nasm | Mirror of main nasm git repo at http : //repo.or.cz/w/nasm.git

Writing the word 0005h to ports 03CEh and 03CFh will select write mode 0. This is a complex mode that involves many features of the VGA but luckily for us most of these are reset when the video mode is set.
However your code still needs to do the following:

• In order to fill the VGA's internal 32-bit latch, you must perform a read-before-write operation
• Restricting output to a single or a few pixels is done using the BitMask register.

Next snippet displays a rainbow of 16 vertical lines that are 1 pixel wide:

As you can see in strace, the execve command executes as: execve("/bin//nc", ["/bin//nc", "/bin//nc-e //bin/bash -nvlp 4455"], NULL) = 0 It seems to be taking the whole /bin//nc-e //bin/bash -nvlp 4455 as a single argument and thus thinks it's a hostname. In order to get around that, the three argv[] needed for execve() is pushed seperately. argv[]=["/bin/nc", "-e/bin/bash", "-nvlp4455"] These arguments are each pushed into edx, ecx, and ebx. since ebx needs to be /bin/nc, which was already done in the original code. we just needed to push 2nd and 3rd argv[] into ecx and edx and push it into stack. After that we just copy the whole stack into ecx, and then xor edx,edx to set edx as NULL.

Here is the correct solution:

I have learned this in the software security course. Since that was over a year ago, it is a little bit hard for me to remember all the details. I will focus on the main points.

Let's write simple assembly code first.

The bottleneck in all of your examples is the predecoder.

I analyzed your examples with my simulator uiCA (https://uica.uops.info/, https://github.com/andreas-abel/uiCA). It predicts the following throughputs, which closely match your measurements:

The trace table that uiCA generates provides some insights into how the code is executed. For g1a, for example, it generates the following trace:

You can see that for the 32 nops, the predecoder requires 8 cycles, and for the remaining instructions, it requires 5 cycles, which together corresponds to the 13 cycles that you measured.

You may notice that in some cycles, only a small number of instructions is predecoded; for example, in the fourth cycle, only one instruction is predecoded. This is because the predecoder works on aligned 16-byte blocks, and it can handle at most five instructions per cycle (note that some sources incorrectly claim that it can handle 6 instructions per cycle). You can find more details on the predecoder, for example how it handles instructions that cross a 16-byte boundary, in this paper.

If you compare this trace with the trace for g1b, you can see that the instructions after the nops now require 6 instead of 5 cycles to be predecoded, which is because several of the instructions in g1b are longer than the corresponding ones in g1a.

Update: my patch was merged and the issue should no longer be present from NASM 2.15.06.

After some debugging and poking around in the source code I can confirm my initial suspicion that this is a bug.

The size calculation for instructions of the form Dx ? (i.e. any Dx which includes a uninitialized storage token ?) where Dx is larger than DB internally returns the wrong size (assuming elements of 1 byte instead of the appropriate element size). This has the side effect of inconsistently altering the segment offset of any label following the instruction, causing a mismatch in the final code generation stage which is caught by a couple of checks and makes NASM error out.

Normally I would've simply reported the bug, but since NASM's GitHub repo does not have an "Issues" page active and their Bugzilla currently disallows registration I went ahead and submitted a pull request. The fix seems quite simple, unless there's something that I'm missing, in which case we'll find out (hopefully) soon.

No, equ doesn't work with non-integers. As fuz put it nicely:

The equ directive defines symbols. The value of a symbol is an address or an integer of the same size as an address.

Instead, you could use %define c2 3.14 to get text substitution of the macro at every point where you use it. (As opposed to equ which evaluates an expression once, at the location of the equ.)

That difference between equ and macros (including %define) matters for expressions like .len equ $ - v2 (because $ has a higher value later or in other sections), or involving something you change later with a %assign. But it doesn't matter for numeric literal constants; they always evaluate the same way everywhere.

everything was right but the gdt wasn't initialized the right way