Re: Jumping into middle of instruction
- From: Terje Mathisen <spamtrap@xxxxxxxxxx>
- Date: Thu, 28 Feb 2008 17:07:35 +0100
mybwpp@xxxxxxxxxxxxxx wrote:
Can anyone explain the concept of 'Jumping into the middle of
instructions'. Why it is used? Can we hide arbitrary code (I/O
instructions, system calls) by this technique ?
It is not "used" anymore, rather "abused". :-)
It does work on every single x86 ever manufactured, but since the Pentium it is a way to slow the cpu down, not a speed gain like on the 486.
I once wrote a very fast strcpy() replacement for the 486 which used a partially rotated inner loop, where I would normally have jumped into the proper spot of the first iteration, but instead I used a dummy CMP opcode to skip past the start of the loop:
;; JMP first_iteration
CMP AX, 1234h ;; dummy opcode
ORG $-2 ;; Skip back to the beginning of the 1234h value
next_iteration:
add si,dx ;; Two-byte opcode, back to start
first_iteration:
......
jnz next_iteration
On a Pentium the first iteration will do a partial decode, noting the instruction boundaries, then the branch into the middle of the CMP opcode will flush this cache and it has to restart the decoding.
Terje
--
- <Terje.Mathisen@xxxxxxxxxxxxx>
"almost all programming can be viewed as an exercise in caching"
.
- References:
- Jumping into middle of instruction
- From: mybwpp@xxxxxxxxxxxxxx
- Jumping into middle of instruction
- Prev by Date: Re: Jumping into middle of instruction
- Next by Date: Re: [Clax86list] Seg fault with hla 1.99 on Fedora 8 linux
- Previous by thread: Re: Jumping into middle of instruction
- Next by thread: Cause IRQ5 programmatically
- Index(es):
