assembly

问题 Hey I am having hard time solving my homework. Then x86 processor executes commands EIP register(counter) value increases by 1 byte or by a few bytes depending on command's type. Which instructions we have to use so EIP value may go over 100 bytes? Answers are: JMP | ADD | SUB | PUSH | JNZ | MUL | CALL | JZ As I get the idea, EIP is special case register which we can't use. It's called Extended Instruction Pointer. And to increase it's value over 100 bytes, we need to find how much each

问题 Followup to this I figured out what went wrong in the linked post. The Sigma0 and Sigma1 boxes weren't doing what they should: modulo 2 addition of the rotated versions of either A or E. Basically, it should work like this: Notice that if the number of bits in a position is even the result is 0, if odd it's 1. To do this I made a truth table and karnaugh maps: LINK I simplified the resulting expression to !A!BC + A(B XNOR C) And I tried to apply it to Sigma0 and Sigma1. But it's not working.

问题 I am working through Richard Detmer's Assembly Language book. The first chapter states: A borrow occurs in the subtraction a - b when b is larger than a as unsigned numbers. Computer hardware can detect a borrow in subtraction by looking at whether a carry occurred in the corresponding addition. If there is no carry in the addition, then there is a borrow in the subtraction. If there is a carry in the addition, then there is no borrow in the subtraction. The carry flag is the 0th bit of the

问题 I am working through Richard Detmer's Assembly Language book. The first chapter states: A borrow occurs in the subtraction a - b when b is larger than a as unsigned numbers. Computer hardware can detect a borrow in subtraction by looking at whether a carry occurred in the corresponding addition. If there is no carry in the addition, then there is a borrow in the subtraction. If there is a carry in the addition, then there is no borrow in the subtraction. The carry flag is the 0th bit of the

问题 I am working through Richard Detmer's Assembly Language book. The first chapter states: A borrow occurs in the subtraction a - b when b is larger than a as unsigned numbers. Computer hardware can detect a borrow in subtraction by looking at whether a carry occurred in the corresponding addition. If there is no carry in the addition, then there is a borrow in the subtraction. If there is a carry in the addition, then there is no borrow in the subtraction. The carry flag is the 0th bit of the

问题 How to log CPU instructions executed by program with x64dbg? I saw https://reverseengineering.stackexchange.com/questions/18634/x64dbg-see-the-current-position question, but I can't find the way to log instructions. 回答1: As far as I understand - you want to log all the executed instructions. The easiest would be to log them in the file. To do this you need to: Pause the program, either via Pause option (F12) or using breakpoints Select Trace menu and then Trace into... (Ctrl+Alt+F7) or Trace

问题 To write a complete program in 32-bit assembly language using MASM one may start like this, .686 .model flat,c .stack 100h .data number sdword 5 .code main proc mov eax,number ret main endp end main whereas in 64-bit mode the code is written as .data number sdword 5 .code main proc mov eax,number ret main endp end The settings are set to default which led to occur an error while assembling in a 64-bit mode not because the platform is set to Win32, but instead the default entry point

问题 I'm profiling an application using Intel VTune, and there is one particular hotspot where I'm copying a __m128i member variable in the copy constructor of a C++ class. VTune gives this breakdown: Instruction CPU Time: Total CPU Time: Self Block 1: vmovdqa64x (%rax), %xmm0 4.1% 0.760s add $0x10, %rax 46.6% 8.594s Block 2: vmovapsx %xmm0, -10x(%rdx) 6.5% 1.204s (If it matters, compiler is gcc 7.4.0) I admit I'm an assembly noob, but it's very surprising that one particular add instruction is

问题 I was experimenting with the NASM assembler, when I came across a problem: mov (sp),bx mov [sp],bx The first instruction is assembled properly while the second one is not, and gives me the error: error: invalid effective address Why is this? What's the difference between the two? 回答1: (%sp) would be an AT&T syntax addressing mode. (Invalid because 16-bit addressing modes can't use SP directly, only BP|BX + SI|DI NASM x86 16-bit addressing modes; that's also the reason mov [sp], bx is invalid.

问题 I was reading a text book saying: It is important to note how machine code distinguishes between signed and unsigned values. Unlike in C, it does not associate a data type with each program value. Instead, it mostly uses the same (assembly)instructions for the two cases, because many arithmetic operations have the same bit-level behavior for unsigned and two’s-complement arithmetic. I don't understand what it means, could anyone provide me an example? 回答1: For example, this code: int main() {