xorpd assembly riddle 0x00

Nov 13, 2018 · 2 min read

xorpd has some riddle-like pieces of assembly code here. In this post, I’ll analyze the first one.

So, here’s the code:

xor      eax,eax  
lea rbx,[0]
loop $
mov rdx,0
and esi,0
sub edi,edi
push 0
pop rbp

TL;DR This snippet shows us different ways to set registers to zero.

On a line-by-line analysis we can see that:

1st line: Sets eax to 0 by applying xor with itself. XORing any value with itself results in 0. This is one of the main properties of the xor operation and it’s often used to set registers to zero.

2nd line: Sets rbx to 0 by using lea (load effective address). LDA just evaluates the expression inside the brackets and loads that value into the register specified in the first operand.

3rd line: Sets ecx to 0. Why? Because loop decreases the value of ecx each round until ecx equals zero.

4th line: Sets rdx to 0 by using the mov instruction. Same as line 2 where lea is used, just a slightly different syntax. Remember that these two are equivalent:

mov eax, 0x0FFB347lea eax, [0x0FFB347]

5th line: Pretty similar to line one. Sets esi to 0 by using the and (Anything && 0 is equal to zero)

6th line: Sets edi to 0 by subtracting it’s value to itself (X-X=0).

7th line: This pushes a 0 into the stack and updates the stack pointer.

8th line: This copies the value at the top of the stack to the base pointer register rbp. Because the last value pushed onto the stack was a zero (from line 7) rbp is set to zero.


Shellcode for the masses


Written by


Twitter: @syscall59 | medium.syscall59.com | syscall59@protonmail.com



Shellcode for the masses

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade