FAQ Database Discussion Community


Assembly - inline asm - copy from one array to another?

linux,assembly,x86-64,cpu-registers,att
Context : Linux 64. AT&T. GCC 4.8.2 (with -O3 -march=native) The x86_64 abi under my left hand, opened at page 21. The intended C code : So that the intent is made clear, here is the idea : int32_t res[] = {0,0,0,0}; int32_t primo[] = {5,8,50,150}; for (int32_t x =...

x87 double addition don't work

c,assembly,x86-64,att,x87
I defined an assembly function which takes three parameters (int, double, double) which should add two putted double value and return the result of this addition. And I don't know why the below code doesn't work: extern double ftaylor(unsigned int n, double x, double y); int main() { double z...

What's the asm equivalent of replacing a char from a string to a char of another string?

assembly,nasm,x86-64
I'm trying to code strcat to learn assembly. I code on mac osx with nasm using 64 bit assembly, with Intel syntax. Here's my result so far : section .text global _ft_strcat _ft_strcat: mov rax, rdi mov rbx, rsi loop_s1: cmp byte[rax], 0 jz copy_str inc rax jmp loop_s1 copy_str:...

Memory location addressing in ASM

assembly,gdb,x86-64,breakpoints
I'm trying to write self modifying asm code. At some point, I try the following : (NASM compiler) start_of_code: ; ... snip ... cmp byte [rax], 0x66 jae above_label add byte[rax], 0x20 ; ... snip ... above_label: inc rax loop start_of_code gdb shows the following values at start x/8xb $rax...

Reserve bytes in stack: x86 Assembly (64 bit)

assembly,x86-64,cpu-registers
pushq %rbp movq %rsp, %rbp subq $32, %rsp I have big question regarding explanation of "$32" in third instruction. The information from search and blogs specifies that in above third instruction we are reserving certain "bytes" of space for stack. From doc, %rsp is 64 bit register and %esp is...

Callling the brk syscall using inline assembler

x86-64,inline-assembly,syscall
How can I implement brk syscall in x86-64 linux? My code is as follows: Mysyscall(uint64_t n, uint64_t a1){ uint64_t ret; __asm__ __volatile__("movq %0, %%rax\n\t" "movq %1, %%rdi\n\t" "syscall\n" : "=r"(ret) : "g"(n), "g"(a1)); return ret; } Mysyscall(SYS_brk, uint64_t increment); But it is not working. I think I may use wrong...

Call near in amd64

linux,x86-64,elf,disassembling
I am reading the amd64 manual and in the CALL near section it says: For near calls in 64-bit mode, the operand size defaults to 64 bits. The E8 opcode results in RIP = RIP + 32-bit signed displacement and the FF /2 opcode results in RIP = 64-bit offset...

What fpu_xrstor_checking does? extra commentary?

linux-kernel,linux-device-driver,x86-64
I am doing my own version of do_fork() (for many purposes). So, basically, I am copying the process from one place to another, possibly to another machine. Copying the code and pasting it here would be tough. But this explanation should good enough, I believe. My code works most of...

lodsd / stosd assembly instructions : possible errata in reversing book

assembly,x86,x86-64
In page 25 of "Practical Reverse Engineering x86 - x64 ARM, Kernel & Obfuscation" I found an assembly code example retranslated to rough C in which lodsd and stosd instructions "translations" seems inverted. Since I'm fairy new to assembly language I'd like to know if it's really an errata or...

NASM 64-bit OS X Inputted String Overwriting Bytes of Existing Value

osx,assembly,x86,nasm,x86-64
I am trying to write a simple assembly program to add two numbers together. I want the user to be able to enter the values. The problem I am encountering is that when I display a string message and then read a value in, the next time the string is...

NASM: copying a pointer from a register to a buffer in .data

linux,assembly,nasm,x86-64
I am new to asm. I am trying to copy a pointer from a register to a .data variable using NASM, on linux 64-bit. Concider this program: section .data ptr: dq 0 section .text global _start _start: mov [ptr], rsp mov rax, 60 mov rdi, 0 syscall Here I try...

Linux AMD64 call C libary functions from copied assembly

c,linux,assembly,x86-64
How do I call from an memcpy'ed assembly function a C library functions? I'm making an example test code how one can allocate and change memory protection on Linux, AMD64 to run arbitrarily generated code from C. What I done is that I compile an small GAS assembly function along...

Creating array with mmap function. Assembler x86_64 AT&T

linux,assembly,x86-64,mmap,syscall
I want to create an array that will contains for example 4 values Here's my code: mov $32,%rsi # 4 x 8bytes mov $9,%rax mov $0,%rdi mov $0x3,%rdx mov $0x01,%r10 mov $0,%r9 syscall Now I am having a new adress of alocated 32 bytes in rax? When I am trying...

How does the Linux kernel determine ld.so's load address?

linux,linux-kernel,x86-64,elf,dynamic-linking
I know that the dynamic linker uses mmap() to load libraries. I guess it is the kernel who loads both the executable and its .interpreter into the same address space, but how does it determine where? I noticed that ld.so's load address with ASLR disabled is 0x555555554000 (on x86_64) —...

How to display value having RIP relative address in gdb?

assembly,gdb,x86-64
I'd like to display an integer which lays in global.variable+8(%rip) How can I do it? And what exactly does this address mean? It's an address of global.variable + %rip + 8, isn't it?...

What's the GAS equivelent to NASM' DEFAULT REL directive?

assembly,x86-64
Is there a GAS equivalent to NASM's 'DEFAULT REL' directive? I'm trying to port some NASM assembly to GAS and specifically, I'm getting hung up on storage declared with CEXTERN in the original file. The original NASM: SECTION .text cextern pw_8000 ... ... movq m7, [pw_8000] When I assemble the...

Reverse engineer assembly code to c code

c,assembly,reverse-engineering,x86-64,conditional-statements
I think this is actually a pretty simple problem. I have to reverse engineer this assembly code to c code. I'll also provide what I think is going on so you can hopefully point to where I went wrong and I can learn from my mistakes now. .LFBO pushq %rbp...

cpu TLB - tlb full -> next entry is a miss?

unix,x86-64,tlb
Context: x86_64, intel core 2 duo. I searched through the 3 intel doc volumes, and may have missed the right section, hence the question. A tlb can have up to 4096 entries, that is a lot in my book. But that is not that much in a SMP system after...

Assembly less than

assembly,x86-64,att
Im trying to recreate a "less than" function in AMD64 assembly. Like in this case I wanna return 1 if the parameter in %rdi is less then 3. .globl f .type f, @function f: xor %rax, %rax movq %rdi, %r10 cmpq $3, %r10 cmovlq $1, %rax ret I have never...

Gnu assembler gives unexpected memory operand

assembly,x86-64,gnu,gas,yasm
The GNU assembler gives an unexpected memory operand when assembling Intel syntax code. I have reduced my bug to one single lonely line of code, and for the last three days I've tried anything to understand why the GNU assembler yields something that I cannot understand. I know this must...

How should the byte sequence 0x40 0x55 be interpreted by an x86-64 emulator?

assembly,x86-64
I'm working with an emulator, and one of the binary executables I've run across has the following sequence in the beginning of a procedure 40 55 The 40 is a REX prefix, but none of the REX bits are actually set. Section 2.2.1.7 of the Intel software developer's manual states...

What is the compatible subset of Intel's and AMD's x86-64 implementations?

assembly,x86,x86-64
While learning x86-64 assembly, I came across my first incompatibility between Intel 64 and AMD64 implementations of "x86-64": Why does syscall compile in NASM 32 bit output while popa does not compile in 64 bit? syscall is valid in the compatibility mode of one but not the other. Is there...

Assembly coding strdup. Malloc calling in shared library

assembly,shared-libraries,nasm,x86-64
I have a problem, I can't compile my strdup while calling malloc. When I don't call malloc, it compiles my shared library perfectly, so if someone could help me that would be great ! here is my code: BITS 64 DEFAULT REL global my_strdup:function extern malloc my_strdup: [...] call malloc...

Can x86_64 CPU execute two same operations on the same stage of pipeline?

x86,cpu,x86-64,intel,cpu-architecture
As known Intel x86_64 processors are not only pipelined architecture, but also superscalar. This is mean that CPU can: Pipeline - At one clock, execute some stages of one operation. For example, two ADDs in parallel with shifting of stages: ADD(stage1) -> ADD(stage2) -> nothing nothing -> ADD(stage1) -> ADD(stage2)...

Assembly 64-bit invalid effective address

c,assembly,64bit,x86-64,calling-convention
I'm creating a function do be called from C code in asm 64 bit this is the C equivalent function: /* * x and y are two arrays of floats, this function calculates the * distance beetween those two objects */ float dist(float *x, float *y, int length) { float...

How can a single sqrt() runs twice slower than when it was put in a for loop

c,gcc,assembly,x86-64,compiler-optimization
I'm doing an experiment of profiling the time it takes to compute a single sqrt in C code. I have two strategies. One is direct measurement of a single sqrt call and the other is to execute sqrt multiple times in a for loop and then compute the average. The...

Why these “exported” variables are double-defined?

c,binary,reverse-engineering,x86-64,elf
I am testing some 64-bit ELF binaries on x86/Linux. I compiled apache server using gcc, with its default configuration (optimization level O2 I guess). I stripped the httpd binary with strip command, and I use this command to check the exported variables inside the httpd ELF binary. For example, for...

How to build x86 and/or x64 on Windows from command line with CMAKE?

c,visual-studio,cmake,cross-compiling,x86-64
One way to get cmake to build x86 on Windows with Visual Studio is like so: Start Visual Studio Command prompt for x86 Run cmake: cmake -G "NMake Makefiles" \path_to_source\ nmake One way to get cmake to build x64 on Windows with Visual Studio is like so: Start Visual Studio...

When to do or not do INVLPG, MOV to CR3 to minimize TLB flushing

x86,paging,x86-64,virtual-memory,tlb
Prologue I am a operating system hobbyist, and my kernel runs on 80486+, and supports virtual memory already. Starting from 80386, the x86 processor family by Intel and various clones thereof has supported virtual memory with paging. It is well known that when the PG bit in CR0 is set,...

Loop through character of a string in Assembly

assembly,x86-64,yasm
If I have a list of strings, how can I loop through each character of each string? say a list data data db "00000123", NULL, "00000213" how do I go about accessing each member? I know the length of each string is a constant length of 9, and I understand...

fastest way to blit image buffer into an xy offset of another buffer in C++ on amd64 architecture

c++,x86-64,memcpy,blit,libdispatch
I have image buffers of an arbitrary size that I copy into equal-sized or larger buffers at an x,y offset. The colorspace is BGRA. My current copy method is: void render(guint8* src, guint8* dest, uint src_width, uint src_height, uint dest_x, uint dest_y, uint dest_buffer_width) { bool use_single_memcpy = (dest_x ==...

Unknown variable being moved into EAX register

assembly,x86,x86-64
For the following function: void say_hello (void) { char name[5]; gets(name); //this is a unsafe function to use. Results in stack overflow printf("Hello %s\n", name); } I know that rbp+var_5 is the argument for the gets() function and rbp+var_10 is the argument for the printf function. But what is rbp+var_14?...

In x86, why do I have the same instruction two times, with reversed operands?

c,linux,gcc,assembly,x86-64
I am doing several experiments with x86 asm trying to see how common language constructs map into assembly. In my current experiment, I am trying to see specifically how C language pointers map to register-indirect addressing. I have written a fairly hello-world like pointer program: #include <stdio.h> int main (void)...

x64 LAR instruction (Load Access Rights Byte)

assembly,x86,64bit,x86-64,machine-code
This instruction has some confusing modes, here's the table for the 64-bit version on page 862 of the intel x64 manual: Opcode Instruction Description 0F 02 /r LAR r16, r16/m16 r16 ← access rights referenced by r16/m16 0F 02 /r LAR reg, r32/m16 reg ← access rights referenced by r32/m16...

SSE division by integer

assembly,floating-point,x86-64,sse
I am currently working on function, that calculates Taylor approximation of sin(x) function, using C & 64-bit assembly combined (C using asm function). I am moderately new to assembly & low-level programming, and I still don't get few things. Let's call function in C: float taylor(float fi, float n); where...

What is the decoded form of an instruction?

assembly,x86,x86-64,intel
I am reading through "What every computer scientist should know about memory" by Ulrich Drepper. In section 6.2.2, it reads: [...] instructions have to be decoded before they can be executed and, to speed this up (important on x86 and x86-64), instructions are actually cached in the decoded form, not...

Access Violation inside LoadLibrary

c#,windows,assembly,x86-64,calling-convention
I am using CreateRemoteProcess to inject some assembler code into a remote process (64-Bit), which then loads a dll, but I'm getting an C0000005 EXCEPTION_ACCESS_VIOLATION inside of LoadLibraryA for the call that loads my .dll file. Here is the injected assembler code (Addresses are different in the screenshots below, but...

ld: duplicate symbols for architecture x86_64

c++,osx,duplicates,x86-64,symbols
How to solve this problem? Just getting following errors: g++ output: duplicate symbol _game in: /var/folders/w6/yqp0s0t92hl5g842hg8tztfr0000gn/T/main-62666f.o /var/folders/w6/yqp0s0t92hl5g842hg8tztfr0000gn/T/Game-a5a31d.o duplicate symbol _game in: /var/folders/w6/yqp0s0t92hl5g842hg8tztfr0000gn/T/main-62666f.o /var/folders/w6/yqp0s0t92hl5g842hg8tztfr0000gn/T/Write-83f8ee.o It seems like the problem is not in the header files. EDIT: Header files look like this: #ifndef GAME_H #define GAME_H #include "Color.h" #include "Tile.h" class Game...

Does RIP-relative addressing require 16-byte aligned?

assembly,x86,x86-64
The test is on 64-bit/x86 Ubuntu 12.04. With GCC 4.6.3. So basically I am manipulating some x64 assembly code. And I observed that RIP-relative addressing require the absolute address to be 16-byte aligned. Here is an example when debugging using gdb: 0x40f38d <S_0x40F614+61> xorpd 0x84d3(%rip),%xmm0 # 0x417868 <S_0x417DE0> This memory...

Assembler debug of undefined expression

c,assembly,undefined,x86-64
I'm trying to get a better understanding of how compilers produce code for undefined expressions e.g. for the following code: int main() { int i = 5; i = i++; return 0; } This is the assembler code generated by gcc 4.8.2 (Optimisation is off -O0 and I’ve inserted my...

os kern error : “ld: symbol(s) not found for architecture x86_64”

c++,architecture,compiler-errors,x86-64,clang++
I have looked all over Stack Overflow and other websites about this famous error, and all of them are very specific, and in my case I cannot find a solution. I am making an ncurses application and when i try to compile it, it causes the following error: Undefined symbols...

puts implementation in assembly with nasm x86-64

assembly,nasm,x86-64,puts
I'm new to assembly and I'm trying to work on an implementation of the C function puts in assembly with nasm x86-64 on my Ubuntu. Everything was fine until I write the tests for the function: there is a behavior that I can not reproduce: When I send char *str...

Why does x86_64 assembly have odd syscall argument order?

assembly,x86-64,syscall,arm64
According to the syscall man page in the Architecture calling conventions section, it states the various register orders for each architecture syscall arguments. All of them make some sort of logical ordered sense, except x86_64. For example, arm64 uses x0, x1, x2, x3, x4, then x5 in order, which seems...

Reverse Engineering: changing AL register without overwriting instructions

debugging,assembly,executable,reverse-engineering,x86-64
I am trying to learn more about reverse engineering by debugging and patching a 64 bit windows executable. I am using x64dbg (Much like ollydbg but with 64 bit support) I have some assembly that looks roughly like this: call test_exe.44AA9EB20 mov byte ptr ds:[44AB9DA15], al [More instructions...] [More instructions...]...

segmentation fault and hang in assembly code

assembly,x86-64,knuth
I am re-implementing Knuth's program P from Fascicle 1: generate the first 500 primes. The program generates the first 25 primes without problems. That code is below: $ cat progp.S /* print the first 500 primes */ #define n %bx #define j %r12 #define k %r13 #define pk %r14d .data...

Unsigned int to unsigned long long well defined?

c++,assembly,x86,x86-64,unsigned-integer
I wanted to see what was happening behind the scenes when an unsigned long long was assigned the value of an unsigned int. I made a simple C++ program to try it out and moved all the io out of main(): #include <iostream> #include <stdlib.h> void usage() { std::cout <<...

trying to disassemble

assembly,reverse-engineering,x86-64,att
The assignment is to interpret some assembly code to find a phrase that will run without calling "explode bomb". I'm using gdb to disassemble the current phase. I'm stuck and any advice on whether I'm moving in the right direction would be very appreciated. 0x0000000000400fb5 <+0>: sub $0x18,%rsp 0x0000000000400fb9 <+4>:...

x86_64 relative jmp operand

assembly,x86-64
I can't understand how the operand FE FC FF FF results to 0x9e7080. I tried some math sub/add to the current address, because it should be relative jump, but the result still not equal to 0x9e7080. instruction address | bytes | text form L_009E737D | E9 FE FC FF FF...

How to understand the output of objdump, about indirect jmp?

linux,kernel,reverse-engineering,x86-64,disassembling
When objdump -S my_program, usually I can see the following indirect jmp instruction, which is typically used for switch/case jump table: ffffffff802e04d3: ff 24 d5 38 2e 10 81 jmpq *-0x7eefd1c8(,%rdx,8) How to understand the address -0x7eefd1c8? It means the table's base address is 0xffffffff802e04d3 - 0x7eefd1c8? Also, how can...

Assembly - compiler will not see my inline changes?

linux,assembly,x86-64,cpu-registers,att
Context : Linux 64. GCC 4.8.2 (with -O3 -march=native) The x86_64 abi under my left hand, opened at page 21. The C code : int main (int argc, char ** argv) { int16_t h = atoi(argv[1]) ; int16_t p; __asm__ ("mov %2, %0\n\t" "rol $8,%1\n\t" : "=r" (p) /* output...

MASM console window creation troubles (maybe my stack frame??)

winapi,assembly,stack,x86-64,masm
I'm having trouble with the following code snippet. I'm compiling an asm file with a c++ file using visual studio express 2012. I've tried debugging calculating the addresses of the stack pointers and memory locations (still learning assembly obviously), but can't find a fault. (As I'm new it's probably something...

each of 3 ALU+decoders walk on 3 different conditional branches on `switch`/`case` simultaneously?

x86,cpu,x86-64,intel,hyperthreading
As known, on Intel x86_64 the Hyper Threading allow to use shared execution units (ALUs, ...) from different threads simultaneously - this is known as Simultaneous multithreading (SMT). And known, that threads, which executed on Hyper Threading virtual cores, can process different sequences of instructions - code of different processes,...

invalid instruction suffix when assembling x86 assembly with as

assembly,x86,x86-64
I wrote an assembly program that assemble successfully with as --32 when I use pushl and popl in the following code snippet: PrintHelloWorld: movl $10, %ecx PrintTenTimes: pushl %ecx movl $4, %eax movl $1, %ebx leal HelloWorld, %ecx movl $14, %edx int $0x80 popl %ecx loop PrintTenTimes jmp ExitCall But...

Linux 64 bit context switch

linux,assembly,linux-kernel,x86,x86-64
in the switch_to macro in 32 bit mode, there the following code is executed before the __switch_to function is called: asm volatile("pushfl\n\t" /* save flags */ \ "pushl %%ebp\n\t" /* save EBP */ \ "movl %%esp,%[prev_sp]\n\t" /* save ESP */ \ "movl %[next_sp],%%esp\n\t" /* restore ESP */ \ "movl $1f,%[prev_ip]\n\t"...

Assembly 64bit - movl, movq. Interchanging is okay?

assembly,64bit,x86-64,gas,instructions
Context: Learning GAS assembly on 64 bit linux. Many tutorials are for 32-bit assembly. Difficult to bushwhack through x86_64 assembly. Question: When I compile a c program with gcc, I still see some %eax and movl. I mostly play with int32_t. But I thought that one had to use the...

Preserving Registers?

c,linux,assembly,gdb,x86-64
Okay, so in C code, I have it looping through the command line arguments and printing each one out. I compiled it and opened it in GDB to see what the main function looks like because I was attempting to do the same thing in assembly. I ended up figuring...

Useless jp / jnp assembly instruction on x86_64

c,assembly,llvm,x86-64,instructions
I'm trying to figure out what purpose jp/jnp instructions serve in LLVM-generated C code. Sample: int main(int argc, const char * argv[]) { double value = 1.5; if (value == 1.5) { value = 3.0; } return 0; } Assembly output: Ltmp4: movsd LCPI0_0(%rip), %xmm0 movl $0, -4(%rbp) movl %edi,...

Why does compiler generate additional sqrts in the compiled assembly code

c,gcc,assembly,x86-64,compiler-optimization
I'm trying to profiling the time it takes to compute a sqrt using the following simple C code, where readTSC() is a function to get the number of clock cycles the CPU takes at the point of invocation. double sum = 0.0; int i; tm = readTSC(); for ( i...

function of rdi register during sys_exit syscall

assembly,linux-kernel,x86-64,syscall
I have isolated the sys_exit call to the following instruction on my machine xorq %%rdi, %%rdi /* return value */ movq $60, %%rax syscall What is the purpose of the rdi resister in this case? What is this sys call expected to return? ...

Where does the %rax register come from in this assembly code?

assembly,x86-64
I have the following x86_64 assembly code, and I am supposed to translate it into C code. trace: tp in %rdi movl $0, %eax testq %rdi, %rdi je .L3 .L5: movq (%rdi), %rax movq 16(%rdi), %rdi testq %rdi, %rdi jne .L5 .L3: rep ret My question is, where does the...

What are the sizes allowed for the displacement and scalar multiplier when specifying an address in x86 and x86_64?

assembly,x86,x86-64
In the following example, using AT&T syntax: movq 8(%rdx, %rcx, 4), %rax or using Intel syntax: mov rax, [rdx + 8 + rcx * 4] The "displacement" is 8, and the "scalar multiplier" is 4. What are the size limitations on these immediates in x86? And what are they in...