Blog – Page 105 – TRUEANGLE

pop an address from the stack..

GDB shows retq instruction

(gdb) disassemble
Dump of assembler code for function __read_nocancel:
   0x00007fbd743e0e89 :	mov    $0x0,%eax
   0x00007fbd743e0e8e :	syscall
=> 0x00007fbd743e0e90 :	cmp    $0xfffffffffffff001,%rax
   0x00007fbd743e0e96 :	jae    0x7fbd743e0ec9 
   0x00007fbd743e0e98 :	retq
End of assembler dump.
(gdb)

Process Involved

GPL Ghostscript 8.71.
PostScript and PDF language interpreter and previewer.
 A Screen Shot 
GPL Ghostscript 8.71 (2010-02-10)
Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Warning: the map file cidfmap was not found.
GS>

Explanation

retq = pop an address from the stack and go to that address.
it is an AMD64 instruction.


source : people.freebsd.org/~lstewart/references/amd64.pdf
source : http://www.powerbasic.com/support/help/pbwin/html/
          Opcodes_and_Mnemonics.htm

Print With Delay 0.4 (fork step 1)

/* Jeffrin Jose Licensed GPL v3 Copyright August 2010 GPL --> http://www.gnu.org/copyleft/gpl.html */ #include #include #include int main() { int seconds; int i=0,getptr; pid_t pid; char array[20]="Happy Friendship Day"; /* printf("n Happy Friendship Day n"); */ pid=fork(); if (pid == 0) { setenv("PS1","$",1); /* getptr=getenv("PS1"); printf("%s",getptr); */ printf("\n"); for(i=0;i<20;i++) { printf("%c",array[i]); /* for(seconds=0;seconds<100000000;seconds++);*/ /* system("sleep 1s");*/ fflush(stdout); usleep(100000); } printf("\n"); for(i=0;i<20;i++) { printf("%c",'-'); /* for(seconds=0;seconds<100000000;seconds++);*/ /* system("sleep 1s");*/ fflush(stdout); usleep(100000); } printf("\n"); } /* printf("%d",pid); */ return 0; }

Print With Delay 0.3

/* Jeffrin Jose Licensed GPL v3 Copyright August 2010 GPL --> http://www.gnu.org/copyleft/gpl.html */

#include #include int main() { int seconds; int i=0; char array[20]="Happy Friendship Day"; /* printf("n Happy Friendship Day n"); */ for(i=0;i<20;i++) { printf("%c",array[i]); /* for(seconds=0;seconds<100000000;seconds++);*/ /* system("sleep 1s");*/ fflush(stdout); sleep(1); } printf("\n"); for(i=0;i<20;i++) { printf("%c",'-'); /* for(seconds=0;seconds<100000000;seconds++);*/ /* system("sleep 1s");*/ fflush(stdout); usleep(100000); } printf("\n"); return 0; }

CMP . Instruction

WinDbg shows cmp Instruction

7c9011ec 803d94b0977c00  cmp     byte ptr [ntdll!fltused+0x4c (7c97b094)],0
7c9011f3 8b7508          mov     esi,dword ptr [ebp+8]
7c9011f6 8945fc          mov     dword ptr [ebp-4],eax
7c9011f9 0f85d7ec0000    jne     ntdll!RtlInitUnicodeStringEx+0x61 (7c90fed6)
7c9011ff f6461010        test    byte ptr [esi+10h],10h
7c901203 0f84cdec0000    je      ntdll!RtlInitUnicodeStringEx+0x61 (7c90fed6)
7c901209 5e              pop     esi
7c90120a c9              leave
7c90120b c20400          ret     4
ntdll!DbgBreakPoint:
7c90120e cc              int     3

Process Involved

DiskmaX.
Finds and removes unnecessary files that slow down your system.

Explanation

Compares the first source operand with the second source operand and
sets the status flags in the EFLAGS register according to the results.
The comparison is performed by subtracting the second operand from
the first operand and then setting the status flags in the same manner
as the  SUB instruction. When an immediate value is used as an operand,
it is sign-extended to the length of the first operand.

source : http://faydoc.tripod.com/cpu/cmp.htm

Print With Delay 0.2

/* Jeffrin Jose Licensed GPL v3 Copyright August 2010 GPL --> http://www.gnu.org/copyleft/gpl.html */ #include #include int main() { int seconds; int i=0; char array[20]="Happy Friendship Day"; /* printf("n Happy Friendship Day n"); */ for(i=0;i<20;i++) { printf("%c",array[i]); /* for(seconds=0;seconds<100000000;seconds++);*/ /* system("sleep 1s");*/ fflush(stdout); sleep(1); } printf("\n"); return 0; }

fork example.

/* Jeffrin Jose <jeffrin@rocketmail.com> Licensed GPL v3 Copyright August 2010 GPL --> http://www.gnu.org/copyleft/gpl.html */ #include #include main() { /* fork(); */ printf("nhellon"); fork(); printf("n World n"); }

print with delay 0.1

#include #include int main() { int seconds; int i=0; char array[20]="Happy Friendship Day"; /* printf("n Happy Friendship Day n"); */ for(i=0;i<20;i++) { printf("%c",array[i]); /* for(seconds=0;seconds<100000000;seconds++);*/ /* system("sleep 1s");*/ sleep(1); /* Delay not Properly Implemented . FIXME. */ } printf("n"); return 0; }

exclusive OR Instruction :-

GDB shows XOR Instruction

(gdb) disassemble 0x00007f16db50b647
Dump of assembler code for function gtk_main:
   0x00007f16db50b5a0 :	push   %r15
   0x00007f16db50b5a2 :	xor    %edi,%edi
   0x00007f16db50b5a4 :	mov    $0x1,%esi
   0x00007f16db50b5a9 :	push   %r14
   0x00007f16db50b5ab :	push   %r13
   0x00007f16db50b5ad :	push   %r12
   0x00007f16db50b5af :	push   %rbp
   0x00007f16db50b5b0 :	push   %rbx
   0x00007f16db50b5b1 :	sub    $0x38,%rsp
   0x00007f16db50b5b5 :	addl   $0x1,0x4e2af4(%rip)        # 0x7f16db9ee0b0
   0x00007f16db50b5bc :	callq  0x7f16db43d9b0 
   0x00007f16db50b5c1 :	mov    0x4e2ae0(%rip),%rdi        # 0x7f16db9ee0a8
   0x00007f16db50b5c8 :	mov    %rax,%rsi

Process Involved

A Telepathy Application.
IM application and Account Manager called Empathy.

Explanation

Performs a bitwise exclusive OR (XOR) operation on the destination
(first) and source (second) operands and stores the result in the
destination operand location. The source operand can be an immediate,
a register, or a memory location; the destination operand can be a
register or a memory location. (However, two memory operands cannot
be used in one instruction.) Each bit of the result is 1 if the
corresponding bits of the operands are different; each bit is 0 if the
corresponding bits are the same.

source : http://siyobik.info/index.php?module=x86&id=330
source : http://en.wikipedia.org/wiki/XOR_gate

square root = %f


#include<stdio.h>

main() { float x,y; printf("\n Input an Integer :" ); scanf("%f",&x); y=sqrt (x); printf(" square root = %f",y); getch(); }

software interrupt –

WinDbg shows “int” Instruction

ntdll!DbgBreakPoint:
7c901230 cc int 3
7c901231 c3 ret
7c901232 8bff mov edi,edi
ntdll!DbgUserBreakPoint:
7c901234 90 nop
7c901235 90 nop
7c901236 90 nop
7c901237 90 nop
ntdll!DbgBreakPointWithStatus:
7c901238 90 nop
ntdll!DbgUserBreakPoint:
7c901239 cc int 3
7c90123a c3 ret
7c90123b 90 nop
7c90123c 8bff mov edi,edi

7c901230 cc int 3

Process Involved

WinRAR program on windows .

Explanation

INT is an assembly language instruction for x86 processors for
generating a software interrupt. It takes the interrupt number
formatted as a byte value.[1] Depending on the context, compiler or
assembler, a software interrupt number is often given as a hexadecimal
value, sometimes with a prefix 0x or the suffix h (e.g. interrupt 0x21, int
33, or interrupt 21h).
When done in assembly language code, the instruction is written like
this:
INT X
Where X is the software interrupt that should be generated. For
example:
INT 40
Will generate a software interrupt 0x28 (40 in decimal), causing the
function pointed to by the 40th vector in the interrupt table to be
executed.

source : http://en.wikipedia.org/wiki/INT_(x86_instruction)