flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > Why mov [es:rbx],ax complies

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 670
l4m2 14 Dec 2017, 07:40
Code:
use64
mov [es:rbx],ax    
3 bytes
Post 14 Dec 2017, 07:40
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 14 Dec 2017, 07:41
l4m2 wrote:
Why mov [es:rbx],ax complies?
Code:
use64
mov [es:rbx],ax    
3 bytes
Because it is a valid instruction?
Post 14 Dec 2017, 07:41
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 670
l4m2 14 Dec 2017, 08:10
Document say es: is invalid in 64 bit mode. Is there a time when it still work?(like POP CS)
Post 14 Dec 2017, 08:10
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 14 Dec 2017, 08:28
The segment registers are still valid and must point to valid descriptors but the base and limit fields are ignored, only the access rights are used.
Post 14 Dec 2017, 08:28
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 670
l4m2 14 Dec 2017, 08:35
Quote:
(Opcode)07 POP ES (Op/En)ZO (64b)Invalid (compat/leg)Valid (description)Pop top of stack into ES; increment stack
pointer.

Some say Invalid mean ignored and some say throw #UD, not sure which is correct
Post 14 Dec 2017, 08:35
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 14 Dec 2017, 08:49
You posted an ES override. That is different from POP ES. The POP ES instruction might not be valid, but the ES register is valid.
Post 14 Dec 2017, 08:49
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 670
l4m2 14 Dec 2017, 08:59
Quote:
If an instruction uses base registers RSP/RBP and uses a segment override prefix to specify a non-SS segment, a
canonical fault generates a #GP (instead of an #SS). In 64-bit mode, only FS and GS segment-overrides are applicable
in this situation. Other segment override prefixes (CS, DS, ES and SS) are ignored. Note that this also means
that an SS segment-override applied to a “non-stack” register reference is ignored. Such a sequence still produces
a #GP for a canonical fault (and not an #SS)

So here treat ignore as allowed


Oh it seems the ES: is also not complied out
Post 14 Dec 2017, 08:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 14 Dec 2017, 09:11
That is for the stack registers RBP/RSP. For ordinary registers like RBX that paragraph does not apply.
Post 14 Dec 2017, 09:11
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.