1

There's some things about ASM, I cannot wrap my head around :

For example , in that simple "hello world" :

section .data
msg   db   "hello world" , 0x0A
section .text
global _start
_start:
mov ecx , msg ;here we store the string
mov edx , 13  ;here we store the length of the string
mov ebx , 1   ;but what is this ? 
mov eax , 4   ;and this ? 
int 0x80

I took this example on asmtutor.com , on these two lines , they wrote that : 

mov ebx , 1 ; write to STDOUT
mov eax , 4 ; kernel opcode for SYS_WRITE

What I don't really understand , is why there are specific values on each of these registers to provide some system functions...

I mean , if you are writing an assembly code , you will maybe end up storing the value 4 in eax for your own application , for example you want to count the number of books you have , you put 4 books , you want to store it in eax ... So how do you make the difference between an opcode and a user value ? If I have to make a guess , I would say the : 

int 0x80

is the thing that is doing the magic, so that when you encounter the interrupt , it reads the value of some registers to see if there's some opcodes on it... but I am not sure about that.

Like I wrote on the title , I'm just discovering ASM , but I usually code in higher language levels , like in C.

Right now , I am trying NASM on x86 platform , if this can help .

Now , for the second question.

The previous code is segfaulting, we have to add : 

mov ebx , 0 ; return 0 status
mov eax , 1 ; invoke SYS_EXIT
int 0x80

Why do we do that ?

There's no segfault after that , but why ?

Is it because we added the return 0 , or that there's the SYS_EXIT ?

I would guess here that if there's no SYS_EXIT , the processor would continue to read other instructions on the ram , hence the segfault .

Still , my main question here , is how to use these opcodes and how do they work ?

Is it because of the interrupt ?

Amine Bensalem
  • 362
  • 3
  • 15
  • 1
    As for the second question, your guess is correct. – Jester Nov 20 '18 at 15:20
  • 3
    And the guess for your first question is correct, too. I answered both questions before; [here](https://stackoverflow.com/a/53355948/417501) and [here](https://stackoverflow.com/a/49674135/417501). – fuz Nov 20 '18 at 15:23
  • 1
    **Every** information in computer is encoded in bits (single bit = 0 or 1). `eax` is 32 bit register, so all you can put into it is pattern consisting of 32 zeroes and ones (and there's exactly 2^32 of all possible patterns). Think about it for a moment, 32 zeroes or ones, that's whole information which is stored in `eax`. There is no type, no purpose, no origin of that information. So value `4` in `eax` is already **interpretation** of bit pattern `100` as integer, and it can be further interpreted by following code either as `SYS_WRITE` selector, or as number of books, or anything else. – Ped7g Nov 20 '18 at 15:50

1 Answers1

2

int 0x80 is the Linux System Call Interface for 32-bits systems - a way to invoke functions provided by kernel.

Linux System Call Interface expects parameters to be passed in CPU registers.

Code excerpt below terminates the current process with exit code 0 - see Linux Syscall Reference for registers' usage:

mov ebx , 0 ; return 0 status
mov eax , 1 ; invoke SYS_EXIT
int 0x80
Illya Kysil
  • 1,642
  • 10
  • 18