From: michael@kjorling.se (Michael Kjörling)
Subject: [TUHS] Discuss of style and design of computer programs from a
Date: Sat, 6 May 2017 21:45:19 +0000 [thread overview]
Message-ID: <20170506214519.GN12539@yeono.kjorling.se> (raw)
In-Reply-To: <alpine.BSF.2.02.1705061554080.4621@frieza.hoshinet.org>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 4134 bytes --]
On 6 May 2017 16:00 -0400, from usotsuki at buric.co (Steve Nickolas):
> In 6502 code, it's not uncommon to do something like
>
> foo1: lda #$00
> .byte $2C ; 3-byte BIT
> foo2: lda #$01
> .
> .
> .
>
> to save a byte (and probably still done for the few who write in
> ASM). The "2C" operand would cause it to disassemble as something
> like...
>
> 1000- LDA #$00
> 1002- BIT $01A9
>
> which is the route you'd go down if you called "foo1". Apart
> diddling a few CPU flags, and an unneeded read on $01A9, harmless.
You could do something quite similar on the 8086, which I am somewhat
more familiar with. For example, in some kind of pseudo 8086
assembler, with $ denoting the value of the instruction pointer at the
beginning of the current instruction:
jmp short $+3
int 90h ; hex: cd 90
would almost certainly decompile to the above, if the decompiler
doesn't barf when it can't create a jump target label mid-instruction,
but it would certainly _execute_ as
jmp short l1
db 0cdh ; dummy byte
l1: nop ; hex: 90
resulting in a jump over one byte followed by a no-op instruction. Of
course, invoking interrupt 90h would be a perfectly legal thing to do,
assuming that your interrupt tables are set up correctly. If you want
to mess with someone trying to figure out what the code is doing,
write a (nonsense or meaningful) value to interrupt vector 90h before
you do that. For example, assuming that it isn't being used, you could
point interrupt 90h at the reboot jump location, which IIRC on the IBM
PC would mean point it at FFFFh:FFF0h or absolute address FFFF0h.
Anyone trying to actually execute the INT 90h instruction would see
their computer reboot, but anyone actually executing the code would
see little more than a CPU cache flush due to the jump.
Or, something slightly more "useful"
jmp short $+3
int 0 ; hex: cd 00
db 0
jz somewhere
which, again IIRC, would clear the accumulator (AX) register because
0000 hex is XOR AX,AX, which as a side effect sets the zero flag
because the result is zero, and then executes a conditional jump if
the zero flag is set (which it will be). In other words, it _executes_
as
jmp short l1
db 0cdh ; dummy byte
l1: xor ax,ax ; hex: 00 00
jz somewhere
but a naiive decompiler will see the CDh byte after the jump and take
that as the first byte of the two-byte interrupt instruction. I don't
know what 00 followed by the first byte of the JZ instruction would
be, but probably a register/register XOR with a register store. Make
it a far jump and you have a few extra bytes to play with, to befuddle
anyone trying to figure out just what on Earth your code is really
doing.
The above, of course, is really just scratching the surface. With how
many variable-length instructions the x86 has, with careful selection
of opcodes and possibly use of undocumented but functionally valid
combinations, I wouldn't be the least bit surprised if it's
technically possible to write a 8086 program that does one thing when
started normally, and something utterly different but still useful
when started at an offset that results in execution beginning in the
middle of an instruction. Bonus points if the first thing that program
does is jump into itself _at that offset_. Now, the _work involved in
doing so_, never mind maintaining it...
Of course, I wouldn't do anything like the above in any real-world
code base meant to run on modern systems unless obfuscation really
_was_ a design goal. Honest. If I was tasked to write something that
really needed to do something non-trivial in 16 KiB RAM on an original
IBM 5150 PC or clone? I'd probably spend quite a bit of time in front
of the whiteboard and with reference manuals before writing even one
line of code...
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
next prev parent reply other threads:[~2017-05-06 21:45 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 15:20 [TUHS] Discuss of style and design of computer programs from a user stand point [was dmr note on BSD's sins] Clem Cole
2017-05-05 15:37 ` Bakul Shah
2017-05-06 2:16 ` Noel Hunt
2017-05-06 2:40 ` Toby Thain
2017-05-06 6:07 ` Bakul Shah
2017-05-06 22:11 ` Steve Johnson
2017-05-06 23:35 ` Larry McVoy
2017-05-07 4:06 ` Dan Cross
2017-05-07 13:49 ` [TUHS] Discuss of style and design of computer programs from a user stand point Michael Kjörling
2017-05-06 2:02 ` [TUHS] Discuss of style and design of computer programs from a user stand point [was dmr note on BSD's sins] Doug McIlroy
2017-05-06 5:33 ` Steve Johnson
2017-05-06 9:18 ` [TUHS] Discuss of style and design of computer programs from a user stand point Michael Kjörling
2017-05-06 13:09 ` Nemo
2017-05-06 13:44 ` Michael Kjörling
2017-05-06 14:40 ` Larry McVoy
2017-05-06 15:09 ` [TUHS] Discuss of style and design of computer programs from a Corey Lindsly
2017-05-06 15:20 ` Michael Kjörling
2017-05-06 15:24 ` Larry McVoy
2017-05-06 15:51 ` Michael Kjörling
2017-05-06 15:53 ` Larry McVoy
2017-05-06 20:00 ` Steve Nickolas
2017-05-06 21:45 ` Michael Kjörling [this message]
2017-05-07 7:42 ` Stephen Kitt
2017-05-06 15:23 ` ron minnich
2017-05-06 15:44 ` Michael Kjörling
2017-05-06 18:43 ` [TUHS] Discuss of style and design of computer programs from a user stand point Dave Horsfall
2017-05-06 19:50 ` Bakul Shah
2017-05-07 1:15 ` Warner Losh
2017-05-07 1:42 ` Noel Hunt
2017-05-07 13:54 ` Michael Kjörling
2017-05-07 14:58 ` arnold
2017-05-07 16:33 ` Michael Kjörling
2017-05-07 15:13 ` Warner Losh
2017-05-06 16:40 ` Kurt H Maier
2017-05-06 14:16 ` [TUHS] The Elements of Programming Style (book) - was Re: Discuss of style and design of computer programs Toby Thain
2017-05-07 0:51 [TUHS] Discuss of style and design of computer programs from a Nemo
2017-05-08 13:39 ` Tony Finch
2017-05-08 16:21 ` Steve Johnson
2017-05-08 17:01 ` Dan Cross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170506214519.GN12539@yeono.kjorling.se \
--to=michael@kjorling.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).