Graphics Programs Reference
In-Depth Information
Instruction Description
inc <target>
Increment the target operand by adding 1 to it.
dec <target>
Decrement the target operand by subtracting 1 from it.
The next few instructions, like the
mov
instruction, have two operands.
They all do simple arithmetic and bitwise logical operations between the two
operands, storing the result in the first operand.
Instruction Description
add <dest>, <source>
Add the source operand to the destination operand, storing the result
in the destination.
sub <dest>, <source>
Subtract the source operand from the destination operand, storing the
result in the destination.
or <dest>, <source>
Perform a bitwise
or
logic operation, comparing each bit of one
operand with the corresponding bit of the other operand.
1 or 0 = 1
1 or 1 = 1
0 or 1 = 1
0 or 0 = 0
If the source bit or the destination bit is on, or if both of them are on, the
result bit is on; otherwise, the result is off. The final result is stored in
the destination operand.
and <dest>, <source>
Perform a bitwise
and
logic operation, comparing each bit of one
operand with the corresponding bit of the other operand.
1 or 0 = 0
1 or 1 = 1
0 or 1 = 0
0 or 0 = 0
The result bit is on only if both the source bit and the destination bit
are on. The final result is stored in the destination operand.
xor <dest>, <source>
Perform a bitwise exclusive
or
(
xor
) logical operation, comparing each
bit of one operand with the corresponding bit of the other operand.
1 or 0 = 1
1 or 1 = 0
0 or 1 = 1
0 or 0 = 0
If the bits differ, the result bit is on; if the bits are the same, the result
bit is off. The final result is stored in the destination operand.
One method is to move an arbitrary 32-bit number into the register and
then subtract that value from the register using the
mov
and
sub
instructions:
B8 44 33 22 11 mov eax,0x11223344
2D 44 33 22 11 sub eax,0x11223344
While this technique works, it takes 10 bytes to zero out a single register,
making the assembled shellcode larger than necessary. Can you think of a way
to optimize this technique? The DWORD value specified in each instruction
