Beyond MOV ADD XOR – the unusual and unexpected in x86 (CONFidence 2013)

Information

• Language: English
• Conference: CONFidence
• Location: Kraków, Poland
• Date: May 2013
• Speaker(s): Mateusz ‘j00ru’ Jurczyk, Gynvael Coldwind

Slides

• Download: https://j00ru.vexillium.org/slides/2013/confidence.pdf

Video

Abstract

Intel x86 and the derived AMD64 architecture families are by far the most widespread and commonly known ones, powering millions and millions of desktop PCs, server racks and even some mobile devices. Although understanding low-level X86 assembly code has been subject to extensive study by hobbyists, professional reverse engineers and exploit developers alike, the research typically covers only a small subset of both instruction set and features the architecture has to offer. In this presentation, we will address numerous interesting, often security-relevant tidbits, unpopular features and unusual behaviors that we have came across during our journey through the manuals, books and research papers, as well as our own experience. Basic knowledge of x86 assembly and its execution environment is highly recommended.

Resources

• Blog post – CONFidence 2013 and the x86 quirks