NASM - The Netwide Assembler

NASM Forum => Programming with NASM => Topic started by: JohnG on May 29, 2022, 11:12:58 PM

Title: Use of XOR
Post by: JohnG on May 29, 2022, 11:12:58 PM

Hi all,

What is the purpose of the code line     XOR  EAX,EBP  ?

Have found some explanation of it, but they differ and do not explain it well.


John

Title: Re: Use of XOR
Post by: debs3759 on May 30, 2022, 12:00:40 AM

XOR performs a bitwise XOR operation between its two operands (i.e. each bit of the result is 1 if and only if exactly one of the corresponding bits of the two inputs was 1), and stores the result in
the destination (first) operand.

So if a bit is 0 or 1 in both operands, it will be set to 0 in EAX, otherwise it will be set to 1. The purpose depends on the rest of the nearby code (ie what EAX and EBP were previously set to, and what your code is going to do with the result)

Title: Re: Use of XOR
Post by: JohnG on May 30, 2022, 12:11:47 AM

Hi,

Thanks for the quick response,   if both operands are just hex values ok,  but if they are memory addresses  ?

John

Title: Re: Use of XOR
Post by: Frank Kotler on May 30, 2022, 01:36:51 AM

Hi John,

Thanks Debs.

XORing two memory addresses seems a bit unlikely. Can we see some context?

Best,
Frank

Title: Re: Use of XOR
Post by: debs3759 on May 30, 2022, 01:56:08 AM

As Frank says, it seems unlikely to be XORing two memory addresses. If you can provide a few lines of code either side of the instruction, it might help us understand what the code is trying to do.

Title: Re: Use of XOR
Post by: JohnG on May 30, 2022, 05:18:54 AM

Hi all,

I think it might  be only one address (ebp) still not sure why you would do it.
EAX - ABB63DCD
EBP - 004FFB3C   (stack addr )

Title: Re: Use of XOR
Post by: debs3759 on May 30, 2022, 11:52:10 AM

That doesn't make sense to me. It looks like some strange code generated by a compiler, but from your attached code I can't figure out what it is meant to do. Or the disassembler got something wrong, I haven't checked if it could be something else.

Title: Re: Use of XOR
Post by: Frank Kotler on May 30, 2022, 10:20:26 PM

Hi John,

Too cryptic for me!

Here is your file:

00132A9D      | A1 08501300          | mov     eax,dword ptr ds:[0x135008]                    |
00132AA2      | 3145 FC              | xor     dword ptr ss:[ebp-0x4],eax                     |
00132AA5      | 33C5                 | xor     eax,ebp                                        |
00132AA7      | 50                   | push    eax                                            |

It appears to be a disassembly... but not Nasm syntax!

What happens when you run it? What gets pushed? What do you do with it then? Print it? That would be too much to ask.I  suppose...

I think what is being XORed are contents of memory, not memory addresses.  That might help a little... but not much. Well... first load eax from a variable. Then xor that with... [ebp + 4] is probably a parameter passed to a subroutine. Then THAT is xored with ebp. Very strange!

I take it that you don't have source code? Commented source code would be really nice! Can you disassemble it with ndisasm? That will disassemble the executable header, too, which is a PITA. I like Agner Fog's "objconv" as a disassembler. It will produce Nasm syntax, and knows where the code starts!

That's not much help. Can you help us any more? Can we get this code? Can you Tell us what it does, overall?

Maybe more later,
Frank