`js` and `jb` instructions in assembly
There exists a handy table that does explain very well which Jcc instruction to use: Jump conditions and flags:
There exists a handy table that does explain very well which Jcc instruction to use: Jump conditions and flags:
bx stands for branch and exchange instruction set Which means that according to the lsb (least significant bit) of the address to branch to, the processor will treat the next instruction as ARM or as thumb. As lr usually holds the return address, it means that this is a return from a function, and if the lsb of lr is 1, it … Read more
I hope it’s obvious that phase4 is checking that the first number is in the range 0..14 inclusive (see lines +44..+57) Then it invokes func4 with three arguments: the first number entered, 0 and 14 (lines +62..+85). Next it checks that the return value is 0x25 (37 decimal) on line +90 and that the second … Read more
jz is “jump if zero”. cmp subtracts its two operands, and sets flags accordingly. (See here for reference.) If the two operands are equal, the subtraction will result in zero and the ZF flag will be set. So in your sample, the jump will be taken if al was 1, not taken otherwise.
LEA (load effective address) just computes the address of the operand, it does not actually dereference it. Most of the time, it’s just doing a calculation like a combined multiply-and-add for, say, array indexing. In this case, it’s doing a simple numeric subtraction: leal -4(%ebp), %eax just assigns to the %eax register the value of … Read more
From the GAS-manual: An Intel syntax indirect memory reference of the form is translated into the AT&T syntax where base and index are the optional 32-bit base and index registers, disp is the optional displacement, and scale, taking the values 1, 2, 4, and 8, multiplies index to calculate the address of the operand. (https://sourceware.org/binutils/docs/as/i386_002dMemory.html#i386_002dMemory) … Read more
I’m following these lessons from OpenSecurityTraining. I’ve reached the lab part where I’ve to train myself on a CMU Bomb. They provide a x86_64 compiled CMU Bomb that you can find here to train on : CMU Bomb x86-64 originally from a 32-bit bomb from CMU Labs for Computer Systems: A Programmer’s Perspective (CS:APP) 1st … Read more
In NASM / Intel syntax, mov r64, 0x… picks a MOV encoding based on the constant. There are four to choose from with immediate operands: 5 byte mov r32, imm32. (zero-extended to fill the 64-bit register like always). AT&T: mov/movl 6+ byte mov r/m32, imm32. only useful for memory destinations. AT&T: mov/movl 7+ byte mov r/m64, sign-extended-imm32. Can store 8 bytes to memory, or set … Read more
You’ve got this back-to-front. It is a store, so it is used:
If your modulus / divisor is a known constant, and you care about performance, see this and this. A multiplicative inverse is even possible for loop-invariant values that aren’t known until runtime, e.g. see https://libdivide.com/ (But without JIT code-gen, that’s less efficient than hard-coding just the steps necessary for one constant.) Never use div for known powers of 2: it’s much slower than and for remainder, … Read more