flat assembler
Message board for the users of flat assembler.

Index > Main > Question about DIV instruction

Author
Thread Post new topic Reply to topic
Ben321



Joined: 07 Dec 2017
Posts: 70
Ben321 01 Oct 2018, 08:52
According to documentation when you use DIV the dividend (EAX and EDX register) is always 64 bits if the divisor (operand register) is 32 bits. So what is supposed to happen if the divisor is itself EDX? Like:
Code:
mov eax,10
mov edx,2
div edx    


Does it then treat the dividend as 32 bits instead of 64 bits, and avoid using EDX register as the upper 32bits of the dividend? Or does it result in some kind of unpredictable output?
Post 01 Oct 2018, 08:52
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8358
Location: Kraków, Poland
Tomasz Grysztar 01 Oct 2018, 09:00
The initial value of EDX is then taken both as divisor and as the upper part of dividend. You are going to get exception 0, because (edx shl 32 +eax)/edx >= 1 shl 32 so the result cannot fit in 32 bits.
Post 01 Oct 2018, 09:00
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2563
Furs 01 Oct 2018, 16:43
Tomasz Grysztar wrote:
The initial value of EDX is then taken both as divisor and as the upper part of dividend. You are going to get exception 0, because (edx shl 32 +eax)/edx >= 1 shl 32 so the result cannot fit in 32 bits.
So basically you can use it as a trap for custom exception handlers, since it will always cause an exception. Smile
Post 01 Oct 2018, 16:43
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20445
Location: In your JS exploiting you and your system
revolution 01 Oct 2018, 17:53
Furs wrote:
Tomasz Grysztar wrote:
The initial value of EDX is then taken both as divisor and as the upper part of dividend. You are going to get exception 0, because (edx shl 32 +eax)/edx >= 1 shl 32 so the result cannot fit in 32 bits.
So basically you can use it as a trap for custom exception handlers, since it will always cause an exception. Smile
UD2
Post 01 Oct 2018, 17:53
View user's profile Send private message Visit poster's website Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 01 Oct 2018, 19:47
Ben321 wrote:
Code:
mov eax,10
mov edx,2
div edx     

revolution wrote:
UD2

Which stands for “U Divide by 2” Wink
Post 01 Oct 2018, 19:47
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2563
Furs 02 Oct 2018, 15:06
revolution wrote:
Furs wrote:
Tomasz Grysztar wrote:
The initial value of EDX is then taken both as divisor and as the upper part of dividend. You are going to get exception 0, because (edx shl 32 +eax)/edx >= 1 shl 32 so the result cannot fit in 32 bits.
So basically you can use it as a trap for custom exception handlers, since it will always cause an exception. Smile
UD2
That's no fun.

You can use them as some sort of internal opcode too (i.e. exception handler performs differently with 'div edx' than with 'ud2' or others, though 1-byte invalid opcodes for userspace like 'hlt' can encode an arbitrary second byte without being larger...)

But anyway ud2 is boring. Wink
Post 02 Oct 2018, 15:06
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20445
Location: In your JS exploiting you and your system
revolution 02 Oct 2018, 15:55
Furs wrote:
But anyway ud2 is boring. Wink
The CPU doesn't care.

There are lots of ways to cause exceptions in user mode. IN, OUT, INT3, INT 3, HLT, UD2, DIV EDX, MOV CR0,EAX, MOV DR0,EAX, etc. Each can be set to perform a different action in the exception handler. It would make the code harder to debug and reverse engineer.
Post 02 Oct 2018, 15:55
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2563
Furs 02 Oct 2018, 16:48
revolution wrote:
The CPU doesn't care.

There are lots of ways to cause exceptions in user mode. IN, OUT, INT3, INT 3, HLT, UD2, DIV EDX, MOV CR0,EAX, MOV DR0,EAX, etc. Each can be set to perform a different action in the exception handler. It would make the code harder to debug and reverse engineer.
If it's your code shouldn't be harder to debug, since you can just use macros. Harder to reverse engineer is a perk. Razz
Post 02 Oct 2018, 16:48
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20445
Location: In your JS exploiting you and your system
revolution 03 Oct 2018, 03:10
Furs wrote:
If it's your code shouldn't be harder to debug, since you can just use macros.
Getting an exception in the exception handler doesn't usually end well.
Post 03 Oct 2018, 03:10
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2563
Furs 04 Oct 2018, 18:47
revolution wrote:
Furs wrote:
If it's your code shouldn't be harder to debug, since you can just use macros.
Getting an exception in the exception handler doesn't usually end well.
I like to keep such exception handlers small, so most of what they do is "continue execution" at a completely different place with some ability to return to previous code.
Post 04 Oct 2018, 18:47
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.