News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

memmove() challenge

Started by aw27, November 15, 2019, 06:17:49 AM

Previous topic - Next topic

aw27

This is a challenge related with the Microsoft memmove()/memcpy().

The ASM source code of memmove()/memcpy() is distributed with Visual Studio 2017 and 2019. People that deletes everything from VS except a dozen, or so, files can find it online here : https://gist.github.com/Const-me/3290266d2a5f51409eb813d39b28007c

To help understand the code, I produced a flowchart, which you can see below, and you can also download in Excel format from the attachment.



In the source code there are 3 externals. __ImageBase poses no problem, it is automatically resolved.

__favor and __memcpy_nt_iters are defined in cpu_disp.c but cpu_disp.c is not distributed to the public.
As you can see from the flowchart these 2 externals have fundamental importance in the flow of the program, namely in the blue background decision points.

The challenge is:
What values can take __favor and __memcpy_nt_iters and in what circumstances?

Note that this is not a question of placing breakpoints to check the values that __favor and __memcpy_nt_iters take in a certain computer. Moreover, the Masm32/64 SDK does not resolve __favor and __memcpy_nt_iters. You need more than that (Oops, I told everything).

Good luck!


hutch--

 :biggrin:

What a tangled mess which is also my observation of the original Microsoft source code.

aw27

Quote from: hutch-- on November 15, 2019, 09:10:11 AM
:biggrin:

What a tangled mess which is also my observation of the original Microsoft source code.

:biggrin:

They don't align the stack to a 16-byte boundary on entry (as they recommend other people to do), their vision of how to make an array of pointers to functions is risible and a few other quirks but I learnt a couple of interesting things here, namely the reason the ultra optimized Agner Fog memmove routines under perform.
This answer will come out naturally, if and when the challenge is solved.  :icon_idea:

mikeburr

aw
cant read the flowchart .. i daresay others wont be able to either .. can you put it up again using a larger font please
regards mikeb

aw27

I thought everybody had something to read Excel sheets, not necessarily the Excel program itself.
It does not work by increasing the font sizes because the text will become clipped.
Anyway I changed the picture but it is not yet full size (and is not absolutely clear) because in full size you will never see it all. You may have to reduce the page size with Ctrl- (Control minus) to see what you got.


mikeburr

AW  ... now its larger i can read it
this made me laugh !!!
CopyUp:
        cmp     r8, 128
        jbe     XmmCopySmall

        bt      __favor, __FAVOR_ENFSTRG ; check for ENFSTRG (enhanced fast strings)
        jnc     XmmCopyUp               ; If Enhanced Fast String not available, use XMM
        jmp     memcpy_repmovs !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
regards mike b

aw27

Indeed, I am laughing too.   :skrewy:

aw27

It appears that people is finding this challenge not so easy.  :rolleyes:

We know that the solution is in cpu_disp.c but we also know that cpu_disp.c is not available.
However, cpu_disp.c has been compiled to cpu_disp.obj and makes part of some library.  :icon_idea:

I will be back in a few weeks time if this clue is not enough.


aw27

This is my final clue. Take it or leave it.  :icon_idea:

You need a static msvcrt.lib (not an import msvcrt.lib), and has to be relatively recent because these things are recent.
VS contains static msvcrt.libs, for example here:
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.xx.xxxx\lib\x86\msvcrt.lib

There you will find cpu_disp.obj

Extract it from the msvcrt.lib library and disassemble. The file is small and the code is not difficult to understand.
You can disassemble with a number of tools that range from Objconv to Ghidra (this one produces pseudo C code as well).

I feel sorry, but will not give more clues, will only discuss findings, if anyone got any finding.  :biggrin:

:skrewy: