-
Notifications
You must be signed in to change notification settings - Fork 20
/
0x3f_TODO.asm
95 lines (89 loc) · 2.34 KB
/
0x3f_TODO.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
;
; $Id: 0x3f_TODO.asm,v 1.1.1.1 2016/03/27 08:40:13 raptor Exp $
;
; 0x3f explanation - from xchg rax,rax by [email protected]
; Copyright (c) 2016 Marco Ivaldi <[email protected]>
;
; TODO: THIS EXPLANATION IS INCOMPLETE
;
; Whoa, this is the last snippet of the book! Thanks to
; [email protected] for the amazing ride!
;
; This snippet calculates the following based on the
; initial value of rax:
;
; rsi = (rax & (rax - 1)) % 3
; rdi = ((rax | (rax - 1)) % 3) + 1
; rax = position of the least-significant bit set in rax
;
; Unfortunately, so far I haven't figured out its purpose. I
; suspect the outcome of the bsf operation is important here.
; It is always 0 for odd numbers, obviously, and for even
; numbers it goes in a series like: 1, 2, 1, 3, 1, 2, 1, 4,
; 1, 2, 1, 3, 1, 2, 1, 5... See also:
;
; https://oeis.org/A001511 [The ruler function: 2^a(n) divides 2n]
; https://oeis.org/A007814 [Exponent of highest power of 2 dividing n]
;
; I've written the following C code to help with the analysis:
;
; #include <stdio.h>
; main()
; {
; int rsi, rdi, i;
; for (i = 1; i <= 100; i++) {
; rsi = (i & (i - 1)) % 3;
; rdi = ((i | (i - 1)) % 3) + 1;
; printf("rax:\t%d\t\trsi,rdi:\t%d,%d\n", i, rsi, rdi);
; }
; }
;
; Example run:
; $ ./0x3f_helper
; rax: 1 rsi,rdi: 0,2
; rax: 2 rsi,rdi: 0,1
; rax: 3 rsi,rdi: 2,1
; rax: 4 rsi,rdi: 0,2
; rax: 5 rsi,rdi: 1,3
; rax: 6 rsi,rdi: 1,2
; rax: 7 rsi,rdi: 0,2
; rax: 8 rsi,rdi: 0,1
; rax: 9 rsi,rdi: 2,1
; rax: 10 rsi,rdi: 2,3
; [...]
; rax: 96 rsi,rdi: 1,2
; rax: 97 rsi,rdi: 0,2
; rax: 98 rsi,rdi: 0,1
; rax: 99 rsi,rdi: 2,1
; rax: 100 rsi,rdi: 0,2
;
; This analysis was facilitated by the assembly REPL rappel
; by [email protected]:
;
; https://github.com/yrp604/rappel/
;
BITS 64
SECTION .text
global main
main:
mov rbx,3 ;
mov r8,rax ; save the original input rax in r8
mov rcx,rax ;
dec rcx ;
and rax,rcx ;
xor edx,edx ;
div rbx ;
;
mov rsi,rdx ; rsi = (rax & (rax - 1)) % 3
mov rax,r8 ;
or rax,rcx ;
xor edx,edx ;
div rbx ;
;
inc rdx ;
cmp rdx,rbx ; this is a clever hack, although useless here
sbb rdi,rdi ; if (rdx > 3) rdi = 0 // impossible
and rdi,rdx ; else rdi = ((rax | (rax - 1)) % 3) + 1
bsf rax,r8 ; load rax with the position of the LSB (from
; position 0) that is set in the original input
; rax, regardless of the other operations