x86-64

2019-2020-1 20175320 《信息安全系统设计基础》第五周学习总结 一、教材学习内容总结 本周我们了解了在计算机系统中程序的机器级表示。通过反汇编器可以将机器码转化为类似汇编代码的格式，而该章节内容的主要介绍了在x86-64中的汇编指令以及汇编指令与c代码之间的转化。虽然同样是汇编，但与我们上学期学习的8086中的汇编语句有着一定的区别，以下是本章节需要注意的内容： objdump命令：通过 objdump -d 文件名+后缀 可以将机器码转化为汇编代码，这是进行分析的重要前提条件。 寄存器的前缀不同，对应的存储长度不同。%r是64位、%e是32位、%是16位及以下的寄存器，在进行算术和逻辑操作时，必须通过前缀选择正确长度的寄存器。 操作数有多种寻址方式，我们需要熟悉各种虚拟地址的寻址方式。 x86-64中的数据传送指令以及各种算术和逻辑操作指令的两个操作数的关系相较于8086是相反的，这是与8086最大的区别。 各种操作指令可以通过后缀来指定数据的位数，或者进行数据长度之间的转换，但操作指令规定的长度一定要与寄存器长度相匹配，比如movq、movabsq、movswl等指令。 在使用mov指令时，不可以两个操作数同为存储器，且立即数不能作为目的地址。 在x86-64中，栈操作指令总是以四字作为出以及入栈的单位。 在移位操作中，左移与右移的效果有所区别

I recall that one of the interesting features of the initial P4 micro-architecture was it's double-pumped ALU . I think Intel called it something like the Rapid Execution Unit , but basically it meant that each execution unit in the ALU was effectively running at twice the frequency, and could handle two simple ALU operations in a single cycle, even if they were dependent . This feature disappeared at some point (before or at the same time as the P4), but was there ever a 64-bit P4 with a double dumped ALU? The 64-bit variants of the P4 came out in 2004, about four years after the initial 32

I realize the title's a bit convoluted, so let me explain what I'm trying to do: I just finished writing a simple DLL injector for a proof of concept I'm trying to write. The program takes a snapshot of the current processes, enumerates the process tree, and injects a DLL into its direct parent process. Now, under ideal conditions, that works fine: the 32-bit version of the injector can inject into 32-bit parent processes, and the 64-bit version of the injector can inject into the 64-bit parent processes. What I'm now looking to do, though, is to inject a 32-bit DLL into 32-bit parent process

Consider inline assembly like this: uint64_t flags; asm ("pushf\n\tpop %0" : "=rm"(flags) : : /* ??? */); Nonwithstanding the fact that there is probably some kind of intrinsic to get the contents of RFLAGS, how do I indicate to the compiler that my inline assembly clobbers one quadword of memory at the top of stack? As far as I am concerned, this is currently not possible. 来源： https://stackoverflow.com/questions/39160450/how-do-i-tell-gcc-that-my-inline-assembly-clobbers-part-of-the-stack

So I'm learning x86_64 nasm assembly on my mac for fun. After hello world and some basic arithmetic, I tried copying a slightly more advanced hello world program from this site and modifying it for 64 bit intel, but I can't get rid of this one error message: hello.s:53: error: Mach-O 64-bit format does not support 32-bit absolute addresses . Here is the command I use to assemble and link: nasm -f macho64 hello.s && ld -macosx_version_min 10.6 hello.o . And here is the relevant line: cmp rsi, name+8 rsi is the register I am using for my index in the loop, and name is a quad word reserved for

I was reading over this question and wondered if the accepted answer might also be a way to determine the architecture. For instance, in asm could I push a WORD onto the stack and then check SP. Compare the new SP to the old SP: Diff of 4 means 32 bit Diff of 8 means 64 bit Am I correct in this thinking? No, because the size of your stack is based on what mode you are running in (real, protected, long/64, vm86, smm, etc), not on the architecture. If your assembly is running in protected mode for instance, your stack will be 32 bits (or 16 if your operands are 16 bits), even if your processor