Many assembly tutorials and books doesn't coverhow to write a simple assembly program on the Mac OS X.Here are some baby steps that can help people whoare also interested in assembly to get startedeasier.
Mach-O file format
To get started on writing OSX assembly, you need tounderstand OSX executable file format – the Mach-Ofile format. It's similar to ELF, but insteadof sections of data, bss, and text, it has segments thatcontains sections.
Close the terminal, and now Miniconda/Anaconda should be successfully uninstalled from your Mac. (Tested on macOS Mojave. Note that you can install Miniconda onto your Mac even when you are not an admin user.) For commonly used conda commands check this post. For the comparison among Anaconda, Miniconda, and Virtualenv with pip, check this post. If you're planning on running the treasures of the past you'll find here on real old Macintosh hardware from the 90's, you sir/madame, deserve to win an Internet! For others, there's SheepShaver, a PowerPC emulator capable of running Mac OS 9.0.4 down to Mac OS 7.5.2 and there's Basilisk II, a 68k emulator, capable of running Mac OS (8.1 to 7.0).
A common assembly in Linux like
would translate into this in Mach-O
Mach-O is pretty flexible. You can embed acstring section in your __TEXT segment insteadof putting it in __DATA,__data. Actually this isthe default behavior that compiler does on your Mac.
Hello Assembly
Now we know how to translate common linux assemblyto mac, let's write a basic program – do a system callwith an exit code.
On x86 you do a system call by int x80 instruction. On64 bit machine, you do this by syscall. Here's the samplecode:
you can compile the code by the following commands:
To perform a system call, you put the system call number in%eax, and put the actual exit code to %ebx. The systemcall number can be found in /usr/include/sys/syscall.h.
The system call number need to add an offset 0x2000000, becauseOSX has 4 different class of system calls. You can find the referencehere XNU syscall.
Machine Gun Gardener Mac Os Catalina
System call by using wrapper functions
If you're like me that had no assembly background, you mightfeel that syscall is alien to you. In C, we usually usewrapper functions to perform the call:
Now we call a libc Cowboy football mac os. function instead of performing a systemcall. To do this we need to link to libc by passing -lcto linker ld. There are several things you need to doto make a function call.
Call frame
We need to prepare the stack before we call a function. Elseyou would probably get a segmentation fault.The values in %rsp and %rbp is used to preserve frame information.To maintain the stack, you first push the base register %rbponto the stack by pushq %rbp;then you copy the stack register %rsp to the base register.
If you have local variables, you subtract %rsp for space.Remember, stack grows down and heap grows up.When releasing the frame, you add the space back to %rsp.
A live cycle of a function would look like this:
The stack size can be set at link time. On OSX, below are theexample parameters you can pass to ld to set the stack size:
When setting the stack size, you also have to set the stack address.On the System V Application Binary Interface it says
Although the AMD64 architecture uses 64-bit pointers, implementationsare only required to handle 48-bit addresses. Therefore, conforming processes may onlyuse addresses from 0x00000000 00000000 to 0x00007fff ffffffff
I don't know a good answer of how to chose a good stack address.I just copy whatever a normal code produces.
Parameters passing
The rules for parameter passing can be found in System VApplication Binary Interface:
- If the class is MEMORY, pass the argument on the stack.If the size of an object is larger than four eight bytes, orit contains unaligned fields, it has class MEMORY.
- If the class is INTEGER, the next available register of the sequence
%rdi,%rsi,%rdx,%rcx,%r8and%r9is used. - If the class is SSE, the next available vector register is used, the registersare taken in the order from
%xmm0to%xmm7.
The exit() function only need one integer parameter, therefore we putthe exit code in %edi. Since the parameter is type int, we use 32 bitvariance of register %rdi and the instruction is movl (mov long) insteadof movq (mov quad).
Hello world
Now we know the basics of how to performa system call, and how to call a function.Let's write a hello world program.
The global variable str can only be accessed through GOT(Global Offset Table). And the GOT needs to be access fromthe instruction pointer %rip. For more curious you canread Mach-O Programming Topics: x86-64 Code Model.
The register used for syscall parameters are a littlebit different than the normal function call.It uses %rdi, %rsi, %rdx, %r10, %r8 and %r9.You cannot pass more than 6 parameters in syscall, norcan you put the parameters on the stack.
Hello world using printf
Now you know the basics of assembly. A hello worldexample using printf should be trivial to read:
Conclusion
The 64 bit assembly looks more vague than the tutorialswritten in X86 assembly. Once you know these basic differences,it's easy for you to learn assembly in depth on your own,even if the material is designed for x86. I highly recommendthe book 'Programming from the ground up'. It is well writtenfor self study purpose.
References
Machine Gun Gardener Mac Os X
- OS X Assembler Reference Assembler Directives
- Book: Programming from the ground up.
