x86-64

I try to parse all the Calls and Rets from an executable with ptrace. Conforming the the x64opcode , I found opcodes for Calls: 0xe8 and for Rets: 0xc3, 0xc2, 0xca, 0xcb . Since I parsed them I found more Rets than Calls. There is the program I trace: void func() { write(1, "i", 1); } int main(int ac) { func(); return(0); } There is my tracer: int tracer(t_info *info) { int status; long ptr; int ret = 0; int call = 0; waitpid(info->pid, &status, 0); while (WIFSTOPPED(status)) { ptrace(PTRACE_GETREGS, info->pid, NULL, info->regs); ptr = ptrace(PTRACE_PEEKDATA, info->pid, info->regs->rip); if ((

I'm currently learning assembly programming on Intel x86 processor. Could someone please explain to me, what is the difference between MMX and XMM register? I'm very confused in terms of what functions they serve and the difference and similarities between them? MM registers are the registers used by the MMX instruction set, one of the first attempts to add (integer-only) SIMD to x86. They are 64 bit wide and they are actually aliases for the mantissa parts of the x87 registers (but they are not affected by the FPU top of the stack position); this was done to keep compatibility with existing

I know of otool -tv , but I would much rather use the Intel syntax rather than AT&Ts, mainly to easily follow along in a book and not have to look over thousands of % 's and $ 's. I'd also appreciate any tips to where I might find gdb 's config file. EDIT: I forgot: I'm running a 64bit processor, but was wondering if it would be possible to also disassemble into 32 bit assembly? Not only that, but does OSX's gdb 's list command work differently than the standard GNU version? Thanks so much! (Also, if you have any idea where I might find a little disassembler from C -> MIPS, that'd be very fun

I am trying to make sense out of the executable code that GCC (4.4.3) is generating for an x86_64 machine running under Ubuntu Linux. In particular, I don't understand how the code keeps track of stack frames. In the old days, in 32-bit code, I was accustomed to seeing this "prologue" in just about every function: push %ebp movl %esp, %ebp Then, at the end of the function, there would come an "epilogue," either sub $xx, %esp # Where xx is a number based on GCC's accounting. pop %ebp ret or simply leave ret which accomplishes the same thing: Set the Stack Pointer to the top of the current frame