Concise x86 assembly Language Tutorial (5)

3.4 Series Operation

As we mentioned earlier, memory can exchange data with registers, or it can be given immediate numbers. The question is, what if we need to copy some part of the memory to another address?

It is envisaged to replicate the continuous 512-byte content at Ds:si to Es:di (regardless of possible overlap). Someone might write a code like this:

Nextbyte:

MOV cx,512 MOV Al,ds:[si] MOV Es:[di],al Inc si Inc di Loop Nextbyte

; Number of Cycles

I don't like the code above. It does make a difference, but it's not efficient. If you are doing optimization, writing such a code means lend your money.

Intel's CPU strengths are string operations. The so-called string operation is the CPU to complete a number of repetitive memory operations. What needs to be explained is that the improved--boyer algorithm used by our KMP algorithm (used to match patterns in strings) is not optimal on Intel's CPUs because it does not use string operations. A good compiler can often use this feature of the Intel CPU to optimize the code, but not all of the time it produces the best code.

Some directives can be prefixed with rep prefixes (repeat, repetitive), which are often referred to as string operation instructions.

For example, the STOSD command saves EAX content to Es:di, plus or minus four on DI. Similarly, STOSB and STOSW the above operations for 1 or 1 words respectively, and the number added or reduced on DI is 1 or 2.

Computer languages are usually not allowed to be ambiguous. Why do I have to say "plus or minus"? Yes, in isolation to see STOs instructions, and do not know whether to add or subtract, because it depends on the "direction" flag (DF, Direction Flag). If DF is reset, the addition is reduced.

The instructions for placement and reset are STD and CLD respectively.

Of course, rep is just one of several available prefixes. Common also includes Repne, which is usually used to compare two strings, or to search for a particular character (word, double word). RepZ, Repe, and REPNZ are also very commonly used instruction prefixes that represent the ZF (Zero Flag) Repeat execution in different states.

Here are three instructions that you can copy data:

Mnemonics	Significance
Movsb	Copies a byte of Ds:si to Es:di, after which si++, di++
Movsw	Copies a byte of Ds:si to Es:di, after which si+=2, di+=2
Movsd	Copies a byte of Ds:si to Es:di, after which si+=4, di+=4

So the above program is rewritten as

Cld MOV cx, 128 Rep Movsd

; Reset DF ; 512/4 = 128, total 128 double words ; Let's go!

The first line of CLD is often superfluous, because when the actual program is written, there is very little to do with DF. However, before making a formal decision to delete it, it is recommended that you carefully debug your program and make sure that each path that is able to walk here will not set the DF position.

Error (not expected) DF is dangerous. It is likely to ruin your program because it directly creates a buffer overflow problem.

What is a buffer overflow? The buffer overflow is divided into two classes, one is the content outside of the write buffer, and the other is read outside the buffer. The latter tend to be more covert, but any one can ruin your program.

Buffer overflows are likely to be more dangerous for a network service. A malicious user can use it to execute the instructions he wants. A service usually has higher privileges, which is likely to cause elevation of privilege, and even if it does not elevate the privileges that an attacker has, he can exploit the problem to crash the service, resulting in a successful DOS (Denial-of-service) attack. Every year in Cert security bulletins, about 60% of the problems are caused by a buffer overflow.

In assembly language, or C language programming, it is easy to inadvertently introduce a buffer overflow. However, not all languages introduce a buffer overflow problem, Java and C #, because there is no pointer, and the buffer is dynamically allocated in a way that effectively eliminates the buffer overflow caused by the soil.

In assembly language, because the rep* prefix uses CX as a counter, the situation is better (and, of course, sometimes worse, because CX's limitations are likely to reduce the scope of the buffer overflow that might otherwise have changed the program's behavior, thereby making it more subtle). One of the main ways to avoid buffer overflows is to double-check, which includes two things: setting a reasonable buffer size, and writing a program based on size. In addition, it is very important to write the program at the assembly language level, you certainly want to remove all the useless instructions, but before you remove, you must carry out rigorous testing; Further, if you can add annotations, and through the use of macros to do debugging mode check, often can achieve better results.