parent
01daa4d8d6
commit
d5d225e53f
54
school/os-sec/uebung/02/02_1.md
Normal file
54
school/os-sec/uebung/02/02_1.md
Normal file
@ -0,0 +1,54 @@
|
||||
# Aufgabe 1
|
||||
|
||||
1)
|
||||
* Fragment 1: fastcall, da die parameter durch die register eax, edx und ecx übergeben werden, return value in eax
|
||||
* Fragment 2: cdecl, da die parameter in right-to-left order auf dem stack liegen, return value in eax, kein stack
|
||||
cleanup
|
||||
* Fragment 3: stdcall, parameter in right-to-left order auf dem stack, return value in eax, callee cleanup
|
||||
|
||||
2)
|
||||
* Fragment 1: EAX = a, edx = b, ecx = c
|
||||
|
||||
Annahme: Angabe der Parameterreihenfolge _nach_ dem call, also im neuen stackframe
|
||||
* Fragment 2: ebp+0x8 = a, ebp+0x0c = b, ebp+0x10 = c
|
||||
* Fragment 3: ebp+0x8 = a, ebp+0x0c = b, ebp+0x10 = c
|
||||
|
||||
Annahme: Angabe der Parameterreihenfolge _vor_ dem call, also im alten stackframe
|
||||
* Fragment 2: esp = a, esp+0x4 = b, esp+0x8 = c
|
||||
* Fragment 3: esp = a, esp+0x4 = b, esp+0x8 = c
|
||||
|
||||
|
||||
3)
|
||||
* Fragment 1: Caller cleanup bzw da nur 3 Parameter verwendet werden, kein stack cleanup nötig, da alle parameter
|
||||
über register übergeben werden
|
||||
* Fragment 2: Caller cleanup
|
||||
* Fragment 3: Callee cleanup
|
||||
|
||||
4)
|
||||
Fragment 1:
|
||||
|
||||
```
|
||||
MOV eax, 3
|
||||
MOV edx, 2
|
||||
MOV ecx, 1
|
||||
CALL f
|
||||
```
|
||||
|
||||
Fragement 2:
|
||||
|
||||
```
|
||||
PUSH 1
|
||||
PUSH 2
|
||||
PUSH 3
|
||||
CALL f
|
||||
ADD ESP, 12
|
||||
```
|
||||
|
||||
Fragment 3:
|
||||
|
||||
```
|
||||
PUSH 1
|
||||
PUSH 2
|
||||
PUSH 3
|
||||
CALL f
|
||||
```
|
63
school/os-sec/uebung/02/02_2.c
Normal file
63
school/os-sec/uebung/02/02_2.c
Normal file
@ -0,0 +1,63 @@
|
||||
#include<inttypes.h>
|
||||
|
||||
/*
|
||||
PUSH EBP
|
||||
MOV EBP, ESP
|
||||
SUB ESP , 4 ; reserve 4 bytes in the stack frame -> local variable int32_t -> i
|
||||
MOV DWORD PTR [ EBP − 4 ] , 1 ; initialize local variable with 1
|
||||
|
||||
; EBP+8 : first parameter -> a
|
||||
; EBP+12 : second parameter -> b
|
||||
|
||||
loop:
|
||||
CMP DWORD PTR [ EPB+ 8 ] , 99 ; while (a >= 99)
|
||||
JL SHORT exit
|
||||
LEA EAX, [ EBP+12 ] ; eax = *b;
|
||||
DEC DWORD PTR [EAX] ; *b--;
|
||||
CMP DWORD PTR [ EBP+ 12 ] , 99 ; if (b >= 99)
|
||||
JL SHORT continue
|
||||
JMP SHORT exit ; break
|
||||
|
||||
continue:
|
||||
MOV EDX, [ EBP+8] ; edx = a
|
||||
LEA EAX, [ EBP − 4] ; eax = *i
|
||||
ADD DWORD PTR [EAX] , EDX ; *eax += edx -> i += a
|
||||
INC DWORD PTR [ EBP+8] ; a++;
|
||||
JMP SHORT loop ; loop
|
||||
|
||||
exit:
|
||||
MOV EAX, DWORD PTR [ EBP − 4] ; return i
|
||||
MOV ESP , EBP ; cleanup
|
||||
POP EBP ; cleanup
|
||||
RETN
|
||||
|
||||
*/
|
||||
|
||||
int32_t f(int32_t a, int32_t b) {
|
||||
int32_t i = 1;
|
||||
b--;
|
||||
while (a >= 99 && b < 99) {
|
||||
i += a;
|
||||
a++;
|
||||
b--;
|
||||
}
|
||||
return i;
|
||||
}
|
||||
|
||||
/* int32_t f(int32_t a, int32_t b) { */
|
||||
/* int32_t i = 1; */
|
||||
/* while (a >= 99) { */
|
||||
/* b--; */
|
||||
/* if (b < 99) { */
|
||||
/* i += a; */
|
||||
/* a++; */
|
||||
/* } else { */
|
||||
/* break; */
|
||||
/* } */
|
||||
/* } */
|
||||
/* return i; */
|
||||
/* } */
|
||||
|
||||
int main(void) {
|
||||
f(1,2);
|
||||
}
|
39
school/os-sec/uebung/02/02_3.md
Normal file
39
school/os-sec/uebung/02/02_3.md
Normal file
@ -0,0 +1,39 @@
|
||||
# Übung 2 Aufgabe 3
|
||||
|
||||
1.
|
||||
|
||||
| Instruction | Kommentar |
|
||||
| --- | --- |
|
||||
| `push eax` | speichere wert aus eax auf dem stack |
|
||||
| `push ecx` | 2. Parameter wird auf Stack gepusht |
|
||||
| `push edx` | 1. Parameter wird auf Stack gepusht |
|
||||
| `call CAFEBABEh` | Subrotine an Adresse 0xCAFEBABE wird aufgerufen |
|
||||
| `add esp, 12` | Zuvor gepushte parameter werden aufgeräumt |
|
||||
|
||||
| Instruction | Kommentar |
|
||||
| --- | --- |
|
||||
| `push ebp` | Wert von ebp wird auf Stack gespeichert |
|
||||
| `mov ebp, esp` | ebp Zeigt auf aktuellen stack pointer |
|
||||
| `sub esp, 4` | lokalen stackframe von 4 bytes reservieren |
|
||||
| `mov ecx, [ebp+8]` | schreibe parameter 1 nach ecx |
|
||||
| `add ecx, [ebp+12]` | addiere parameter 2 auf ecx (param1+param2) |
|
||||
| `mov [ebp-4], ecx` | schreibe wert aus eax in lokalen stackframe; int x = (param1+param2) |
|
||||
| `dec dword ptr[ebp-4]` | subtrahiere 1 von wert in lokalem stackframe; x-- |
|
||||
| `dec dword ptr[ebp-4]` | subtrahiere 1 von wert in lokalem stackframe; x-- |
|
||||
| `mov eax, [ebp-4]` | schreibe wert aus lokalem stackframe nach eax; return x |
|
||||
| `mov esp, ebp` | stelle alten stackpointer wieder her |
|
||||
| `pop ebp` | stelle alten basepointer wieder her |
|
||||
| `ret 8` | springe zurück zum aufrufenden punkt und räume den stack auf |
|
||||
|
||||
2.
|
||||
|
||||
```
|
||||
int32_t f(int32_t a, int32_t b) {
|
||||
return (a+b)-2;
|
||||
}
|
||||
```
|
||||
|
||||
3.
|
||||
|
||||
4.
|
||||
Sowohl Caller, also auch Callee räumen den Stack auf. Darüber hinaus
|
BIN
school/os-sec/uebung/02/a.out
Executable file
BIN
school/os-sec/uebung/02/a.out
Executable file
Binary file not shown.
Loading…
Reference in New Issue
Block a user