Author Topic: memmove() challenge  (Read 427 times)

AW

  • Member
  • *****
  • Posts: 2442
  • Let's Make ASM Great Again!
memmove() challenge
« on: November 15, 2019, 06:17:49 AM »
This is a challenge related with the Microsoft memmove()/memcpy().

The ASM source code of memmove()/memcpy() is distributed with Visual Studio 2017 and 2019. People that deletes everything from VS except a dozen, or so, files can find it online here : https://gist.github.com/Const-me/3290266d2a5f51409eb813d39b28007c

To help understand the code, I produced a flowchart, which you can see below, and you can also download in Excel format from the attachment.



In the source code there are 3 externals. __ImageBase poses no problem, it is automatically resolved.

__favor and __memcpy_nt_iters are defined in cpu_disp.c but cpu_disp.c is not distributed to the public.
As you can see from the flowchart these 2 externals have fundamental importance in the flow of the program, namely in the blue background decision points.

The challenge is:
What values can take __favor and __memcpy_nt_iters and in what circumstances?

Note that this is not a question of placing breakpoints to check the values that __favor and __memcpy_nt_iters take in a certain computer. Moreover, the Masm32/64 SDK does not resolve __favor and __memcpy_nt_iters. You need more than that (Oops, I told everything).

Good luck!

« Last Edit: November 19, 2019, 06:43:18 PM by AW »

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6768
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: memmove() challenge
« Reply #1 on: November 15, 2019, 09:10:11 AM »
 :biggrin:

What a tangled mess which is also my observation of the original Microsoft source code.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

AW

  • Member
  • *****
  • Posts: 2442
  • Let's Make ASM Great Again!
Re: memmove() challenge
« Reply #2 on: November 15, 2019, 05:40:04 PM »
:biggrin:

What a tangled mess which is also my observation of the original Microsoft source code.

 :biggrin:

They don't align the stack to a 16-byte boundary on entry (as they recommend other people to do), their vision of how to make an array of pointers to functions is risible and a few other quirks but I learnt a couple of interesting things here, namely the reason the ultra optimized Agner Fog memmove routines under perform.
This answer will come out naturally, if and when the challenge is solved.  :icon_idea:

mikeburr

  • Member
  • **
  • Posts: 96
Re: memmove() challenge
« Reply #3 on: November 19, 2019, 07:24:15 AM »
aw
cant read the flowchart .. i daresay others wont be able to either .. can you put it up again using a larger font please
regards mikeb

AW

  • Member
  • *****
  • Posts: 2442
  • Let's Make ASM Great Again!
Re: memmove() challenge
« Reply #4 on: November 19, 2019, 06:39:05 PM »
I thought everybody had something to read Excel sheets, not necessarily the Excel program itself.
It does not work by increasing the font sizes because the text will become clipped.
Anyway I changed the picture but it is not yet full size (and is not absolutely clear) because in full size you will never see it all. You may have to reduce the page size with Ctrl- (Control minus) to see what you got.


mikeburr

  • Member
  • **
  • Posts: 96
Re: memmove() challenge
« Reply #5 on: November 25, 2019, 11:36:30 AM »
AW  ... now its larger i can read it
this made me laugh !!!
CopyUp:
        cmp     r8, 128
        jbe     XmmCopySmall

        bt      __favor, __FAVOR_ENFSTRG ; check for ENFSTRG (enhanced fast strings)
        jnc     XmmCopyUp               ; If Enhanced Fast String not available, use XMM
        jmp     memcpy_repmovs !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
regards mike b

AW

  • Member
  • *****
  • Posts: 2442
  • Let's Make ASM Great Again!
Re: memmove() challenge
« Reply #6 on: November 25, 2019, 07:24:31 PM »
Indeed, I am laughing too.   :skrewy:

AW

  • Member
  • *****
  • Posts: 2442
  • Let's Make ASM Great Again!
Re: memmove() challenge
« Reply #7 on: December 01, 2019, 05:08:44 PM »
It appears that people is finding this challenge not so easy.  :rolleyes:

We know that the solution is in cpu_disp.c but we also know that cpu_disp.c is not available.
However, cpu_disp.c has been compiled to cpu_disp.obj and makes part of some library.  :icon_idea:

I will be back in a few weeks time if this clue is not enough.


AW

  • Member
  • *****
  • Posts: 2442
  • Let's Make ASM Great Again!
Re: memmove() challenge
« Reply #8 on: December 12, 2019, 05:22:13 AM »
This is my final clue. Take it or leave it.  :icon_idea:

You need a static msvcrt.lib (not an import msvcrt.lib), and has to be relatively recent because these things are recent.
VS contains static msvcrt.libs, for example here:
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.xx.xxxx\lib\x86\msvcrt.lib

There you will find cpu_disp.obj

Extract it from the msvcrt.lib library and disassemble. The file is small and the code is not difficult to understand.
You can disassemble with a number of tools that range from Objconv to Ghidra (this one produces pseudo C code as well).

I feel sorry, but will not give more clues, will only discuss findings, if anyone got any finding.  :biggrin:

 :skrewy: