Author Topic: RIP addressing  (Read 115064 times)

mineiro

  • Newbie
  • *
  • Posts: 9
    • View Profile
RIP addressing
« on: July 08, 2016, 02:25:57 PM »
This is my first post, I'm not a bot. My english language is poor, so be patience while reading, I'm learning english language alone on an autodidact way. I'm from Brazil.

Hello Sir Bogdan,
I have done some tests about rip relative address on linux x86-64, we have talked about this before, here are some outputs.
yasm and as assembler output this:
Code: [Select]
0000000000000000 <_start>:
   0:   8a 05 08 00 00 00       mov    al,BYTE PTR [rip+0x8]        # e <_start+0xe>
   6:   66 8b 05 00 00 00 00    mov    ax,WORD PTR [rip+0x0]        # d <_start+0xd>
   d:   8b 05 00 00 00 00       mov    eax,DWORD PTR [rip+0x0]        # 13 <_start+0x13>
  13:   48 8b 05 08 00 00 00    mov    rax,QWORD PTR [rip+0x8]        # 22 <_start+0x22>

solasm is generating this on first pass, and an error on second pass
Code: [Select]
0 0 0 0 00000000        .entry _start
0 0 0 0 00000000        _start:
0 0 0 0 00000000        mov al,byte [rip]               8A 05 FC FF FF FF
0 0 0 0 00000006        mov ax,word [rip]               66 8B 05 FC FF FF FF
0 0 0 0 0000000D        mov eax,dword [rip]             8B 05 FC FF FF FF
0 0 0 0 00000013        mov rax,qword [rip]             48 8B 05 FC FF FF FF
Appears that solasm uses signed instead of unsigned?

Thanks a lot sir.
ps: I have seen a minor mistake on manual regarding about structure ends, on STRUC ETH_PACKET structure that ends with ENS.
« Last Edit: July 08, 2016, 02:36:47 PM by mineiro »

bogdanontanu

  • Administrator
  • Newbie
  • *****
  • Posts: 22
    • View Profile
    • oby.ro
Re: RIP addressing
« Reply #1 on: July 08, 2016, 11:12:58 PM »
Hi mineiro,

Thanks for testing Sol_Asm and for caching the error in the manual ;)

What is the source code for that output in yasm and sol_asm?

As I have said before sol_asm does NOT know the symbol "rip" as a register.
This "rip" register does not have an encoding for x64 CPU.

It just appears written like that in disassembly in order to make the reader aware that the encoding is "rip relative" even for data access in x64.
This is a "new" thing in x64 and people like to put emphasis on it.

However it was available for JMP and CALL even for x32 CPU but nobody made a big issue about it.
It helps writing position independent code but that is all about it.

Sol_asm does generate RIP relative addressing by default when in 64 bits ...
if that is what you are after.

Just try with any variable in x64, something like this:
Code: [Select]

.use64

.data
    my_var dq 1234h

.code
    mov rax,[my_var]


and sol_asm will generate a:
Code: [Select]
    MOV RAX,[RIP+relative_offset_of_my_var_to_current_rip]

Nothing special needs to be done in order to use RIP addressing in Sol_Asm.
RIP addressing is enabled by default in x64 mode.

« Last Edit: July 09, 2016, 12:12:41 AM by bogdanontanu »

mineiro

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: RIP addressing
« Reply #2 on: July 09, 2016, 03:42:35 AM »
Thanks for answering sir Bogdan, yes, make sense your words.

The source code that I have worked follows:

solasm
Code: [Select]
section "text" class_code alias ".text"
.USE64
.text
.entry _start
_start:
mov al,byte [rip]
mov ax,word [rip]
mov eax,dword [rip]
mov rax,qword [rip]

yasm
Code: [Select]
;command line: yasm -f elf64 -o obj.o obj.asm
section .text
global _start
_start:
mov al,byte [rip]
mov ax,word [rip]
mov eax,dword [rip]
mov rax,qword [rip]

as
Code: [Select]
#command line: as -o quiz.o quiz.asm
.intel_syntax noprefix
.text
.global _start
_start:
mov al,byte ptr [rip]
mov ax,word ptr [rip]
mov eax,dword ptr [rip]
mov rax,qword ptr [rip]

To archieve that on solasm after read your post I have done this source code
Code: [Select]
;sol_asm2 -elf64 quiz.solasm quiz.o
section "text" class_code alias ".text"
.USE64
.text
.entry _start
_start:
mov al,byte [one]
one:
mov ax,word [two]
two:
mov eax,dword [three]
three:
mov rax,qword [four]
four:

But disassembled code is not equal, maybe I'm doing something wrong but have some displacement:
Code: [Select]
$ yasm -f elf64 -o quiz.o quiz.yasm
$ ld -s -m elf_x86_64 -o quiz quiz.o
$ objdump -d -Mintel quiz.o
0000000000000000 <_start>:
   0:   8a 05 00 00 00 00       mov    al,BYTE PTR [rip+0x0]        # 6 <_start+0x6>
   6:   66 8b 05 00 00 00 00    mov    ax,WORD PTR [rip+0x0]        # d <_start+0xd>
   d:   8b 05 00 00 00 00       mov    eax,DWORD PTR [rip+0x0]        # 13 <_start+0x13>
  13:   48 8b 05 00 00 00 00    mov    rax,QWORD PTR [rip+0x0]        # 1a <_start+0x1a>

Code: [Select]
$ sol_asm2 -elf64 quiz.solasm quiz.o
$ ld -s -m elf_x86_64 -o quiz quiz.o
$ objdump -d -Mintel quiz.o
0000000000000000 <_start>:
   0:   8a 05 02 00 00 00       mov    al,BYTE PTR [rip+0x2]        # 8 <_start+0x8>
   6:   66 8b 05 09 00 00 00    mov    ax,WORD PTR [rip+0x9]        # 16 <_start+0x16>
   d:   8b 05 0f 00 00 00       mov    eax,DWORD PTR [rip+0xf]        # 22 <_start+0x22>
  13:   48 8b 05 16 00 00 00    mov    rax,QWORD PTR [rip+0x16]        # 30 <_start+0x30>
I debug both programs and are generating the same expected results.

Again, thanks a lot sir, I'm enjoying a lot solasm.

bogdanontanu

  • Administrator
  • Newbie
  • *****
  • Posts: 22
    • View Profile
    • oby.ro
Re: RIP addressing
« Reply #3 on: July 09, 2016, 11:37:47 AM »
Nice to hear that you enjoy sol_asm ;)

Yes, RIP relative addressing does involve some displacement even if that displacement is zero ;)