Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- en:multiasm:papc:chapter_6_8 [2025/11/17 13:17] – ktokarz
+++ en:multiasm:papc:chapter_6_8 [2025/11/25 12:46] (current) – [Calling the system functions] ktokarz
@@ Line 11: / Line 11: @@
 With the use of additional directives, it is possible to provide information about stack utilisation for stack unwinding.
-Procedures can have parameters. In general, parameters can be passed through the stack, registers, common memory or a combination of these. In different operating systems, the rules of passing parameters differ. In 64-bit Windows, the fast call calling convention is used. In this convention, the first four parameters are passed through registers, and each subsequent parameter is passed through the stack. If the parameters are integers, they are passed through general-purpose registers. If parameters are floating-point numbers, they are passed through XMM registers as scalars. If the procedure plays the role of a function, it returns the resulting value. Integers are returned through the accumulator (AL, AX, EAX or RAX), and floating-point values are returned through XMM0. Parameter passing and returning the result are summarised in a table {{ref>masmparampass}}.
+Procedures can have parameters. In general, parameters can be passed through the stack, registers, common memory or a combination of these. In different operating systems, the rules of passing parameters differ. In 64-bit Windows, the fast call calling convention is used. In this convention, the first four parameters are passed through registers, and each subsequent parameter is passed through the stack. If the parameters are integers, they are passed through general-purpose registers. If parameters are floating-point numbers, they are passed through XMM registers as scalars. If the procedure plays the role of a function, it returns the resulting value. Integers are returned through the accumulator (RAX), and floating-point values are returned through XMM0. Parameters passing in Windows x64 ABI is summarised in a table {{ref>masmparampass}}.
 <table masmparampass>
 <caption>Parameter passing in 64-bit Windows calling convention</caption>
@@ Line 43: / Line 43: @@
 The Microsoft Windows x64 calling convention requires that even when the parameters are passed through registers, a 32-byte space for them should be reserved on the stack. It is referred to as a shadow space or home space. The shadow space size can be increased to store local variables of the procedure. Why does the x64 calling convention require the shadow space to be explained in the Microsoft blog article((https://devblogs.microsoft.com/oldnewthing/20160623-00/?p=93735)).\\
-Another requirement is that the stack must be aligned to the 16-byte boundaries. This is done for the performance, because data transfer between the processor and memory at aligned addresses can be done with faster versions of instructions (**MOVAPD** instead of **MOVUPD**). Note that the returning address, which is pushed on the stack automatically when the procedure is called, is 8 bytes long, so even without the shadow space, the stack pointer adjustment is required. Our simple AddProc function doesn't adjust the stack because it doesn't call any function which needs the stack to be aligned. If we decide to call a system function such as MessageBox, we must align the stack before making a call. If we modify the stack pointer, we must preserve its content and restore it before returning.
+Another requirement is that the stack must be aligned to the 16-byte boundaries. This is done for the performance, because data transfer between the processor and memory at aligned addresses can be done with faster versions of instructions (**MOVAPD** instead of **MOVUPD**). Note that the returning address, which is pushed on the stack automatically when the procedure is called, is 8 bytes long, so even without the shadow space, the stack pointer adjustment is required. Our simple AddProc function doesn't adjust the stack because it doesn't call any function which needs the stack to be aligned. If we decide to call a system function, we must align the stack before making a call. Before modification of the stack pointer, we must preserve its content and restore it before returning.
 <code asm>
 AlignProc PROC
@@ Line 58: / Line 58: @@
 </note>
 Certainly, these rules are to be used if there is a need to call a system function or to maintain compatibility with a high-level compiler. If the procedure is written in pure assembly and called from an assembly program, it is the programmer's decision whether they want to follow these rules.\\
-The rules of passing parameters, stack and registers use, and data storage layout in 64-bit Microsoft Windows are described in the document about x64 Application Binary Interface (ABI)((https://learn.microsoft.com/en-us/cpp/build/x64-software-conventions?view=msvc-170)).
+The rules of passing parameters, stack and registers use, and data storage layout in 64-bit Microsoft Windows are described in the document about x64 Application Binary Interface (ABI)((https://learn.microsoft.com/en-us/cpp/build/x64-software-conventions?view=msvc-170)).\\
+In the Linux x64 Calling Convention, the first six arguments of type integer/pointers are passed in registers and subsequent arguments through the stack. For the floating point arguments, the first eight are passed in XMM registers, and the subsequent ones through the stack. Parameters passing in Linux is summarised in a table {{ref>linuxparampass}}.
+<table linuxparampass>
+<caption>Parameter passing in 64-bit Linux calling convention</caption>
+^ Parameter ^ integer register ^ floating point register ^
+| first | RDI | XMM0 |
+| second | RSI | XMM1 |
+| third | RDX | XMM2 |
+| fourth | RCX | XMM3 |
+| fivth | R8 | XMM4 |
+| sixth | R9 | XMM5 |
+| seventh | stack | XMM6 |
+| eigth | stack | XMM7 |
+| subsequent | stack | stack |
+</table>
+===== Calling the system functions =====
+The operating systems offer a set of functions which help write an application. These functions include reading characters and text from standard input, usually the keyboard, displaying characters or text on standard output, usually the monitor, handling files, data streams and many others. In previous generations of operating systems, the software interrupt mechanism was used. In Microsoft DOS, it was **int 21h** while in 32-bit versions of Linux it was **int 80h** (or in the C-style hex notation int 0x80). Calling the system function required preparing the arguments in scratch registers and signalling the software interrupt.
+<note>
+You can still find many examples using the software interrupt system call on the Internet. In Linux, they should work properly, although they are slower than the new method. In 64-bit Windows, the **int 21** method is no longer supported.
+</note>
+Modern 64-bit operating systems use alternative methods for calling system functions. They significantly differ between Linux and Windows, so we'll briefly summarise both.
+===== Callig Windows system functions =====
+The Microsoft Windows operating system implements functions visible to programmers in the API (Application Programming Interface). Functions are identifiable by names, and they can be called as any other function in the program. Windows API functions for 32 and 64-bit Windows are documented on the Microsoft website ((https://learn.microsoft.com/en-us/windows/win32/apiindex/api-index-portal)).
+Let's see the Hello World example written in the Windows API.
+<code asm>
+; include the library with system functions
+includelib kernel32.lib
+; define function names as external symbols
+EXTERN GetStdHandle: PROC
+EXTERN WriteConsoleA: PROC
+; data section with constants and variables definitions
+.DATA
+STD_OUTPUT_HANDLE = -11
+stdout_handle     dq 0
+hello_msg         db "Hello World", 0
+dummy             dq 0
+; code section
+.CODE
+MyAssemblerFunction PROC
+; the stack must be aligned to an address divisible by 16 - mod(16)
+; after the function call is aligned to mod(8)
+; the Windows requires the shadow space on the stack
+    push  rbp        ; push rpb to the stack
+    mov   rbp, rsp   ; store rsp to rbp
+    sub   rsp, 48    ; shadow space (32 bytes) and stack alignment (additional 8 bytes)
+; we need the handle of the console window
+    mov   rcx, STD_OUTPUT_HANDLE
+    call  GetStdHandle
+    mov   stdout_handle, rax
+; display the text in the console window
+    mov   rcx, stdout_handle
+    mov   rdx, offset hello_msg
+    mov   r8,  sizeof hello_msg
+    mov   r9,  dummy
+    call  WriteConsoleA
+; restore the stack pointer and rbp
+    mov   rsp, rbp
+    pop   rbp
+; return from the function
+    ret
+MyAssemblerFunction ENDP
+END
+</code>
+===== Callig Linux system functions =====
+The Linux operating system still supports the traditional calling of system functions using software interrupts. It is based on the **int 0x80** interrupt, which recognises the number of the function in the EAX register and up to six arguments in EBX, ECX, EDX, ESI, EDI, and EBP.
+The example of the Hello World program in Linux interrupt-based system call is shown in the following code.
+<code asm>
+section   .text
+global    _start
+_start:
+; write function
+     mov   ebx, 1    ; first argument - stdio
+     mov   ecx, msg  ; second argument - text buffer
+     mov   edx, len  ; third argument - text length
+     mov   eax, 4    ; function number - write
+     int   0x80
+; exit from program
+     mov   eax, 1    ; function number - exit
+     int   0x80
+section    .data
+msg  db    "Hello World!", 10
+len  equ   $ - msg
+</code>
+Modern processors have new instructions especially designed for calling system functions. They are supported in the Linux operating system. The **syscall** instruction doesn't use the interrupt mechanism. It uses registers only to provide the address of the function, store the return address and flags register, and load the instruction pointer. This makes the **syscall** instruction execution significantly faster than **int 80h**, and is the preferred mechanism for system calls in 64-bit Linux systems. The RIP is stored in RCX, and RFLAGS is stored in R11. The RIP is loaded with the content of the special register IA32_LSTAR MSR, which is an element of Architectural Model-Specific Registers, implemented starting from certain models of 32-bit processors. The Linux system sets this register, and the programmer selects the function using the RAX register, as in the previous model of system calls.
+<code asm>
+global	_start
+section	 .text
+_start:
+; write function
+     mov   rdi, 1    ; first argument of the function - stdout
+     mov   rsi, msg  ; second argument - text buffer
+     mov   rdx, len  ; third argument - number of characters
+     mov   rax, 1    ; write function
+     syscall
+; exit from program
+     mov   rdi, 0    ; result code of the program
+     mov   rax, 60   ; exit function
+     syscall
+msg: db    "Hello World!", 10
+len  equ   $ - msg
+</code>

en/multiasm/papc/chapter_6_8.1763385462.txt.gz · Last modified: 2025/11/17 13:17 by ktokarz