News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

RIP-relative addressing

Started by MichaelW, October 24, 2014, 02:18:21 PM

Previous topic - Next topic

MichaelW

Something interesting that I saw on the FreeBASIC forum:

Understanding the x64 code models

The instruction pointer is apparently now accessible in code and usable as part of an indirect-memory operand, for addressing data.


Well Microsoft, here's another nice mess you've gotten us into.

MichaelW

At least currently it's hard to find an assembler that supports rip operands. The attachment is a proof of concept app compiled with a 64-bit version of FreeBASIC, for which the assembler is:

GNU assembler version 2.24 (x86_64-w64-mingw32) using BFD version (GNU Binutils) 2.24


dim shared as integer x
asm
    ".intel_syntax noprefix"
    "movzx  rax, BYTE PTR [eip]"
    "nop"
    "mov    X$, rax"
    ".att_syntax prefix"
end asm
print hex(x);"h"
sleep


90h

Well Microsoft, here's another nice mess you've gotten us into.


sinsi

ML64 will use the RIP-relative encoding if you use LEA
.text:0000000140001000 48 B8 00 20 00 40 01 00 00 00                                   mov     rax, offset aString
.text:000000014000100A 48 8D 05 EF 0F 00 00                                            lea     rax, aString
.text:0000000140001011
.data:0000000140002000 73 74 72 69 6E 67 00                            aString         db 'string',0

So we have RIP=0000000140001011, add 00000FEF (sign-extended to 64-bit) and get 0000000140002000.

But no way of explicitly using RIP.

Gunther

Quote from: sinsi on October 24, 2014, 10:35:50 PM
ML64 will use the RIP-relative encoding if you use LEA
.text:0000000140001000 48 B8 00 20 00 40 01 00 00 00                                   mov     rax, offset aString
.text:000000014000100A 48 8D 05 EF 0F 00 00                                            lea     rax, aString
.text:0000000140001011
.data:0000000140002000 73 74 72 69 6E 67 00                            aString         db 'string',0

So we have RIP=0000000140001011, add 00000FEF (sign-extended to 64-bit) and get 0000000140002000.

But no way of explicitly using RIP.

GAS can use RIP addressing.

Gunther
You have to know the facts before you can distort them.

sinsi

But that is a compiler issue. Maybe it would be easy to change masm/jwasm to explicitly use RIP.

Gunther

Quote from: sinsi on October 25, 2014, 12:00:00 AM
But that is a compiler issue. Maybe it would be easy to change masm/jwasm to explicitly use RIP.

Right, should be no problem. So MS and Japheth (Andreas) could make an update.

Gunther
You have to know the facts before you can distort them.

habran

FLAT assembler supports RIP:
Quote
The long mode uses also the instruction pointer based addresses, you can specify it manually with the special RIP register symbol, but such addressing is also automatically generated by flat assembler, since there is no 64-bit absolute addressing in long mode. You can still force the assembler to use the 32-bit absolute addressing by putting the dword size override for address inside the square brackets. There is also one exception, where the 64-bit absolute addressing is possible, it's the mov instruction with one of the operand being accumulator register, and second being the memory operand. To force the assembler to use the 64-bit absolute addressing there, use the qword size operator for address inside the square brackets. When no size operator is applied to address, assembler generates the optimal form automatically.

    mov [qword 0],rax  ; absolute 64-bit addressing
    mov [dword 0],r15d ; absolute 32-bit addressing
    mov [0],rsi        ; automatic RIP-relative addressing
    mov [rip+3],sil    ; manual RIP-relative addressing
Cod-Father

Gunther

You have to know the facts before you can distort them.