The x86_64 Memory Management
Objectives
This lab focuses on the following objectives:
· Convert Linear address into physical address
· Analyze stack by implementing push and pop operations
· Identify registers and instructions used in stack structure.
· Explain calling conventions.
· Analyze stack when calling functions
· Explain procedure calls and frame pointers for x86 architecture.
.
Background Reading
The following manual may be available at SAIT (check with your instructor). Otherwise, download a free copy of the manual below. Specific figures in the manual are refe
ed to in this lab.
Intel 64 and IA-32 Architectures Software Developer’s Manual. Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C
https:
www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual XXXXXXXXXXpdf
Volume 3 Chapter 3 “Protected -Mode Memory Management” and Chapter 4 “Paging”
Volume 1 Chapter 6 “ Procedure Calls and Stacks”
Problem 1 Linear Address Translation (Paging XXXXXXXXXX___10
For details of Linear Address Translation read Intel Manual Volume-3A XXXXXXXXXXbit Paging Use the table from page 2908 of the Intel Manual for the figure “4-2 Linear-Address Translation to a 4Kbyte Page using 32-Bit Paging” required to calculate the physical address below.
1. Use the following python3 command line statement to randomly choose your values required to perform the Linear address translation.
python3 -c 'import random; print("col 1. row: ",random.randint(1,6)); print("col 2. row: ", random.randint(1,6)); print("col 3. row: ", random.randint(1,6)); print("col 4. row: ", random.randint(1,6)); print("col 5. row: ",random.randint(1,6));'
The output should be 5 columns col1, col2, col3, col4, col5 with respective row. The row can be different or the same for each column.
2. Attach the screen capture that demos the results after running python commands
3. Use the previous results to select from the following table the address for:
Linear Address
Page Directory Entry
CR3
Page Table Entry
Page
1
0xCC82F3C2
0x5C876420
0x36AF78D7
0xD0127A5B
0x1FAA065B
2
0xE8667836
0xF1916205
0xDF0C625F
0x4E3BC98B
0xF7175364
3
0xD30BE93F
0xB4134CFA
0x67BF0E26
0x1564EE26
0xFE77B7D
4
0xFA8B2CFA
0xDF38D489
0x439A0E0A
0x698BDBA9
0x2A32AE71
5
0x4F9A5195
0x7431A25D
0xC6FCC02B
0xA1B518C2
0x5BFAE708
6
0xDC21C09D
0x77100F48
0x10BAEC4B
0x1E469881
0xDC240E18
a. Linear Address:
. Page Directory Entry:
c. CR3:
d. Page Table Entry:
e. Page :
4. On the table highlight (color or circle) the selected address for each column
5. Use the selected addresses and check slides/notes (Module 5) to perform the linear address translation and find the respective physical address.
Provide the physical address for:
· Page Directory (PD):
· Page Table Entry (PTE):
· Page:
6. Attach a screen capture that demo the process to obtain the physical address. The results and calculations has to be presented in a clear and organized manner. It the results are not clear the grade will be 0 for the question.Typically, the upper 20 bits of CR3 become the page directory base register (PDBR), which stores the physical address of the first page directory entry
XXXXXXXXXXhttps:
en.wikipedia.org/wiki/Control_register#CR3
“The base physical address of the paging-structure hierarchy is contained in control register CR3. The entries in the paging structures determine the physical address of the base of a page frame, access rights and memory management information”.
· Intel Manual Section 2.1.5 Memory Management p.2862
Problem 2 -PUSH and POP Instructions XXXXXXXXXX___ 10
1. Create the following assembly code
2. Use nasm and ld to create the executable
3. Use gef commands such as:
eak _start, step (s) or next (n) commands to analyze the stack region while pushing and popping off data to/from the stack. Observe how $rsp instruction address changes as data is pushed into the stack. What is your observation?
4. What strings and values were pushed into the stack?
5. Can the push instruction be used to push more than 4 bytes into the stack at a time? Explain
6. Observe registers content as data is pushed into and popped off the stack.
7. Attach the screen capture that demonstrates data pushed and pop off the stack and the final content of the registers after pop operation.
Problem 3 -Stack Analysis XXXXXXXXXX___/15
1. Create and attach screen capture of the following c code. Save it as functA.c
2. Compile it and run it using the debugger gdb -q ./a.out
3. Create
eak point in main and functA
4. Run it. Use the respective debugger commands to verify main()
a. Locals
. Arguments
c. Registers rsp and rip addresses
d. What is the frame size for main function?
5. Use si to step in till functA is called and all arguments are passed. Identify the frame # for main and functA
6. Use the respective debugger commands to verify functA()
a. Locals
. Arguments
c. Registers rsp and rip addresses
d. What is the frame size for functA() function?
7. Attach screen capture with identified arguments, local variables, rsp and
p for main function before calling functA()
8. Use si to step into functA() and identified the instructions that generate variables:local1 and local3. Attach screen capture with identified instructions
9. Use info frame command to find the details of the frame such as
p address and saved rip which is the return address
10. Use x/40x $rsp to display stack content. Use the results from info frame to identify the return address,
p and arguments passed. Attach the screen capture with identified result. Use different colors or circle the results othe screen capture
11. Use si to step into the functA() till it passes return value. What register contains the return value?
12. What instruction in functA() makes the program to return to main() ?
13. Attach screen capture with identified arguments, local variables, rsp and
p for functA() function before returns to main ?
14. What is the purpose of the prologue and epilogue?
15. disas functA and identify the prologue and epilogue of this function
16. disas main In the prologue, what is the purpose of the instruction sub ?
17. Attach screen capture with identified prologue and epilogue for functA()
Problem 3 – CALL, RET and the Stack XXXXXXXXXX____/10
1. Create the following c code save it as factorial.c
2. Compile it
3. Use a debugger to disassembly the code and analyze instructions
4. Create a
eak point in main and fact functions
5. Run it
6. Use next or stepi to step into next instruction and analyze the stack in each step needed to calculate the factorial of a provided integer. Provide your observations?
7. Analyze the instructions used in the calculation. Which conditional jump instructions were used?
8. What was the purpose of cmp instruction?
9. Use disas main to disassembly main. How many call instructions are in main?
10. What is the address of fact() function?
11. Disas fact() function. What is the purpose of ret instruction and what is its address?
12. What is the purpose of the call
instruction within this function fact?
13. Attach the screen capture that demonstrates three changes you observed in the stack
Problem 5 - Stack analysis (near call) XXXXXXXXXX____/15
For reference read Intel manual Volume 1 Chapter XXXXXXXXXX
1. Compile and run the following code
2. Analyze the functions in the following code and complete the table.
1. Assume that both functA() and functB() reside in the same code segment.
2. Use the debugger and respective commands to demonstrate the following:
a. Identify in the main() frame rsp,
p and local variables before functA is called
. Identify in functA() before functB is called
i. Function arguments
ii. Function local variables address
iii. Return address
iv. Saved frame pointer or old RBP( saved RBP)
c. Identify which values will be on the stack at the exact moment before the first instruction of functB
d. Attach the screen captures that demonstrate a,b and c