Menu
  • HOME
  • TAGS

disassembly issue: wrong result

nasm,binaryfiles,disassembly

B80750 is indeed mov ax, 0x5007. Nothing wrong there. Anyway the given code fragment should assemble into something like this: 00000000 B80400 mov ax,0x4 00000003 50 push ax 00000004 B80700 mov ax,0x7 00000007 6A09 push byte +0x9 If you assembled the .com file yourself you are doing it wrong....

strcmp and strcmp_sse functions in libc

intel,glibc,disassembly

Linux dynamic linker supports a special symbol type called STT_GNU_IFUNC. Strcmp is likely implemented as an IFUNC. 'Regular' symbols in a dynamic library are nothing more but a mapping from a name to the address. IFUNCs are a bit more complex than that: the address isn't readily available, in order...

Attempt to raise Null exception in disassembled code in Visual Studio

c#,visual-studio-2012,.net-3.5,nullreferenceexception,disassembly

It is possible only while debugging C/C++ code. Tested it on a mixed solution C# + C++, C#-side it was readonly, C++ side I could overwrite the text (note that the window "appearance" doesn't change... it is always something like the notepad) When debugging a C/C++ app, you can even...

How to Extract the Resouce Content From MSIL OR .NET PE Files

.net,pe,disassembly,ilspy

You can do it with something like: public class LoadAssemblyInfo : MarshalByRefObject { public string AssemblyName { get; set; } public Tuple<string, byte[]>[] Streams; public void Load() { Assembly assembly = Assembly.ReflectionOnlyLoad(AssemblyName); string[] resources = assembly.GetManifestResourceNames(); var streams = new List<Tuple<string, byte[]>>(); foreach (string resource in resources) { ManifestResourceInfo info...

Understanding disassembler: See how many bytes are used for add

gcc,assembly,compiler-construction,disassembly,att

In the second column you see 48 83 c4 08. Every two-digit hex-number stands for one byte, so the amount of bytes is four. The last 08 correlates to $0x8, the other three bytes are the machine code for "add an 8-bit constant to RSP" (for pedantic editors: Intel writes...

C Function Call Convention: Why movl instead of pushl?

assembly,x86,32-bit,disassembly,gas

Hans Passant answered correctly. The push/pop opcodes can be broken down into two micro-ops which do a memory move and an increment/decrement of the stack pointer. If the stack pointer - or any pointer - is updated and then immediately used in the next opcode, an execution stall generally occurs....

Jump to the middle of an instruction

assembly,disassembly

If you wanted to jump to the address where the jz instruction starts, minus 7 bytes, then you can do that with: jz $-7 From the NASM manual: $ evaluates to the assembly position at the beginning of the line containing the expression Note that the mov and xor instructions...

strange ouput after vfork invoked

c,linux,disassembly,vfork

The only things you're allowed to do in the child process after vfork is: store the return value of the function into a variable. call _exit call some function provided to you by your operating system that has a name that starts with exec. Absolutely nothing else. If you intend...

How to find implementation of .NET InternalCall methods

.net,debugging,64bit,disassembly

You have a very good starting point. You are using the x64 debugger and it is the new debugging engine that's first available in VS2012. So you get to see the actual code addresses, not the fake ones that start numbering at 0. In other words, the call address as...

Why is Unicode stored with periods in-between characters?

unicode,disassembly,period

Create a file containing "A" in Notepad, save it as Unicode and Windows will use UTF-16(LE) Encoding to do so; this uses 2 bytes to store the character: 0x41 0x00. When you view this file in a hex editor (which knows nothing about, nor cares about text encoding) 0x41 can...

C++, Visual Studio Disassembly Not Availble

c++,visual-studio-2012,disassembly

I use MS Visual Studio 2012 and I see option "Go to disassembly" when debugging code. I suppose that such features can depend on Visual Studio edition. So see your version and refer to http://www.visualstudio.com/en-us/products/compare-visual-studio-products-vs.aspx Also, maybe some options of IDE switch this option, see http://http.developer.nvidia.com/NsightVisualStudio/3.2/Documentation/UserGuide/HTML/Content/PTX_SASS_Assembly_Debugging.htm...