x86 Assembly Questions

$ cat bork.asm

section .data
fuck: dd 0xDEADBEEF

section .text
global _start
_start:
mov dword [fuck],0xABADC0DA

mov eax,1
mov ebx,0
int 0x80


Why doesn't writing to the .data segment segfault? Shouldn't Linux map it to a read-only page?

$ nasm -f elf bork.asm
$ gold -s -o bork-gold bork.asm
$ ld -s -melf_i386 -o bork-ld bork.o
$ du -bh *
432 bork-gold
132 bork.asm
340 bork-ld
608 bork.o


How does such a minimal binary take up 300+ bytes?

I have just created the ultimate makefile

[code]BINS := hello1 hello
ARCH := 32

ifeq ($(ARCH),32)
nasm_format := -f elf
ld_emulation := -m elf_i386
else # ifeq 64
nasm_format := -f elf64
ld_emulation :=
endif

all: $(BINS)

$(BINS): %: %.o
ld $(ld_emulation) -s -o $@ $@.o

%.o: %.s
nasm $(nasm_format) $<

clean:
rm -f $(BINS)
rm -r *.o
rm -f *~[code]

I have just created the ultimate makefile

BINS := hello1 hello
ARCH := 32

ifeq ($(ARCH),32)
nasm_format := -f elf
ld_emulation := -m elf_i386
else # ifeq 64
nasm_format := -f elf64
ld_emulation :=
endif

all: $(BINS)

$(BINS): %: %.o
ld $(ld_emulation) -s -o $@ $@.o

%.o: %.s
nasm $(nasm_format) $<

clean:
rm -f $(BINS)
rm -r *.o
rm -f *~

>>39

What assembler is better than FASM?

GAS is the best in my opinion but in fact, even nasm and tasm are better than this shit

>>40
http://wiki.osdev.org/Inline_Assembly#Intel_Syntax

>>43
Why do you think so? Is there a reason you prefer needless garbage and poor macros?

I did it! Prime number generator in assembly! WOW


#include <stdio.h>
int asm_main(void);
void print_number(int i) { printf("%d\n",i); fflush(stdout); }
int main(void) { return asm_main(); }



extern print_number
extern puts

section .data
msg db "LETS PRIMES.. 2",0

section .bss
prm: resd 1
num: resd 1
mem: resd 130000

section .text
global asm_main
asm_main:
enter 0,0
pusha

push ebp
mov ebp,esp
push msg
call puts
add esp,4
pop ebp

mov dword [num],0
mov dword [prm],3

.loop:
;; Here we put the prime we found
;; into the list of primes
mov eax,[prm]
inc dword [num]
mov ebx,[num]
mov [mem+4*ebx],eax

mov ebp,esp
push eax
call print_number
add esp,4

call next_prime
jmp .loop

popa
mov eax,0 ; return 0
leave
ret

next_prime:
add dword [prm],2

mov ebx,0
.loop:
inc ebx

mov eax,[prm]
mov ecx,[mem+4*ebx]
mov edx,0
div ecx ; eax/(ecx:edx)
cmp edx,0
je next_prime

cmp ebx,[num]
jne .loop

ret


>>45
But that's just C with some assembly used for hot loops. Surely you can do better.

>>46
I can't...

>>47
wait, maybe with this I can.. http://www.bravegnu.org/gnu-eprog/c-startup.html

>>45-47
That program can be written entirely in assembly and linked against libc. No need to write your own startup code. Just call printf directly (the call to fflush can be totally omitted since stdout will be flushed automatically when main returns).

>>45
OMG OPTIMISED!

where do i get some crackmes

on linux

crackmes.de has a linux section

>>51

Cracking becomes useless skill today, because software moves to the cloud. It was really funny, when these faggots found that Diablo 3 cannot be cracked, because the game logic is in the cloud.

Today it is mostly reverse engineering (when Chinese manage steal American aircraft and want to RE its stuffing) and supporting legacy code (when employer lost his sources).

>>54
Now machine learning can be used to construct a model of game logic to fit recorded data.

I've written game of life in assembly!!!

Not sure what to try next, but I need to keep leaning - help me out?

>>56
Write 2A03 emulator in x86 assembly. Contrib your code to some major NES emulator project.

>>57
That sounds like a project I'd work on, except 5A22 in MIPS. Damn mode 7 fps rates.

>>55
Machine learning is a victim to the curse of dimensionality
http://en.wikipedia.org/wiki/Curse_of_dimensionality

A game, like Diablo 3, has a lot of instances of some CObject class, which has a some (many) of dimensions on it's own (like monster's health and damage, which itself correlates with weapon's damage and monster's strength). Software pirates can't just simply record statistics from the server and curve-fit observations into the alternative server implementation. Moreover, pirates are usually college dropouts, while analyzing statistics requires a lot of math skills.

>>59
I'm sure one of us could do it. It would be a fun project. Especially if the work done could be reused on other games like this.

* Sections: global variables go in the .data section, you can also reserve space in the .bss section but they start out as having the value 0. Your actual code goes in the .text section.

* Labels: assembly programming is all about gotos, there is jmp to go to a label, and then there are various conditional jumps jne (jump not equal), jc (jump if carry) they look at EFLAGS register which notes down information about the last arithmetic calculation you did.

* Registers: So there's a few 32 bit registers, eax, ebx, ecx, edx and they have ax, al, ah parts (so you can work with 16 or 8 bits) - you can zero or sign extend a number to go from one number type to a higher width one. There's also ebp and esp registers for the base and stack pointers.

* Stacks: The stack grows down so you subtract from sp to get more stack space. push and pop are useful.

* C function calls: To call a c function you put the parameters on the stack them 'call' it, once it returns you have to clear up too. c functions will preserve some registers but others you have to store on the stack and restore them once it returns.

* linux syscalls: you can do linux syscalls by putting parameters into registers then using the int 0x80 interrupt. This lets you write programs that don't use libc.

>>59
How to get a working crack for games like that:
1: borrow $50,000 from mafia
2: give $49,999 and a soda of her choice to studio programmer in exchange for the source
3: insert malware into cracked versions to steal data and be a botnet
4: monetize
5: pay $100,000 back to mafia

Alternatively, you can just fly to India and walk around the slums until you find the sub-sub-sub-contractor and pay him $50 for it, but it's less safe.

>>60

When you finally compile a half-broken implementation of the game server, Blizzard would already releasing Diablo 5 and no one would care about the years of your work.

That was the case with Ultima Online. When hobbyists managed to get up the servers, the game was long outdated and replaced with World of Warcraft.

>>63
It would be faster if it was automated. And why so negative?

>>64

And why so negative?

Because I'm a negative person. Hope everyone die in a nuclear war.

>>65
Are you a goddamn iOS evangelist or what?

http://article.gmane.org/gmane.comp.lang.lua.general/75426

x86 programming challenge

Implement fibonacci iteratively and recursively.

necrosage

extern print_number

section .text
global asm_main
asm_main:
enter 0,0
pusha

push dword 45
call fib
add esp,4

push ebp
mov ebp,esp
push eax
call print_number
add esp,4
mov esp,ebp
pop ebp

popa
mov eax,0 ; return 0
leave
ret

fib:
mov eax,[esp+4]

cmp eax,0
jne skip_fib0
ret
skip_fib0:

cmp eax,1
jne skip_fib1
ret
skip_fib1:

dec eax
push eax

call fib
mov ebx,eax

pop eax
push ebx ;need to save ebx
dec eax
push eax
call fib
add esp,4
mov ebx,eax

pop eax
add eax,ebx

ret

extern print_number

section .text
global asm_main
asm_main:
enter 0,0
pusha

;; The loop instruction decrements ECX and jumps to the address specified by arg unless decrementing ECX caused its value to become zero.
;;; calculate fib(ecx), must be 2 or more
mov ecx,1507

mov eax,0
mov ebx,1
dec ecx

iter:
mov edx,ebx
add ebx,eax
mov eax,edx
loop iter

push ebp
mov ebp,esp
push ebx
call print_number
add esp,4
mov esp,ebp
pop ebp

popa
mov eax,0 ; return 0
leave
ret

>>71

enter
pusha
popa
leave

286 QUALITY!

Love the "leave" mnemonic - it is 1-char less than the return from C/C++

>>71-73
enter, leave, loop and friends are effectively deprecated and will use a slow micro-coded implementation on newer CPUs. push, pop, movs and stos are among a few complex instructions that are still aggressively optimized.

According to Agner Fog movs and stos are still slower than manual mov&add, though they do take up less icache.

>>74

can't Intel just move the CISC crap into firmware and expose the RISC microcode directly?

>>75

According to Agner Fog

And the manuals say...? Suppose you are using a rep prefix, what then?

>>76
No, because then they would have to write a comprehensible specification of how their microcode is implemented and promise not to change it (very much). The former could be hard given that the micro-op interface has been a closely guarded trade secret for so long. The latter would be contrary to Intel's x86 compatibility religion, and given how the the whole P6/Netburst/Nehalem history has gone I doubt they'd want to tie their hands anyway.

Technically, the micro-op architecture is almost certainly designed with on-chip generation in mind (optimized for simple translation and ease of execution) and probably wouldn't perform well if the frontend were just thrown away leaving micro-ops to be fetched from Lx SRAM and then from DRAM.

Finally, who would care enough to write their own microcode anyway, if the x86 frontend was maintained? DEC went a somewhat similar route with their PALcode and nobody other than Microsoft and Digital themselves ever bothered have custom microcode written for their OS.

Is it true that MMU considerably slows down memory access and a single address space solution would be several times more efficient? As I understand it, spawning a process is a very expensive operation, due to MMU.

>>78
yes

C/C++ sucks because you can't attach metainfo to a function, determine it's size or copy it to another location (GCC cannot into position-independent code).

So the only way to attach meta info to a function pointer is through a hashtable, which is very inefficient compared to something like

char *getFunctionName(void (*f)()) {
return *((char**)f-1);
}