Kindle Notes & Highlights
Read between
January 1 - February 21, 2019
A computer architecture that stores the least significant byte of a multibyte value at the lowest offset is called little endian. A computer architecture that stores the most significant byte of a multibyte value at the lowest offset is called big endian.
So, which “endianness” do Linux systems use? Both! (Though not at the same time…) Again, it's not about operating systems. The
The Joy of X by Niall Mansfield
The -k option instructs Make to stop building any file in which an error occurs and leave the previous copy of the target file undisturbed.
The x86 architecture is “little endian,” meaning that the least significant byte in a multibyte sequence is stored at the lowest address. This applies to registers as well,
numeric values. Signed values, of course, are values that can become
This is a requirement of the Linux operating system. Every executable program for Linux has to have a label _start in it somewhere, irrespective of the language it's written in: C, Pascal, assembly, no matter. If the Linux loader can't find the label, it can't load the program correctly. The
In Linux text work, the end-of-line (EOL) character has the numeric value of 10.
Unless the stack is completely empty, SP points to real data, not empty space.
A working program is not necessarily a finished program.
Learning is a messy business, and no matter how good you think you are, you will always be learning.
One non-obvious use of XOR is this: XORing any value against itself yields 0.
LEA enables you to calculate the effective address of any element in a table (or any calculable address at all!) and drop that address in a register.
Local labels, unfortunately, are not accessible as breakpoints from the command-line interface of the Gdb debugger.
Here's a rule of thumb that I use: local labels and all jumps to them should occur within a single screen of code.
NASM to generate opcodes for short jumps by default. In fact, NASM generates opcodes for short jumps unless you explicitly tell it to use near jumps.
It's a simple trade-off to understand: think macros for speed and procedures for compactness.
:)
yup
Beginning with the 2.6 version of the Linux kernel, the kernel “randomizes” the boundaries of the stack.
REPE will end the instruction when its comparison clears ZF to 0.
so very true
gcc governs both the assembly step and the link step.
what gcc really does is act as master controller for several GNU tools, supervising a code assembly line that you don't need to see unless you specifically want to.
Sixty-four-bit integer values are returned in EDX and EAX, with the low 32 bits in EAX and the high 32 bits in EDX.
Parameters passed to procedures are pushed onto the stack in reverse order.
The registers that cannot be changed by a Linux application linked to C functions are EBX, ESP, EBP, ESI, and EDI.
One compiler mechanism that does bear on Linux assembly work is that of the stack frame. Compilers depend on stack frames to create local variables in functions,
RESB directive just sets aside space for your variable.
In a sense, assembly language is an intermediate language used for the C compiler's benefit.
In NASM, a named string variable is considered a variable and not a literal.
a memory location (as distinct from referencing its address) is done by enclosing the location of the address in square brackets, like so: mov ax, dword [ebp]
The argument count goes into EDI. The address of the argument table goes into EBX.
A file handle is a 32-bit number assigned by Linux to a file during the call to fopen().
The point is not to conquer the subject, but to live with it, and grow with your knowledge of it.
