This is a challenge related with the Microsoft memmove()/memcpy().
The ASM source code of memmove()/memcpy() is distributed with Visual Studio 2017 and 2019. People that deletes everything from VS except a dozen, or so, files can find it online here : https://gist.github.com/Const-me/3290266d2a5f51409eb813d39b28007c
To help understand the code, I produced a flowchart, which you can see below, and you can also download in Excel format from the attachment.
(https://www.dropbox.com/s/ywrtebb2nd6v8cq/memmov3.png?dl=1)
In the source code there are 3 externals. __ImageBase poses no problem, it is automatically resolved.
__favor and __memcpy_nt_iters are defined in cpu_disp.c but cpu_disp.c is not distributed to the public.
As you can see from the flowchart these 2 externals have fundamental importance in the flow of the program, namely in the blue background decision points.
The challenge is:
What values can take __favor and __memcpy_nt_iters and in what circumstances?
Note that this is not a question of placing breakpoints to check the values that __favor and __memcpy_nt_iters take in a certain computer. Moreover, the Masm32/64 SDK does not resolve __favor and __memcpy_nt_iters. You need more than that (Oops, I told everything).
Good luck!
:biggrin:
What a tangled mess which is also my observation of the original Microsoft source code.
Quote from: hutch-- on November 15, 2019, 09:10:11 AM
:biggrin:
What a tangled mess which is also my observation of the original Microsoft source code.
:biggrin:
They don't align the stack to a 16-byte boundary on entry (as they recommend other people to do), their vision of how to make an array of pointers to functions is risible and a few other quirks but I learnt a couple of interesting things here, namely the reason the ultra optimized Agner Fog memmove routines under perform.
This answer will come out naturally, if and when the challenge is solved. :icon_idea:
aw
cant read the flowchart .. i daresay others wont be able to either .. can you put it up again using a larger font please
regards mikeb
I thought everybody had something to read Excel sheets, not necessarily the Excel program itself.
It does not work by increasing the font sizes because the text will become clipped.
Anyway I changed the picture but it is not yet full size (and is not absolutely clear) because in full size you will never see it all. You may have to reduce the page size with Ctrl- (Control minus) to see what you got.
AW ... now its larger i can read it
this made me laugh !!!
CopyUp:
cmp r8, 128
jbe XmmCopySmall
bt __favor, __FAVOR_ENFSTRG ; check for ENFSTRG (enhanced fast strings)
jnc XmmCopyUp ; If Enhanced Fast String not available, use XMM
jmp memcpy_repmovs !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
regards mike b
Indeed, I am laughing too. :skrewy:
It appears that people is finding this challenge not so easy. :rolleyes:
We know that the solution is in cpu_disp.c but we also know that cpu_disp.c is not available.
However, cpu_disp.c has been compiled to cpu_disp.obj and makes part of some library. :icon_idea:
I will be back in a few weeks time if this clue is not enough.
This is my final clue. Take it or leave it. :icon_idea:
You need a static msvcrt.lib (not an import msvcrt.lib), and has to be relatively recent because these things are recent.
VS contains static msvcrt.libs, for example here:
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.xx.xxxx\lib\x86\msvcrt.lib
There you will find cpu_disp.obj
Extract it from the msvcrt.lib library and disassemble. The file is small and the code is not difficult to understand.
You can disassemble with a number of tools that range from Objconv to Ghidra (this one produces pseudo C code as well).
I feel sorry, but will not give more clues, will only discuss findings, if anyone got any finding. :biggrin:
:skrewy: