Author Topic: Use of XOR  (Read 2341 times)

Offline JohnG

  • Jr. Member
  • *
  • Posts: 33
Use of XOR
« on: May 29, 2022, 11:12:58 PM »
Hi all,

What is the purpose of the code line     XOR  EAX,EBP  ?

Have found some explanation of it, but they differ and do not explain it well.


John

Offline debs3759

  • Global Moderator
  • Full Member
  • *****
  • Posts: 221
  • Country: gb
    • GPUZoo
Re: Use of XOR
« Reply #1 on: May 30, 2022, 12:00:40 AM »
XOR performs a bitwise XOR operation between its two operands (i.e. each bit of the result is 1 if and only if exactly one of the corresponding bits of the two inputs was 1), and stores the result in
the destination (first) operand.

So if a bit is 0 or 1 in both operands, it will be set to 0 in EAX, otherwise it will be set to 1. The purpose depends on the rest of the nearby code (ie what EAX and EBP were previously set to, and what your code is going to do with the result)
My graphics card database: www.gpuzoo.com

Offline JohnG

  • Jr. Member
  • *
  • Posts: 33
Re: Use of XOR
« Reply #2 on: May 30, 2022, 12:11:47 AM »
Hi,

Thanks for the quick response,   if both operands are just hex values ok,  but if they are memory addresses  ?

John

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: Use of XOR
« Reply #3 on: May 30, 2022, 01:36:51 AM »
Hi John,

Thanks Debs.

XORing two memory addresses seems a bit unlikely. Can we see some context?

Best,
Frank


Offline debs3759

  • Global Moderator
  • Full Member
  • *****
  • Posts: 221
  • Country: gb
    • GPUZoo
Re: Use of XOR
« Reply #4 on: May 30, 2022, 01:56:08 AM »
As Frank says, it seems unlikely to be XORing two memory addresses. If you can provide a few lines of code either side of the instruction, it might help us understand what the code is trying to do.
My graphics card database: www.gpuzoo.com

Offline JohnG

  • Jr. Member
  • *
  • Posts: 33
Re: Use of XOR
« Reply #5 on: May 30, 2022, 05:18:54 AM »
Hi all,

I think it might  be only one address (ebp) still not sure why you would do it.
EAX - ABB63DCD
EBP - 004FFB3C   (stack addr )
« Last Edit: May 30, 2022, 05:22:44 AM by JohnG »

Offline debs3759

  • Global Moderator
  • Full Member
  • *****
  • Posts: 221
  • Country: gb
    • GPUZoo
Re: Use of XOR
« Reply #6 on: May 30, 2022, 11:52:10 AM »
That doesn't make sense to me. It looks like some strange code generated by a compiler, but from your attached code I can't figure out what it is meant to do. Or the disassembler got something wrong, I haven't checked if it could be something else.
My graphics card database: www.gpuzoo.com

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: Use of XOR
« Reply #7 on: May 30, 2022, 10:20:26 PM »
Hi John,

Too cryptic for me!

Here is your file:

00132A9D      | A1 08501300          | mov     eax,dword ptr ds:[0x135008]                    |
00132AA2      | 3145 FC              | xor     dword ptr ss:[ebp-0x4],eax                     |
00132AA5      | 33C5                 | xor     eax,ebp                                        |
00132AA7      | 50                   | push    eax                                            |

It appears to be a disassembly... but not Nasm syntax!

What happens when you run it? What gets pushed? What do you do with it then? Print it? That would be too much to ask.I  suppose...

I think what is being XORed are contents of memory, not memory addresses.  That might help a little... but not much. Well... first load eax from a variable. Then xor that with... [ebp + 4] is probably a parameter passed to a subroutine. Then THAT is xored with ebp. Very strange!

I take it that you don't have source code? Commented source code would be really nice! Can you disassemble it with ndisasm? That will disassemble the executable header, too, which is a PITA. I like Agner Fog's "objconv" as a disassembler. It will produce Nasm syntax, and knows where the code starts!

That's not much help. Can you help us any more? Can we get this code? Can you Tell us what it does, overall?

Maybe more later,
Frank