Sinisterly
Tutorial ARM [Part 1: How it works] - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: Assembly (https://sinister.ly/Forum-Assembly)
+--- Thread: Tutorial ARM [Part 1: How it works] (/Thread-Tutorial-ARM-Part-1-How-it-works)

Pages: 1 2

ARM [Part 1: How it works] - phyrrus9 - 01-29-2018

So, I put up a feeler thread about a series on ARM assembly, and a couple people seem interested (I'm writing this before real data comes in), so I'm going to go ahead and start that.

So, what is assembly?
Assembly language is the lowest form of human readable programming language that you can use on a computer. Rather than dealing with groups of statements like you do in C or any other mid/high level programming language, assembly uses instructions. So, what are instructions then? Well, an instruction is literally what it sounds like, it's a description of what you want to instruct the CPU to do. Instructions are pretty basic, they generally only do one simple task. Think of trying to make a peanut butter sandwich, it sounds pretty simple off the top of your head. Now think of the number of steps you have to take:
  • go to cupboard
  • open cupboard
  • look for bread
  • if no bread in cupboard, stop
  • grab bread
  • remove twist tie on bread
  • grab one piece of bread
  • place piece on counter
  • grab one piece of bread
  • place piece on counter
  • put twist tie on bread
  • place bread in cupboard
  • close cupboard
and the list goes on. This is how assembly works, it functions only on the most basic instructions you can give it, for this reason, assembly is often considered a very difficult language, it takes a lot of code to do simple things, but because it is so basic it is very powerful. ARM assembly takes this basicness to a new level. ARM is a RISC type of processor, that stands for Reduced Instruction Set Computing. What that means, is not that the instruction set (the available instructions) is small, but rather each instruction does a reduced amount of work (compared to CISC processors, like the x86 platform). ARM also uses fixed width instructions, meaning that every instruction is exactly 32 bits long (4 bytes), including the data you give the instruction. For the sake of simplicity, consider an entire line of assembly code to be one instruction, so every line will do one basic thing, and will become exactly 4 bytes in memory.

How does assembly work?
Assembly language is just human readable machine code. At the lowest level it works like a calculator. You can reduce every program you will ever write to an algebra equation. Memory, registers, IO devices, etc can all be considered variables, and the rest is simple math. It accomplishes this by using what we call mnemonics, that is a mapping between an instruction and an operation. A mnemonic is made up of 3 parts in the ARM architecture:
The operation code
The flag bits
The condition
For most instructions, all three of these will be important, but the only one that you actually need to know to write assembly code is the operation code, called the opcode.

Some examples:
I want to keep these nice and short, so I'm going to introduce you to one opcode, the MOV (move). This opcode does exactly what you think it does, it moves data between registers. Some of you may know this one already, as most architectures have it, but I want to make a distinction that is very important when working with ARM. I said that it moves data between registers, and I meant exactly that. ARM, like all RISC platforms is a load/store architecture. That means that instructions that manipulate data only act on registers, meaning you can not MOV into a register from RAM, first you need to load the data from RAM, and then you can move it around or do work on it. Let's look at some examples. First, the most basic one:
Code:
MOV     R0, R1
This is another distinction that I need to make for you. x86 has a lot of different syntaxes, so this instruction on an intel CPU could actually do one of 2 things depending on your assembler (NASM, FASM, Intel, ATT, etc). ARM has only one syntax.
[Image: U2k8t0Z.png]
So, breaking that down. Rd stands for "Destination Register", and it is always the first register specified in an instruction. For this case, the instruction means
Move the contents of R1 (Register 1) to R0 (Register 0)

Now, let's introduce you to the S bit. This is one of the more important and powerful features that ARM offers. With x86 assembly, I'm certain that you are aware of the TST (test) instruction and what it does. This S bit (short for Setflags bit) does the same thing as the TST instruction (even though ARM also has this instruction). So, the following:
Code:
MOVS   R0, R1
is equivalent to
Code:
MOV   R0, R1
TST   R0
The first code only takes 1 clock cycle, while the latter takes up 2. ARM has the capability to eliminate the need to use TST in many cases, which allows it to give much better performance.

Now, let's introduce you to a condition. With ARM, every instruction can be executed conditionally. In higher level terms, think of it like being able to wrap an if statement around every instruction without it needing to take more time. Let's use the EQ (equality) condition. (You can read about all of the condition codes here)
Lets say we want to copy the value in R0 into R1, and then if R0 is 0, we want to copy it to R2. We could write this:
Code:
MOV   R0, R1 ; copy R1 into R0
TST   R0 ; check if R0 == 0
BEQ   .equal ; equivalent to JE (jump if equal to) .equal
BX   LR ;  equivalent to RET (return)
.equal:
MOV   R2, R0 ; copy R0 into R2
BX   LR ; return
This is how you would need to write it for an x86 chip, but the power of ARM is here to save you from doing all of that. We can use the set bit to eliminate the TST line, like so:
Code:
MOVS   R0, R1 ; copy R1 into R0 (and set condition codes)
BEQ   .equal ; equivalent to JE (jump if equal to) .equal
BX   LR ;  equivalent to RET (return)
.equal:
MOV   R2, R0 ; copy R0 into R2
BX   LR ; return
Now, we can use the most powerful feature of ARM, the conditional execution, to completely eliminate that BEQ (branch if equal to, aka jump if equal), as well as the whole .equal subroutine
Code:
MOVS   R0, R1 ; copy R1 into R0
MOVEQ   R2, R0 ; copy R0 into R2 (if condition codes indicate the value is 0)
BX   LR ; return
Now that is much better. That code uses exactly 3 clock cycles no matter what, whereas the first one uses 5 cycles. It doesn't seem like much, but 2 cycles here and there really add up to faster code. The second benefit is that our 3 line code is shorter than our 7 line code. The 7 line one uses 6 instructions, and the 3 line one uses 3 instructions. Not only will this make more code fit on our screen, but we also cut the memory needed to hold our code in half, from 24 bytes down to 12, that means you can get better use if your RAM too!

Ok, I'm going to wrap this one up for now, I've given you the basic idea of how things work and how to format your code. I'll make a few notes beforehand though:
the semicolon indicates that everything after the semicolon to the end of the line should be ignored, this is called a comment
whitespace is not important when writing your code, I like to use tabs between the mnemonics, and then spaces after each register, but you can format it however you want as long as it is in order
The format is mnemonic Rd, Rs, Rn for most instructions. These mean "Destination register", "Source register", "operand register" respectively
The flag bits and conditions are optional
If you do not specify a flag bit, then it will operate exactly how it is written
If you do not specify a condition, the AL (always) condition is assumed


Please let me know what you think, and stay tuned for part 2!

RE: ARM [Part 1: How it works] - chunky - 02-03-2018

Uhh finally somebody who knows what he is talking about.
I'm excited to read part 2.

RE: ARM [Part 1: How it works] - phyrrus9 - 02-04-2018

(02-03-2018, 11:58 PM)chunky Wrote: Uhh finally somebody who knows what he is talking about.
I'm excited to read part 2.

And finally somebody who takes the time to read through an entire tutorial!

RE: ARM [Part 1: How it works] - chunky - 02-04-2018

(02-04-2018, 12:02 AM)phyrrus9 Wrote:
(02-03-2018, 11:58 PM)chunky Wrote: Uhh finally somebody who knows what he is talking about.
I'm excited to read part 2.

And finally somebody who takes the time to read through an entire tutorial!

Hmm I guess that topic is just not that popular.

RE: ARM [Part 1: How it works] - phyrrus9 - 02-04-2018

(02-04-2018, 12:04 AM)chunky Wrote:
(02-04-2018, 12:02 AM)phyrrus9 Wrote:
(02-03-2018, 11:58 PM)chunky Wrote: Uhh finally somebody who knows what he is talking about.
I'm excited to read part 2.

And finally somebody who takes the time to read through an entire tutorial!

Hmm I guess that topic is just not that popular.

In my signature is a link that contains a master list of all my tutorials, I write on many topics, SL just has very few intelligent members.

RE: ARM [Part 1: How it works] - chunky - 02-04-2018

(02-04-2018, 12:18 AM)phyrrus9 Wrote:
(02-04-2018, 12:04 AM)chunky Wrote:
(02-04-2018, 12:02 AM)phyrrus9 Wrote: And finally somebody who takes the time to read through an entire tutorial!

Hmm I guess that topic is just not that popular.

In my signature is a link that contains a master list of all my tutorials, I write on many topics, SL just has very few intelligent members.

Lmao that made my day  xD
I could write some reverse engineering related tutorials if somebody is interested.
I just thought about explaining what a code cave is followed by a tutorial on how to abuse it to add your own code to an already existing executable.
I'm just not sure about the section since it will cover multiple topics hehe

RE: ARM [Part 1: How it works] - phyrrus9 - 02-04-2018

(02-04-2018, 12:25 AM)chunky Wrote:
(02-04-2018, 12:18 AM)phyrrus9 Wrote:
(02-04-2018, 12:04 AM)chunky Wrote: Hmm I guess that topic is just not that popular.

In my signature is a link that contains a master list of all my tutorials, I write on many topics, SL just has very few intelligent members.

Lmao that made my day  xD
I could write some reverse engineering related tutorials if somebody is interested.
I just thought about explaining what a code cave is followed by a tutorial on how to abuse it to add your own code to an already existing executable.
I'm just not sure about the section since it will cover multiple topics hehe

If it's ambiguous, use the Coding section, but generally put it in the section that it uses most.

RE: ARM [Part 1: How it works] - Blink - 02-04-2018

Nice thread, simple and easy to understand. (Maybe a bit lengthy for simple concepts)

I'd be really tempted to use macros so that I have RET available. Wink

I'm looking forward to the next one.

RE: ARM [Part 1: How it works] - phyrrus9 - 02-04-2018

(02-04-2018, 01:04 AM)Ender Wrote: Nice thread, simple and easy to understand. (Maybe a bit lengthy for simple concepts)

I'd be really tempted to use macros so that I have RET available. Wink

I'm looking forward to the next one.

I too would prefer to have RET, but sometimes you want to do other stuff as well. Like say you wanted to do a tricky loop, you wouldn't BL to R14, but just B to it, meaning that the next return would restart the loop.

RE: ARM [Part 1: How it works] - Mr.Kurd - 03-18-2018

Thank you man nice tutorial.
Have some questions:
What are RISC platforms?
What do you mean by registers? `it moves data between registers. `
Answer them, I feel they are stupid questions but I wanna learn.