edi x12

and an internal counter of the repeated (REP) prefix command and LOOP command.(6) edx is always used to place the remainder produced by integer division.(7) esi/edi are called "source/destination index register" (source/destination index), because in many string operation commands, DS: ESI refers to the source string, While ES: EDI points to the target string.On a 32-bit platform, ESP is reduced by 4 bytes

CPU switches from user mode to privileged mode, then jump to the kernel code to execute the exception handling program.In the "B INT" command, the value 0x80 is a parameter. In exception handling, the parameter determines how to handle the problem. In the Linux kernel, an int 0x80 exception is called a system call.The values of C eax and EBX registers are two parameters passed to the system call. The value of eax is the system call number, 1 indicates _ exit call, and EBX indicates the paramete

+ 31o. Text: 000103dc mov ECx, [esp + 8]. Text: 000103e0 and dword ptr [ECx + 18 h], 0. Text: 000103e4 xor dl, DL. Text: 000103e6 mov dword ptr [ECx + 1ch], 1. Text: 000103ed call DS: iofcompleterequest. Text: 000103f3 XOR eax, eax. Text: 000103f5 retn 8 Ntstatus sdbgmsgcreate (pdevice_object pdeviceobject, pirp){IRP-> iostatus. Status = STATUS_SUCCESS;IRP-> iostatus. Information = 1;//// The iofcompleterequest routine is the _ fastcall call method.// Transfer parameters using ECx and EDX//Ioco

same as that of the function I wrote (you can also say that the exponent in the function I wrote is: change the = 1/gamma statement to exponent: = gamma, which is the same as the setgamma method of GDI + ): Procedure imagesetgamma (VAR data: timagedata; GAMMA: single); var I: integer; exponent: Double; gammatab: array [0 .. 255] of byte; begin exponent: = 1/gamma; // This sentence is changed to exponent: = gamma;, which has the same effect as the setgamma parameter of GDI + for I: = 0 to 255 do

The code from chapter 7 of Intel assembly language programming (fifth edition) uses the AAA (ASCII adjust after addition) command to adjust the results after the ASCII addition. The source code is as follows: Title ASCII addition (ascii_add.asm) ; Perform ASCII arithmetic on strings having ; An implied fixed decimal point Include irvine32.inc Decimal_offset = 5; offset from right of string . Data Decimal_one Byte "100123456789765"; 1001234567.89765 Decimal_two Byte "900402076502015"; 900402

the program73d311ab 817e 38 6a030000 cmp dword ptr ds: [ESI + 38], 36a73d311b2 74 1A je short mfc42.73d311ce73D311B4 8B06 mov eax, dword ptr ds: [ESI]73D311B6 57 PUSH EDI73D311B7 8BCE mov ecx, ESI73D311B9 FF50 60 call dword ptr ds: [EAX + 60]; PreTranslateMessage (Message preprocessing)73D311BC 85C0 test eax, EAX73D311BE 75 0E jnz short MFC42.73D311CE73D311C0 57 push edi; message preprocessing returns FALSE73D311C1 FF15 ACB6DC73 call dword ptr ds: [7

I remember writing a HOOK API article (C/C ++ HOOK API (in-depth analysis of the principle-loadlibrarya). The main principle of this article is to construct a code byte, modify the first 16 bytes of the loadlibrarya function, and then jump to the custom function. When you call a normal function, unhook it again. In this way, when you call a function again, the unhook and hook operations appear too frequent. Moreover, the hook and unhook were designed as thiscall at the time. Therefore, maintaini

// Http://stackoverflow.com/questions/1715224/very-fast-memcpy-for-image-processing CourtesyWilliam Chan and Google. 30-70% faster than memcpy in Microsoft Visual Studio 2005. void X_aligned_memcpy_sse2(void* dest, const void* src, const unsigned long size_t){ __asm { mov esi, src; //src pointer mov edi, dest; //dest pointer mov ebx, size_t; //ebx is our counter shr ebx, 7; //divide by 128 (8 * 128bit registers) loop_copy:

{2002.8.5 kingron} {Source: Source string} {Sub: Sub string} {Return: Count} {Ex: strsubcount ('abccdcd', 'bc') = 2} Function strsubcount (const source, Sub: string): integer; VaR Buf: string; I: integer; Len: integer; Begin Result: = 0; Buf: = source; I: = pos (sub, Buf ); Len: = length (sub ); While I Begin INC (result ); Delete (BUF, 1, I + len-1 ); I: = pos (sub, Buf ); End; End; {strsubcount} {The following function returns the position after the specified position of substr in S}{Example:

KiInterruptTemplate .. That's it... The KiInterruptTemplate code is in ntoskrnl/ke/i386/Traps. s .... . Func KiInterruptTemplate_ KiInterruptTemplate: /* Enter interrupt trap */INT_PROLOG kit_a, kit_t, DoPushFakeErrorCode _ KiInterruptTemplate2ndDispatch:/* Dummy code, will be replaced by the address of the KINTERRUPT */Mov edi, 0 _ KiInterruptTemplateObject:/* The jump instruction address will be replaced with the actual address of the function to b

corresponding to the main function is as follows 123456789101112131415161718192021222324252627282930313233343536 7: int main()8: {00401020 push ebp // ebp初始为0018FF84h压栈，压栈后esp = 0018FF48h - 4 = 0018FF44h00401021 mov ebp,esp // ebp保存栈顶0，ebp=esp=0018FF44h00401023 sub esp,48h // esp -= 48h开辟了一段栈空间，留待后面保存局部变量，此时esp=0018FF44h-48h=0018FEFCh00401026 push ebx 00401027 push esi00401028 push edi // ebx、esi和

program, and no other auxiliary components. To control the register of passed parameters, you can extract the generic gadgets in the program initialization function.Enter Objdump–d./vul to observe the _libc_csu_init () function.There are two accessories available:Accessories 14005f0: 4c 89 ea mov %R13,%RDX 4005f3: 4c 89 f6 mov %R14,%RSI 4005f6: 44 89 ff mov %R15d,%EDI 4005f9: 41 ff 14 dc

"All rights reserved, please specify the source of the reprint." Source: http://www.cnblogs.com/joey-hua/p/5598451.html "In the fork function of the previous article, we first call Get_free_page to request a page of memory for the new task's data structure, in MEMORY.C:/** Gets the first (actually the last 1:-) free pages and marks it as being used. If there is no free page, * returns 0. */////take the Idle page. If no memory is available, 0 is returned. Input:%1 (ax=0)-0;%2 (Low_mem),%3 (cx=pag

, but what else can I print?This is actually the value of the Print program counter.First say register, besides $pc, there are%ESP,%EDP and so on,Specifically can print those, but also involved in another command, look at one example:[CPP]View PlainCopy (GDB) I (NFO) r (eg) (GDB) EAX 0x80484f0 134513904 ECX 0xbffff304-1073745148 EdX 0xb 11 EBX 0xb7fc2ff4-1208209420 ESP 0xbffff240 0xbffff240 EBP 0xbffff268 0xbffff268 ESI 0x0 0 EDI

: 0803DD09 xor eax, ebp. Text: 0803DD0B mov [ebp + 108 h + var_4], eax. Text: 0803DD11 push 4Ch. Text: 0803DD13 mov eax, offset loc_8184A54. Text: 0803DD18 call _ EH_prolog3_catch // set up an SE handler. Text: 0803DD1D mov eax, [ebp + 108 h + arg_C]. Text: 0803DD23 mov edi, [ebp + 108 h + arg_0]. Text: 0803DD29 mov ebx, [ebp + 108 h + arg_4]. Text: 0803DD2F mov [ebp + 108 h + var_130], edi. Text: 0803DD32

: 00412AC6 test cl, cl. Text: 00412AC8 jz short loc_412B06. Text: 00412AC8. Text: 00412ACA lea ecx, [esp + 8 + var_4]. Text: 00412ACE lea edx, [esp + 8 + arg_0]. Text: 00412AD2 push ecx. Text: 00412AD3 push edx. Text: 00412AD4 push eax. Text: 00412AD5 call sub_4444C0.. Text: 004444C0 sub esp, 5Ch. Text: 004444C3 push ebx. Text: 004444C4 push ebp. Text: 004444C5 push esi. Text: 004444C6 push edi. Text: 004444C7 mov

Debug versionESP stack top pointerEBP holds stack pointer Empty program: Int main () { 00411360 push ebp, press into EBP 00411361 mov ebp,esp; EBP = ESP, keep esp, wait for function call to resume, ESP is definitely used in a function call. 00411363 Sub esp,0c0h; esp-=0c0h (192); Leave temporary storage for the function ; put the values in other pointers or registers into the stack to use them in the function. 00411369 push ebx; Press into EBX 0041136A push esi, press into ESI 0041136B pu

, ESI73D311B9 FF50 60 call dword ptr ds: [EAX + 60]; PreTranslateMessage (Message preprocessing)73D311BC 85C0 test eax, EAX73D311BE 75 0E jnz short MFC42.73D311CE73D311C0 57 push edi; message preprocessing returns FALSE73D311C1 FF15 ACB6DC73 call dword ptr ds: [73D311C7 57 PUSH EDI73D311C8 FF15 30B6DC73 call dword ptr ds: [;73D311CE 6A 01 PUSH 1; return TRUE73D311D0 58 POP EAX73D311D1 5F POP EDI73D311D2 5E POP ESI73D311D3 C3 RETN Tip:A. OD after the p

From [wenjuliu25]: HelloWorld disassembly Analysis Lab environment:Visual c ++ 6.0 Objective: To analyze the memory allocation of a simple c program during program execution using assembly language /******* Mymain. cpp *********/ 1: # include 2: int main () 3 :{ 4: int x = 1; 5: printf ("Hello Canney \ n "); 6: return0; 7 :} /******* Mymain. asm *********/ 1: # include 2: int main () 3 :{ 00410950 push ebp 00410951 mov ebp, esp 00410953 sub ESP, 44 h // ESP = esp-0x40, allocate stack space t

stack occupied by the pressed ParameterPush ESI // protect the peripheral memoryPush EDIPush ECxPush edXMoV eax, [esp + 11bch]Push eaxMoV ESI, [esp + 11bch]Push 11a9h // Replace the value with an overflow ValueLea ECx, [esp + 24 h]PushecxMoveax, [esp + 11bch]PusheaxCall Recv // Recv forwardingTest eax, eaxJle loc_2CMP eax, ESI // determine whether the packet is receivedJle loc_1Movedx, [esp + 11ach]Xoreax, eaxDec eaxCmpedx, 0x90909090 // compare the specified overflow address valueJneloc_2Movea