{"id":975,"date":"2011-03-02T23:05:13","date_gmt":"2011-03-02T13:05:13","guid":{"rendered":"http:\/\/brnz.org\/hbr\/?p=975"},"modified":"2011-03-04T22:43:28","modified_gmt":"2011-03-04T12:43:28","slug":"assembly-primer-parts-6-%e2%80%94-moving-data-%e2%80%94-arm","status":"publish","type":"post","link":"https:\/\/brnz.org\/hbr\/?p=975","title":{"rendered":"Assembly Primer Parts 6 \u2014 Moving Data \u2014 ARM"},"content":{"rendered":"<p>My notes for where ARM differs from IA32 in the <a href=\"http:\/\/securitytube.net\/Assembly-Primer-for-Hackers-(Part-6)-Moving-Data-video.aspx\">Assembly Primer video Part 6 &#8212; Moving Data<\/a>.<\/p>\n<p>(There is no separate part 5 post for ARM &#8212; apart from the instructions, it&#8217;s identical to IA32. There&#8217;s even support for the .bss section, unlike SPU and PPC)<\/p>\n<h2>Moving Data<\/h2>\n<p>We&#8217;ll look at <a href=\"http:\/\/code.securitytube.net\/MovDemo.s\">MovDemo.s<\/a> for ARM. First, the storage:<\/p>\n<pre escaped=\"true\" lang=\"asm\">.data\r\n\r\n    HelloWorld:\r\n        .ascii \"Hello World!\"\r\n\r\n    ByteLocation:\r\n        .byte 10\r\n\r\n    Int32:\r\n        .int 2\r\n    Int16:\r\n        .short 3\r\n    Float:\r\n        .float 10.23\r\n\r\n    IntegerArray:\r\n        .int 10,20,30,40,50<\/pre>\n<p>It&#8217;s the same as for IA32, PPC and SPU. Like the first two, ARM will cope with the unnatural alignment.<\/p>\n<h3>1. Immediate value to register<\/h3>\n<pre escaped=\"true\" lang=\"asm\">.text\r\n.globl _start\r\n_start:\r\n    @movl $10, %eax\r\n\r\n    mov r0, #10<\/pre>\n<p>Move the value 10 into register r0.<\/p>\n<p>Something to note: the ARM assembly syntax has some slightly differences. Where others use <strong>#<\/strong> to mark the start of a comment, ARM has <strong>@<\/strong> (although <strong>#<\/strong> works at the start of a line). Literal values are prefixed with <strong>#<\/strong>, which confuses the default syntax highlighting in vim.<\/p>\n<h3>2. Immediate value to memory<\/h3>\n<pre escaped=\"true\" lang=\"asm\">    @movw $50, Int16\r\n\r\n    mov r1, #50\r\n    movw r0, #:lower16:Int16\r\n    movt r0, #:upper16:Int16\r\n    strh r1, [r0, #0]<\/pre>\n<p>We need to load the immediate value in a register (r1), the address in a register (r0) and then perform the write. To quote the Architecture Reference Manual:<\/p>\n<blockquote><p>The ARM architecture &#8230; incorporates &#8230; a load\/store architecture, where data processing operations only operate on register contents, not directly on memory contents.<\/p><\/blockquote>\n<p>which is like PPC and SPU, and unlike IA32 &#8212; and so we&#8217;ll see similarly verbose alternatives to the IA32 examples from the video.<\/p>\n<p>I&#8217;m using <strong>movw<\/strong>, <strong>movt<\/strong> sequence to load the address, rather than <strong>ldr<\/strong> (as mentioned in the previous installment).<\/p>\n<p><strong>strh<\/strong> is, in this case, <strong>Store Register Halfword (immediate)<\/strong> &#8212; writes the value in r1 to the address computed from the sum of the contents of r0 and the immediate value of 0.<\/p>\n<h3>3. Register to register<\/h3>\n<pre escaped=\"true\" lang=\"asm\">    @movl %eax, %ebx\r\n\r\n    mov r1,r0<\/pre>\n<p><strong>mov<\/strong> (<strong>Move<\/strong>) copies the value from r0 to r1.<\/p>\n<h3>4. Memory to register<\/h3>\n<pre escaped=\"true\" lang=\"asm\">    @movl Int32, %eax\r\n\r\n    movw r0, #:lower16:Int32\r\n    movt r0, #:upper16:Int32\r\n    ldr r1, [r0, #0]<\/pre>\n<p>Load the address into r0, load from the address r0+0. Here <strong>ldr<\/strong> is <strong>Load Register (immediate)<\/strong>.<\/p>\n<h3>5. Register to memory<\/h3>\n<pre escaped=\"true\" lang=\"asm\">    @movb $3, %al\r\n    @movb %al, ByteLocation\r\n\r\n    mov r0, #3\r\n    movw r1, #:lower16:ByteLocation\r\n    movt r1, #:upper16:ByteLocation\r\n    strb r0, [r1, #0]<\/pre>\n<p>Once again the same kind of thing &#8212; load 3 into r0, the address of ByteLocation into r1, perform the store.<\/p>\n<h3>6. Register to indexed memory location<\/h3>\n<pre escaped=\"true\" lang=\"asm\">    @movl $0, %ecx\r\n    @movl $2, %edi\r\n    @movl $22, IntegerArray(%ecx, %edi, 4)\r\n\r\n    movw r0, #:lower16:IntegerArray\r\n    movt r0, #:upper16:IntegerArray\r\n    mov r1, #2\r\n    mov r2, #22\r\n    str r2, [r0, r1, lsl #2]<\/pre>\n<p>A little more interesting &#8212; here <strong>str<\/strong> is <strong>Store Register (register) <\/strong>which accepts two registers and an optional shift operation and amount. Here <strong>lsl<\/strong> is <strong>logical shift left<\/strong>, effectively multiplying r1 by 4 &#8212; the size of the array elements.<\/p>\n<p>(GCC puts <strong>asl<\/strong> here. Presumably identical to logical shift left, but there&#8217;s no mention of <strong>asl<\/strong> in the Architecture Reference Manual. <strong>Update:<\/strong> ASL is referenced in the list of errors <a href=\"http:\/\/infocenter.arm.com\/help\/index.jsp?topic=\/com.arm.doc.dui0496c\/CACHCBBJ.html\">here<\/a> as an obsolete name for LSL)<\/p>\n<p>Two source registers and a shift is still shy of IA32&#8217;s support for an calculating an address from a base address, two registers and a multiply.<\/p>\n<h3>7. Indirect addressing<\/h3>\n<pre escaped=\"true\" lang=\"asm\">    @movl $Int32, %eax\r\n    @movl (%eax), %ebx\r\n\r\n    movw r0, #:lower16:Int32\r\n    movt r0, #:upper16:Int32\r\n    ldr r1, [r0, #0]\r\n\r\n    @movl $9, (%eax)\r\n\r\n    mov r2, #9\r\n    str r2, [r0, #0]<\/pre>\n<p>More of the same.<\/p>\n<h2>Concluding thoughts<\/h2>\n<p>In addition to the cases above, ARM has a number of other interesting addressing modes that I shall consider in more detail in the future &#8212; logical operations, auto-{increment, decrement} and multiples. Combined with conditional execution, there are some very interesting possibilities.<\/p>\n<h3>Other assembly primer notes are linked <a href=\"https:\/\/brnz.org\/hbr\/?page_id=737\">here<\/a>.<a href=\"..\/..\/?page_id=737\"><br \/>\n<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>My notes for where ARM differs from IA32 in the Assembly Primer video Part 6 &#8212; Moving Data. (There is no separate part 5 post for ARM &#8212; apart from the instructions, it&#8217;s identical to IA32. There&#8217;s even support for the .bss section, unlike SPU and PPC) Moving Data We&#8217;ll look at MovDemo.s for ARM. &hellip; <a href=\"https:\/\/brnz.org\/hbr\/?p=975\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Assembly Primer Parts 6 \u2014 Moving Data \u2014 ARM&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5,26],"tags":[45,38],"_links":{"self":[{"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=\/wp\/v2\/posts\/975"}],"collection":[{"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=975"}],"version-history":[{"count":11,"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=\/wp\/v2\/posts\/975\/revisions"}],"predecessor-version":[{"id":990,"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=\/wp\/v2\/posts\/975\/revisions\/990"}],"wp:attachment":[{"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brnz.org\/hbr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}