BEAUTY AND PLAY
/* Jeffrin Jose <jeffrin@rocketmail.com> Licensed GPL v3 Copyright 2010
GPL --> http://www.gnu.org/copyleft/gpl.html */
#include<stdio.h>
main ()
{
int number,b;
printf ("Enter a Number \n");
scanf("%d",&number);
b=100%number;
printf("\n The Remainder with 100 = %d ",b);
getch();
}
7c901227 c9 leave 7c901228 c20400 ret 4 7c90122b 90 nop 7c90122c 90 nop 7c90122d 90 nop 7c90122e 90 nop 7c90122f 90 nop ntdll!DbgBreakPoint: 7c901230 cc int 3
Program : "notepad" on Windows.
LEAVE -- High Level Procedure Exit LEAVE reverses the actions of the ENTER instruction. By copying the frame pointer to the stack pointer, LEAVE releases the stack space used by a procedure for its local variables. source : http://www.cs.uaf.edu/~cs301/notes/Chapter9/node11.html source : http://d3s.mff.cuni.cz/~ceres/sch/osy/text/ch03s02s02.php source : http://pdos.csail.mit.edu/6.858/2010/readings/i386/ENTER.htm source : http://pdos.csail.mit.edu/6.858/2010/readings/i386/LEAVE.htm
7c901042 c20400 ret 4 7c901045 52 push edx 7c901046 e8447f0100 call ntdll!RtlpWaitForCriticalSection (7c918f8f) 7c90104b 648b0d18000000 mov ecx,dword ptr fs:[18h] 7c901052 8b542404 mov edx,dword ptr [esp+4] 7c901056 ebc4 jmp ntdll!RtlEnterCriticalSection+0x17 (7c90101c) 7c901058 8da42400000000 lea esp,[esp] 7c90105f 8d9b00000000 lea ebx,[ebx] 7c901065 8b4124 mov eax,dword ptr [ecx+24h] 7c901068 39420c cmp dword ptr [edx+0Ch],eax 7c90106b 751b jne ntdll!RtlEnterCriticalSection+0x80 (7c901088) 7c90106d f0ff4204 lock inc dword ptr [edx+4] 7c901071 ff4208 inc dword ptr [edx+
VLC Media Player (windows version).
The RET instruction can be used to execute three different types of returns: Near return A return to a calling procedure within the current code segment (the segment currently pointed to by the CS register), sometimes referred to as an intrasegment return. Far return A return to a calling procedure located in a different segment than the current code segment, sometimes referred to as an intersegment return. Inter-privilege-level far return A far return to a different privilege level than that of the currently executing program or procedure. source : http://siyobik.info/index.php?module=x86&id=280
Dump of assembler code for function *__GI___poll: 0x00007f73ec2120b0 : sub $0x28,%rsp 0x00007f73ec2120b4 : mov 0x29c52e(%rip),%eax # 0x7f73ec4ae5e8 0x00007f73ec2120ba : test %eax,%eax 0x00007f73ec2120bc : jne 0x7f73ec2120d5 0x00007f73ec2120be : movslq %edx,%rdx 0x00007f73ec2120c1 : mov $0x7,%eax 0x00007f73ec2120c6 : syscall 0x00007f73ec2120c8 : cmp $0xfffffffffffff000,%rax 0x00007f73ec2120ce : ja 0x7f73ec212121 0x00007f73ec2120d0 : add $0x28,%rsp 0x00007f73ec2120d4 : retq 0x00007f73ec2120d5 : mov %edx,0x8(%rsp) 0x00007f73ec2120d9 : mov %rsi,0x10(%rsp) 0x00007f73ec2120de : mov %rdi,0x18(%rsp) 0x00007f73ec2120e3 : callq 0x7f73ec229b50 0x00007f73ec2120e8 : mov 0x8(%rsp),%edx 0x00007f73ec2120ec : mov %eax,%r8d 0x00007f73ec2120ef : mov 0x10(%rsp),%rsi 0x00007f73ec2120f4 : mov 0x18(%rsp),%rdi 0x00007f73ec2120f9 : mov $0x7,%eax 0x00007f73ec2120fe : movslq %edx,%rdx 0x00007f73ec212101 : syscall
Downloading Using a Torrent File.
file: gnewsense-livecd-deltah-i386-2.3.iso | | size: 643,176,448 (613.38 MiB) | | dest: /home/jeffrin/Downloads/gnewsense-livecd-deltah-i386-2.3.iso | | progress: ##_______________________________________________________________________________________________________________ | | status: finishing in 1:32:50 (1.9%) | | dl speed: 112.3 KB/s | | ul speed: 0.0 KB/s | | sharing: 0.000 (0.0 MB up / 11.8 MB down) | | seeds: 11 seen now, plus 0.018 distributed copies | | peers: 0 seen now, 0.0% done at 1382.9 kB/s
In the x86 assembly language, the TEST instruction performs a bitwise AND on two operands. The flags SF, ZF, PF, CF, OF and AF are modified while the result of the AND is discarded. There are 9 different opcodes for the TEST instruction depending on the type and size of the operands. It can compare 8bit, 16bit or 32bit values. It can also compare registers, immediate values and register indirect values.[1] source : http://en.wikipedia.org/wiki/TEST_(x86_instruction)
(gdb) disass Dump of assembler code for function fputs_unlocked: 0xb7788c30 : push %ebp 0xb7788c31 : mov %esp,%ebp 0xb7788c33 : sub $0x1c,%esp 0xb7788c36 : mov %ebx,-0xc(%ebp) 0xb7788c39 : call 0xb773daaf 0xb7788c3e : add $0xe13b6,%ebx 0xb7788c44 : mov %edi,-0x4(%ebp) => 0xb7788c47 : mov 0x8(%ebp),%edi 0xb7788c4a : mov %esi,-0x8(%ebp) 0xb7788c4d : mov 0xc(%ebp),%esi 0xb7788c50 : mov %edi,(%esp) 0xb7788c53 : call 0xb779a530 0xb7788c58 : mov %eax,%edx 0xb7788c5a : mov -0x10c(%ebx),%eax 0xb7788c60 : test %eax,%eax 0xb7788c62 : je 0xb7788cbb 0xb7788c64 : mov 0x68(%esi),%eax 0xb7788c67 : test %eax,%eax 0xb7788c69 : je 0xb7788c88 0xb7788c6b : cmp $0xffffffff,%eax 0xb7788c6e : je 0xb7788c8f 0xb7788c70 : mov $0xffffffff,%eax
$ yes 1 . . 1 1 1 1 1 1 1 . .
The Jump if Equal (je) instruction jumps if the zero flag is set. source : http://stackoverflow.com/questions/147173/x86-assembly-testl-eax-against-eax
(gdb) disass Dump of assembler code for function __kernel_vsyscall: 0xb77bd414 : push %ecx 0xb77bd415 : push %edx 0xb77bd416 : push %ebp 0xb77bd417 : mov %esp,%ebp 0xb77bd419 : sysenter 0xb77bd41b : nop 0xb77bd41c : nop 0xb77bd41d : nop 0xb77bd41e : nop 0xb77bd41f : nop 0xb77bd420 : nop 0xb77bd421 : nop 0xb77bd422 : jmp 0xb77bd417 => 0xb77bd424 : pop %ebp 0xb77bd425 : pop %edx 0xb77bd426 : pop %ecx 0xb77bd427 : ret End of assembler dump. (gdb)
A "ping" to a website . </pre
Explanation
A jmp instruction unconditionally jumps to a specific memory location.
#!/usr/bin/php # Author : Jeffrin # jeffrin@rocketmail.com # License GNU GPL V3 # usage : php subtraction.php <?php $f='1'; $s='1'; echo $f - $s ; echo "\n"; ?>
$./divide.php # Author : Jeffrin # jeffrin@rocketmail.com # License GNU GPL V3 # usage : php divide.php 1 $
(gdb) disass Dump of assembler code for function __select_nocancel: 0x00007f31a021e889 : mov %rcx,%r10 0x00007f31a021e88c : mov $0x17,%eax 0x00007f31a021e891 : syscall => 0x00007f31a021e893 : cmp $0xfffffffffffff001,%rax 0x00007f31a021e899 : jae 0x7f31a021e8cf 0x00007f31a021e89b : retq End of assembler dump.
$wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.34.1.tar.bz2 --2010-07-24 01:33:15-- http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.34.1.tar.bz2 Resolving www.kernel.org... 149.20.20.133, 199.6.1.164, 204.152.191.37, ... Connecting to www.kernel.org|149.20.20.133|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 67658955 (65M) [application/x-bzip2] Saving to: `linux-2.6.34.1.tar.bz2' 20% [====================> ] 1,39,62,209 43.9K/s eta 26m 16s
Jcc Instruction for Unsigned Comparisons JAE Jump if above or equal (>=) Carry = 0 JNC, JNB JNAE This instruction jumps to a address if the value of CF(conditional flag) is equal to or above zero. source : 1. http://faydoc.tripod.com/cpu/jae.htm 2. http://www.arl.wustl.edu/~lockwood/class/cs306/books /artofasm/Chapter_6/CH06-5.html
[youtube=http://www.youtube.com/watch?v=oJmZJlLF2yo&hl=en_US&fs=1&rel=0]
The files addition/subtraction .php was executed after making it executable using chmod command and adding #!/usr/bin/php as the first line of each files.
#!/usr/bin/php # Author : Jeffrin # jeffrin@rocketmail.com # License GNU GPL V3 # usage : php subtraction.php <?php $f='1'; $s='1'; echo $f - $s ; echo "\n"; ?>
$./subtraction.php # Author : Jeffrin # jeffrin@rocketmail.com # License GNU GPL V3 # usage : php subtraction.php 0 $