assembly

What does bx lr do in ARM assembly language?

bx stands for branch and exchange instruction set Which means that according to the lsb (least significant bit) of the address to branch to, the processor will treat the next instruction as ARM or as thumb. As lr usually holds the return address, it means that this is a return from a function, and if the lsb of lr is 1, it … Read more

[Binary Bomb – Phase 4

I hope it’s obvious that phase4 is checking that the first number is in the range 0..14 inclusive (see lines +44..+57) Then it invokes func4 with three arguments: the first number entered, 0 and 14 (lines +62..+85). Next it checks that the return value is 0x25 (37 decimal) on line +90 and that the second … Read more

Assembly – JZ instruction after CMP

jz is “jump if zero”. cmp subtracts its two operands, and sets flags accordingly. (See here for reference.) If the two operands are equal, the subtraction will result in zero and the ZF flag will be set. So in your sample, the jump will be taken if al was 1, not taken otherwise.

What does the LEAL assembly instruction do?

LEA (load effective address) just computes the address of the operand, it does not actually dereference it. Most of the time, it’s just doing a calculation like a combined multiply-and-add for, say, array indexing. In this case, it’s doing a simple numeric subtraction: leal -4(%ebp), %eax just assigns to the %eax register the value of … Read more

What is the jmpq command doing in this example

From the GAS-manual: An Intel syntax indirect memory reference of the form is translated into the AT&T syntax where base and index are the optional 32-bit base and index registers, disp is the optional displacement, and scale, taking the values 1, 2, 4, and 8, multiplies index to calculate the address of the operand. (https://sourceware.org/binutils/docs/as/i386_002dMemory.html#i386_002dMemory) … Read more

GDB no such file or directory

I’m following these lessons from OpenSecurityTraining. I’ve reached the lab part where I’ve to train myself on a CMU Bomb. They provide a x86_64 compiled CMU Bomb that you can find here to train on : CMU Bomb x86-64 originally from a 32-bit bomb from CMU Labs for Computer Systems: A Programmer’s Perspective (CS:APP) 1st … Read more

Difference between movq and movabsq in x86-64

In NASM / Intel syntax, mov r64, 0x… picks a MOV encoding based on the constant. There are four to choose from with immediate operands: 5 byte mov r32, imm32. (zero-extended to fill the 64-bit register like always). AT&T: mov/movl 6+ byte mov r/m32, imm32. only useful for memory destinations. AT&T: mov/movl 7+ byte mov r/m64, sign-extended-imm32. Can store 8 bytes to memory, or set … Read more

Assembly Language – How to do Modulo?

If your modulus / divisor is a known constant, and you care about performance, see this and this. A multiplicative inverse is even possible for loop-invariant values that aren’t known until runtime, e.g. see https://libdivide.com/ (But without JIT code-gen, that’s less efficient than hard-coding just the steps necessary for one constant.) Never use div for known powers of 2: it’s much slower than and for remainder, … Read more

+ More