Assembly Language for Beginners

(Jeff_L) #1

8.1. TASK MANAGER PRACTICAL JOKE (WINDOWS VISTA)


...


mov rbp, [rsi+8]
mov r8d, 20h
lea r9, [rsp+98h+arg_0]
lea rdx, [rsp+98h+var_78]
lea ecx, [r8+2Fh] ; put 0x4F to ECX
mov [rsp+98h+var_60], ebx
mov [rsp+98h+var_68], rbp
; ECX=SystemSuperfetchInformation
call cs:__imp_NtQuerySystemInformation ; not zero


PerhapsMSVCdid so because machine code ofLEAis shorter thanMOV REG, 5(would be 5 instead of 4).


LEAwith offset inβˆ’ 128 :: 127 range (offset will occupy 1 byte in opcode) with 32-bit registers is even shorter
(for lack of REX prefix)β€”3 bytes.


Another example of such thing is:6.1.5 on page 739.

Free download pdf