Assembly

Compiler Optimizations

The compiler makes various changes to improve speed during execution. It inlines various functions to save on a function call. Memcpy is one such case:

mov esi, source_address
mov ebx, ecx
shr ecx, 2 // length divided by four
mov edi, eax // destination address
repe movsd // copy four byte blocks
mov ecx, ebx
and ecx, 3 // remainder size
repe movsb // copy it

Example from The Shellcoder's Handbook Chapter 21

The same optimization is made for Memset simply swamping out repe movs for repe stos. https://www.felixcloutier.com/x86/movs:movsb:movsw:movsd:movsq https://www.aldeid.com/wiki/X86-assembly/Instructions/rep https://www.felixcloutier.com/x86/stos:stosb:stosw:stosd:stosq

The same is done for strlen:

mov edi, string 
or ecx, 0xffffffff 
xor eax, eax
repne scasb //scans edi for the lowbyte in eax (looking for null terminator) and decriments ecx for each charecter not == 0  
not ecx
dec ecx

Example from The Shellcoder's Handbook Chapter 21

Calling Convention

C++ uses the thiscall calling convention, passing the "this" object in the ecx registry containing a class object of the caller.

push edi
push esi
push [ebp+arg_0]
lea ecx, [ebx+5Ch] //HTTP_HEADERS object pointer
call ?ParseInput@HTTP_HEADERS@@QAEHPBDKPAK@Z

Example from The Shellcoder's Handbook Chapter 21

PreviousIDA Pro NextMemory Protection

Last updated 3 years ago

Was this helpful?