Author Topic: RIP-relative addressing  (Read 7778 times)

MichaelW

  • Global Moderator
  • Member
  • *****
  • Posts: 1209
RIP-relative addressing
« on: October 24, 2014, 02:18:21 PM »
Something interesting that I saw on the FreeBASIC forum:

Understanding the x64 code models

The instruction pointer is apparently now accessible in code and usable as part of an indirect-memory operand, for addressing data.


Well Microsoft, here’s another nice mess you’ve gotten us into.

MichaelW

  • Global Moderator
  • Member
  • *****
  • Posts: 1209
Re: RIP-relative addressing
« Reply #1 on: October 24, 2014, 03:50:01 PM »
At least currently it's hard to find an assembler that supports rip operands. The attachment is a proof of concept app compiled with a 64-bit version of FreeBASIC, for which the assembler is:

GNU assembler version 2.24 (x86_64-w64-mingw32) using BFD version (GNU Binutils) 2.24

Code: [Select]
dim shared as integer x
asm
    ".intel_syntax noprefix"
    "movzx  rax, BYTE PTR [eip]"
    "nop"
    "mov    X$, rax"
    ".att_syntax prefix"
end asm
print hex(x);"h"
sleep
Code: [Select]
90h
Well Microsoft, here’s another nice mess you’ve gotten us into.

jj2007

  • Member
  • *****
  • Posts: 11310
  • Assembler is fun ;-)
    • MasmBasic
Re: RIP-relative addressing
« Reply #2 on: October 24, 2014, 04:03:41 PM »

sinsi

  • Guest
Re: RIP-relative addressing
« Reply #3 on: October 24, 2014, 10:35:50 PM »
ML64 will use the RIP-relative encoding if you use LEA
Code: [Select]
.text:0000000140001000 48 B8 00 20 00 40 01 00 00 00                                   mov     rax, offset aString
.text:000000014000100A 48 8D 05 EF 0F 00 00                                            lea     rax, aString
.text:0000000140001011
.data:0000000140002000 73 74 72 69 6E 67 00                            aString         db 'string',0
So we have RIP=0000000140001011, add 00000FEF (sign-extended to 64-bit) and get 0000000140002000.

But no way of explicitly using RIP.

Gunther

  • Member
  • *****
  • Posts: 3720
  • Forgive your enemies, but never forget their names
Re: RIP-relative addressing
« Reply #4 on: October 24, 2014, 11:30:40 PM »
ML64 will use the RIP-relative encoding if you use LEA
Code: [Select]
.text:0000000140001000 48 B8 00 20 00 40 01 00 00 00                                   mov     rax, offset aString
.text:000000014000100A 48 8D 05 EF 0F 00 00                                            lea     rax, aString
.text:0000000140001011
.data:0000000140002000 73 74 72 69 6E 67 00                            aString         db 'string',0
So we have RIP=0000000140001011, add 00000FEF (sign-extended to 64-bit) and get 0000000140002000.

But no way of explicitly using RIP.

GAS can use RIP addressing.

Gunther
Get your facts first, and then you can distort them.

sinsi

  • Guest
Re: RIP-relative addressing
« Reply #5 on: October 25, 2014, 12:00:00 AM »
But that is a compiler issue. Maybe it would be easy to change masm/jwasm to explicitly use RIP.

Gunther

  • Member
  • *****
  • Posts: 3720
  • Forgive your enemies, but never forget their names
Re: RIP-relative addressing
« Reply #6 on: October 25, 2014, 12:24:56 AM »
But that is a compiler issue. Maybe it would be easy to change masm/jwasm to explicitly use RIP.

Right, should be no problem. So MS and Japheth (Andreas) could make an update.

Gunther
Get your facts first, and then you can distort them.

habran

  • Member
  • *****
  • Posts: 1226
    • uasm
Re: RIP-relative addressing
« Reply #7 on: October 25, 2014, 06:06:56 AM »
FLAT assembler supports RIP:
Quote
The long mode uses also the instruction pointer based addresses, you can specify it manually with the special RIP register symbol, but such addressing is also automatically generated by flat assembler, since there is no 64-bit absolute addressing in long mode. You can still force the assembler to use the 32-bit absolute addressing by putting the dword size override for address inside the square brackets. There is also one exception, where the 64-bit absolute addressing is possible, it's the mov instruction with one of the operand being accumulator register, and second being the memory operand. To force the assembler to use the 64-bit absolute addressing there, use the qword size operator for address inside the square brackets. When no size operator is applied to address, assembler generates the optimal form automatically.
Code: [Select]
    mov [qword 0],rax  ; absolute 64-bit addressing
    mov [dword 0],r15d ; absolute 32-bit addressing
    mov [0],rsi        ; automatic RIP-relative addressing
    mov [rip+3],sil    ; manual RIP-relative addressing
Cod-Father

Gunther

  • Member
  • *****
  • Posts: 3720
  • Forgive your enemies, but never forget their names
Re: RIP-relative addressing
« Reply #8 on: October 25, 2014, 11:20:55 AM »
FLAT assembler supports RIP:

Yes, NASM and YASM support it, too.

Gunther
Get your facts first, and then you can distort them.