32-Bit Windows Assembly: Ep.1 – Windows API and the Stack

Question 1

What does Assembly use to represent low-level instructions?

Answer 1

Mnemonics

Question 2

What is another name for mnemonics

Answer 2

Symbolic references

Question 3

Name an Assembler that can be used for 32-bit Windows Assembly?

Answer 3

MASM

Question 4

Name a Linker that can be used for 32-bit Windows Assembly?

Answer 4

LINK

Question 5

What does MASM stand for?

Answer 5

Microsoft Macro Assembler

Question 6

Where can MASM be found?

Answer 6

Bundled with Visual Studio.

Question 7

Name two tasks performed by the linker.

Answer 7

• Merges various object files together

* Sets up the references to external code

Question 8

Name two types of instruction syntax formatting.

Answer 8

Intel and AT&T.

Question 9

What does the call assembly instruction do?

Answer 9

Changes the execution flow to the target location. This is synonymous with a function call in normal programming.

Question 10

Which assembly instruction would you use to execute a function?

Answer 10

call

Question 11

What does the following assembly instruction do?

push (value)

Answer 11

Takes (value) and puts it on the local stack frame.

Question 12

What is the meaning of the following assembly instruction, and what does it do?

db (bytes)

Answer 12

“Define bytes” - an instruction to the assembler/compiler to reserve bytes inside the section it is referenced.

Question 13

What is the meaning of the following assembly instruction, and what does it do?

dd (bytes)

Answer 13

“Define dword” - an instruction to the assembler/compiler to reserve bytes inside the section it is referenced.

Question 14

What does ABI stand for?

Answer 14

Application Binary Interface.

Question 15

Which section contains the executable code that the program will run?

Answer 15

.code

Question 16

Which section contains initialised variables?

Answer 16

.data

Question 17

Which section contains uninitialised variables in 32-bit Windows Assembly?

Answer 17

.data?

Question 18

In which section can you find the entry point for a program?

Answer 18

.code

Question 19

What permissions should the .code section have?

Answer 19

Readable and executable.

Question 20

Which section should have readable and executable permissions?

Answer 20

.code

Question 21

In 32-bit x86 Windows Assembly language, which label designates the entry point of the program?

Answer 21

start:

Question 22

What does the assembler and linker do with a label?

Answer 22

They translate the label into a memory address inside the binary.

Question 23

What is a calling convention?

Answer 23

A calling convention is a defined approach to how parameters are passed from one function to another.

Question 24

Which calling convention is the default for Windows APIs on a 32-bit architecture?

Answer 24

“Standard Call”, or StdCall.

Question 25

How is the StdCall calling convention performed?

Answer 25

All arguments for the function to be called are put on the stack. The last argument is put on the stack first.

Question 26

What is the stack?

Answer 26

The stack is a special region of memory that stores temporary variables created by each function.

Question 27

Name a special properly of the stack.

Answer 27

The stack is a ‘last in, first out’ (LIFO) data structure.

Question 28

What happens when a function declares a new variable?

Answer 28

The variable is pushed onto the stack and manipulated there.

Question 29

What happens on the stack when a function exits?

Answer 29

All variables pushed onto the stack by that function are 'popped' – effectively, deleted.

Question 30

What does the .386 directive do?

Answer 30

Shows MASM that you wish to assemble a program which enables assembly of non-privileged instructions for the 80386 processor.

Question 31

What does the .model directive do?

Answer 31

Initialises the program's memory model, can dictate the memory model and the language type.

Question 32

What is a flat memory model?

Answer 32

A flat memory model is used to dictate that the program will see a single contiguous memory structure in RAM.

Question 33

What is a stdcall memory model?

Answer 33

The language type which shows the type of calling convention used for the function's calls.

Question 34

What does the option directive do?

Answer 34

Enables and disables features of the assembler.

Question 35

What does the casemap:none option directive do?

Answer 35

Ensures case sensitivity. The Microsoft ABI states that programs should be case sensitive.

Question 36

What does the Extern directive do?

Answer 36

Defines external variables, symbols, or labels. We are using it for the Windows APIs that we want to reference.

Question 37

What does the end directive do?

Answer 37

Sets the end of the program. If accompanied by a label, sets that label to the entry point of the program.

Question 38

What does the PROC directive do?

Answer 38

Marks the start of a procedure block.

Question 39

What does the equ directive do?

Answer 39

Assigns a value to the label. This has been combined with the special character $ (current location in memory) to calculate the size of the szMsg variable.

Question 40

Which directive instructs MASM to assemble a program which enables assembly of non-privileged instructions for the 80386 processor?

Answer 40

.386

Question 41

Which directive initialises the program's memory model?

Answer 41

.model

Question 42

Which parameter to the .model directive dictates that the program will see a single contiguous memory structure in RAM?

Answer 42

flat

Question 43

Which parameter to the .model directive dictates that the program will see a single contiguous memory structure in RAM?

Answer 43

stdcall

Question 44

Which parameters does the .model directive accept?

Answer 44

memory-module language-type stack-option

Question 45

Which directive enables and disables features of the assembler?

Answer 45

option

Question 46

Which parameter of the option directive ensures case sensitivity?

Answer 46

caremap:none

Question 47

Which directive defines external variables, symbols, or labels?

Answer 47

Extern

Question 48

Which directive sets the end of the program?

Answer 48

end

Question 49

Which directive marks the start of a procedure block?

Answer 49

PROC

Question 50

Which directive assigns a value to a label?

Answer 50

equ

Question 51

What is the system call number for the standard output device in 32-bit Windows Assembly?

Answer 51

-11

Question 52

___ is a data structure that can hold multiple values of the same data type

Answer 52

Array

Question 53

___ is a data structure that can hold multiple values of different data types

Answer 53

Struct

Question 54

Can an empty struct be passed to the Windows API?

Answer 54

Yes. For some Windows API calls, the programmer will pass an empty declared struct to the API call and the Operating System will fill out the values and return execution back to the main program.

Question 55

When declaring a struct, which section must it be placed in?

Answer 55

.data