Hello, Alien! Mac OS

broken image


  1. Mac Os Catalina
  2. Hello Alien Mac Os Catalina

Title Developer/publisher Release date Genre License Mac OS versions A-10 Attack! Parsoft Interactive 1995 Flight simulator Abandonware 7.5–9.2.2. Download Alien Skin Exposure 7 7.1.0.214 for Mac from our software library for free. Our antivirus analysis shows that this Mac download is safe. The file size of the latest setup package available for download is 159.1 MB. The program belongs to Design & Photo Tools. The actual developer of this Mac application is Alien Skin Software, LLC.

Many assembly tutorials and books doesn't coverhow to write a simple assembly program on the Mac OS X.Here are some baby steps that can help people whoare also interested in assembly to get startedeasier.

Mach-O file format

To get started on writing OSX assembly, you need tounderstand OSX executable file format – the Mach-Ofile format. It's similar to ELF, but insteadof sections of data, bss, and text, it has segments thatcontains sections.

A common assembly in Linux like

would translate into this in Mach-O

Mach-O is pretty flexible. You can embed acstring section in your __TEXT segment insteadof putting it in __DATA,__data. Actually this isthe default behavior that compiler does on your Mac.

Hello Assembly

Now we know how to translate common linux assemblyto mac, let's write a basic program – do a system callwith an exit code.

Hello alien mac os update

On x86 you do a system call by int x80 instruction. On64 bit machine, you do this by syscall. Here's the samplecode:

you can compile the code by the following commands:

To perform a system call, you put the system call number in%eax, and put the actual exit code to %ebx. The systemcall number can be found in /usr/include/sys/syscall.h.

The system call number need to add an offset 0x2000000, becauseOSX has 4 different class of system calls. You can find the referencehere XNU syscall.

System call by using wrapper functions

If you're like me that had no assembly background, you mightfeel that syscall is alien to you. In C, we usually usewrapper functions to perform the call:

Now we call a libc function instead of performing a systemcall. To do this we need to link to libc by passing -lcto linker ld. There are several things you need to doto make a function call.

Call frame

We need to prepare the stack before we call a function. Elseyou would probably get a segmentation fault.The values in %rsp and %rbp is used to preserve frame information.To maintain the stack, you first push the base register %rbponto the stack by pushq %rbp;then you copy the stack register %rsp to the base register.

If you have local variables, you subtract %rsp for space.Remember, stack grows down and heap grows up.When releasing the frame, you add the space back to %rsp.

A live cycle of a function would look like this:

The stack size can be set at link time. On OSX, below are theexample parameters you can pass to ld to set the stack size:

When setting the stack size, you also have to set the stack address.On the System V Application Binary Interface it says

Although the AMD64 architecture uses 64-bit pointers, implementationsare only required to handle 48-bit addresses. Therefore, conforming processes may onlyuse addresses from 0x00000000 00000000 to 0x00007fff ffffffff

I don't know a good answer of how to chose a good stack address.I just copy whatever a normal code produces.

Parameters passing

Mac Os Catalina

The rules for parameter passing can be found in System VApplication Binary Interface:

  1. If the class is MEMORY, pass the argument on the stack.If the size of an object is larger than four eight bytes, orit contains unaligned fields, it has class MEMORY.
  2. If the class is INTEGER, the next available register of the sequence %rdi,%rsi, %rdx, %rcx, %r8 and %r9 is used.
  3. If the class is SSE, the next available vector register is used, the registersare taken in the order from %xmm0 to %xmm7.

The exit() function only need one integer parameter, therefore we putthe exit code in %edi. Since the parameter is type int, we use 32 bitvariance of register %rdi and the instruction is movl (mov long) insteadof movq (mov quad).

Hello world

Now we know the basics of how to performa system call, and how to call a function.Let's write a hello world program.

The global variable str can only be accessed through GOT(Global Offset Table). And the GOT needs to be access fromthe instruction pointer %rip. For more curious you canread Mach-O Programming Topics: x86-64 Code Model.

The register used for syscall parameters are a littlebit different than the normal function call.It uses %rdi, %rsi, %rdx, %r10, %r8 and %r9.You cannot pass more than 6 parameters in syscall, norcan you put the parameters on the stack.

Hello world using printf

Hello Alien Mac Os Catalina

Now you know the basics of assembly. A hello worldexample using printf should be trivial to read:

Conclusion

The 64 bit assembly looks more vague than the tutorialswritten in X86 assembly. Once you know these basic differences,it's easy for you to learn assembly in depth on your own,even if the material is designed for x86. I highly recommendthe book 'Programming from the ground up'. It is well writtenfor self study purpose.

References

  1. OS X Assembler Reference Assembler Directives
  2. Book: Programming from the ground up.




broken image