Today I review an old example from my work.
This tutorial is about the Fibonacci sequence and the goal of this tutorial about uses registers and stack, math and size of values.
Another part of this goal is how to use the console window.
The Fibonacci sequence is a sequence are equal to the addition of the second previous terms.
Example: F2 = F0+F1 = 0+1 = 1
F3 = F1+F2 = 1+1 = 2
F10 = F8+F9, etc.
The source code start with the window console:
The default PE format code is set and the start point of the program.
The section of .rdata and .idata is the area where value, messages, and import functions are set.
You can read the comments to see the parts of source code.
The size of the value is dd (integer).
The program uses EAX, EBX and ECX registers to use values for Fibonacci sequence.
Into FASM documentation is the 2.1.1 Data movement instructions part then transfers the operand to the top of stack indicated by ESP and is need to restore value by offset.
In my example the two values that are pushed onto the stack before the call to printf (based on the calling convention) are then discarded from the stack, by moving the stack pointer 4 bytes “upwards”, so that the old values of ecx and eax, that have been pushed before, can be restored.
In this case, is need to decrease the rcx to control flow instructions back.
The rcx is 0 the stops else will follow the loop.
A better approach to assembling secrets is to use this program with a debugger to see registry changes.
Is good to set the limit value to output DWORD format into the Fibonacci.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | ;Fibonacci format PE console entry start ;---- include "win32a.inc" ;---- section '.rdata' data readable writeable ;set console title buffer _window_title db "Find Fibonacci numbers",0 ;set a message _show_message db "Enter a small number for iterations <=32: ",0 ;formatting for text _show_shell db "[%d]",10,0 _format_text db "%d",0 _pause db "pause",0 ;define first and next value _first_value dd 1 _next_value dd 0 ; count to the last value _last_value dd ? ;---- section '.text' code executable start: ;show console title invoke SetConsoleTitle, _window_title ;show text console invoke printf, _show_message ;waiting the count for user ;the scanf save this to memory buffer invoke scanf, _format_text, _last_value ;call math procedure named push [_last_value] call Fibonacci ; use system pause invoke system, _pause ;normal exit process invoke ExitProcess, 0 ;---- proc Fibonacci, limit_value:DWORD mov ecx, [limit_value] ; point to jump depend rcx for_loop: ;use the clean registers xor eax, eax xor ebx, ebx ;the math sum for Fibonacci ; eax take _next_value (first is 0) mov eax, [_next_value] ; sum the _first_value with the value of old eax = _next_value add eax, [_first_value] ; because the eax need to keep value use : ; ebx take _next_value mov ebx, [_next_value] ; the result of eax is put on _next_value mov [_next_value], eax _next_value ; the result of ebx is put on _first_value mov [_first_value], ebx ;close loop ;save value of ecx = ... push ecx ;print value of _next_value invoke printf, _show_shell, [_next_value] ; restore the value of ecx = ... pop ecx ;restore value with offset by stack ;this allow you to loop the sequence of code eax, ebx with add mov ecx, [esp+4] ;decrease ecx with -1 dec ecx ;math stop when: if (ecx != 0) jump for_loop jnz for_loop ;finish the return ret endp ;---- section '.idata' data readable import ;imports dlls library kernel32, 'kernel32.dll',\ msvcrt, 'msvcrt.dll' ;imports API import kernel32,\ ExitProcess, 'ExitProcess',\ SetConsoleTitle, 'SetConsoleTitleA' ;imports msvcrt.dll import msvcrt,\ printf, 'printf',\ system, 'system',\ scanf, 'scanf' |
The result for number 10 using the program:
1 2 3 4 5 6 7 8 9 10 11 12 | Enter a small number for iterations <=32: 10 [1] [1] [2] [3] [5] [8] [13] [21] [34] [55] Press any key to continue . . . |