REP
Las instrucciones tipo REP siempre van acompañadas de un comando que será repetido de acuerdo a ciertas condiciones.
-
REP :
- while(ECX) { operation }
-
REPZ:
- do { instruction; ECX-- } while (Zero Flag == 1 and ECX > 0)
-
REPNZ:
- do { instruction; ECX-- } while (Zero Flag == 0 and ECX > 0)
CMPS
Compares Mem[ESI] with Mem[EDI] then incremenents ESI and EDI
int string_equal(const char *s) {
return 0 == strcmp(s, "test1");
}
gcc -O2 -m32
string_equal(char const*):
push edi
push esi
mov edi,0x8048520
mov esi,DWORD PTR [esp+0xc]
mov ecx,0x6
; repetir mientras ecx > 0 y los characteres sean iguales.
repz cmps BYTE PTR ds:[esi],BYTE PTR es:[edi]
pop esi
; si Z==1, al = 1
sete al
movzx eax,al
pop edi
ret
STOS
Copies EAX to Mem[EDI] then increments EDI
void perro() {
char *blah = (char *)malloc(0x40);
memset(blah,0,0x40);
}
push %edi
sub $0x14,%esp
push $0x40
call 8048400 <malloc@plt>
mov %eax,%edx
mov $0x10,%ecx
xor %eax,%eax
mov %edx,%edi
rep stos %eax,%es:(%edi)
add $0x18,%esp
pop %edi
ret
lea 0x0(%esi),%esi
SCAS
Compares the mem[EDI] == EAX, then increments EDI
bool gato(const char *s) {
return 14 == strlen(s);
}
gcc -Os -m32
gato(char const*):
push %ebp
xor %eax,%eax
or $0xffffffff,%ecx
mov %esp,%ebp
push %edi
mov 0x8(%ebp),%edi
repnz scas %es:(%edi),%al
pop %edi
cmp $0xfffffff0,%ecx
sete %al
pop %ebp
ret
MOVS
Copies Mem[ESI] to Mem[EDI], then increments EDI, ESI
void pollito() {
char *blah = (char *)malloc(0x40);
char *meh = (char *)malloc(0x40);
memcpy(blah,meh,0x40);
}
gcc -Os -m32 (-Os means optimize for size)
pollito():
push %ebp
mov %esp,%ebp
push %edi
push %esi
push %ebx
sub $0x18,%esp
push $0x40
call 8048420 <malloc@plt>
mov %eax,%ebx
movl $0x40,(%esp)
mov %ebx,%edi
call 8048420 <malloc@plt>
mov $0x10,%ecx
mov %eax,%esi
add $0x10,%esp
rep movsl %ds:(%esi),%es:(%edi)
lea -0xc(%ebp),%esp
pop %ebx
pop %esi
pop %edi
pop %ebp
ret