Merge branch 'malf-braekerctf-2024'HEADmaster

* malf-braekerctf-2024:
  Writeup BraekerCTF 2024 / e
  Writeup BraekerCTF 2024 / Eye Doctor
  Add image convolution topic doc
  Add x86 loop instruction callout
  Merge x86 tips into architecture topic doc
  BraekerCTF 2024 results

3 files changed, 60 insertions, 35 deletions

diff --git a/docs/re/arch_x86.txt b/docs/re/arch_x86.txt
index 5d526b2..85cf22f 100644
--- a/docs/re/arch_x86.txt
+++ b/docs/re/arch_x86.txt
@@ -105,3 +105,63 @@ The function return value is stored in the a register.
     Stack pointer register: rsp
     Base pointer register:  rbp
     Return value in:        rax
+
+
+
+Specific Callouts
+============================================================
+
+TEST vs. CMP
+------------
+CMP subtracts operands and sets internal flags.  Among these, it sets the
+zero flag if the difference is zero (operands are equal).
+
+TEST sets the zero flag (ZF) when the result of the AND operation is zero.  If
+the two operands are equal, their bitwise AND is zero only when the operands
+themselves are zero.  TEST also sets the sign flag (SF) when the most
+significant bit is set in the result, and the parity flag (PF) when the number
+of set bits is even.
+
+JE (alias of JZ) tests the zero flag and jumps if it is set.  This creates the
+following equivalencies:
+
+test eax, eax
+je <somewhere>          ---->           if (eax == 0) {}
+
+cmp eax, ebx
+je <somewhere>          ---->           if (eax == ebx) {}
+
+
+REP prefix
+----------
+The "rep" prefix on a string instruction repeats that string instruction for CX
+block loads.
+
+e.g.  STOS is "Store String"
+It will store the value in AX at the address in RDI
+(technically, STOSB, STOSW, STOD, and STOSQ use AL, AX, EAX, and RAX respectively)
+If RCX = 0x20, RDI = some buffer, and RAX = 0,
+
+`rep stosq` is equivalent to:
+
+```
+buf_ptr = buf
+for(i = 0x20; i != 0; i--)
+    *buf_ptr = 0;
+    buf_ptr++;
+```
+
+
+LOOP instruction
+----------------
+#from stack overflow:
+#https://stackoverflow.com/questions/46881279/how-exactly-does-the-x86-loop-instruction-work
+
+LOOP is exactly like `dec ecx / jnz`, except it doesn't set flags.
+
+It's like the bottom of a `do {} while (--ecx != 0);` loop in C.  If execution
+enters the loop with ecx=0, wrap-around means the loop will run 2**32 times
+(2**64 times in 64-bit mode).
+
+Unlike `rep movsb/stosb/etc`, it doesn't check for ecx=0 before decrementing,
+only after.
diff --git a/docs/re/rep_prefix.txt b/docs/re/rep_prefix.txt
deleted file mode 100644
index 23e0cec..0000000
--- a/docs/re/rep_prefix.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-The "rep" prefix on a string instruction repeats that string instruction for CX block loads.
-e.g.
-STOS is "Store String"
-It will store the value in AX at the address in RDI
-(technically, STOSB, STOSW, STOD, and STOSQ use AL, AX, EAX, and RAX respectively)
-If RCX = 0x20, RDI = some buffer, and RAX = 0,
-
-`rep stosq`
-
-is equivalent to:
-
-```
-buf_ptr = buf
-for(i = 0x20; i != 0; i--)
-    *buf_ptr = 0;
-    buf_ptr++;
-```
-
diff --git a/docs/re/test_v_cmp.txt b/docs/re/test_v_cmp.txt
deleted file mode 100644
index c98424f..0000000
--- a/docs/re/test_v_cmp.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-CMP subtracts operands and sets internal flags.  Among these, it sets the
-zero flag if the difference is zero (operands are equal).
-
-TEST sets the zero flag (ZF) when the result of the AND operation is zero.  If
-the two operands are equal, their bitwise AND is zero only when the operands
-themselves are zero.  TEST also sets the sign flag (SF) when the most
-significant bit is set in the result, and the parity flag (PF) when the number
-of set bits is even.
-
-JE (alias of JZ) tests the zero flag and jumps if it is set.  This creates the
-following equivalencies:
-
-test eax, eax
-je <somewhere>          ---->           if (eax == 0) {}
-
-cmp eax, ebx
-je <somewhere>          ---->           if (eax == ebx) {}