Tuesday, November 30, 2010

Useful Techniques in Assembly

How To Print Values Stored In Registers In Assembly

Most of the time when we use assembly, we load values to registers like AX,BX, Al,AH etc. Some time we need to print those values on the screen.

Before explain that we have to understand how the values are representing in the registers.

There are three type of representing values in a register,

1. Normal values(Pure decimal value convert in to binary and store in register)

For example, To store 68 we convert it to binary and its value is 1000100. So lets see the Value of each bit of AX register when we store that number in AX, AX is a 16bit register,

MSB 0000000001000100 LSB

2. As ASCII Values

For a Example Lets take we want to store "A8" in AX register; So the register saves the ASCII values in binary forum.

'A'=65=01000001
'8'=56=00111000

So the Values of AX Register is;

MSB 0011100001000001 LSB

3. Some Times We use Binary Coded Decimal To store VALUES.

0 = 0000
1 = 0001
2 = 0010
3 = 0011
4 = 0100
5 = 0101
6 = 0110
7 = 0111
8 = 1000
9 = 1001


So when we use to print a string stored in several registers as ASCII values we can use following technique to print values.

Varible_Name resd 16 ;Variable declaration in segment .bss section


mov [Varible_Name],eax ;move eax's four bytes to first 4 bytes of variable.
mov [Varible_Name],ebx ;move ebx's four bytes to first 4 bytes of variable.
mov [Varible_Name],ecx ;move ecx's four bytes to first 4 bytes of variable.
mov [Varible_Name],edx ;move edx's four bytes to first 4 bytes of variable.
mov si,Varible_Name
call _disp_str

_disp_str:
lodsb ; load next character
or al, al ; test for NUL character
jz .DONE
mov ah, 0x0E ; BIOS teletype
mov bh, 0x00 ; display page 0
mov bl, 0x07 ; text attribute
int 0x10 ; invoke BIOS
jmp _disp_str
.DONE:
ret

And when we want print a a 16bit value in binary in screen we have to move it to AX register and we can call this function. Then it will print the decimal value.

hex2dec:

push ax ; save that AX
push bx ; save that CX
push cx ; save that DX
push si ; save that SI
mov ax,dx ; copy number into AX
mov si,10 ; SI will be our divisor
xor cx,cx ; clean up the CX

non_zero:

xor dx,dx ; clean up the DX
div si ; divide by 10
push dx ; push number onto the stack
inc cx ; increment CX to do it more times
or ax,ax ; end of the number?
jne non_zero ; no? Keep chuggin' away

_write_digits:
pop dx ; get the digit off DX
add dl,48 ; add 48 to get ASCII
mov al, dl
mov ah, 0x0e
int 0x10
loop _write_digits

pop si ; restore that SI
pop cx ; restore that DX
pop bx ; restore that CX
pop ax ; restore that AX
ret ; End o' procedure!




Sunday, November 21, 2010

X86 Assembly, if-else control Structures, loops

Comparisons

Control structures decide what to do based on comparisons of data. In assembly, the result of a comparison is stored in the FLAGS register to be38 . BASIC ASSEMBLY LANGUAGE used later. The 80x86 provides the CMP instruction to perform comparisons.The FLAGS register is set based on the difference of the two operands of the CMP instruction. The operands are subtracted and the FLAGS are set based on the result, but the result is not stored anywhere. If you need the result use the SUB instead of the CMP instruction.For unsigned integers, there are two flags (bits in the FLAGS register) that are important: the zero (ZF) and carry (CF) flags. The zero flag is set (1) if the resulting difference would be zero. The carry flag is used as a borrow flag for subtraction. Consider a comparison like:

cmp vleft, vright

The difference of vleft - vright is computed and the flags are set accord-ingly. If the difference of the of CMP is zero, vleft = vright, then ZF is set (i.e. 1) and the CF is unset (i.e. 0). If vleft > vright, then ZF is unset and CF is unset (no borrow). If vleft <>
is set (borrow).For signed integers, there are three flags that are important: the zero
(ZF) flag, the overflow (OF) flag and the sign (SF) flag. The overflow flag Why does SF = OF if
vleft > vright? If there is no overflow, then the difference will have the correct value and must
be non-negative. Thus,SF = OF = 0. However,if there is an overflow, the difference will not have the correct value (and in fact will be negative). Thus,SF = OF = 1.is set if the result of an operation overflows (or underflows). The sign flag is set if the result of an operation is negative. If vleft = vright, the ZF is set (just as for unsigned integers). If vleft > vright, ZF is unset and
SF = OF. If vleft < sf =" OF.">

Branch instructions

Branch instructions can transfer execution to arbitrary points of a program. In other words, they act like a goto. There are two types of branches:unconditional and conditional. An unconditional branch is just like a goto,it always makes the branch. A conditional branch may or may not make the branch depending on the flags in the FLAGS register. If a conditional branch does not make the branch, control passes to the next instruction. The JMP (short for jump) instruction makes unconditional branches. Its single argument is usually a code label to the instruction to branch to. The assembler or linker will replace the label with correct address of the instruction. This is another one of the tedious operations that the assembler does to make the programmer’s life easier. It is important to realize that the statement immediately after the JMP instruction will never be executed unless another instruction branches to it!

Simple Conditional Branches

JZ branches only if ZF is set
JNZ branches only if ZF is unset
JO branches only if OF is set
JNO branches only if OF is unset
JS branches only if SF is set
JNS branches only if SF is unset
JC branches only if CF is set
JNC branches only if CF is unset
JP branches only if PF is set
JNP branches only if PF is unset

There are several variations of the jump instruction: SHORT This jump is very limited in range. It can only move up or down 128 bytes in memory. The advantage of this type is that it uses less
memory than the others. It uses a single signed byte to store the displacement of the jump. The displacement is how many bytes to move ahead or behind. (The displacement is added to EIP). To specify a short jump, use the SHORT keyword immediately before the label in the JMP instruction.
NEAR This jump is the default type for both unconditional and conditional branches, it can be used to jump to any location in a segment. Actually, the 80386 supports two types of near jumps. One uses two bytes for the displacement. This allows one to move up or down roughly 32,000 bytes. The other type uses four bytes for the displacement, which of course allows one to move to any location in the code segment. The four byte type is the default in 386 protected mode. The two byte type can be specified by putting the WORD keyword
before the label in the JMP instruction.
FAR This jump allows control to move to another code segment. This is a very rare thing to do in 386 protected mode. Valid code labels follow the same rules as data labels. Code labels are defined by placing them in the code segment in front of the statement they label. A colon is placed at the end of the label at its point of definition. The
colon is not part of the name.
There are many different conditional branch instructions. They also take a code label as their single operand. The simplest ones just look at a single flag in the FLAGS register to determine whether to branch or not.See Table for a list of these instructions. (PF is the parity flag which
indicates the odd or evenness of the number of bits set in the lower 8-bits of the result.)

The following pseudo-code,

if ( EAX == 0 )
EBX = 1;
else
EBX = 2;

could be written in assembly as:

1 cmp eax, 0 ; set flags (ZF set if eax - 0 = 0)
2 jz thenblock ; if ZF is set branch to thenblock
3 mov ebx, 2 ; ELSE part of IF
4 jmp next ; jump over THEN part of IF
5 thenblock:
6 mov ebx, 1 ; THEN part of IF
7 next:

Other comparisons are not so easy using the conditional branches in Table To illustrate, consider the following pseudo-code:

if ( EAX >= 5 )
EBX = 1;
else
EBX = 2;

If EAX is greater than or equal to five, the ZF may be set or unset and SF will equal OF. Here is assembly code that tests for these conditions (assuming that EAX is signed):

1 cmp eax, 5
2 js signon ; goto signon if SF = 1
3 jo elseblock ; goto elseblock if OF = 1 and SF = 0
4 jmp thenblock ; goto thenblock if SF = 0 and OF = 0
5 signon:
6 jo thenblock ; goto thenblock if SF = 1 and OF = 1
7 elseblock:
8 mov ebx, 2
9 jmp next
10 thenblock:
11 mov ebx, 1
12 next:

The above code is very awkward. Fortunately, the 80x86 provides additional branch instructions to make these type of tests much easier. There are signed and unsigned versions of each. Table shows these instructions. The equal and not equal branches (JE and JNE) are the same for both signed and unsigned integers. (In fact, JE and JNE are really identical2.2.

Signed and Unsigned Comparison Instructions

JE branches if vleft = vright JE branches if vleft = vright
JNE branches if vleft = vright JNE branches if vleft = vright
JL, JNGE branches if vleft <>
JLE, JNG branches if vleft ≤ vright JBE, JNA branches if vleft ≤ vright
JG, JNLE branches if vleft > vright JA, JNBE branches if vleft > vright
JGE, JNL branches if vleft ≥ vright JAE, JNB branches if vleft ≥ vright


Signed Unsigned to JZ and JNZ, respectively.) Each of the other branch instructions have
two synonyms. For example, look at JL (jump less than) and JNGE (jump not greater than or equal to). These are the same instruction because: x < y ="⇒">

1 cmp eax, 5
2 jge thenblock
3 mov ebx, 2
4 jmp next
5 thenblock:
6 mov ebx, 1
7 next:

The loop instructions

The 80x86 provides several instructions designed to implement for -like loops. Each of these instructions takes a code label as its single operand. LOOP Decrements ECX, if ECX = 0, branches to label LOOPE, LOOPZ Decrements ECX (FLAGS register is not modified), if
ECX = 0 and ZF = 1, branches LOOPNE, LOOPNZ Decrements ECX (FLAGS unchanged), if ECX = 0 and ZF = 0, branches

The last two loop instructions are useful for sequential search loops.
The following pseudo-code:

sum = 0;
for ( i=10; i >0; i−− )
sum += i;

could be translated into assembly as:

1 mov eax, 0 ; eax is sum
2 mov ecx, 10 ; ecx is i
3 loop_start:
4 add eax, ecx
5 loop loop_start

Translating Standard Control Structures

This section looks at how the standard control structures of high level languages can be implemented in assembly language.

If statements

The following pseudo-code:
if ( condition )
then block ;
else
else block ;
could be implemented as:

1 ; code to set FLAGS
2 jxx else_block ; select xx so that branches if condition false
3 ; code for then block
4 jmp endif
5 else_block:
6 ; code for else block
7 endif:

If there is no else, then the else block branch can be replaced by a
branch to end if.

1 ; code to set FLAGS
2 jxx endif ; select xx so that branches if condition false
3 ; code for then block
4 endif

While loops

The while loop is a top tested loop:
while( condition ) {
body of loop;
}

This could be translated into:

1 while:
2 ; code to set FLAGS based on condition
3 jxx endwhile ; select xx so that branches if false
4 ; body of loop
5 jmp while
6 endwhile:

Do while loops

The do while loop is a bottom tested loop:
do {
body of loop;
} while( condition );

This could be translated into:

1 do:
2 ; body of loop
3 ; code to set FLAGS based on condition
4 jxx do ; select xx so that branches if true

Refrence - PC Assembly Language Paul A. Carter

Thursday, November 18, 2010

BIOS Interrupt Calls To get Hardware and Other Data

BIOS Interrupt Calls.
Interrupt calls are a functionality provided by BIOS to get particular data from system and save them in the Registers of the CPU. (See The Appendix to find out what are x86 registers.) They invoked in particular way,
int inturrptVecotr in hex

From this manner we can call a particular interrupt and retrieve values from system. The manufactures provide a documentation of interrupt Vectors. They specify which interrupt can return which values. There are so many conditions and those conditions gives different information. The complete description of the interrupt vectors are giving in below reference's.

How To Find Your Processor Brand String


CPUID function in x86 Assembly Language


CPUID is an instruction provided by processor manufacture, it is an Assembly instruction. It has no operands in its function call. But it takes arguments from AX register. It provides processor identification information in registers EAX, EBX, ECX, and EDX. This information identifies Intel as the vendor, gives the family, model, and stepping of processor, feature information, and cache information. An input value loaded into the EAX register determines what information is returned. There is list of AX register values which retunes different information about CPU.



EAX=0h, CPUID

This returns the CPU's manufacturer ID string - a twelve character ASCII string stored in EBX, EDX, ECX - in that order. The highest basic calling parameter is returned in EAX. EBX, EDX, ECX, EAX are 32bit registers. We can store 4 8bit characters. Here is a example values of registers after CPUID call.

EAX= Maximum Input Value for Basic CPUID Information (see second table)
EBX= "Genu"
ECX= "ntel"
EDX= "ineI"

EAX=80000002h,80000003h,80000004h, CPUID

These return the processor brand string in EAX, EBX, ECX and EDX. CPUID must be issued with each parameter in sequence to get the entire 48-byte null-
terminated ASCII processor brand string.

EAX=80000002h;
EAX=” ”
EBX=” ”
ECX=” “
EDX= "nI "
EAX=80000003h;
EAX= "(let"
EBX= "P )R"
ECX= "itne"
EDX= "R(mu"
EAX=80000003h;
EAX= " 4 )"
EBX= " UPC"
ECX= "0051"
EDX= "zHM"

Hear also you have to write assembly codes to set AX value and call CPUID and extract data from registers and print them. Do it iteratively four times to get the processor brand string.

Saturday, November 6, 2010

Find Hardware info_Do You Know How Drivers are searched through Internet

Finding About Your Hardware Details.
This is the slandered way of finding hardware details ..
Evey hardware has a thing called Hardware ID it has two Portions, one is Vendor ID and Device ID.
When you find these two you can easily find out every thing about your hardware.
This not need any kind of drivers.
You can search through sites like this for your informations.
In Windows You can find Your Hardware ID This way......

  1. Open Device Manager (Control Panel>System>Hardware>Device Manager)
  2. The hardware whose drivers are missing will appear as Unknown device, so it's easier to locate the device.
  3. Right click on the unknown device and click on Properties.
  4. Under the Properties window click on Details tab and select Device Instance Id from the drop down box.
  5. You should see a code similar to this

    PCI\VEN_8086&DEV_27DC&SUBSYS_30868086
    &REV_01\4&1E46F438&0&40F0
  6. The portion of the code after VEN is the Vendor ID and the portion after DEV is the Device ID. In this example:

    Vendor ID = 8086
    Device ID = 27DC
In Linux you can use
dmidecode | more and man dmidecode for more information

SMBIOS - Gives Hardware Specifications


System Management BIOS (SMBIOS)

The SMBIOS provides numerous tables of data describing a computer's configuration. Available information includes items such as vendor name, BIOS version, installed components, CPU clock speed, etc.
The functions given in this section can be used to retrieve and parse the SMBIOS tables. Declarations of these functions and table entries (structures) are available in file Include\Rttsmbios.h and Libdel\Rttsmbios.pas.
Types RTSMSTR, RTSTRCNT, and RTSMHNDL used in some of the SMBIOS structures have special semantics. Values of type RTSMSTR are string indices. Function RTSMBIOSGetString can retrieve a pointer to the associated string. Values of type RTSTRCNT denote how many strings are appended to a structure. FunctionRTSMBIOSGetStringN can retrieve all such strings. Values of type RTSMHNDL reference another SMBIOS structure which can be located with RTSMBIOSFindHandle.
The SMBIOS structure declarations included in the following sections and in file Include\Rttsmbios.h correspond to version 2.4 of the SMBIOS specification. Older SMBIOS versions may only support a subset of the declared structure fields as later SMBIOS versions have appended data members to some structures. FunctionRTSMBIOSIsValid may be used to check if a particular structure member is supported.

We can find Following things using SMBIOS

0 BIOS
1 System
2 Base Board
3 Chassis
4 Processor
5 Memory Controller
6 Memory Module
7 Cache
8 Port Connector
9 System Slots
10 On Board Devices
11 OEM Strings
12 System Configuration Options
13 BIOS Language
14 Group Associations
15 System Event Log
16 Physical Memory Array
17 Memory Device
18 32-bit Memory Error
19 Memory Array Mapped Address
20 Memory Device Mapped Address
21 Built-in Pointing Device
22 Portable Battery
23 System Reset
24 Hardware Security
25 System Power Controls
26 Voltage Probe
27 Cooling Device
28 Temperature Probe
29 Electrical Current Probe
30 Out-of-band Remote Access
31 Boot Integrity Services
32 System Boot
33 64-bit Memory Error
34 Management Device
35 Management Device Component
36 Management Device Threshold Data
37 Memory Channel
38 IPMI Device
39 Power Supply

For How To do it?

But i am working on a solution in C or x86 ASM

Thursday, November 4, 2010

Programmable Logic Controller (PLC)



The automation of many different processes, such as controlling machines or factory assembly lines, is done through the use of small computers called a programmable logic controllers (PLCs). This is actually a control device that consists of a programmable microprocessor, and is programmed using a specialized computer language. A modern programmable logic controller is usually programmed in any one of several languages, ranging from ladderlogic to Basic or C. Typically, the program is written in a development environment on a computer, and then is downloaded onto the programmable logic controller directly through a cable connection. The program is stored in the programmable logiccontroller in non-volatile memory.

Programmable logic controllers typically contain a variable number of input/output (I/O) ports, and are usually Reduced Instruction Set Computer (RISC) based. They are designed for real-time use, and often must withstand harsh environments on the shop floor. Theprogrammable logic controller circuitry monitors the status of multiple sensor inputs, which control output actuators, which may be things like motor starters, solenoids, lights and displays, or valves.
This controller has made a significant contribution to factory automation. Earlier automation systems had to use thousands of individual relays and cam timers. In many cases, a PLC allows all of the relays and timers within a factory system to be replaced with a single controller. Today, programmable logic controllers deliver a wide range of functionality, including basic relay control, motion control, process control, and complex networking, as well as being used in distributed control systems (DCS).
Digital signals yield an on or off signal, which the programmable logic controller sees as Boolean values, those with only two states: true or false. Analog signals may also be used, such as those from devices like volume controls, and these analog signals can be seen by the programmable logic controller as floating point values. This is one way in which a computer can represent a rational number, but can be imprecise.
There are several different types of interfaces that are used when people need to interact with the programmable logic controller to configure it or work with it. It might be configured with simple lights or switches, or a text display. More complex systems might use a web interface on a computer running a supervisory control and data acquisition (SCADA) system.