-
Notifications
You must be signed in to change notification settings - Fork 20
/
0x18.asm
46 lines (42 loc) · 1.51 KB
/
0x18.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
;
; $Id: 0x18.asm,v 1.1.1.1 2016/03/27 08:40:12 raptor Exp $
;
; 0x18 explanation - from xchg rax,rax by [email protected]
; Copyright (c) 2016 Marco Ivaldi <[email protected]>
;
; This snippet introduces the rdtsc instruction, which
; loads the current value of the processor's timestamp
; counter (a 64-bit Machine State Register) into edx:eax.
; The edx register is loaded with the high-order 32 bits
; of the timestamp and the eax register is loaded with
; the low-order 32 bits. On x86_64, the high-order 32
; bits of both rax and rdx are cleared.
;
; This snippet simply uses the shift left and or
; instructions to load the high-order 32 bits of the
; timestamp stored in edx into the cleared high-order 32
; bits of rax. It does that two times (the first time
; storing the result in rcx) and then compares the
; results. Of course, the second/newer timestamp stored
; in rax will always end up being greater than the
; first/older timestamp stored in rcx.
;
; This analysis was facilitated by the assembly REPL rappel
; by [email protected]:
;
; https://github.com/yrp604/rappel/
;
BITS 64
SECTION .text
global main
main:
rdtsc ; load timestamp counter into edx:eax
shl rdx,0x20 ; left shift rdx by 32 bits
or rax,rdx ;
mov rcx,rax ; rcx = rax | rdx
rdtsc ; load timestamp counter into edx:eax
shl rdx,0x20 ; left shift rdx by 32 bits
or rax,rdx ; rax = rax | rdx
cmp rcx,rax ; rax (the newer timestamp) will always be
; greater than rcx (the older timestamp)
; and therefore the cf flag will be set