.1. X86
rcm20: mov ecx,RcmLength ; (ecx) = length in bytes
and ecx,3 ; (ecx) = length mod 4
jz rcm30 ; 0 odd bytes, go do dwords
repe cmpsb ; compare odd bytes
jnz rcm50 ; mismatch, go report how far we got;
; All bytes in the block match.
;rcm30: mov eax,RcmLength ; set number of matching bytes
pop edi ; restore registers
pop esi ;
stdRET _RtlCompareMemory;
; When we come to rcm40, esi (and edi) points to the dword after the
; one which caused the mismatch. Back up 1 dword and find the byte.
; Since we know the dword didn't match, we can assume one byte won't.
;rcm40: sub esi,4 ; back up
sub edi,4 ; back up
mov ecx,5 ; ensure that ecx doesn't count out
repe cmpsb ; find mismatch byte;
; When we come to rcm50, esi points to the byte after the one that
; did not match, which is TWO after the last byte that did match.
;rcm50: dec esi ; back up
sub esi,RcmSource1 ; compute bytes that matched
mov eax,esi ;
pop edi ; restore registers
pop esi ;
stdRET _RtlCompareMemorystdENDP _RtlCompareMemoryN.B.: this function uses a 32-bit word comparison (CMPSD) if the block size is a multiple of 4, or
per-byte comparison (CMPSB) otherwise.CPUIDget information about theCPU’s features. see also: (1.24.6 on page 369).
DIVunsigned division
IDIVsigned division
INT(M):INT xis analogous toPUSHF; CALL dword ptr [x*4]in 16-bit environment. It was widely
used in MS-DOS, functioning as a syscall vector. The registers AX/BX/CX/DX/SI/DI were filled with
the arguments and then the flow jumped to the address in the Interrupt Vector Table (located at the
beginning of the address space). It was popular because INT has a short opcode (2 bytes) and the
program which needs some MS-DOS services is not bother to determine the address of the service’s
entry point. The interrupt handler returns the control flow to caller using the IRET instruction.
The most busy MS-DOS interrupt number was 0x21, serving a huge part of itsAPI. See also: [Ralf
BrownRalf Brown’s Interrupt List], for the most comprehensive interrupt lists and other MS-DOS
information.In the post-MS-DOS era, this instruction was still used as syscall both in Linux and Windows (6.3 on
page 747), but was later replaced by the SYSENTER or SYSCALL instructions.INT 3(M): this instruction is somewhat close toINT, it has its own 1-byte opcode (0xCC), and is actively
usedwhiledebugging. Often, thedebuggersjustwritethe0xCCbyteattheaddressofthebreakpoint
to be set, and when an exception is raised, the original byte is restored and the original instruction
at this address is re-executed.
As ofWindows NT, anEXCEPTION_BREAKPOINTexception is to be raised when theCPUexecutes this
instruction. This debugging event may be intercepted and handled by a host debugger, if one is