Monthly Archives: July 2010

push instruction.. push %rbx

| push instruction | (gdb) disass Dump of assembler code for function _IO_default_uflow: 0x00007f7c1e9964d0 : mov 0xd8(%rdi),%rax => 0x00007f7c1e9964d7 : push %rbx 0x00007f7c1e9964d8 : mov %rdi,%rbx 0x00007f7c1e9964db : callq *0x20(%rax) 0x00007f7c1e9964de : cmp $0xffffffffffffffff,%eax 0x00007f7c1e9964e1 : je 0x7f7c1e9964f2 0x00007f7c1e9964e3 : mov 0x8(%rbx),%rdx 0x00007f7c1e9964e7 : movzbl (%rdx),%eax 0x00007f7c1e9964ea : add $0x1,%rdx 0x00007f7c1e9964ee : mov %rdx,0x8(%rbx) 0x00007f7c1e9964f2 …

Continue reading “push instruction.. push %rbx”

modify all segment registers except ..(CS)

software | Windows | In computing, a code segment, also known as a text segment or simply as text, is a phrase used to refer to a portion of memory or of an object file that contains executable instructions. source : http://en.wikipedia.org/wiki/Code_segment Note that code may always modify all segment registers except CS (the code …

Continue reading “modify all segment registers except ..(CS)”

eip in 32-bit mode and rip in 64-bit mode

ABOUT Processor Register In computer architecture, a processor register is a quickly accessible location available to a computer’s central processing unit (CPU). Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. Registers are typically addressed by mechanisms other than main memory, …

Continue reading “eip in 32-bit mode and rip in 64-bit mode”

eip in 32-bit mode,, and rip in 64-bit mode

software | Windows | The instruction pointer is called ip in 16-bit mode, eip in 32-bit mode,, and rip in 64-bit mode. The instruction pointer register points to the memory address which the processor will next attempt to execute; it cannot be directly accessed in 16-bit or 32-bit mode, but a sequence like the following …

Continue reading “eip in 32-bit mode,, and rip in 64-bit mode”

The Intel IA32 processors have a base pointer..

software | Windows | The Intel IA32 processors have a base pointer register called EBP . The EBP register is typically set to the value of the ESP register at the beginning of a procedure, and used to address the procedure arguments and locally allocated variables throughout the procedure. Thus, the arguments are located at …

Continue reading “The Intel IA32 processors have a base pointer..”

Register EDI holds the bit offset …

software | Windows | EDI: The Destination Index Every loop that generates data must store the result in memory, and doing so requires a moving pointer. The destination index, EDI, is that pointer. The destination index holds the implied write address of all string operations. The most useful string instruction, remarkably enough, is the seldom-used …

Continue reading “Register EDI holds the bit offset …”

16 bits into the segment register…(GS)

software | Windows | These instructions read a full pointer from memory and store it in the selected segment register:register pair. The full pointer loads 16 bits into the segment register SS, DS, ES, FS, or GS source : http://pdos.csail.mit.edu/6.828/2008/readings/i386/LGS.htm software |GNU/Linux| (gdb) info registers rax 0xfffffffffffffdfc -516 rbx 0x5dc 1500 rcx 0xffffffffffffffff -1 rdx …

Continue reading “16 bits into the segment register…(GS)”