Index
> Windows > Sequence of calls |
| Author |
|
|
macomics 01 May 2025, 20:12
I came across this sequence of calls in the Windows code.
Code: call @last @0: add rsp, 8 call @end @1: add rsp, 8 call @0 @2: add rsp, 8 call @1 @3: add rsp, 8 call @2 ; ... @last: add rsp, 8 call @last-1 @end: ... By the way, this sequence is also present in the user code, not just in the kernel. For example, at the end of the FindWindow function.
|
|||||||||||
01 May 2025, 20:12 |
|
|
macomics 01 May 2025, 21:25
Delays? Then why is it in FindWindow when Microsoft is chasing speed?
One more question. Why then are the calls executed towards smaller addresses rather than just sequentially? ADD: If you're interested, DeepSeek says it's left for debugging. But he's just lying because he doesn't know.
|
|||||||||||
|
01 May 2025, 21:25 |
|
|
bitRAKE 01 May 2025, 21:48
I too have more questions.
Perhaps it is related to CET, or some processor errata? The ordering could be to prevent optimization by the processor - a more consistent delay. macomics wrote: when Microsoft is chasing speed? |
|||
|
01 May 2025, 21:48 |
|
|
macomics 01 May 2025, 22:00
bitRAKE wrote: News to me! I'm not very good with YouTube here, but I'll try to find you a video of their ads with these mentions. ADD: In my discussion here, they express the opinion that this may be Indirect Brench Prediction Barrier (IBPB). |
|||
|
01 May 2025, 22:00 |
|
|
bitRAKE 01 May 2025, 22:07
(GPT-o3) It's “RSB stuffing” part of the Spectre v2 / Spectre-RSB mitigation.
GPT-o3 wrote: Independent mitigations are toggled a few lines earlier (IA32_SPEC_CTRL, IA32_PRED_CMD IBPB, etc.). These cover indirect-branch prediction; the RSB stuffing specifically protects ret prediction. ... also effects AMD. |
|||
|
01 May 2025, 22:07 |
|
|
revolution 02 May 2025, 02:08
macomics wrote: One more question. Why then are the calls executed towards smaller addresses rather than just sequentially? Plus, it really doesn't matter. The purpose (whatever it is) was achieved, no need to waste time massaging it further for no benefit. And the programmer had to move on to placing ever more telemetry into Windows to make the line go up. |
|||
|
02 May 2025, 02:08 |
|
|
AsmGuru62 02 May 2025, 03:57
Maybe it is a stack alignment.
Any CALL opcode will cause misalignment by 8 bytes. So, they align before the next call. Just want to make any CALL when stack is aligned. However, to align stack, PUSH RAX is shorter than ADD RSP,8. |
|||
|
02 May 2025, 03:57 |
|
|
revolution 02 May 2025, 04:04
AsmGuru62 wrote: Maybe it is a stack alignment. Note: "push reg" and "add rsp,8" adjust the stack in opposite directions! You would need to use "pop reg" but that corrupts a register. |
|||
|
02 May 2025, 04:04 |
|
|
revolution 02 May 2025, 04:23
So the whole thing can be reduced to two lines in fasm?
Code: rept 6 { call $+5 } add rsp, 8 * 6 |
|||
|
02 May 2025, 04:23 |
|
|
bitRAKE 02 May 2025, 09:04
The most thorough documentation I've found is:
https://blogs.oracle.com/linux/post/understanding-spectre-v2-mitigations-on-x86 In the references we can find how Linux handles it a little different. Also, relevant links to Intel/AMD related documentation and recommendations. If the code comments are to be believed, some testing was performed at Google which reduced the implementation used by Linux to an effective minimal instruction sequence. Of course, this differs from the recommendations of Intel and AMD - which differ from each other. |
|||
|
02 May 2025, 09:04 |
|
|
revolution 02 May 2025, 09:07
bitRAKE wrote: The most thorough documentation I've found is: 
If only there was some simpler way to design websites that didn't use JS ... |
|||
|
02 May 2025, 09:07 |
|
< Last Thread | Next Thread > |
Forum Rules:
|