Invoke is too high level

(or another perspective on the Invoke vs Call argument) The video version (for the illiterate) can be found at: https://youtu.be/QyjXBv3sqRY I’m in the process of re-certifying for the GREM certification (GIAC Reverse Engineering Malware). Although I’m pretty good with assembly language in a handful of architectures (Motorolla, x86, propeller, and ARM), my skills are shit with […]


ARM Assembly is Too High Level: ROR and RRX 1

Note: If you prefer video format to reading stuff, there’s a companion video for this: https://youtu.be/ONQLWdd5nuc Looking at instruction encodings, ‘ROR r0, #0’ should be the same as ‘RRX r0, r0’. Let’s first take a look at the encoding for the ROR instruction:   So Rm gets rotated imm5 places and gets stored into Rd Now […]


ARM Assembly is Too High Level: Moving by Shifting

The syntax for the register form of a Logical Shift Left is: LSL{S}c Rd, Rm, #imm5 This will take a value stored in the source register of Rm and shift the bits left by the amount defined in #imm5. The result of this operation is stored in the destination register of Rd. Like many instructions […]


sed/regex Based BrainFuck Compiler

BrainFuck is an ‘esoteric’ programming language with only 8 one-character instructions. I’ve used it here-and-there for well over a decade. I love minimalist languages, so RISCy. A brainfuck environment operates on a large array of data. There’s an instruction to move the pointer in this array forwards and backwards and to increment or decrement it’s […]


Assembly is Too High Level: Commutative Property, Sometimes (it may save your byte)

I remember learning these properties in basic algebra: Associative, Distributive, and Commutative. It’s the Commutative property that states that a + b = b + a. The same principle is true with multiplication. In x86 pointer math, of course the results of these operations follow the commutative property; that’s just math. However, the machine encoding […]


Assembly is Too High-Level: Signed Displacements

For those that don’t know about unsigned and signed data types, it’s not all that complicated. One byte can hold a total of 256 possible values. If these values were only positive numbers and included zero, we would have a number range of 0-255. But what if we wanted negative numbers? The byte is divided; […]


Boot Sector Graphical Programming (Tutorial)

This tutorial is aimed at those that have some assembly experience, but very minimal 16-bit BIOS programming experience, in other words; a short list of some of my friends that I want to coerce into doing some BIOS programming. Assembling: Qemu Assemble source: nasm yourboot.asm -f bin -o yourboot.bin Run with qemu: qemu tronsolitare.bin Run […]


CactusCon Slides: Machining, A Love Story

Here is the full ~6Mb image that I used as my slide deck within MS Paint in Windows 3.1 for my CactusCon 2016 presentation: Machining, A Love Story. Below the large image are all the images again, slide-by-slide, with brief notes; so there can be some context. All non-screenshot art done by KRT c0c4!N (my […]


Assembly is Too High Level: Redundant Bit commands 2

Compared to some of the most recent posts in this series, this one is a pretty basic example of a redundancy. This redundancy applies to the bit shifting instructions of: RCL, RCR, ROL, ROR, SAL, SAR, SHL, and SHR. These instructions can take an 8-bit immediate value, but there is also dedicated encoding for the […]