结果保留在EAX中,余数保留在EDX中。接着需要MOV来调用字符串和整数输出函数。

calculator-division.asm 
                            ; Calculator (Division)
                            ; Compile with: nasm -f elf calculator-division.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 calculator-division.o -o calculator-division
                            ; Run with: ./calculator-division

                            %include        'functions.asm'

                            SECTION .data
                            msg1        db      ' remainder '      ; 余

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, 90
                                mov     ebx, 9
                                div     ebx         ; 新EAX * EBX + 新EDX = 原EAX
                                call    iprint      ; 调用整数输出函数
                                mov     eax, msg1   ; 输出一个“余”
                                call    sprint      ; 调用字符输出函数
                                mov     eax, edx    ; 将余数EDX转移到EAX以用来输出
                                call    iprintLF    ; 有换行符的整数输出函数

                                call    quit
~$ nasm -f elf calculator-division.asm ~$ ld -m elf_i386 calculator-division.o -o calculator-division ~$ ./calculator-division 10 remainder 0

Lesson 16

Calculator (atoi)

基于文本转数字的计算器

Our program will take several command line arguments and add them together printing out the result in the terminal.

本程序将从命令行接受若干参数并将它们加到一起,最后将结果输出到终端。

Writing our program
写程序

Our program begins by using the POP instruction to get the number of passed arguments off the stack. This value is stored in ECX (originally known as the counter register). It will then POP the next value off the stack containing the program name and remove it from the number of arguments stored in ECX. It will then loop through the rest of the arguments popping each one off the stack and performing our addition logic. As we know, arguments passed via the command line are received by our program as strings. Before we can add the arguments together we will need to convert them to integers otherwise our result will not be correct. We do this by calling our Ascii to Integer function (atoi). This function will convert the ascii value into an integer and place the result in EAX. We can then add this value to EDX (originally known as the data register) where we will store the result of our additions. If the value passed to atoi is not an ascii representation of an integer our function will return zero instead. When all arguments have been converted and added together we will print out the result and call our quit function.

我们的程序先使用pop指令获取到栈顶的参数个数并储存于ECX寄存器中,接着将程序名弹出并将ECX减去这项。循环将栈中各项弹出并相加。然而,参数是以字符串的形式传递的,在我们将数字相加之前,我们需要有一个函数将字符串转换为数字(atoi)。这个函数将会通过ASCII码将数字转换为数值并储存在EAX,我们将这个数加到EDX中储存求和结果。如果传递进入函数的字符串并不是一个表示数字的字符串,那我们的函数返回0.当所有的参数都被转换求和后,输出总和并结束程序。

How does the atoi function work
文本转数字函数如何运作?

Converting an ascii string into an integer value is not a trivial task. We know how to convert an integer to an ascii string so the process should essentially work in reverse. Firstly we take the address of the string and move it into ESI (originally known as the source register). We will then move along the string byte by byte (think of each byte as being a single digit or decimal placeholder). For each digit we will check if it's value is between 48-57 (ascii values for the digits 0-9).

将文本转换为数字并不是一个容易事,我们知道如何转换一个数字到字符串,这个工作就需要反着来。首先我们获取到字符串的地址,并写入常被叫做源地址寄存器的ESI,接着在认为每个字符是一个单独的数字的情况下逐个移动字符,检查是否在ASCII码代表0到9的48到57的范围内。

Once we have performed this check and determined that the byte can be converted to an integer we will perform the following logic. We will subtract 48 from the value - converting the ascii value to it's decimal equivalent. We will then add this value to EAX (the general purpose register that will store our result). We will then multiple EAX by 10 as each byte represents a decimal placeholder and continue the loop.

一旦检查通过,我们就可以执行接下来的转换逻辑:我们使用每一个值减去48,将ASCII码转换为相应的数字,加到一般作为结果寄存器的EAX中,接着让EAX乘10进一位继续循环。

When all bytes have been converted we need to do one last thing before we return the result. The last digit of any number represents a single unit (not a multiple of 10) so we have multiplied our result one too many times. We simple divide it by 10 once to correct this and then return. If no integer arguments were pass however, we skip this divide instruction.

当所有字符都完成转换后我们还有一件事要做:最后一位书代表的是个位而非十位,只需要除去10即可。

What is the BL register
BL寄存器是什么?

You may have noticed that the atoi function references the BL register. So far in these tutorials we have been exclusively using 32bit registers. These 32bit general purpose registers contain segments of memory that can also be referenced. These segments are available in 16bits and 8bits. We wanted a single byte (8bits) because a byte is the size of memory that is required to store a single ascii character. If we used a larger memory size we would have copied 8bits of data into 32bits of space leaving us with 'rubbish' bits - because only the first 8bits would be meaningful for our calculation.

你可能会注意到我们的字符串转数字函数使用到了BL寄存器。截至目前我们使用到的寄存器都是32位寄存器,这代表数据以32位一段来处理,但同时也可以用16位或8位。我们需要用到8位寄存器用来储存单个字符。如果使用了更大的内存空间,会造成浪费,因为我们的计算中只有8位实际有用。

The EBX register is 32bits. EBX's 16 bit segment is referenced as BX. BX contains the 8bit segments BL and BH (Lower and Higher bits). We wanted the first 8bits (lower bits) of EBX and so we referenced that storage area using BL.

EBX寄存器是32位寄存器,EBX的低16位是BX寄存器。BX又可以分为低8位BL和高8位BH。我们需要使用EBX的第一个低8位,所以使用BL寄存器。

Almost every assembly language tutorial begins with a history of the registers, their names and their sizes. These tutorials however were written to provide a foundation in NASM by first writing code and then understanding the theory. The full story about the size of registers, their history and importance are beyond the scope of this tutorial but we will return to that story in later tutorials.

几乎所有的汇编教程都是以寄存器的历史、名称、大小开始的,那些教程是通过写代码和对理论的理解来提供一个NASM汇编的基础。在本教程中,关于寄存器大小、历史和其他重要的事情都会在后文慢慢叙述。

Note: Only the new function in this file 'atoi' is shown below.

functions.asm 
                                ;------------------------------------------
                                ; int atoi(Integer number)
                                ; Ascii to integer function (atoi)
                                atoi:
                                    push    ebx             ; 保护EBX、ECX、EDX、ESI
                                    push    ecx
                                    push    edx
                                    push    esi
                                    mov     esi, eax        ; 将储存在EAX的字符串指针移动进入ESI
                                    mov     eax, 0          ; 初始化EAX、ECX为0
                                    mov     ecx, 0

                                .multiplyLoop:
                                    xor     ebx, ebx        ; 将EBX的高低位都设置为0(译者注:这步操作比MOV EBX,0省性能)
                                    mov     bl, [esi+ecx]   ; 从内存中读取一个字节,存入BL
                                    cmp     bl, 48          ; 比较BL与'0'
                                    jl      .finished       ; JL(Jump if Less) 如果小于则跳转,(译者注:字符串末尾NULL也会引发这一步跳转)
                                    cmp     bl, 57          ; 比较BL与'9'
                                    jg      .finished       ; JG(Jump if Greater) 如果大于则跳转

                                    sub     bl, 48          ; 将字符减去48转换为相应的数字
                                    add     eax, ebx        ; 将EAX = EAX + EBX,这里BL是EBX的末8位,所以EBX在数值上等于BL
                                    mov     ebx, 10         ; 令EBX = 10
                                    mul     ebx             ; EAX = EAX * EBX(10),这里是因为乘法指令也不能操作立即数
                                    inc     ecx             ; ECX计数器自增
                                    jmp     .multiplyLoop   ; 继续循环

                                .finished:
                                    cmp     ecx, 0          ; 比较ECX是否为0,如果是,表明是因为读取到了非数字而导致的。
                                    je      .restore        ; JE(Jump if Equal),如果相等则跳转
                                    mov     ebx, 10         ; 将EBX设置为10
                                    div     ebx             ; EAX = EAX / EBX(10)

                                .restore:
                                    pop     esi             ; 恢复ESI、EDX、ECX、EBX
                                    pop     edx
                                    pop     ecx
                                    pop     ebx
                                    ret
calculator-atoi.asm 
                            ; Calculator (ATOI)
                            ; Compile with: nasm -f elf calculator-atoi.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 calculator-atoi.o -o calculator-atoi
                            ; Run with: ./calculator-atoi 20 1000 317

                            %include        'functions.asm'

                            SECTION .text
                            global  _start

                            _start:

                                pop     ecx             ; 用ECX记录参数个数
                                pop     edx             ; 程序名,舍弃
                                sub     ecx, 1          ; ECX减1,程序名项已舍弃
                                mov     edx, 0          ; 初始化EDX用以储存求和数值

                            nextArg:
                                cmp     ecx, 0h         ; 检查是否有参数剩余
                                jz      noMoreArgs      ; JZ(Jump if Zero),如果没有,则结束循环
                                pop     eax             ; 将栈顶的参数弹出
                                call    atoi            ; 调用转换函数
                                add     edx, eax        ; 累加
                                dec     ecx             ; 参数数目自减
                                jmp     nextArg         ; 循环

                            noMoreArgs:
                                mov     eax, edx        ; 移动求和数值进入EAX以调用数字输出函数
                                call    iprintLF
                                call    quit
~$ nasm -f elf calculator-atoi.asm ~$ ld -m elf_i386 calculator-atoi.o -o calculator-atoi ~$ ./calculator-atoi 20 1000 317 1337

Lesson 17

Namespace

命名空间

Namespace is a necessary construct in any software project that involves a codebase that is larger than a few simple functions. Namespace provides scope to your identifiers and allows you to reuse naming conventions to make your code more readable and maintainable. In assembly language where subroutines are identified by global labels, namespace can be achieved by using local labels.

Up until the last few tutorials we have been using global labels exclusively. This means that blocks of logic that essentially perform the same task needed a label with a unique identifier. A good example would be our "finished" labels. These were global in scope meaning when we needed to break out of a loop in one function we could jump to a "finished" label. But if we needed to break out of a loop in a different function we would need to name this same task something else maybe calling it "done" or "continue". Being able to reuse the label "finished" would mean that someone reading the code would know that these blocks of logic perform almost the same task.

Local labels are prepended with a "." at the beginning of their name for example ".finished". You may have noticed them appearing as our code base in functions.asm grew. A local label is given the namespace of the first global label above it. You can jump to a local label by using the JMP instruction and the compiler will calculate which local label you are referencing by determining in what scope (based on the above global labels) the instruction was called.

Note: The file functions.asm was modified adding namespaces in all the subroutines. This is particularly important in the "slen" subroutine which contains a "finished" global label.

namespace.asm 
                            ; Namespace
                            ; Compile with: nasm -f elf namespace.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 namespace.o -o namespace
                            ; Run with: ./namespace

                            %include        'functions.asm'

                            SECTION .data
                            msg1        db      'Jumping to finished label.', 0h        ; a message string
                            msg2        db      'Inside subroutine number: ', 0h        ; a message string
                            msg3        db      'Inside subroutine "finished".', 0h     ; a message string

                            SECTION .text
                            global  _start

                            _start:

                            subrountineOne:
                                mov     eax, msg1       ; move the address of msg1 into eax
                                call    sprintLF        ; call our string printing with linefeed function
                                jmp     .finished       ; jump to the local label under the subrountineOne scope

                            .finished:
                                mov     eax, msg2       ; move the address of msg2 into eax
                                call    sprint          ; call our string printing function
                                mov     eax, 1          ; move the value one into eax (for subroutine number one)
                                call    iprintLF        ; call our integer printing function with linefeed function

                            subrountineTwo:
                                mov     eax, msg1       ; move the address of msg1 into eax
                                call    sprintLF        ; call our string print with linefeed function
                                jmp     .finished       ; jump to the local label under the subrountineTwo scope

                            .finished:
                                mov     eax, msg2       ; move the address of msg2 into eax
                                call    sprint          ; call our string printing function
                                mov     eax, 2          ; move the value two into eax (for subroutine number two)
                                call    iprintLF        ; call our integer printing function with linefeed function

                                mov     eax, msg1       ; move the address of msg1 into eax
                                call    sprintLF        ; call our string printing with linefeed function
                                jmp     finished        ; jump to the global label finished

                            finished:
                                mov     eax, msg3       ; move the address of msg3 into eax
                                call    sprintLF        ; call our string printing with linefeed function
                                call    quit            ; call our quit function
~$ nasm -f elf namespace.asm ~$ ld -m elf_i386 namespace.o -o namespace ~$ ./namespace Jumping to finished label. Inside subroutine number: 1 Jumping to finished label. Inside subroutine number: 2 Jumping to finished label. Inside subroutine "finished".

Lesson 18

Fizz Buzz

Firstly, some background

FizzBuzz is group word game played in schools to teach children division. Players take turns to count aloud integers from 1 to 100 replacing any number divisible by 3 with the word "fizz" and any number divisible by 5 with the word "buzz". Numbers that are both divisible by 3 and 5 are replaced by the word "fizzbuzz". This children's game has also become a defacto interview screening question for computer programming jobs as it's thought to easily discover candidates that can't construct a simple logic gate.

Writing our program

There are a number of code solutions to this simple game and some languages offer very trivial and elegant solutions. Depending on how you choose to solve it, the solution almost always involves an if statement and possibly an else statement depending whether you choose to exploit the mathematical property that anything divisible by 5 & 3 would also be divisible by 3 * 5. Being that this is an assembly language tutorial we will provide a solution that involves a structure of two cascading if statements to print the words "fizz" and/or "buzz" and an else statement in case these fail, to print the integer as an ascii value. Each iteration of our loop will then print a line feed. Once we reach 100 we call our program exit function.

fizzbuzz.asm 
                            ; Fizzbuzz
                            ; Compile with: nasm -f elf fizzbuzz.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 fizzbuzz.o -o fizzbuzz
                            ; Run with: ./fizzbuzz

                            %include        'functions.asm'

                            SECTION .data
                            fizz        db      'Fizz', 0h     ; a message string
                            buzz        db      'Buzz', 0h     ; a message string

                            SECTION .text
                            global  _start

                            _start:

                                mov     esi, 0          ; initialise our checkFizz boolean variable
                                mov     edi, 0          ; initialise our checkBuzz boolean variable
                                mov     ecx, 0          ; initialise our counter variable

                            nextNumber:
                                inc     ecx             ; increment our counter variable

                            .checkFizz:
                                mov     edx, 0          ; clear the edx register - this will hold our remainder after division
                                mov     eax, ecx        ; move the value of our counter into eax for division
                                mov     ebx, 3          ; move our number to divide by into ebx (in this case the value is 3)
                                div     ebx             ; divide eax by ebx
                                mov     edi, edx        ; move our remainder into edi (our checkFizz boolean variable)
                                cmp     edi, 0          ; compare if the remainder is zero (meaning the counter divides by 3)
                                jne     .checkBuzz      ; if the remainder is not equal to zero jump to local label checkBuzz
                                mov     eax, fizz       ; else move the address of our fizz string into eax for printing
                                call    sprint          ; call our string printing function

                            .checkBuzz:
                                mov     edx, 0          ; clear the edx register - this will hold our remainder after division
                                mov     eax, ecx        ; move the value of our counter into eax for division
                                mov     ebx, 5          ; move our number to divide by into ebx (in this case the value is 5)
                                div     ebx             ; divide eax by ebx
                                mov     esi, edx        ; move our remainder into edi (our checkBuzz boolean variable)
                                cmp     esi, 0          ; compare if the remainder is zero (meaning the counter divides by 5)
                                jne     .checkInt       ; if the remainder is not equal to zero jump to local label checkInt
                                mov     eax, buzz       ; else move the address of our buzz string into eax for printing
                                call    sprint          ; call our string printing function

                            .checkInt:
                                cmp     edi, 0          ; edi contains the remainder after the division in checkFizz
                                je     .continue        ; if equal (counter divides by 3) skip printing the integer
                                cmp     esi, 0          ; esi contains the remainder after the division in checkBuzz
                                je     .continue        ; if equal (counter divides by 5) skip printing the integer
                                mov     eax, ecx        ; else move the value in ecx (our counter) into eax for printing
                                call    iprint          ; call our integer printing function

                            .continue:
                                mov     eax, 0Ah        ; move an ascii linefeed character into eax
                                push    eax             ; push the address of eax onto the stack for printing
                                mov     eax, esp        ; get the stack pointer (address on the stack of our linefeed char)
                                call    sprint          ; call our string printing function to print a line feed
                                pop     eax             ; pop the stack so we don't waste resources
                                cmp     ecx, 100        ; compare if our counter is equal to 100
                                jne     nextNumber      ; if not equal jump to the start of the loop

                                call    quit            ; else call our quit function
~$ nasm -f elf fizzbuzz.asm ~$ ld -m elf_i386 fizzbuzz.o -o fizzbuzz ~$ ./fizzbuzz 1 2 Fizz 4 Buzz Fizz 7 8 Fizz Buzz 11 Fizz 13 14 FizzBuzz 16 ...

Lesson 19

Execute Command

Firstly, some background

The EXEC family of functions replace the currently running process with a new process, that executes the command you specified when calling it. We will be using the SYS_EXECVE function in this lesson to replace our program's running process with a new process that will execute the linux program /bin/echo to print out “Hello World!”.

Naming convention

The naming convention used for this family of functions is exec (execute) followed by one or more of the following letters.

  • e - An array of pointers to environment variables is explicitly passed to the new process image.
  • l - Command-line arguments are passed individually to the function.
  • p - Uses the PATH environment variable to find the file named in the path argument to be executed.
  • v - Command-line arguments are passed to the function as an array of pointers.
Writing our program

The V & E at the end of our function name means we will need to pass our arguments in the following format: The first argument is a string containing the command to execute, then an array of arguments to pass to that command and then another array of environment variables that the new process will use. As we are calling a simple command we won't pass any special environment variables to the new process and instead will pass 0h (null).

Both the command arguments and the environment arguments need to be passed as an array of pointers (addresses to memory). That's why we define our strings first and then define a simple null-terminated struct (array) of the variables names. This is then passed to SYS_EXECVE. We call the function and the process is replaced by our command and output is returned to the terminal.

execute.asm 
                            ; Execute
                            ; Compile with: nasm -f elf execute.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 execute.o -o execute
                            ; Run with: ./execute

                            %include        'functions.asm'

                            SECTION .data
                            command         db      '/bin/echo', 0h     ; command to execute
                            arg1            db      'Hello World!', 0h
                            arguments       dd      command
                                            dd      arg1                ; arguments to pass to commandline (in this case just one)
                                            dd      0h                  ; end the struct
                            environment     dd      0h                  ; arguments to pass as environment variables (inthis case none) end the struct

                            SECTION .text
                            global  _start

                            _start:

                                mov     edx, environment    ; address of environment variables
                                mov     ecx, arguments      ; address of the arguments to pass to the commandline
                                mov     ebx, command        ; address of the file to execute
                                mov     eax, 11             ; invoke SYS_EXECVE (kernel opcode 11)
                                int     80h

                                call    quit                ; call our quit function
~$ nasm -f elf execute.asm ~$ ld -m elf_i386 execute.o -o execute ~$ ./execute Hello World!

Note: Here are a couple other commands to try.

execute.asm 
                            SECTION .data
                            command         db      '/bin/ls', 0h       ; command to execute
                            arg1            db      '-l', 0h
execute.asm 
                            SECTION .data
                            command         db      '/bin/sleep', 0h    ; command to execute
                            arg1            db      '5', 0h

Lesson 20

Process Forking

Firstly, some background

In this lesson we will use SYS_FORK to create a new process that duplicates our current process. SYS_FORK takes no arguments - you just call fork and the new process is created. Both processes run concurrently. We can test the return value (in eax) to test whether we are currently in the parent or child process. The parent process returns a non-negative, non-zero integer. In the child process EAX is zero. This can be used to branch your logic between the parent and child.

In our program we exploit this fact to print out different messages in each process.

Note: Each process is responsible for safely exiting.

fork.asm 
                            ; Fork
                            ; Compile with: nasm -f elf fork.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 fork.o -o fork
                            ; Run with: ./fork

                            %include        'functions.asm'

                            SECTION .data
                            childMsg        db      'This is the child process', 0h     ; a message string
                            parentMsg       db      'This is the parent process', 0h    ; a message string

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, 2              ; invoke SYS_FORK (kernel opcode 2)
                                int     80h

                                cmp     eax, 0              ; if eax is zero we are in the child process
                                jz      child               ; jump if eax is zero to child label

                            parent:
                                mov     eax, parentMsg      ; inside our parent process move parentMsg into eax
                                call    sprintLF            ; call our string printing with linefeed function

                                call    quit                ; quit the parent process

                            child:
                                mov     eax, childMsg       ; inside our child process move childMsg into eax
                                call    sprintLF            ; call our string printing with linefeed function

                                call    quit                ; quit the child process
~$ nasm -f elf fork.asm ~$ ld -m elf_i386 fork.o -o fork ~$ ./fork This is the parent process This is the child process

Lesson 21

Telling the time

Generating a unix timestamp in NASM is easy with the SYS_TIME function of the linux kernel. Simply pass OPCODE 13 to the kernel with no arguments and you are returned the Unix Epoch in the EAX register.

That is the number of seconds that have elapsed since January 1st 1970 UTC.

time.asm 
                            ; Time
                            ; Compile with: nasm -f elf time.asm
                            ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 time.o -o time
                            ; Run with: ./time

                            %include        'functions.asm'

                            SECTION .data
                            msg        db      'Seconds since Jan 01 1970: ', 0h     ; a message string

                            SECTION .text
                            global  _start

                            _start:

                                mov     eax, msg        ; move our message string into eax for printing
                                call    sprint          ; call our string printing function

                                mov     eax, 13         ; invoke SYS_TIME (kernel opcode 13)
                                int     80h             ; call the kernel

                                call    iprintLF        ; call our integer printing function with linefeed
                                call    quit            ; call our quit function
~$ nasm -f elf time.asm ~$ ld -m elf_i386 time.o -o time ~$ ./time Seconds since Jan 01 1970: 1374995660

Lesson 22

File Handling - Create

Firstly, some background

File Handling in Linux is achieved through a small number of system calls related to creating, updating and deleting files. These functions require a file descriptor which is a unique, non-negative integer that identifies the file on the system.

Writing our program

We begin the tutorial by creating a file using sys_creat. We will then build upon our program in each of the following file handling lessons, adding code as we go. Eventually we will have a full program that can create, update, open, close and delete files.

sys_creat expects 2 arguments - the file permissions in ECX and the filename in EBX. The sys_creat opcode is then loaded into EAX and the kernel is called to create the file. The file descriptor of the created file is returned in EAX. This file descriptor can then be used for all other file handling functions.

create.asm 
                                ; Create
                                ; Compile with: nasm -f elf create.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 create.o -o create
                                ; Run with: ./create

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to create

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ecx, 0777o          ; set all permissions to read, write, execute
                                    mov     ebx, filename       ; filename we will create
                                    mov     eax, 8              ; invoke SYS_CREAT (kernel opcode 8)
                                    int     80h                 ; call the kernel

                                    call    quit                ; call our quit function
~$ nasm -f elf create.asm ~$ ld -m elf_i386 create.o -o create ~$ ./create

Note: The file 'readme.txt' will now have been created in the folder.

Lesson 23

File Handling - Write

Building upon the previous lesson we will now use sys_write to write content to a newly created file.

sys_write expects 3 arguments - the number of bytes to write in EDX, the contents string to write in ECX and the file descriptor in EBX. The sys_write opcode is then loaded into EAX and the kernel is called to write the content to the file. In this lesson we will first call sys_creat to get a file descriptor which we will then load into EBX.

write.asm 
                                ; Write
                                ; Compile with: nasm -f elf write.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 write.o -o write
                                ; Run with: ./write

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to create
                                contents db 'Hello world!', 0h  ; the contents to write

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ecx, 0777o          ; code continues from lesson 22
                                    mov     ebx, filename
                                    mov     eax, 8
                                    int     80h

                                    mov     edx, 12             ; number of bytes to write - one for each letter of our contents string
                                    mov     ecx, contents       ; move the memory address of our contents string into ecx
                                    mov     ebx, eax            ; move the file descriptor of the file we created into ebx
                                    mov     eax, 4              ; invoke SYS_WRITE (kernel opcode 4)
                                    int     80h                 ; call the kernel

                                    call    quit                ; call our quit function
~$ nasm -f elf write.asm ~$ ld -m elf_i386 write.o -o write ~$ ./write

Note: Open the newly created file 'readme.txt' in this folder and you will see the content 'Hello world!'.

Lesson 24

File Handling - Open

Building upon the previous lesson we will now use sys_open to obtain the file descriptor of the newly created file. This file descriptor can then be used for all other file handling functions.

sys_open expects 2 arguments - the access mode (table below) in ECX and the filename in EBX. The sys_open opcode is then loaded into EAX and the kernel is called to open the file and return the file descriptor.

sys_open additionally accepts zero or more file creation flags and file status flags in EDX. Click here for more information about the access mode, file creation flags and file status flags.

Description Value
O_RDONLY open file in read only mode 0
O_WRONLY open file in write only mode 1
O_RDWR open file in read and write mode 2

Note: sys_open returns the file descriptor in EAX. On linux this will be a unique, non-negative integer which we will print using our integer printing function.

open.asm 
                                ; Open
                                ; Compile with: nasm -f elf open.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 open.o -o open
                                ; Run with: ./open

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to create
                                contents db 'Hello world!', 0h  ; the contents to write

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ecx, 0777o          ; Create file from lesson 22
                                    mov     ebx, filename
                                    mov     eax, 8
                                    int     80h

                                    mov     edx, 12             ; Write contents to file from lesson 23
                                    mov     ecx, contents
                                    mov     ebx, eax
                                    mov     eax, 4
                                    int     80h

                                    mov     ecx, 0              ; flag for readonly access mode (O_RDONLY)
                                    mov     ebx, filename       ; filename we created above
                                    mov     eax, 5              ; invoke SYS_OPEN (kernel opcode 5)
                                    int     80h                 ; call the kernel

                                    call    iprintLF            ; call our integer printing function
                                    call    quit                ; call our quit function
~$ nasm -f elf open.asm ~$ ld -m elf_i386 open.o -o open ~$ ./open 4

Lesson 25

File Handling - Read

Building upon the previous lesson we will now use sys_read to read the content of a newly created and opened file. We will store this string in a variable.

sys_read expects 3 arguments - the number of bytes to read in EDX, the memory address of our variable in ECX and the file descriptor in EBX. We will use the previous lessons sys_open code to obtain the file descriptor which we will then load into EBX. The sys_read opcode is then loaded into EAX and the kernel is called to read the file contents into our variable and is then printed to the screen.

Note: We will reserve 255 bytes in the .bss section to store the contents of the file. See Lesson 9 for more information on the .bss section.

read.asm 
                                ; Read
                                ; Compile with: nasm -f elf read.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 read.o -o read
                                ; Run with: ./read

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to create
                                contents db 'Hello world!', 0h  ; the contents to write

                                SECTION .bss
                                fileContents resb 255,          ; variable to store file contents

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ecx, 0777o          ; Create file from lesson 22
                                    mov     ebx, filename
                                    mov     eax, 8
                                    int     80h

                                    mov     edx, 12             ; Write contents to file from lesson 23
                                    mov     ecx, contents
                                    mov     ebx, eax
                                    mov     eax, 4
                                    int     80h

                                    mov     ecx, 0              ; Open file from lesson 24
                                    mov     ebx, filename
                                    mov     eax, 5
                                    int     80h

                                    mov     edx, 12             ; number of bytes to read - one for each letter of the file contents
                                    mov     ecx, fileContents   ; move the memory address of our file contents variable into ecx
                                    mov     ebx, eax            ; move the opened file descriptor into EBX
                                    mov     eax, 3              ; invoke SYS_READ (kernel opcode 3)
                                    int     80h                 ; call the kernel

                                    mov     eax, fileContents   ; move the memory address of our file contents variable into eax for printing
                                    call    sprintLF            ; call our string printing function

                                    call    quit                ; call our quit function
~$ nasm -f elf read.asm ~$ ld -m elf_i386 read.o -o read ~$ ./read Hello world!

Lesson 26

File Handling - Close

Building upon the previous lesson we will now use sys_close to properly close an open file.

sys_close expects 1 argument - the file descriptor in EBX. We will use the previous lessons code to obtain the file descriptor which we will then load into EBX. The sys_close opcode is then loaded into EAX and the kernel is called to close the file and remove the active file descriptor.

close.asm 
                                ; Close
                                ; Compile with: nasm -f elf close.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 close.o -o close
                                ; Run with: ./close

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to create
                                contents db 'Hello world!', 0h  ; the contents to write

                                SECTION .bss
                                fileContents resb 255,          ; variable to store file contents

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ecx, 0777o          ; Create file from lesson 22
                                    mov     ebx, filename
                                    mov     eax, 8
                                    int     80h

                                    mov     edx, 12             ; Write contents to file from lesson 23
                                    mov     ecx, contents
                                    mov     ebx, eax
                                    mov     eax, 4
                                    int     80h

                                    mov     ecx, 0              ; Open file from lesson 24
                                    mov     ebx, filename
                                    mov     eax, 5
                                    int     80h

                                    mov     edx, 12             ; Read file from lesson 25
                                    mov     ecx, fileContents
                                    mov     ebx, eax
                                    mov     eax, 3
                                    int     80h

                                    mov     eax, fileContents
                                    call    sprintLF

                                    mov     ebx, ebx            ; not needed but used to demonstrate that SYS_CLOSE takes a file descriptor from EBX
                                    mov     eax, 6              ; invoke SYS_CLOSE (kernel opcode 6)
                                    int     80h                 ; call the kernel

                                    call    quit                ; call our quit function
~$ nasm -f elf close.asm ~$ ld -m elf_i386 close.o -o close ~$ ./close Hello world!

Note: We have properly closed the file and removed the active file descriptor.

Lesson 27

File Handling - Seek

In this lesson we will open a file and update the file contents at the end of the file using sys_lseek.

Using sys_lseek you can move the cursor within the file by an offset in bytes. The below example will move the cursor to the end of the file, then pass 0 bytes as the offset (so we append to the end of the file and not beyond) before writing a string in that position. Try different values in ECX and EDX to write the content to different positions within the opened file.

sys_lseek expects 3 arguments - the whence argument (table below) in EDX, the offset in bytes in ECX, and the file descriptor in EBX. The sys_lseek opcode is then loaded into EAX and we call the kernel to move the file pointer to the correct offset. We then use sys_write to update the content at that position.

Description Value
SEEK_SET beginning of the file 0
SEEK_CUR current file offset 1
SEEK_END end of the file 2

Note: A file 'readme.txt' has been included in the code folder for this lesson. This file will be updated after running the program.

seek.asm 
                                ; Seek
                                ; Compile with: nasm -f elf seek.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 seek.o -o seek
                                ; Run with: ./seek

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to create
                                contents  db '-updated-', 0h     ; the contents to write at the start of the file

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ecx, 1              ; flag for writeonly access mode (O_WRONLY)
                                    mov     ebx, filename       ; filename of the file to open
                                    mov     eax, 5              ; invoke SYS_OPEN (kernel opcode 5)
                                    int     80h                 ; call the kernel

                                    mov     edx, 2              ; whence argument (SEEK_END)
                                    mov     ecx, 0              ; move the cursor 0 bytes
                                    mov     ebx, eax            ; move the opened file descriptor into EBX
                                    mov     eax, 19             ; invoke SYS_LSEEK (kernel opcode 19)
                                    int     80h                 ; call the kernel

                                    mov     edx, 9              ; number of bytes to write - one for each letter of our contents string
                                    mov     ecx, contents       ; move the memory address of our contents string into ecx
                                    mov     ebx, ebx            ; move the opened file descriptor into EBX (not required as EBX already has the FD)
                                    mov     eax, 4              ; invoke SYS_WRITE (kernel opcode 4)
                                    int     80h                 ; call the kernel

                                    call    quit                ; call our quit function
~$ nasm -f elf seek.asm ~$ ld -m elf_i386 seek.o -o seek ~$ ./seek

Lesson 28

File Handling - Delete

Deleting a file on linux is achieved by calling sys_unlink.

sys_unlink expects 1 argument - the filename in EBX. The sys_unlink opcode is then loaded into EAX and the kernel is called to delete the file.

Note: A file 'readme.txt' has been included in the code folder for this lesson. This file will be deleted after running the program.

unlink.asm 
                                ; Unlink
                                ; Compile with: nasm -f elf unlink.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 unlink.o -o unlink
                                ; Run with: ./unlink

                                %include    'functions.asm'

                                SECTION .data
                                filename db 'readme.txt', 0h    ; the filename to delete

                                SECTION .text
                                global  _start

                                _start:

                                    mov     ebx, filename       ; filename we will delete
                                    mov     eax, 10             ; invoke SYS_UNLINK (kernel opcode 10)
                                    int     80h                 ; call the kernel

                                    call    quit                ; call our quit function
~$ nasm -f elf unlink.asm ~$ ld -m elf_i386 unlink.o -o unlink ~$ ./unlink

Lesson 29

Sockets - Create

Firstly, some background

Socket Programming in Linux is achieved through the use of the SYS_SOCKETCALL kernel function. The SYS_SOCKETCALL function is somewhat unique in that it encapsulates a number of different subroutines, all related to socket operations, within the one function. By passing different integer values in EBX we can change the behaviour of this function to create, listen, send, receive, close and more. Click here to view the full commented source code of the completed program.

Writing our program

We begin the tutorial by first initalizing some of our registers which we will use later to store important values. We will then create a socket using SYS_SOCKETCALL's first subroutine which is called 'socket'. We will then build upon our program in each of the following socket programming lessons, adding code as we go. Eventually we will have a full program that can create, bind, listen, accept, read, write and close sockets.

SYS_SOCKETCALL's subroutine 'socket' expects 2 arguments - a pointer to an array of arguments in ECX and the integer value 1 in EBX. The SYS_SOCKETCALL opcode is then loaded into EAX and the kernel is called to create the socket. Because everything in linux is a file, we recieve back the file descriptor of the created socket in EAX. This file descriptor can then be used for performing other socket programming functions.

Note: XORing a register by itself is an efficent way of ensuring the register is initalised with the integer value zero and doesn't contain an unexpected value that could corrupt your program.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; init eax 0
                                    xor     ebx, ebx            ; init ebx 0
                                    xor     edi, edi            ; init edi 0
                                    xor     esi, esi            ; init esi 0

                                _socket:

                                    push    byte 6              ; push 6 onto the stack (IPPROTO_TCP)
                                    push    byte 1              ; push 1 onto the stack (SOCK_STREAM)
                                    push    byte 2              ; push 2 onto the stack (PF_INET)
                                    mov     ecx, esp            ; move address of arguments into ecx
                                    mov     ebx, 1              ; invoke subroutine SOCKET (1)
                                    mov     eax, 102            ; invoke SYS_SOCKETCALL (kernel opcode 102)
                                    int     80h                 ; call the kernel

                                    call    iprintLF            ; call our integer printing function (print the file descriptor in EAX or -1 on error)

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket 3

Lesson 30

Sockets - Bind

Building on the previous lesson we will now associate the created socket with a local IP address and port which will allow us to connect to it. We do this by calling the second subroutine of SYS_SOCKETCALL which is called 'bind'.

We begin by storing the file descriptor we recieved in lesson 29 into EDI. EDI was originally called the Destination Index and is traditionally used in copy routines to store the location of a target file.

SYS_SOCKETCALL's subroutine 'bind' expects 2 arguments - a pointer to an array of arguments in ECX and the integer value 2 in EBX. The SYS_SOCKETCALL opcode is then loaded into EAX and the kernel is called to bind the socket.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; initialize some registers
                                    xor     ebx, ebx
                                    xor     edi, edi
                                    xor     esi, esi

                                _socket:

                                    push    byte 6              ; create socket from lesson 29
                                    push    byte 1
                                    push    byte 2
                                    mov     ecx, esp
                                    mov     ebx, 1
                                    mov     eax, 102
                                    int     80h

                                _bind:

                                    mov     edi, eax            ; move return value of SYS_SOCKETCALL into edi (file descriptor for new socket, or -1 on error)
                                    push    dword 0x00000000    ; push 0 dec onto the stack IP ADDRESS (0.0.0.0)
                                    push    word 0x2923         ; push 9001 dec onto stack PORT (reverse byte order)
                                    push    word 2              ; push 2 dec onto stack AF_INET
                                    mov     ecx, esp            ; move address of stack pointer into ecx
                                    push    byte 16             ; push 16 dec onto stack (arguments length)
                                    push    ecx                 ; push the address of arguments onto stack
                                    push    edi                 ; push the file descriptor onto stack
                                    mov     ecx, esp            ; move address of arguments into ecx
                                    mov     ebx, 2              ; invoke subroutine BIND (2)
                                    mov     eax, 102            ; invoke SYS_SOCKETCALL (kernel opcode 102)
                                    int     80h                 ; call the kernel

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket

Lesson 31

Sockets - Listen

In the previous lessons we created a socket and used the 'bind' subroutine to associate it with a local IP address and port. In this lesson we will use the 'listen' subroutine of SYS_SOCKETCALL to tell our socket to listen for incoming TCP requests. This will allow us to read and write to anyone who connects to our socket.

SYS_SOCKETCALL's subroutine 'listen' expects 2 arguments - a pointer to an array of arguments in ECX and the integer value 4 in EBX. The SYS_SOCKETCALL opcode is then loaded into EAX and the kernel is called. If succesful the socket will begin listening for incoming requests.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; initialize some registers
                                    xor     ebx, ebx
                                    xor     edi, edi
                                    xor     esi, esi

                                _socket:

                                    push    byte 6              ; create socket from lesson 29
                                    push    byte 1
                                    push    byte 2
                                    mov     ecx, esp
                                    mov     ebx, 1
                                    mov     eax, 102
                                    int     80h

                                _bind:

                                    mov     edi, eax            ; bind socket from lesson 30
                                    push    dword 0x00000000
                                    push    word 0x2923
                                    push    word 2
                                    mov     ecx, esp
                                    push    byte 16
                                    push    ecx
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 2
                                    mov     eax, 102
                                    int     80h

                                _listen:

                                    push    byte 1              ; move 1 onto stack (max queue length argument)
                                    push    edi                 ; push the file descriptor onto stack
                                    mov     ecx, esp            ; move address of arguments into ecx
                                    mov     ebx, 4              ; invoke subroutine LISTEN (4)
                                    mov     eax, 102            ; invoke SYS_SOCKETCALL (kernel opcode 102)
                                    int     80h                 ; call the kernel

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket

Lesson 32

Sockets - Accept

In the previous lessons we created a socket and used the 'bind' subroutine to associate it with a local IP address and port. We then used the 'listen' subroutine of SYS_SOCKETCALL to tell our socket to listen for incoming TCP requests. Now we will use the 'accept' subroutine of SYS_SOCKETCALL to tell our socket to accept those incoming requests. Our socket will then be ready to read and write to remote connections.

SYS_SOCKETCALL's subroutine 'accept' expects 2 arguments - a pointer to an array of arguments in ECX and the integer value 5 in EBX. The SYS_SOCKETCALL opcode is then loaded into EAX and the kernel is called. The 'accept' subroutine will create another file descriptor, this time identifying the incoming socket connection. We will use this file descriptor to read and write to the incoming connection in later lessons.

Note: Run the program and use the command sudo netstat -plnt in another terminal to view the socket listening on port 9001.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; initialize some registers
                                    xor     ebx, ebx
                                    xor     edi, edi
                                    xor     esi, esi

                                _socket:

                                    push    byte 6              ; create socket from lesson 29
                                    push    byte 1
                                    push    byte 2
                                    mov     ecx, esp
                                    mov     ebx, 1
                                    mov     eax, 102
                                    int     80h

                                _bind:

                                    mov     edi, eax            ; bind socket from lesson 30
                                    push    dword 0x00000000
                                    push    word 0x2923
                                    push    word 2
                                    mov     ecx, esp
                                    push    byte 16
                                    push    ecx
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 2
                                    mov     eax, 102
                                    int     80h

                                _listen:

                                    push    byte 1              ; listen socket from lesson 31
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 4
                                    mov     eax, 102
                                    int     80h

                                _accept:

                                    push    byte 0              ; push 0 dec onto stack (address length argument)
                                    push    byte 0              ; push 0 dec onto stack (address argument)
                                    push    edi                 ; push the file descriptor onto stack
                                    mov     ecx, esp            ; move address of arguments into ecx
                                    mov     ebx, 5              ; invoke subroutine ACCEPT (5)
                                    mov     eax, 102            ; invoke SYS_SOCKETCALL (kernel opcode 102)
                                    int     80h                 ; call the kernel

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket

Lesson 33

Sockets - Read

When an incoming connection is accepted by our socket, a new file descriptor identifying the incoming socket connection is returned in EAX. In this lesson we will use this file descriptor to read the incoming request headers from the connection.

We begin by storing the file descriptor we recieved in lesson 32 into ESI. ESI was originally called the Source Index and is traditionally used in copy routines to store the location of a target file.

We will use the kernel function sys_read to read from the incoming socket connection. As we have done in previous lessons, we will create a variable to store the contents being read from the file descriptor. Our socket will be using the HTTP protocol to communicate. Parsing HTTP request headers to determine the length of the incoming message and accepted response formats is beyond the scope of this tutorial. We will instead just read up to the first 255 bytes and print that to standardout.

Once the incoming connection has been accepted, it is very common for webservers to spawn a child process to manage the read/write communication. The parent process is then free to return to the listening/accept state and accept any new incoming requests in parallel. We will implement this design pattern below using SYS_FORK and the JMP instruction prior to reading the request headers in the child process.

To generate valid request headers we will use the commandline tool curl to connect to our listening socket. But you can also use a standard web browser to connect in the same way.

sys_read expects 3 arguments - the number of bytes to read in EDX, the memory address of our variable in ECX and the file descriptor in EBX. The sys_read opcode is then loaded into EAX and the kernel is called to read the contents into our variable which is then printed to the screen.

Note: We will reserve 255 bytes in the .bss section to store the contents being read from the file descriptor. See Lesson 9 for more information on the .bss section.

Note: Run the program and use the command curl http://localhost:9001 in another terminal to view the request headers being read by our program.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .bss
                                buffer resb 255,                ; variable to store request headers

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; initialize some registers
                                    xor     ebx, ebx
                                    xor     edi, edi
                                    xor     esi, esi

                                _socket:

                                    push    byte 6              ; create socket from lesson 29
                                    push    byte 1
                                    push    byte 2
                                    mov     ecx, esp
                                    mov     ebx, 1
                                    mov     eax, 102
                                    int     80h

                                _bind:

                                    mov     edi, eax            ; bind socket from lesson 30
                                    push    dword 0x00000000
                                    push    word 0x2923
                                    push    word 2
                                    mov     ecx, esp
                                    push    byte 16
                                    push    ecx
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 2
                                    mov     eax, 102
                                    int     80h

                                _listen:

                                    push    byte 1              ; listen socket from lesson 31
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 4
                                    mov     eax, 102
                                    int     80h

                                _accept:

                                    push    byte 0              ; accept socket from lesson 32
                                    push    byte 0
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 5
                                    mov     eax, 102
                                    int     80h

                                _fork:

                                    mov     esi, eax            ; move return value of SYS_SOCKETCALL into esi (file descriptor for accepted socket, or -1 on error)
                                    mov     eax, 2              ; invoke SYS_FORK (kernel opcode 2)
                                    int     80h                 ; call the kernel

                                    cmp     eax, 0              ; if return value of SYS_FORK in eax is zero we are in the child process
                                    jz      _read               ; jmp in child process to _read

                                    jmp     _accept             ; jmp in parent process to _accept

                                _read:

                                    mov     edx, 255            ; number of bytes to read (we will only read the first 255 bytes for simplicity)
                                    mov     ecx, buffer         ; move the memory address of our buffer variable into ecx
                                    mov     ebx, esi            ; move esi into ebx (accepted socket file descriptor)
                                    mov     eax, 3              ; invoke SYS_READ (kernel opcode 3)
                                    int     80h                 ; call the kernel

                                    mov     eax, buffer         ; move the memory address of our buffer variable into eax for printing
                                    call    sprintLF            ; call our string printing function

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket GET / HTTP/1.1 Host: localhost:9001 User-Agent: curl/x.xx.x Accept: */*

Lesson 34

Sockets - Write

When an incoming connection is accepted by our socket, a new file descriptor identifying the incoming socket connection is returned in EAX. In this lesson we will use this file descriptor to send our response to the connection.

We will use the kernel function sys_write to write to the incoming socket connection. As our socket will be communicating using the HTTP protocol, we will need to send some compulsory headers in order to allow HTTP speaking clients to connect. We will send these following the formatting rules set out in the RFC Standard.

sys_write expects 3 arguments - the number of bytes to write in EDX, the response string to write in ECX and the file descriptor in EBX. The sys_write opcode is then loaded into EAX and the kernel is called to send our response back through our socket to the incoming connection.

Note: We will create a variable in the .data section to store the response we will write to the file descriptor. See Lesson 1 for more information on the .data section.

Note: Run the program and use the command curl http://localhost:9001 in another terminal to view the response sent via our socket. Or connect to the same address using any standard web browser.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .data
                                ; our response string
                                response db 'HTTP/1.1 200 OK', 0Dh, 0Ah, 'Content-Type: text/html', 0Dh, 0Ah, 'Content-Length: 14', 0Dh, 0Ah, 0Dh, 0Ah, 'Hello World!', 0Dh, 0Ah, 0h

                                SECTION .bss
                                buffer resb 255,                ; variable to store request headers

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; initialize some registers
                                    xor     ebx, ebx
                                    xor     edi, edi
                                    xor     esi, esi

                                _socket:

                                    push    byte 6              ; create socket from lesson 29
                                    push    byte 1
                                    push    byte 2
                                    mov     ecx, esp
                                    mov     ebx, 1
                                    mov     eax, 102
                                    int     80h

                                _bind:

                                    mov     edi, eax            ; bind socket from lesson 30
                                    push    dword 0x00000000
                                    push    word 0x2923
                                    push    word 2
                                    mov     ecx, esp
                                    push    byte 16
                                    push    ecx
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 2
                                    mov     eax, 102
                                    int     80h

                                _listen:

                                    push    byte 1              ; listen socket from lesson 31
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 4
                                    mov     eax, 102
                                    int     80h

                                _accept:

                                    push    byte 0              ; accept socket from lesson 32
                                    push    byte 0
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 5
                                    mov     eax, 102
                                    int     80h

                                _fork:

                                    mov     esi, eax            ; fork socket from lesson 33
                                    mov     eax, 2
                                    int     80h

                                    cmp     eax, 0
                                    jz      _read

                                    jmp     _accept

                                _read:

                                    mov     edx, 255            ; read socket from lesson 33
                                    mov     ecx, buffer
                                    mov     ebx, esi
                                    mov     eax, 3
                                    int     80h

                                    mov     eax, buffer
                                    call    sprintLF

                                _write:

                                    mov     edx, 78             ; move 78 dec into edx (length in bytes to write)
                                    mov     ecx, response       ; move address of our response variable into ecx
                                    mov     ebx, esi            ; move file descriptor into ebx (accepted socket id)
                                    mov     eax, 4              ; invoke SYS_WRITE (kernel opcode 4)
                                    int     80h                 ; call the kernel

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket

New terminal window
~$ curl http://localhost:9001 Hello World!

Lesson 35

Sockets - Close

In this lesson we will use sys_close to properly close the active socket connection in the child process after our response has been sent. This will free up some resources that can be used to accept new incoming connections.

sys_close expects 1 argument - the file descriptor in EBX. The sys_close opcode is then loaded into EAX and the kernel is called to close the socket and remove the active file descriptor.

Note: Run the program and use the command curl http://localhost:9001 in another terminal or connect to the same address using any standard web browser.

socket.asm 
                                ; Socket
                                ; Compile with: nasm -f elf socket.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 socket.o -o socket
                                ; Run with: ./socket

                                %include    'functions.asm'

                                SECTION .data
                                ; our response string
                                response db 'HTTP/1.1 200 OK', 0Dh, 0Ah, 'Content-Type: text/html', 0Dh, 0Ah, 'Content-Length: 14', 0Dh, 0Ah, 0Dh, 0Ah, 'Hello World!', 0Dh, 0Ah, 0h

                                SECTION .bss
                                buffer resb 255,                ; variable to store request headers

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; initialize some registers
                                    xor     ebx, ebx
                                    xor     edi, edi
                                    xor     esi, esi

                                _socket:

                                    push    byte 6              ; create socket from lesson 29
                                    push    byte 1
                                    push    byte 2
                                    mov     ecx, esp
                                    mov     ebx, 1
                                    mov     eax, 102
                                    int     80h

                                _bind:

                                    mov     edi, eax            ; bind socket from lesson 30
                                    push    dword 0x00000000
                                    push    word 0x2923
                                    push    word 2
                                    mov     ecx, esp
                                    push    byte 16
                                    push    ecx
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 2
                                    mov     eax, 102
                                    int     80h

                                _listen:

                                    push    byte 1              ; listen socket from lesson 31
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 4
                                    mov     eax, 102
                                    int     80h

                                _accept:

                                    push    byte 0              ; accept socket from lesson 32
                                    push    byte 0
                                    push    edi
                                    mov     ecx, esp
                                    mov     ebx, 5
                                    mov     eax, 102
                                    int     80h

                                _fork:

                                    mov     esi, eax            ; fork socket from lesson 33
                                    mov     eax, 2
                                    int     80h

                                    cmp     eax, 0
                                    jz      _read

                                    jmp     _accept

                                _read:

                                    mov     edx, 255            ; read socket from lesson 33
                                    mov     ecx, buffer
                                    mov     ebx, esi
                                    mov     eax, 3
                                    int     80h

                                    mov     eax, buffer
                                    call    sprintLF

                                _write:

                                    mov     edx, 78             ; write socket from lesson 34
                                    mov     ecx, response
                                    mov     ebx, esi
                                    mov     eax, 4
                                    int     80h

                                _close:

                                    mov     ebx, esi            ; move esi into ebx (accepted socket file descriptor)
                                    mov     eax, 6              ; invoke SYS_CLOSE (kernel opcode 6)
                                    int     80h                 ; call the kernel

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf socket.asm ~$ ld -m elf_i386 socket.o -o socket ~$ ./socket

New terminal window
~$ curl http://localhost:9001 Hello World!

Note: We have properly closed the socket connections and removed their active file descriptors.

Lesson 36

Download a Webpage

In the previous lessons we have been learning how to use the many subroutines of the SYS_SOCKETCALL kernel function to create, manage and transfer data through Linux sockets. We will continue that theme in this lesson by using the 'connect' subroutine of SYS_SOCKETCALL to connect to a remote webserver and download a webpage.

These are the steps we need to follow to connect a socket to a remote server:

  • Call SYS_SOCKETCALL's subroutine 'socket' to create an active socket that we will use to send outbound requests.
  • Call SYS_SOCKETCALL's subroutine 'connect' to connect our socket with a socket on the remote webserver.
  • Use SYS_WRITE to send a HTTP formatted request through our socket to the remote webserver.
  • Use SYS_READ to recieve the HTTP formatted response from the webserver.
We will then use our string printing function to print the response to our terminal.

What is a HTTP Request

The HTTP specification has evolved through a number of standard versions including 1.0 in RFC1945, 1.1 in RFC2068 and 2.0 in RFC7540. Version 1.1 is still the most common today.

A HTTP/1.1 request is comprised of 3 sections:

  1. A line containing the request method, request url, and http version
  2. An optional section of request headers
  3. An empty line that tells the remote server you have finished sending the request and you will begin waiting for the response.

A typical HTTP request for the root document on this server would look like this:

                                GET / HTTP/1.1                  ; A line containing the request method, url and version
                                Host: asmtutor.com              ; A section of request headers
                                                                ; A required empty line
Writing our program

This tutorial starts out like the previous ones by calling SYS_SOCKETCALL's subroutine 'socket' to initially create our socket. However, instead of calling 'bind' on this socket we will call 'connect' with an IP Address and Port Number to connect our socket to a remote webserver. We will then use the SYS_WRITE and SYS_READ kernel methods to transfer data between the two sockets by sending a HTTP request and reading the HTTP response.

SYS_SOCKETCALL's subroutine 'connect' expects 2 arguments - a pointer to an array of arguments in ECX and the integer value 3 in EBX. The SYS_SOCKETCALL opcode is then loaded into EAX and the kernel is called to connect to the socket.

Note: In Linux we can use the following command ./crawler > index.html to save the output of our program to a file instead.

crawler.asm 
                                ; Crawler
                                ; Compile with: nasm -f elf crawler.asm
                                ; Link with (64 bit systems require elf_i386 option): ld -m elf_i386 crawler.o -o crawler
                                ; Run with: ./crawler

                                %include    'functions.asm'

                                SECTION .data
                                ; our request string
                                request db 'GET / HTTP/1.1', 0Dh, 0Ah, 'Host: 139.162.39.66:80', 0Dh, 0Ah, 0Dh, 0Ah, 0h

                                SECTION .bss
                                buffer resb 1,                  ; variable to store response

                                SECTION .text
                                global  _start

                                _start:

                                    xor     eax, eax            ; init eax 0
                                    xor     ebx, ebx            ; init ebx 0
                                    xor     edi, edi            ; init edi 0

                                _socket:

                                    push    byte 6              ; push 6 onto the stack (IPPROTO_TCP)
                                    push    byte 1              ; push 1 onto the stack (SOCK_STREAM)
                                    push    byte 2              ; push 2 onto the stack (PF_INET)
                                    mov     ecx, esp            ; move address of arguments into ecx
                                    mov     ebx, 1              ; invoke subroutine SOCKET (1)
                                    mov     eax, 102            ; invoke SYS_SOCKETCALL (kernel opcode 102)
                                    int     80h                 ; call the kernel

                                _connect:

                                    mov     edi, eax            ; move return value of SYS_SOCKETCALL into edi (file descriptor for new socket, or -1 on error)
                                    push    dword 0x4227a28b    ; push 139.162.39.66 onto the stack IP ADDRESS (reverse byte order)
                                    push    word 0x5000         ; push 80 onto stack PORT (reverse byte order)
                                    push    word 2              ; push 2 dec onto stack AF_INET
                                    mov     ecx, esp            ; move address of stack pointer into ecx
                                    push    byte 16             ; push 16 dec onto stack (arguments length)
                                    push    ecx                 ; push the address of arguments onto stack
                                    push    edi                 ; push the file descriptor onto stack
                                    mov     ecx, esp            ; move address of arguments into ecx
                                    mov     ebx, 3              ; invoke subroutine CONNECT (3)
                                    mov     eax, 102            ; invoke SYS_SOCKETCALL (kernel opcode 102)
                                    int     80h                 ; call the kernel

                                _write:

                                    mov     edx, 43             ; move 43 dec into edx (length in bytes to write)
                                    mov     ecx, request        ; move address of our request variable into ecx
                                    mov     ebx, edi            ; move file descriptor into ebx (created socket file descriptor)
                                    mov     eax, 4              ; invoke SYS_WRITE (kernel opcode 4)
                                    int     80h                 ; call the kernel

                                _read:

                                    mov     edx, 1              ; number of bytes to read (we will read 1 byte at a time)
                                    mov     ecx, buffer         ; move the memory address of our buffer variable into ecx
                                    mov     ebx, edi            ; move edi into ebx (created socket file descriptor)
                                    mov     eax, 3              ; invoke SYS_READ (kernel opcode 3)
                                    int     80h                 ; call the kernel

                                    cmp     eax, 0              ; if return value of SYS_READ in eax is zero, we have reached the end of the file
                                    jz      _close              ; jmp to _close if we have reached the end of the file (zero flag set)

                                    mov     eax, buffer         ; move the memory address of our buffer variable into eax for printing
                                    call    sprint              ; call our string printing function
                                    jmp     _read               ; jmp to _read

                                _close:

                                    mov     ebx, edi            ; move edi into ebx (connected socket file descriptor)
                                    mov     eax, 6              ; invoke SYS_CLOSE (kernel opcode 6)
                                    int     80h                 ; call the kernel

                                _exit:

                                    call    quit                ; call our quit function
~$ nasm -f elf crawler.asm ~$ ld -m elf_i386 crawler.o -o crawler ~$ ./crawler HTTP/1.1 200 OK Content-Type: text/html   <!DOCTYPE html> <html lang="en"> ... </html>