Intel Flashcards
1
Q
What is the relationship between “machine code” and “assembly language”?
A
one to one relationship/correspondence
2
Q
What is the layout of the rax register?
A
There are 64 bits inside rax. The bit labeled “63” is the most significant bit and down to the “0” bit which is the least significant. A group of the bits from rax can be manipulated by referencing eax. eax contains 31:0 bits. ax has 15:0 bits. ah is 15:8 and al is 7:0.
3
Q
how many bits are in al?
A
8
4
Q
how many bits are in rcx?
A
64
5
Q
how many bits are in bx?
A
16
6
Q
how many bits are in edx?
A
32
7
Q
If al is set to 0x05 and ax is set to 0x0007, eax is set to 0x00000020, and rax is set to 0x0000 0000 0000 0000. what is the final complete contents of the complete rax register?
A
rax = 0x0000 0000 0000 0000, the lower sub-registers data are overwritten.
8
Q
What does the rip register refer to?
A
instruction pointer: the next instruction to be executed
9
Q
what does the rsp register refer to?
A
the stack pointer, points to the current top of the stack
10
Q
Draw a picture of the VonNeumann Architecture.
A
CPU, RAM (primary storage), secondary storage, and I/O are all connected by a bus.
11
Q
If the rax register is set to 81985529216486895 in base 10 (123456789abcdef in base 16), what are the contents of the following registers in hex? al = ? ax = ? eax = ? rax = ?
A
al = ef ax = cdef eax = 89ab cdef rax = 0123 4567 89ab cdef
12
Q
what is the hex, byte size, two’s compliment representation of -7 (base 10) on Intel x86-64.
A
0xF9
13
Q
What is the hex, word size, two’s compliment representation of -9 (base 10) on Intel x86-64.
A
0xFFF7
14
Q
What is the hex, double-word size, two’s compliment representation of -9 (base 10) on Intel x86-64.
A
0xFFFF FFF7
15
Q
What is the decimal representation of FFFF FFFB (base 16, double-word size, two’s compliment) on Intel x86-64.
A
-5
16
Q
What is the decimal representation of C144 0000(base 16)? Assume IEEE 32 bit floating point format on Intel x86-64.
A
-12.25
17
Q
On the Intel 80x86 base architecture, how many bytes can be stored at each address?
A
1 byte (according to quiz 2 question 8)
18
Q
What is the hex, double-word size, two’s compliment representation of -11 (base 10) on Intel x86-64?
A
0xFFFF FFF5
19
Q
What is the decimal representation of FFFF FFFD (base 16, double-word size, two’s compliment) on Intel x86-64.
A
-3
20
Q
What is the IEEE 32-bit floating point representation of 11.125 (base 10) on Intel x86-64. Give final answer in hex.
A
0x4132 0000
21
Q
Given the following code:
mov rax, 9
mov rbx, 2
add rbx, rax
what would be in the rax and rbx (64 bit) registers after execution on Intel x86-64. Give answer in hex.
A
rax = 0x0000 0000 0000 0009 rbx = 0x0000 0000 0000 000B
22
Q
Given the following code fragment:
mov eax, 4
mov ebx, 7
sub eax, ebx
what would be in the eax and ebx (32-bit) registers after execution on Intel x86-64. Give answer in hex.
A
eax = 0xFFFF FFFD ebx = 0x0000 0007
23
Q
Given the following code fragment:
mov rax, 4
mov rbx, 3
imul rbx
what would be in the rax and rbx (64-bit) registers after execution on Intel x86-64. Give answer in hex.
A
rdx:rax = 0x0000 0000 0000 0000 : 0000 0000 0000 000C
24
Q
given the following code fragment:
mov rax, 5
cqo
mov rbx, 3
idiv rbx
what would be in the rax and rdx (64-bit) registers after execution on Intel x86-64. Give answer in hex.
A
rax = 0x0000 0000 0000 0001 rdx = 0x0000 0000 0000 0002
25
Explain what each of the following instructions do on Intel x86-64.
mov rax, qword[var]
mov rax, var
mov rax, qword[var]
go to memory, grab that value, put it in rax
mov rax var
grab address of var, put into rax. still legal instruction that effectively creates a pointer.
26
Given the following code fragment:
mov rax, 11
cqo
mov rbx, 4
idiv rbx
what would be in the rax and rdx registers after execution on Intel x86-64. Give answer in hex.
```
rax = 0x0000 0000 0000 0002
rdx = 0x0000 0000 0000 0003
```
27
What is the addressing mode of the source operand for each of the following instructions on Intel x86-64. (Register, Immediate, Memory, or Illegal instruction)
note: mov ,
```
mov ebx, 14
mov ecx, dword[rbx]
mov byte[rbx+4], 10
mov 10, rcx
mov dl, ah
mov ax, word[rsi+4]
mov cx, word [rbx+rsi]
mov ax, byte [rbx]
```
mov ebx, 14
Immediate
mov ecx, dword[rbx]
Memory
mov byte[rbx+4], 10
Immediate
mov 10, rcx
Illegal
mov dl, ah
Register
mov ax, word[rsi+4]
Memory
mov cx, word [rbx+rsi]
Memory
mov ax, byte [rbx]
Illegal since ax is bigger than just a byte
28
Given the following variable definitions and code fragment:
ans1 dd 7
mov rax, 3
mov rbx, ans1
add eax, dword[rbx]
what would be in the eax register on Intel x86-64. Give answer in hex.
eax = 0x0000 000A
29
Given the code fragment:
list1 dd 2, 3, 4, 5, 6, 7
mov rbx, list1
add rbx, 4
mov eax, dword[rbx]
mov edx, dword [list1]
what would be in the eax and edx registers after execution on Intel x86-64. Give answer in hex.
```
eax = 0x0000 0003
edx = 0x0000 0002
```
30
Given the code fragment:
lst dd 2, 3, 5, 7, 9
```
mov rsi, 4
mov eax, 1
mov rcx, 2
lp: add eax, dword[lst+rsi]
add rsi, 4
loop lp
mov ebx, dword[lst]
```
What would be in the eax, ebx, rcx, and rsi registers after execution on Intel x86-64. Give answer in hex. Note: pay close attention to the register sizes (32-bit vs 64-bit)
```
eax = 0x0000 0009
ebx = 0x0000 0002
rcx = 0x0000 0000 0000 0000
rsi = 0x0000 0000 0000 000C
```
31
What is the instruction:
loop lp
equivalent to on Intel x86-64?
loop lp
is the same as
dec rcx
cmp rcx, 0
jne lp
32
Given the following variable definitions and code fragment:
lst db 2, 4, 6, 8, 10
mov al, 2
imul byte[lst+2]
what would be in the ax register after execution on Intel x86-64. Give answer in hex.
ax = 0x000C
33
Given the code fragment:
lst dw 12, 14, 16, 18, 20
mov rsi, 3
mov ax, word [lst+rsi*2]
cwd
idiv word [lst+2]
what would be in the ax and dx registers after execution on Intel x86-64. Give answer in hex.
```
ax = 0x0001
dx = 0x0004
```
34
Given the code fragment:
list dd 12, 14, 16, 18, 20
```
mov rbx, list
mov rsi, 2
mov eax, dword[rbx+rsi*4]
cdq
idiv dword[rbx+4]
```
what would be in the eax and edx register after execution on Intel x86-64. Give answer in hex.
```
eax = 0x0000 0001
edx = 0x0000 0002
```
35
Given the code fragment:
list dd 1, 3, 5, 7, 9, 11
```
mov rsi, 4
mov eax, 19
mov rcx, 2
lp: sub eax, dword [list+rsi*4]
inc rsi
dec rcx
cmp rcx, 0
jne lp
mov ebx, dword[list]
```
what would be in the eax and rbx registers after execution on Intel x86-64. Give answer in hex.
```
eax = 0xFFFF FFFF
ebx = 0x0000 0001
```
36
Given the code fragment:
list dd 3, 5, 7
```
mov rsi, 0
mov eax, 0
mov rcx, 3
lp: add eax, dword [list+rsi*4]
inc rsi
loop lp
```
what would be in the eax, rsi, and rcx registers after execution on Intel x86-64. Give answer in hex. Note: pay close attention to register sizes.
```
eax = 0x0000 000F
rsi = 0x0000 0000 0000 0003
rcx = 0x0000 0000 0000 0000
```
37
Assuming double-word size, two's compliment representation, what is the decimal representation of 0xFFFF FFFA on Intel x86-64.
-6
38
Assuming IEEE 32-bit floating point format, what is the representation of 0xC0D0:0000 in decimal on Intel x86-64.
C 0 D 0 : 0000
1100 0000 1101 0000...
1.101x2^2 = -110.1
-6.5
39
Can a constant be changed during the program execution?
no
40
Which register refers to the top of the stack on Intel x86-64?
rsp
41
When a macro is invoked, how many times is the code placed in the code segment?
each time the macro is used, it appears in the code memory. Number of macro calls equals the number of times code is placed in the code segment.
42
What happens as a result of a
push rax
instruction (two things) on Intel x86-64?
1. rsp = rsp - 8
| 2. copy operand (rax) to [rsp]
43
How many bytes of data does the pop rax instruction remove from the stack?
8 bytes
44
Given the following code fragment:
list dq 2, 4, 8, 10, 12
```
mov rsi, 1
mov rax, 2
mov rcx, 2
lp: imul qword [list+rsi*8]
add rax, 2
mov rdx, 0
idiv qword [list+8]
inc rsi
loop lp
```
what would be in the rax, rcx, rdx and rsi registers after execution on Intel x86-64. Give answer in hex.
```
rax = 0x0000 0000 0000 0004
rcx = 0x0000 0000 0000 0000
rdx = 0x0000 0000 0000 0002
rsi = 0x0000 0000 0000 0003
```
45
When arguments are passed using values, it is referred to as?
pass by value
46
When arguments are passed using addresses, it is referred to as?
pass by reference
47
According to the standard calling convention, as discussed in class, what is the purpose of the initial push's and final pop's within most procedures?
because rbx is preserved across function calls.
48
If a function is called 73 times, how many copies of the function code are placed into memory?
one copy
49
Given the code fragment:
list dd 8, 6, 4, 2, 1, 0
```
mov rbx, list
mov rsi, 1
mov rcx, 3
mov edx, dword[rbx]
lp: mov eax, dword[list+rsi*4]
inc rsi
loop lp
imul dword[list]
```
What would be in the double-word sized eax, and edx, and quadword sized rcx register after execution on Intel x86-64. Give answer in hex.
```
eax = 0x0000 0010
edx = 0x0000 0000
rcx = 0x0000 0000 0000 0000
```
50
Given the following code fragment:
list dd 2, 7, 4, 5, 6, 3
```
mov rbx, list
mov rsi, 1
mov rcx, 2
mov eax, 0
mov edx, dword[rbx+4]
lp: add eax, dword[rbx+rsi*4]
add rsi, 2
loop lp
imul dword[rbx]
```
what would be in the double-word sized eax and edx registers after execution on Intel x86-64. Give answer in hex.
```
eax = 0x0000 0018
edx = 0x0000 0000
```
51
What are the two instructions that implement linkage on Intel x86-64?
call and ret
52
What happens during the execution of a call instruction (two things) on Intel x86-64.
1. copy rip to [rsp]
| 2. jump to function
53
If there are seven arguments passed to a function, and the function itself pushes the rbp, rbx, and r12 registers (in that order), what is the correct offset of the stack-based argument when using the standard calling convention on Intel x86-64.
rbp+16
54
What, if any, is the limiting factor for how many times a function can be called on Intel x86-64?
the stack
55
If a function must return a result for a variable sum, how should the sum variable be passed (call-by-reference or call-by-value) on Intel x86-64.
by reference.
56
What is the purpose of the add rsp, after the call statement on Intel x86-64?
to remove the function arguments from the stack
57
Give the following code fragment (note: data is unsigned):
list db 1, 3, 4, 3, 5, 2, 2,
```
mov rbx, list
mov rsi, 3
mov eax, 0
mov dl, byte[list]
mov rcx, 2
inc rsi
mov byte [rbx+4], 2
lp: add al, byte [list+rsi]
sub rsi, 2
loop lp
inc al
mul byte [rbx+6]
div byte[rbx+1]
mov dh, 0
mov ebx, 0
mov rdi, list
mov bx, word[rdi]
```
what would be in the word sized ax, bx, dx registers and the quadword sized rcx and rsi register after execution on Intel x86-64. Give answer in hex. Note: the last line is legal. Provide the correct size for each register portion requested.
```
ax = 0x0204
bx = 0x0301
dx = 0x0001
rcx = 0x0000 0000 0000 0000
rsi = 0x0000 0000 0000 0000
```
58
If there are eight (8) arguments passed to a function, and the function itself pushes the rbp, rbx, and r12 registers (in that order), what are the correct offsets for each of the two stack-based arguments (7th and 8th) when using the standard calling convention?
7th @ qword[rbp+16]
| 8th @ qword[rbp+24]
59
Given the following code on Intel x86-64:
msg db "Hello World", NULL
```
mov rax, SYS_write
mov rdi, STDOUT
mov rsi, msg
mov rdx, 11
syscall
```
What is the "syscall" instruction used for?
What is being placed in the rax register and why?
what is being placed in the rdi register and why?
what is being placed in the rsi register and why?
How many characters are being displayed?
What is the "syscall" instruction used for?
call the operating system
What is being placed in the rax register and why?
a constant that says what the operating system should do
what is being placed in the rdi register and why?
a constant that says the target location to write
what is being placed in the rsi register and why?
the address of the message to be displayed (a variable in memory)
How many characters are being displayed?
11
60
How are strings terminated?
NULL
61
under Unix/Linux, how are text input lines terminated?
LF, linefeed
62
Given the following code on Intel x86-64:
list db 3, 2, 1, 3, 5, 4, 2
```
mov rbx, list
mov rsi, 5
mov rdx, 0
mov rcx, 3
inc rsi
mov byte[list+4], 3
lp: mov al, byte[rbx+rsi]
mul al
add dx, ax
sub rsi, 2
loop lp
mov bx, word[rbx+1]
```
what would be in the word sized ax, bx, cx, dx registers and the quadword sized rsi register after execution. Give answer in hex. Pay close attention to the data types (word/doubleword). Note, the last line is legal.
```
ax = 0x0001
bx = 0x0102
cx = 0x0000
dx = 0x000E
rsi = 0x0000 0000 0000 0000
```
63
If an address is passed on the stack as the only stack-based argument, what are the instructions (two) necessary to return the value 42?
mov r10, qword[rbp+16]
| mov dword[r10], 42
64
Given the following code on Intel x86-64:
resb chr 1
```
mov rax, SYS_read
mov rdi, STDIN
mov rsi, chr
mov rdx, 1
syscall
```
Where does control pass to when the "syscall" instruction is executed?
What is being placed in the rsi register and why?
what is being placed in the rdx register and why?
Where does control pass to when the "syscall" instruction is executed?
the operating system
What is being placed in the rsi register and why?
address to store input character
what is being placed in the rdx register and why?
how many inputs to read (characters)
65
In a high-level language, where are local variables typically stored during a procedure call?
the stack
66
What happens to the local variables after the procedure call?
deallocated
67
when outputing a string to the standard output device, what is the ASCII code (by ASCII character name) to move the new line?
LF
68
To output a large volume of information, which is faster?
dealing with the display card hardware OR
interfacing with the OS
dealing directly with the display card hardware is faster
69
Given the code fragment on Intel x86-64:
list db 6, 4, 3, -1, 2, -3, 5, 7
```
mov rbx, list
mov rsi, 2
mov rax, 4
mov rcx, 2
cmp al, byte[list+2]
jne lp
mov byte[list+4], 6
lp: add al, byte[list+rsi]
add rsi, 2
loop lp
imul byte[rbx+4]
inc ax
idiv byte[rbx+2]
mov bx, word[list]
```
What is in the word-sized ax and bx registers after execution. Give answer in hex. Note, byte operations with word results.
```
ax = 0x0106
bx = 0x0406
```
70
Which typically uses more memory on Intel x86-64, a function or a macro? Explain why.
A macro uses more memory because a independant copy of it is created every time its called.
71
Which typically executes faster on on Intel x86-64, a function or a macro? Explain why.
A macro is faster because a function has linkage overhead slowing it down. A function has to push rip, set rip to function, and then later pop rip.
72
Given the code fragement on Intel x86-64:
list db 6, 4, 3, -1, 2, -3
```
mov rbx, list
mov rsi, 2
mov rax, 4
mov rcx, 2
cmp al, byte[list+2]
jne lp
lp: add al, byte[list+rsi]
add rsi, 2
loop lp
imul byte [rbx+4]
inc ax
idiv byte[rbx+2]
```
what is in the ax register after execution. Give answer in hex. Note, byte operations with word result.
ax = 0x0106
73
Given the code fragment on Intel x86-64:
list dw 5, 4, 3, 1, -1, -3
```
mov rbx, list
mov rsi, 2
mov rax, 0
mov rcx, 2
cmp ax, word[rbx+2]
jne lp
mov word[rbx+4], 6
lp: add ax, word[rbx+rsi]
add rsi, 2
loop lp
imul word[list+4]
idiv word[list]
```
what is in the ax and dx registers after execution. give answer in hex. Note, word operations with word result.
```
ax = 0x0004
dx = 0x0001
```
74
Given the code fragment on Intel x86-64:
list dd 5, 4, 3, 1, -1, -3
```
mov rsi, 4
mov rax, 0
mov rcx, 2
cmp eax, dword[list+4]
jne lp
mov word[list+8], 6
lp: add eax, dword[list+rsi*4]
inc rsi
loop lp
imul dword[list+8]
idiv dword[list]
```
what is in the eax and edx registers after execution. give answer in hex. note, double-word operations with double-word results.
```
eax = 0xFFFF FFFE
edx = 0xFFFF FFFE
```
75
Where are local variables typically stored during a function call?
on the stack
76
How can a buffer overflow result in a security vulnerability?
inject code, change return address. exploit.
