From 449b66753370d6b64bc9aa7e5c0592ba0fe6f680 Mon Sep 17 00:00:00 2001 From: johannst Date: Wed, 16 Sep 2020 22:23:09 +0000 Subject: deploy: 2e329ad934ef010fd94afe965f14ab895dcb515e --- print.html | 200 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 197 insertions(+), 3 deletions(-) (limited to 'print.html') diff --git a/print.html b/print.html index 8c982fa..190fceb 100644 --- a/print.html +++ b/print.html @@ -83,7 +83,7 @@ @@ -150,7 +150,19 @@
-

zsh(1)

+

Tools

+ +

zsh(1)

Keybindings

Change input mode:

bindkey -v              change to vi keymap
@@ -287,7 +299,7 @@ ${foo/pattern/string}  # replace pattern with string when expanding foo
 # '%'   pattern match at end
 
-

Note: prefix/suffix/pattern are expanded as pathnames.

+

Note: prefix/suffix/pattern are expanded as pathnames.

Pathname

*           match any string
@@ -1083,6 +1095,13 @@ executed. To workaround that bug one can create a wrapper function which calls
   oob <addr>                    # reopen current file at <baddr>
 

Resource analysis & monitor

+

lsof(8)

lsof
   -a ......... AND slection filters instead ORing (OR: default)
@@ -1157,6 +1176,13 @@ major_pagefault: Happens when the page needed is NOT in memory, the kernel
     Dump stack for all threads of process.
 

Trace and Profile

+

strace(1)

strace [opts] [prg]
   -f .......... follow child processes on fork(2)
@@ -1255,6 +1281,13 @@ ophelp      show supported hw/sw events
 /usr/bin/time -v <cmd>
 

Binary

+

od(1)

  od [opts] <file>
     -An         don't print addr info
@@ -1353,6 +1386,13 @@ the .rodata section as follows:

-u undefined only

Development

+

c++filt(1)

Demangle symbol

  c++-filt <symbol_str>
@@ -1559,6 +1599,160 @@ search for and where to put the function pointer:
     >> 000000404018  000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
 
As we can see the offset from relocation at index 0 points to GOT[3]. + +

Arch

+ +

x86_64

+

keywords: x86_64, x86, abi

+
    +
  • 64bit synonyms: x86_64, x64, amd64, intel 64
  • +
  • 32bit synonyms: x86, ia32, i386
  • +
  • ISA type: CISC
  • +
  • Endianness: little
  • +
+

Registers

+

General purpose register

+
bytes
+[7:0]      [3:0]   [1:0]   [1]   [0]     desc
+----------------------------------------------------------
+rax        eax     ax      ah    al      accumulator
+rbx        ebx     bx      bh    bl      base register
+rcx        ecx     cx      ch    cl      counter
+rdx        edx     dx      dh    dl      data register
+rsi        esi     si      -     sil     source index
+rdi        edi     di      -     dil     destination index
+rbp        ebp     bp      -     bpl     base pointer
+rsp        esp     sp      -     spl     stack pointer
+r8-15      rNd     rNw     -     rNb
+
+

Special register

+
bytes
+[7:0]      [3:0]     [1:0]      desc
+---------------------------------------------------
+rflags     eflags    flags      flags register
+rip        eip       ip         instruction pointer
+
+

FLAGS register

+
rflags
+bits  desc
+-----------------------------
+[11]  OF overflow flag
+[10]  DF direction flag
+ [7]  SF sign flag
+ [6]  ZF zero flag
+ [4]  AF auxiliary carry flag
+ [2]  PF parity flag
+ [0]  CF carry flag
+
+

Addressing

+
movw [rax], rbx         // save val in rbx at [rax]
+movw [imm], rbx         // save val in rbx at [imm]
+movw rax, [rbx+4*rcx]   // load val at [rbx+4*rcx] into rax
+
+

rip relative addressing:

+
lea rax, [rip+.my_str]       // load addr of .my_str into rax
+...
+.my_str:
+.asciz "Foo"
+
+

Size directives

+

Explicitly specify size of the operation.

+
mov  byte ptr [rax], 0xff    // save 1 byte(s) at [rax]
+mov  word ptr [rax], 0xff    // save 2 byte(s) at [rax]
+mov dword ptr [rax], 0xff    // save 4 byte(s) at [rax]
+mov qword ptr [rax], 0xff    // save 8 byte(s) at [rax]
+
+

SysV x86_64 ABI

+

Passing arguments to functions

+
    +
  • Integer/Pointer arguments +
    reg     arg
    +-----------
    +rdi       1
    +rsi       2
    +rdx       3
    +rcx       4
    +r8        5
    +r9        6
    +
    +
  • +
  • Floating point arguments +
    reg     arg
    +-----------
    +xmm0      1
    +  ..     ..
    +xmm7      7
    +
    +
  • +
  • Additional arguments are passed on the stack. Arguments are pushed +right-to-left (RTL), meaning next arguments are closer to current rsp.
  • +
+

Return values from functions

+
    +
  • Integer/Pointer return values +
    reg          size
    +-----------------
    +rax        64 bit
    +rax+rdx   128 bit
    +
    +
  • +
  • Floating point return values: +
    reg            size
    +-------------------
    +xmm0         64 bit
    +xmm0+xmm1   128 bit
    +
    +
  • +
+

Caller saved registers

+

Caller must save these registers if they should be preserved across function +calls.

+
    +
  • rax
  • +
  • rcx
  • +
  • rdx
  • +
  • rsi
  • +
  • rdi
  • +
  • rsp
  • +
  • r8 - r11
  • +
+

Callee saved registers

+

Caller can expect these registers to be preserved across function calls. Callee +must must save these registers in case they are used.

+
    +
  • rbx
  • +
  • rbp
  • +
  • r12r15
  • +
+

Stack

+
    +
  • grows downwards
  • +
  • frames aligned on 16 byte boundary +
    HI ADDR
    + |                +------------+
    + |                | prev frame |
    + |                +------------+ <--- 16 byte aligned (X & ~0xf)
    + |       [rbp+8]  | saved RIP  |
    + |       [rbp]    | saved RBP  |
    + |       [rbp-8]  | func stack |
    + |                | ...        |
    + v                +------------+
    +LO ADDR
    +
    +
  • +
+

References

+
-- cgit v1.2.3