flat assembler
Message board for the users of flat assembler.

Index > Linux > "mov al, 1" vs "mov eax, 1"

Author
Thread Post new topic Reply to topic
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
Hello!
As everybody know (i hope) "mov al, 1" produces smaller file sizes then "mov eax, 1". But does the "int 0x80" command read the whole eax or just al? Is it the same for all registers?
Post 16 Oct 2008, 20:32
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
The handler could have something of the form "jmp dword [DISPATCH_TABLE+eax*4]", and to do that the handler must have checked EAX (or done "movzx eax, al" first), not AL. Even if it work on your computer better don't relay on expecting that the handler will only use AL and ignore the upper 24 bits of EAX, that could change in the future.
Post 16 Oct 2008, 22:10
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 448
Location: Czech republic, Slovak republic
Feryno
this does the same in 3 bytes but is a bit slowlier than 5-byte instruction mov eax,1 (but the worse performance may be ignored with the comparison of the Linux kernel code executed then...)

PUSH 1
POP EAX

if you know that some register is certainly zeroed, e.g. ECX=0 then you can also use a smaller instruction LEA EAX,[ECX+1]

This is a big buty of assembler code and human mind thinking about asm instructions - you can do the same thing in various and colorful ways!
Post 17 Oct 2008, 06:55
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
Thanks for your answers, i'll use the whole eax then.
Post 17 Oct 2008, 14:38
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Code:
xor eax, eax ; 2 bytes
inc eax      ; 1 byte
; 3 bytes total    
Post 17 Oct 2008, 14:47
View user's profile Send private message Reply with quote
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
LocoDelAssembly, that is what I was using before the al vs eax thing. But I have another question, how do you output something to the terminal that's on the stack but of unknown size?
Post 17 Oct 2008, 14:53
View user's profile Send private message Reply with quote
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
I solved it myself with this little code:
Code:
 pop esi
 xor edx, edx
count:
 inc edx
 lodsb
 or al, al
 jnz count
 sub esi, edx    

But how do I put a newline in the end of the data that esi points at? It doesn't work with stosb.
Post 18 Oct 2008, 09:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16858
Location: In your JS exploiting you and your system
revolution
stosb uses edi. Try this:
Code:
mov byte[esi],0x0a
inc esi    
Post 18 Oct 2008, 09:21
View user's profile Send private message Visit poster's website Reply with quote
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
With a little tweaking I managed to get that working, thanks!
Post 18 Oct 2008, 09:42
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2796
Location: dank orb
bitRAKE
Code:
pop edi
or ecx,-1
mov al,0
repne scasb
inc ecx
lea edi,[edi+ecx]
not ecx
mov byte [edi+ecx],10    
Post 18 Oct 2008, 14:52
View user's profile Send private message Visit poster's website Reply with quote
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
I'm sorry but I don't understand the "repne scasb" part. Could you explain it?
Post 19 Oct 2008, 14:51
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2796
Location: dank orb
bitRAKE
SCASB compares the byte at [EDI] with AL - storing the result in the flags. REPNE deincrements ECX and repeats the instruction while the Z flag is clear and ECX is not zero. Since (2^32-1) has been stored in ECX it is impossible for ECX to be zero before AL is found in the string. The resulting value in ECX is the negative of (the string length plus one).
Post 19 Oct 2008, 16:47
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Another possible way:
Code:
pop   edi
push  edi
or    ecx, -1
mov   al, 0
repne scasb
mov   byte [edi-1], 10
pop   edi    

(At the end the registers have the same values as bitRAKE's code)
Post 19 Oct 2008, 17:54
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2796
Location: dank orb
bitRAKE
LocoDelAssembly wrote:
Code:
pop   edi
push  edi
or    ecx, -1
mov   al, 0
repne scasb
mov   byte [edi-1], 10
pop   edi    

(At the end the registers have the same values as bitRAKE's code)
Not quite, ECX is not string length. Replacing "lea edi,[edi+ecx]" with push/pop or "add edi,ecx" would be the same. Not really sure if the string length is needed though.

_________________
¯\(°_o)/¯ unlicense.org
Post 19 Oct 2008, 22:11
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Damn, I forgot about ECX. Yes, correcting the code also makes the code smaller but only by one byte (using add also makes the code one byte smaller).
Post 19 Oct 2008, 23:37
View user's profile Send private message Reply with quote
Bror



Joined: 16 Oct 2008
Posts: 7
Bror
Ok, more trouble. How do I get the terminal size (lines and columns) from terminfo in assembly? Sorry that I bomb my own tread but I'm to slack to create a new one.
Post 22 Oct 2008, 21:24
View user's profile Send private message Reply with quote
Endre



Joined: 29 Dec 2003
Posts: 212
Location: Budapest, Hungary
Endre
Here the code. Note that ws_xpixel and ws_ypixel aren't always set. For instance on gnome terminal you will get 0 for these values, on xterm however the correct pixel values are stored. Nevertheless ws_row and ws_column are fortunately always available.

Code:
format ELF executable
entry start

        SYSCALL_EXIT     equ 1
        SYSCALL_IOCTL    equ 54
        STDOUT           equ 1
        IOCTL_TIOCGWINSZ equ 0x5413

;;; winsize structure see include/asm-i386/termios.h
struc winsize {
        .ws_row    dw ?
        .ws_col    dw ?
        .ws_xpixel dw ?
        .ws_ypixel dw ?
}

segment readable executable

start:
        ;; iotcl(stdout, TIOCGWINSZ, &terminal_size)
       mov     eax, SYSCALL_IOCTL
  mov     ebx, STDOUT
 mov     ecx, IOCTL_TIOCGWINSZ
       mov     edx, terminal_size
  int     0x80
        ;; set exit value
        mov     ebx, eax
       mov     eax, SYSCALL_EXIT
   int     0x80

segment readable writeable

;;; winsize structure instance
terminal_size winsize    
Post 24 Oct 2008, 18:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.