pushl $(0xcb<<24)|0x08 call .-1
What does this instruction sequence do? (This was a collaborative effort by Chuck Gray, Myria and Michael.)
(The solution has been added to the comments.)
pushl $(0xcb<<24)|0x08 call .-1
What does this instruction sequence do? (This was a collaborative effort by Chuck Gray, Myria and Michael.)
(The solution has been added to the comments.)
In MASM, this would probably be
push (0xcb<<24)|0×08
call $-1
OK I solved it but I’m not posting it here :P
Umm, sure, I have a solution too, but this margin is too narrow to contain it…
it pushes a selector of your choice (0×8 in this case) into the stack, then it makes a relative call to -1, which contains the 0xcb ocode (far return). 0×8 is the selector of the first usable gdt entry (which has a ring0 DPL in windows).
Whenever you run this code, a hamster dies out there.
The full answer is: The code loads CS with 0×08. There is no “mov cs” instruction in the x86 instruction set, so if you just want to reload CS, for example after a GDT reload, you can either do a far jump – or this, which is much more elegant. It requires a working stack, though.
In my case, I am using this code to switch to 64 bit mode on an x86_64 CPU.
Hello! Good Site! Thanks you! wqelmtrubulvk
TrackbackGenerator…
TrackbackGenerator…
Muscle Gain Truth…
Muscle Gain Truth…
OMFG.. How can this be “more elegant”?
Let’s compare it in some categories.. Result: exactly the same, Speed: slower, requirements: more (stack), length of source: equal, readability: much worse.
And now let’s come to the category “elegance”… encoding an instruction into the parameters of another instruction, because it magically fits in there is really ugly practice of pseudo 1337 kiddies and should be punished with eternal epic fail!