NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunitysec Daily Dave> 2007-q3

Re: [Dailydave] add %ebx, (%esi)

From: Bee Binger (bbinger123yahoo.com)
Date: Tue Jul 17 2007 - 16:46:40 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was messing around with your assembler.py and found a couple points of interest.

When using the 'bt' instruction the assembler throws the "error ..(sorry)" message. I was sending part of my sys_select code into the app and my fd_isset uses the bt instruction to check if a fd is set and it seems the script did not know this instruction. ( not a bug but would make me have to rewrite a bit of my socket apps )

Also it seems to throw that same error on many "rep" operations ( I couldnt find a valid combination of registers/rep instructions without getting the error thrown )

This last part was more my curiosity than anything but it is making me wonder alot..

for the default xor %eax,%eax in the textbox I was expecting to see 31 and c0 for the opcodes but I saw 0x33 and 0xc0. I looked at the intel manuals and it said:

31 / r XOR r/m32,r32 r/m32 XOR r32
33 / r XOR r32,r/m32 r8 XOR r/m8

There was also similar results with the add, sub, and other math instructions in your script always using the r32 choice as the left operand instead of the r/m32. Is this some optimization trick? If both are registers then they would use the same amount of clock cycles, but it seems to be limited only register manipulation and not addresses. I couldnt figure out how in the text box to declare sections because I was wondering if 31 would be produced for xor if a variable from the.data section was the source operand since it seems 33 would break on this or not be allowed.

Anyway seems pretty cool nice job

>>Dave Aitel <daveimmunityinc.com> wrote:>. I've rewritten the x86 assembler's parser and
>you can now access a small web sample here:
>http://www.immunityinc.com/cgi-bin/assemble.py . You may or may >not find this useful. Let me know if you find any bugs!

---------------------------------
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more.

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]