checking registers for binary bit

Index > Main > checking registers for binary bit

Goto page Previous 1, 2

Author

Thread

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20684
Location: In your JS exploiting you and your system

revolution 13 Apr 2010, 09:19

a115433 wrote:

instruction exist, and they work exactly as in 32bit mode. but you cant jump more than 2GB, and because ia32e has maximum 64bit addressing, this jump is useless, and even impossible in dynamic allocated memory. in 32 bit mode it cover exactly 4 gigs, so its ok, in ia32e mode, you have to use jmp. something like that:

test rcx,rcx
mov rax,is_zero
movnz rax,not_zero ;will replace rax only if zf is not set
jmp rax

Have you ever stopped to consider why only you have this "problem"?

13 Apr 2010, 09:19

a115433

Joined: 05 Mar 2010
Posts: 144

a115433 13 Apr 2010, 09:37

only me?
os can give you any memory it want when you call allocating function.
it can load dll anywere it wants, it can create mapping object anywere, heap anywere, and so on...
if range netween ip and this allocated will be > 31 bits - not only me will have a problem.

windows/linux/other dont have any rules to stay within 4 GB range, its just unsafe to use jcc in long mode... many legal things wich can be done with code/os may lead to crash.

13 Apr 2010, 09:37

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20684
Location: In your JS exploiting you and your system

revolution 13 Apr 2010, 09:43

a115433 wrote:

only me?
os can give you any memory it want when you call allocating function.
it can load dll anywere it wants, it can create mapping object anywere, heap anywere, and so on...
if range netween ip and this allocated will be > 31 bits - not only me will have a problem.

windows/linux/other dont have any rules to stay within 4 GB range, its just unsafe to use jcc in long mode... many legal things wich can be done with code/os may lead to crash.

You clearly misunderstand how DLL linking works. We never use relative jumps directly into/from DLLs and APPs, it doesn't work that way.

13 Apr 2010, 09:43

a115433

Joined: 05 Mar 2010
Posts: 144

a115433 13 Apr 2010, 13:13

1. i allocate memory
2. i copy there some code
3. i jump to this code

13 Apr 2010, 13:13

baldr

Joined: 19 Mar 2008
Posts: 1651

baldr 13 Apr 2010, 13:42

a115433,

You allocate memory and — surprise! — receive pointer to that memory (not offset from RIP, right?). What is the problem with indirect near jump? And how this situation is different from 32-bit code?

13 Apr 2010, 13:42

LocoDelAssembly
Your code has a bug

Joined: 06 May 2005
Posts: 4623
Location: Argentina

LocoDelAssembly 13 Apr 2010, 15:58

asmcoder wrote:

lahf is better than pushf/popf.
you dont have to save high flags, only basic ones responsible for arithmetics.

and remember that in long mode you cant use conditional jumps, only movcc to accomplish it.

Intel's documentation of LAHF wrote:

This instruction executes as described above in compatibility mode and legacy mode.
It is valid in 64-bit mode only if CPUID.80000001H:ECX.LAHF-SAHF[bit 0] = 1.

And even in non 64-bit mode you are still relying in having AH free for that so LAHF/SAHF is far from being a general solution, much less general than using Jcc for conditional branching in 64-bit mode, BTW.

13 Apr 2010, 15:58

Goto page Previous 1, 2

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum