32-Bit Windows Assembly: Ep.1 – Windows API and the Stack Flashcards
What does Assembly use to represent low-level instructions?
Mnemonics
What is another name for mnemonics
Symbolic references
Name an Assembler that can be used for 32-bit Windows Assembly?
MASM
Name a Linker that can be used for 32-bit Windows Assembly?
LINK
What does MASM stand for?
Microsoft Macro Assembler
Where can MASM be found?
Bundled with Visual Studio.
Name two tasks performed by the linker.
- Merges various object files together
* Sets up the references to external code
Name two types of instruction syntax formatting.
Intel and AT&T.
What does the call assembly instruction do?
Changes the execution flow to the target location. This is synonymous with a function call in normal programming.
Which assembly instruction would you use to execute a function?
call
What does the following assembly instruction do?
push (value)
Takes (value) and puts it on the local stack frame.
What is the meaning of the following assembly instruction, and what does it do?
db (bytes)
“Define bytes” - an instruction to the assembler/compiler to reserve bytes inside the section it is referenced.
What is the meaning of the following assembly instruction, and what does it do?
dd (bytes)
“Define dword” - an instruction to the assembler/compiler to reserve bytes inside the section it is referenced.
What does ABI stand for?
Application Binary Interface.
Which section contains the executable code that the program will run?
.code
Which section contains initialised variables?
.data
Which section contains uninitialised variables in 32-bit Windows Assembly?
.data?
In which section can you find the entry point for a program?
.code
What permissions should the .code section have?
Readable and executable.
Which section should have readable and executable permissions?
.code
In 32-bit x86 Windows Assembly language, which label designates the entry point of the program?
start:
What does the assembler and linker do with a label?
They translate the label into a memory address inside the binary.
What is a calling convention?
A calling convention is a defined approach to how parameters are passed from one function to another.
Which calling convention is the default for Windows APIs on a 32-bit architecture?
“Standard Call”, or StdCall.
How is the StdCall calling convention performed?
All arguments for the function to be called are put on the stack. The last argument is put on the stack first.
What is the stack?
The stack is a special region of memory that stores temporary variables created by each function.
Name a special properly of the stack.
The stack is a ‘last in, first out’ (LIFO) data structure.
What happens when a function declares a new variable?
The variable is pushed onto the stack and manipulated there.
What happens on the stack when a function exits?
All variables pushed onto the stack by that function are ‘popped’ – effectively, deleted.
What does the .386 directive do?
Shows MASM that you wish to assemble a program which enables assembly of non-privileged instructions for the 80386 processor.
What does the .model directive do?
Initialises the program’s memory model, can dictate the memory model and the language type.
What is a flat memory model?
A flat memory model is used to dictate that the program will see a single contiguous memory structure in RAM.
What is a stdcall memory model?
The language type which shows the type of calling convention used for the function’s calls.
What does the option directive do?
Enables and disables features of the assembler.
What does the casemap:none option directive do?
Ensures case sensitivity. The Microsoft ABI states that programs should be case sensitive.
What does the Extern directive do?
Defines external variables, symbols, or labels. We are using it for the Windows APIs that we want to reference.
What does the end directive do?
Sets the end of the program. If accompanied by a label, sets that label to the entry point of the program.
What does the PROC directive do?
Marks the start of a procedure block.
What does the equ directive do?
Assigns a value to the label. This has been combined with the special character $ (current location in memory) to calculate the size of the szMsg variable.
Which directive instructs MASM to assemble a program which enables assembly of non-privileged instructions for the 80386 processor?
.386
Which directive initialises the program’s memory model?
.model
Which parameter to the .model directive dictates that the program will see a single contiguous memory structure in RAM?
flat
Which parameter to the .model directive dictates that the program will see a single contiguous memory structure in RAM?
stdcall
Which parameters does the .model directive accept?
memory-module
language-type
stack-option
Which directive enables and disables features of the assembler?
option
Which parameter of the option directive ensures case sensitivity?
caremap:none
Which directive defines external variables, symbols, or labels?
Extern
Which directive sets the end of the program?
end
Which directive marks the start of a procedure block?
PROC
Which directive assigns a value to a label?
equ
What is the system call number for the standard output device in 32-bit Windows Assembly?
-11
___ is a data structure that can hold multiple values of the same data type
Array
___ is a data structure that can hold multiple values of different data types
Struct
Can an empty struct be passed to the Windows API?
Yes.
For some Windows API calls, the programmer will pass an empty declared struct to the API call and the Operating System will fill out the values and return execution back to the main program.
When declaring a struct, which section must it be placed in?
.data
