X64 === Table of Contents --- - [Table of Contents](https://hackmd.io/@0xff07/SkmbCNm-9) X64 Basic Architecture (OST2 Arch1001) --- - [Class Introduction](https://hackmd.io/@0xff07/HybOLIKm9) - [Class Conclusion](https://hackmd.io/@0xff07/Byg5cFK79) Basics --- - [Background: Endianess](https://hackmd.io/@0xff07/HkwpLIY7q) - [Computer Registers](https://hackmd.io/@0xff07/rkajv8Km9) - [First Instruction: No-Operation (`nop`)](https://hackmd.io/@0xff07/HJh8_UKXq) - [The Stack: `push`, `pop`](https://hackmd.io/@0xff07/SJj1YItX9) - [**CallASubroutine1.c**: `call`, `ret`, `mov`, `add`, `sub`](https://hackmd.io/@0xff07/r1vwKIY7c) - [Intel vs. AT&T Assembly Syntax](https://hackmd.io/@0xff07/Hk-_OYYXq) Learning to Fish --- - [Learning to Fish: Read The F\*n Intel Manual!](https://hackmd.io/@0xff07/BkSSFtF79) - [Learning to fish: Writing Inline Assembly](https://hackmd.io/@0xff07/ByslcYY75) - [VisualStudio Overview](https://hackmd.io/@0xff07/BJw7qKt75) - [GCC Inline Assembly](https://hackmd.io/@0xff07/Sku85tKm9) Local Variables --- - [**SingleLocalVariable.c**](https://hackmd.io/@0xff07/rJbJo8YX5) - [==Mystery Listery 3 Solved!==](https://hackmd.io/@0xff07/rkbmjLtX5) - [**ArrayLocalVariable.c**: `imul`, `movsx`, `movzx`](https://hackmd.io/@0xff07/SksUiUY7q) - [**StructLocalVariable.c**](https://hackmd.io/@0xff07/ryHkh8Fm5) Function Parameter Passing --- - [**Pass1Parameter.c**](https://hackmd.io/@0xff07/r1-03UFmc) - [**TooManyParameters.c**](https://hackmd.io/@0xff07/H1cf6LKm9) - [==Mystery Listery 2 Solved!==](https://hackmd.io/@0xff07/ryxrTIt7q) - [64-Bit Calling Conventions](https://hackmd.io/@0xff07/ByKwpLKm5) - [32-bit Calling Conventions](https://hackmd.io/@0xff07/rkHvS9t7q) - [==Mystery Listery 1 Solved!==](https://hackmd.io/@0xff07/BJHoa8tQq) - [**SpecialMaths.c**: `lea`](https://hackmd.io/@0xff07/HkYapUYQc) Control Logic --- - [**GotoExample.c**: `jmp`](https://hackmd.io/@0xff07/rkP32DK7c) - [**IfExample.c**: `jcc`, `cmp`](https://hackmd.io/@0xff07/B1YepvFmq) - [**IfExample2.c**](https://hackmd.io/@0xff07/BkxEpvtXq) - [**SwitchExample.c**](https://hackmd.io/@0xff07/SkFP6DK7q) Boolean Logic --- - [**BooleanBecause.c**: `and`, `or`, `not`, `xor`](https://hackmd.io/@0xff07/r1_9aDtQq) - [**ForLoopNoRet.c**: `inc`, `dec`](https://hackmd.io/@0xff07/S1TA6wt75) - [**BitmaskExample.c**: `test`](https://hackmd.io/@0xff07/BkbzAvYQ9) Bit Shifting --- - [**ShiftExample1.c**: `shl`, `shr`](https://hackmd.io/@0xff07/SJAHRvt75) - [**ShiftExample2Unsigned.c**](https://hackmd.io/@0xff07/HJVYAvt79) - [**ShiftExample3Signed.c**: `cdq`, `sar`](https://hackmd.io/@0xff07/S14jCwFQc) Multiply and Divide --- - [**MulDivExample.c**: `div`, `idiv`](https://hackmd.io/@0xff07/B1Py1uK79) CISC Delight: REPeatable Instructions --- - [**ArrayLocalVariable2.c**: `rep stos`](https://hackmd.io/@0xff07/Sk9KY_F7c) - [**ThereWillBe0xb100d.c**](https://hackmd.io/@0xff07/BJn0K_FQ9) - [**JourneyToTheCenterOfMemcpy.c**: `rep movs`](https://hackmd.io/@0xff07/BJPzqut79) Binary Bomb Lab --- - [The Most Important Assembly Exercise You'll Ever Do: Binary Bomb Lab](https://hackmd.io/@0xff07/ByNLUIF7c) X64 System Programming (OST2 Arch2001) --- - [Class Introduction](https://hackmd.io/@0xff07/r1fyAHl75) - [Class Conclusion](https://hackmd.io/@0xff07/rk6quHnz5) Warm-Ups --- - [CPUID](https://hackmd.io/@0xff07/r1i_LHnz9) - [Processor Execution Modes](https://hackmd.io/@0xff07/Hyh2hBgm5) - [MSRs](https://hackmd.io/@0xff07/BJd8sEP79) Privilege Rings & Segmentation --- - [Privilege Rings Start](https://hackmd.io/@0xff07/BJ3jDElXq) - [Segmentation & Segment Registers](https://hackmd.io/@0xff07/HJOe_NxQc) - [Global Desriptor Table (GDT)](https://hackmd.io/@0xff07/HJ5FO4xXc) - [Local Descriptor Table (LDT)](https://hackmd.io/@0xff07/Sk7TtTtxh) - [Segment Descriptors](https://hackmd.io/@0xff07/SkqXtEgm9) - [Call Gates](https://hackmd.io/@0xff07/BkIYqVg7q) - [Privilege Rings Finish](https://hackmd.io/@0xff07/r1WV94g7c) - [Conclusion](https://hackmd.io/@0xff07/BkA69ExXq) Interrupts --- - [Interrupts vs. Exceptions](https://hackmd.io/@0xff07/rJZAIXl75) - [Task and the Task State Segments (TSS)](https://hackmd.io/@0xff07/H1v3D7xm9) - [Interrupt Descriptor Table (IDT)](https://hackmd.io/@0xff07/SyI_umgm9) - [Interrupt Descriptors](https://hackmd.io/@0xff07/BJeT_Xl7c) - [Interrupt Masking](https://hackmd.io/@0xff07/r1683XgX9) - [Interupt Conclusions](https://hackmd.io/@0xff07/SkZuaQgQq) System Calls --- - [System Calls Design Background](https://hackmd.io/@0xff07/Hkd_WVlXc) - [`syscall`/`sysret`: x86-64's Preferred System Call Instructions](https://hackmd.io/@0xff07/HyueGElm9) - [Optional: `sysenter`/`sysexit`: x86-32's preferred system call instructions](https://hackmd.io/@0xff07/HywaMNl7c) - [Syscall-adjacent Tech (`swapgs`, {`rd`,`wr`}{`fs`,`gs`}`base`)](https://hackmd.io/@0xff07/ryWbNVlmc) - [Conclusions](https://hackmd.io/@0xff07/rkTIVExmq) Read the Time Stamp Counter --- - [RDTSC](https://hackmd.io/@0xff07/SJhvDrhGc) Paging --- - [Paging Introduction](https://hackmd.io/@0xff07/SkOo04l7q) - [Paging and the Control Registers](https://hackmd.io/@0xff07/SJHQJBgXc) - [Page Tables](https://hackmd.io/@0xff07/rJtakBeX9) - [Page Table Entries: CR3](https://hackmd.io/@0xff07/Sy33grg7c) - [Page Table Entries: PML4E](https://hackmd.io/@0xff07/SJPmGBgX5) - [Page Table Entries: PDPTE](https://hackmd.io/@0xff07/rJ3CMreX5) - [Page Table Entries: PDE](https://hackmd.io/@0xff07/BJ6NNHgmq) - [Page Table Entries: PTE](https://hackmd.io/@0xff07/Hkl1rHl79) - [Canonical Addresses](https://hackmd.io/@0xff07/ryFV_rem9) - [Page Faults](https://hackmd.io/@0xff07/BykR_BeX9) - [Translation Lookaside Buffer (TLB)](https://hackmd.io/@0xff07/r1qEFBeXc) - [Non-executable Memory (NX/XD bit)](https://hackmd.io/@0xff07/SkUcFBl79) - [Paging Conclusion](https://hackmd.io/@0xff07/SyGx5SgQc) Debugging --- - [Software Breakpoints](https://hackmd.io/@0xff07/rJF3e8lXc) - [Hardware Breakpoints](https://hackmd.io/@0xff07/Sk1CPB2M9) Port I/O --- - [Port I/O](https://hackmd.io/@0xff07/SyH-dr2M5) X64 Firmware (OST2 Arch4001) --- - [Class Introduction](https://hackmd.io/@0xff07/Sk6UvgUmq) - [Class Conclusion](https://hackmd.io/@0xff07/HyorzWUX9) Real Mode --- - [The “Real Mode” Execution Environment](https://hackmd.io/@0xff07/H1EXrl8mc) - [Processor State After Reset: Segmentation & Code Execution](https://hackmd.io/@0xff07/Bk-I8l8mc) Chipsets --- - [The Evolution of the Platform Architecture](https://hackmd.io/@0xff07/BkbvOlIQc) - [Finding the Correct Manual for the Hardware You Have](https://hackmd.io/@0xff07/SJ60dl87q) Input/Output --- - [MMIO Overview](https://hackmd.io/@0xff07/BkBG5lUQc) - [Port I/O Detail](https://hackmd.io/@0xff07/ry425eI75) PCIe --- - [PCI Evolution & Topology](https://hackmd.io/@0xff07/BJJ8Ffv7q) - [PCI Config Space](https://hackmd.io/@0xff07/BJjN5MvX9) - [PCI Base Address Registers (BARs)](https://hackmd.io/@0xff07/ryiMizDm5) - [RCRBBA & PCIEXBAR](https://hackmd.io/@0xff07/SyLF3fDQq) - [PCIe Conclusion & Optional Lab](https://hackmd.io/@0xff07/BkIThl8Q9) - [PCIe Option ROMs / Expansion ROMs & Attacks](https://hackmd.io/@0xff07/SJ3QpgUmc) SPI Operations --- - [Introduction & Supported SPI Operation Modes on x86 Hardware](https://hackmd.io/@0xff07/H10Pr7P75) - [SPI Flash Programming Interface](https://hackmd.io/@0xff07/HypkU7wX5) - [Intel Flash Descriptor and the SPI Flash Layout](https://hackmd.io/@0xff07/HkMWwXPQq) SPI Deep-Dive --- - [Optional Flash Descriptor Regions](https://hackmd.io/@0xff07/H1xZ_QvXq) - [Signature, *Descriptor Map*, and *Component* Sections](https://hackmd.io/@0xff07/HJRcKmwQ9) - [*Region*, and *Master* Sections](https://hackmd.io/@0xff07/Hkfy_QP79) - [*\*CH* Soft Straps, and *OEM* Sections](https://hackmd.io/@0xff07/SylsMNvmc) - [*Upper Descriptor Map*, *ME VSCC Table*, and Other Sections](https://hackmd.io/@0xff07/HkkBXNw7c) Flash Protection Threat Tree: Moves and Counter-Moves --- - [Protected Range Registers (PRRs)](https://hackmd.io/@0xff07/rkq7wNwmq) - [BIOS Lock Enable (BLE)](https://hackmd.io/@0xff07/B1UHtVPm5) - [Physical Attacks on SPI Flash](https://hackmd.io/@0xff07/r1XSaxL75) System Management Mode --- - [Introduction & System Management Interrupts (SMIs)](https://hackmd.io/@0xff07/SkMXAxUX9) - [System Management RAM (SMRAM) & the protection thereof](https://hackmd.io/@0xff07/ryiw0eI75) - [SMM Attacks](https://hackmd.io/@0xff07/ryutAeIX5) Power-Transition Attacks --- - [ACPI S3 Low-Power Sleep Effects on SPI & SMM Protection](https://hackmd.io/@0xff07/HJO98Bnzq) - [Attacking UEFI S3 Resume](https://hackmd.io/@0xff07/H1DVbmPQc) Minimal Boot --- - [Minimal Boot](https://hackmd.io/@0xff07/Hy36-b8mc)