You’re running into one surprising difference between i386 and x86_64: they don’t use the same system call mechanism. The correct code is: movq $60, %rax movq $2, %rdi ; not %rbx! syscall Interrupt 0x80 always invokes 32-bit system calls. It’s used to allow 32-bit applications to run on 64-bit systems. For the purposes of learning, … Read more
In 64-bit mode you cannot push and pop 32-bit values; you need pushq and popq. Also, you will not get a proper exit this way. On 32-bit x86, you would need to set %eax to 1 to select the exit() system call, and set %ebx to the exit code you actually wish. On 64-bit x86 … Read more
You can put the argv array onto the stack and load the address of it into rsi. The first member of argv is a pointer to the program name, so we can use the same address that we load into rdi. xor edx, edx ; Load NULL to be used both as the third ; … Read more
The shadow space must be provided directly previous to the call. Imagine the shadow space as a relic from the old stdcall/cdecl convention: For WriteFile you needed five pushes. The shadow space stands for the last four pushes (the first four arguments). Now you need four registers, the shadow space (just the space, contents don’t … Read more
If the divisor is a signed 64-bit value, you don’t need to do anything with it. Likewise, if the dividend is a signed 128-bit value, you don’t need to do anything with it, just load the top 64 bits of it into rdx and the low 64 bits into rax. Now, if any of the … Read more
From man 2 write, you can see the signature of write is, ssize_t write(int fd, const void *buf, size_t count); It takes a pointer (const void *buf) to a buffer in memory. You can’t pass it a char by value, so you have to store it to memory and pass a pointer. (Don’t print one … Read more
AFAICT, the intrinsic leaves garbage in index when the input is zero, weaker than the behaviour of the asm instruction. This is why it has a separate boolean return value and integer output operand. Despite the index arg being taken by reference, the compiler treats it as output-only. unsigned char _BitScanReverse64 (unsigned __int32* index, unsigned … Read more
No, [RIP + rel32] is the only addressing mode involving RIP. See also Referencing the contents of a memory location. (x86 addressing modes). If you want maximum efficiency for indexing a static array, you need to make position-dependent code so you can use the table address as a 32-bit absolute disp32 in a normal addressing … Read more
The 64-bit OS X ABI complies at large to the System V ABI – AMD64 Architecture Processor Supplement. Its code model is very similar to the Small position independent code model (PIC) with the differences explained here. In that code model all local and small data is accessed directly using RIP-relative addressing. As noted in … Read more
So, TSX may be disabled not to mitigate Spectre, but as a part of another vulnerability mitigation, TSX Asynchronous Abort (TAA). Here’s relevant article on Intel website: IntelĀ® Transactional Synchronization Extensions (IntelĀ® TSX) Asynchronous Abort / CVE-2019-11135 / INTEL-SA-00270 Which links to two more detailed articles: TSX Asynchronous Abort (TAA) CVE-2019-11135 Microarchitectural Store Buffer Data … Read more