diff options
Diffstat (limited to 'docs/re/arch_x86.txt')
| -rw-r--r-- | docs/re/arch_x86.txt | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/docs/re/arch_x86.txt b/docs/re/arch_x86.txt index 5d526b2..85cf22f 100644 --- a/docs/re/arch_x86.txt +++ b/docs/re/arch_x86.txt @@ -105,3 +105,63 @@ The function return value is stored in the a register. Stack pointer register: rsp Base pointer register: rbp Return value in: rax + + + +Specific Callouts +============================================================ + +TEST vs. CMP +------------ +CMP subtracts operands and sets internal flags. Among these, it sets the +zero flag if the difference is zero (operands are equal). + +TEST sets the zero flag (ZF) when the result of the AND operation is zero. If +the two operands are equal, their bitwise AND is zero only when the operands +themselves are zero. TEST also sets the sign flag (SF) when the most +significant bit is set in the result, and the parity flag (PF) when the number +of set bits is even. + +JE (alias of JZ) tests the zero flag and jumps if it is set. This creates the +following equivalencies: + +test eax, eax +je <somewhere> ----> if (eax == 0) {} + +cmp eax, ebx +je <somewhere> ----> if (eax == ebx) {} + + +REP prefix +---------- +The "rep" prefix on a string instruction repeats that string instruction for CX +block loads. + +e.g. STOS is "Store String" +It will store the value in AX at the address in RDI +(technically, STOSB, STOSW, STOD, and STOSQ use AL, AX, EAX, and RAX respectively) +If RCX = 0x20, RDI = some buffer, and RAX = 0, + +`rep stosq` is equivalent to: + +``` +buf_ptr = buf +for(i = 0x20; i != 0; i--) + *buf_ptr = 0; + buf_ptr++; +``` + + +LOOP instruction +---------------- +#from stack overflow: +#https://stackoverflow.com/questions/46881279/how-exactly-does-the-x86-loop-instruction-work + +LOOP is exactly like `dec ecx / jnz`, except it doesn't set flags. + +It's like the bottom of a `do {} while (--ecx != 0);` loop in C. If execution +enters the loop with ecx=0, wrap-around means the loop will run 2**32 times +(2**64 times in 64-bit mode). + +Unlike `rep movsb/stosb/etc`, it doesn't check for ecx=0 before decrementing, +only after. |