flat assembler
Message board for the users of flat assembler.

Index > Main > POPA

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
Quote:
popa

This instruction pops all the general purpose registers off the stack in the reverse order of PUSHA. That is, EDI, ESI, EBP, ESP, EBX, EDX, ECX, EAX. Used to restore state after a call to PUSHA.

Quote:
Code:
IF OperandSize = 32 (* instruction = POPAD *)
THEN
EDI <- Pop();
ESI <- Pop();
EBP <- Pop();
increment ESP by 4 (* skip next 4 bytes of stack *)
EBX <- Pop();
EDX <- Pop();
ECX <- Pop();
EAX <- Pop();
ELSE (* Oper    

Or does that mean on some old cpus (E)SP is poped and some new ones doesn't?
Post 06 Oct 2015, 11:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17450
Location: In your JS exploiting you and your system
revolution
l4m2 wrote:
... does that mean on some old cpus (E)SP is poped and some new ones doesn't?
Yes. Although for "old" you would have to go all the way back to some of the first 16-bit CPUs.

Note that the docs state that SP is not used so to find the bug in a real chip might be difficult.
Post 06 Oct 2015, 11:55
View user's profile Send private message Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1412
Location: Toronto, Canada
AsmGuru62
I am not sure there IS a bug.
It is a single instruction and at the end of it -- ESP is adjusted by 32 bytes (8 registers) on any CPU.
Why do we need to know how the micro-code works inside the instruction?
Just curiosity, maybe.
Post 06 Oct 2015, 14:38
View user's profile Send private message Send e-mail Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
So you mean I can just use this to clear the seven registers:
mov ecx, 8
a:push 0
loop a
popa
Post 06 Oct 2015, 17:42
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1412
Location: Toronto, Canada
AsmGuru62
I think so.
I would just do XOR 7 times:
Code:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
xor esi, esi
xor ebp, ebp
    
Post 06 Oct 2015, 21:55
View user's profile Send private message Send e-mail Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
shutdownall
I think this could be maybe executed faster:

Code:
xor eax,eax
mov ebx,eax
mov ecx,eax
mov edx,eax
mov edi,eax
mov esi,eax
mov ebp,eax
    


So depending on how pipeline execution is optimized it could be faster with a mov instruction than always "calculating" and using/blocking the internal ALU for an XOR operation. I would say an XOR operation is more "expensive" than a simple mov (copy of data).
Post 07 Oct 2015, 00:23
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17450
Location: In your JS exploiting you and your system
revolution
shutdownall wrote:
I think this could be maybe executed faster:

Code:
xor eax,eax
mov ebx,eax
mov ecx,eax
mov edx,eax
mov edi,eax
mov esi,eax
mov ebp,eax
    


So depending on how pipeline execution is optimized it could be faster with a mov instruction than always "calculating" and using/blocking the internal ALU for an XOR operation. I would say an XOR operation is more "expensive" than a simple mov (copy of data).
I doubt it would make any difference except for the extra dependency you have from eax propagating to the other registers. In every CPU design I have ever seen the ALU does all operations like mov/add/xor/not/etc. with the same circuitry. Remember that in some of the Pentium 4 CPUs the ALU ran at double the clock speed, so the ALU is never the bottleneck. The other stuff around the ALU is where the bottlenecks are.
Post 07 Oct 2015, 00:42
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
usually xor is faster this is just for shortening when the code runs rarely
Post 07 Oct 2015, 04:16
View user's profile Send private message Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
shutdownall
revolution wrote:
I doubt it would make any difference except for the extra dependency you have from eax propagating to the other registers.


In fact this is a very untypical piece of code. I never saw a situation where all or so many registers have to be preloaded with 0. So at the end this is one of the endless academic approaches. Wink
Post 07 Oct 2015, 11:53
View user's profile Send private message Send e-mail Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
shutdownall wrote:
revolution wrote:
I doubt it would make any difference except for the extra dependency you have from eax propagating to the other registers.


In fact this is a very untypical piece of code. I never saw a situation where all or so many registers have to be preloaded with 0. So at the end this is one of the endless academic approaches. Wink


I was going to jump to another process. Some registers may contain private value so I had to do this
Post 08 Oct 2015, 10:58
View user's profile Send private message Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
shutdownall
l4m2 wrote:
I was going to jump to another process. Some registers may contain private value so I had to do this


You meant this as a security issue to hide information to other processes/callers ?
Interesting. Cool
Post 09 Oct 2015, 19:54
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.