DOCSLIB.ORG

NASM — the Netwide Assembler Version 0.99.04

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
NASM — the Netwide Assembler Version 0.99.04 NASM — The Netwide Assembler version 0.99.04 -~~..~:#;L .-:#;L,.- .~:#:;.T -~~.~:;. .~:;. E8+U *T +U' *T# .97 *L E8+' *;T' *;, D97 `*L .97 '*L "T;E+:, D9 *L *L H7 I# T7 I# "*:. H7 I# I# U: :8 *#+ , :8 T, 79 U: :8 :8 ,#B. .IE, "T;E* .IE, J *+;#:T*" ,#B. .IE, .IE, © 2007 The NASM Development Team All rights reserved. This document is redistributable under the license given in the file "COPYING" distributed in the NASM archive. Contents Chapter 1: Introduction. .10 1.1 What Is NASM? . .10 1.1.1 Why Yet Another Assembler? . .10 1.1.2 License Conditions . .10 1.2 Contact Information . .10 1.3 Installation . .11 1.3.1 Installing NASM under MS−DOS or Windows . .11 1.3.2 Installing NASM under Unix . .11 Chapter 2: Running NASM . .13 2.1 NASM Command−Line Syntax . .13 2.1.1 The −o Option: Specifying the Output File Name . .13 2.1.2 The −f Option: Specifying the Output File Format . .14 2.1.3 The −l Option: Generating a Listing File. .14 2.1.4 The −M Option: Generate Makefile Dependencies . .14 2.1.5 The −MG Option: Generate Makefile Dependencies . .14 2.1.6 The −F Option: Selecting a Debug Information Format . .14 2.1.7 The −g Option: Enabling Debug Information. .15 2.1.8 The −X Option: Selecting an Error Reporting Format . .15 2.1.9 The −E Option: Send Errors to a File . .15 2.1.10 The −s Option: Send Errors to stdout . .15 2.1.11 The −i Option: Include File Search Directories. .15 2.1.12 The −p Option: Pre−Include a File. .16 2.1.13 The −d Option: Pre−Define a Macro . .16 2.1.14 The −u Option: Undefine a Macro . .16 2.1.15 The −e Option: Preprocess Only. .16 2.1.16 The −a Option: Don’t Preprocess At All . .17 2.1.17 The −On Option: Specifying Multipass Optimization. .17 2.1.18 The −t option: Enable TASM Compatibility Mode . .17 2.1.19 The −w Option: Enable or Disable Assembly Warnings . .18 2.1.20 The −v Option: Display Version Info . .18 3 2.1.21 The −y Option: Display Available Debug Info Formats . .18 2.1.22 The −−prefix and −−postfix Options. .19 2.1.23 The NASMENV Environment Variable . .19 2.2 Quick Start for MASM Users. .19 2.2.1 NASM Is Case−Sensitive . .19 2.2.2 NASM Requires Square Brackets For Memory References . .19 2.2.3 NASM Doesn’t Store Variable Types . .20 2.2.4 NASM Doesn’t ASSUME . .20 2.2.5 NASM Doesn’t Support Memory Models . .20 2.2.6 Floating−Point Differences . .20 2.2.7 Other Differences. .21 Chapter 3: The NASM Language . .22 3.1 Layout of a NASM Source Line . .22 3.2 Pseudo−Instructions . .23 3.2.1 DB and friends: Declaring initialized Data . .23 3.2.2 RESB and friends: Declaring Uninitialized Data . .23 3.2.3 INCBIN: Including External Binary Files . .23 3.2.4 EQU: Defining Constants. .24 3.2.5 TIMES: Repeating Instructions or Data . .24 3.3 Effective Addresses . .24 3.4 Constants. .25 3.4.1 Numeric Constants . .25 3.4.2 Character Constants . .26 3.4.3 String Constants . .26 3.4.4 Floating−Point Constants . .26 3.5 Expressions . .27 3.5.1 |: Bitwise OR Operator . .27 3.5.2 ^: Bitwise XOR Operator . .27 3.5.3 &: Bitwise AND Operator . .27 3.5.4 << and >>: Bit Shift Operators . .28 3.5.5 + and −: Addition and Subtraction Operators . .28 3.5.6 *, /, //, % and %%: Multiplication and Division . .28 3.5.7 Unary Operators: +, −, ~, ! and SEG . .28 3.6 SEG and WRT . .28 3.7 STRICT: Inhibiting Optimization . .29 4 3.8 Critical Expressions . .29 3.9 Local Labels . .30 Chapter 4: The NASM Preprocessor . .32 4.1 Single−Line Macros. .32 4.1.1 The Normal Way: %define . .32 4.1.2 Enhancing %define: %xdefine . .33 4.1.3 Concatenating Single Line Macro Tokens: %+ . .34 4.1.4 Undefining macros: %undef . .34 4.1.5 Preprocessor Variables: %assign . .35 4.2 String Handling in Macros: %strlen and %substr . .35 4.2.1 String Length: %strlen . .35 4.2.2 Sub−strings: %substr . .35 4.3 Multi−Line Macros: %macro . .36 4.3.1 Overloading Multi−Line Macros . .36 4.3.2 Macro−Local Labels . .37 4.3.3 Greedy Macro Parameters . .37 4.3.4 Default Macro Parameters . .38 4.3.5 %0: Macro Parameter Counter . .39 4.3.6 %rotate: Rotating Macro Parameters . .39 4.3.7 Concatenating Macro Parameters . .40 4.3.8 Condition Codes as Macro Parameters . .41 4.3.9 Disabling Listing Expansion. .41 4.4 Conditional Assembly. .41 4.4.1 %ifdef: Testing Single−Line Macro Existence . .42 4.4.2 ifmacro: Testing Multi−Line Macro Existence . .42 4.4.3 %ifctx: Testing the Context Stack . .42 4.4.4 %if: Testing Arbitrary Numeric Expressions . .43 4.4.5 %ifidn and %ifidni: Testing Exact Text Identity . .43 4.4.6 %ifid, %ifnum, %ifstr: Testing Token Types. .43 4.4.7 %error: Reporting User−Defined Errors . .44 4.5 Preprocessor Loops: %rep . .45 4.6 Including Other Files . .45 4.7 The Context Stack . .46 4.7.1 %push and %pop: Creating and Removing Contexts . .46.
Load more

Recommended publications
  • 2. Assembly Language Assembly Language Is a Programming Language That Is Very Similar to Machine Language, but Uses Symbols Instead of Binary Numbers
    2. Assembly Language Assembly Language is a programming language that is very similar to machine language, but uses symbols instead of binary numbers. It is converted by the assembler into executable machine- language programs. Assembly language is machine-dependent; an assembly program can only be executed on a particular machine. 2.1 Introduction to Assembly Language Tools Practical assembly language programs can, in general, be written using one of the two following methods: 1- The full-segment definition form 2- The simplified segment definition form In both methods, the source program includes two types of instructions: real instructions, and pseudo instructions. Real instructions such as MOV and ADD are the actual instructions that are translated by the assembler into machine code for execution by the CPU. Pseudo instructions, on the other hand, don’t generate machine code and are only used to give directions to the assembler about how it should translate the assembly language instructions into machine code. The assembler program converts the written assembly language file (called source file) into machine code file (called object file). Another program, known as the linker, converts the object file into an executable file for practical run. It also generates a special file called the map file which is used to get the offset addresses of the segments in the main assembly program as shown in figure 1. Other tools needed in assembling coding include a debugger, and an editor as shown in figure 2 Figure 2. Program Development Procedure There are several commercial assemblers available like the Microsoft Macro Assembler (MASM), and the Borland Turbo Assembler (TASM).
    [Show full text]
  • NASM – the Netwide Assembler
    NASM – The Netwide Assembler version 2.14rc7 © 1996−2017 The NASM Development Team — All Rights Reserved This document is redistributable under the license given in the file "LICENSE" distributed in the NASM archive. Contents Chapter 1: Introduction . 17 1.1 What Is NASM?. 17 1.1.1 License Conditions . 17 Chapter 2: Running NASM . 19 2.1 NASM Command−Line Syntax . 19 2.1.1 The −o Option: Specifying the Output File Name . 19 2.1.2 The −f Option: Specifying the Output File Format . 20 2.1.3 The −l Option: Generating a Listing File . 20 2.1.4 The −M Option: Generate Makefile Dependencies. 20 2.1.5 The −MG Option: Generate Makefile Dependencies . 20 2.1.6 The −MF Option: Set Makefile Dependency File. 20 2.1.7 The −MD Option: Assemble and Generate Dependencies . 20 2.1.8 The −MT Option: Dependency Target Name . 21 2.1.9 The −MQ Option: Dependency Target Name (Quoted) . 21 2.1.10 The −MP Option: Emit phony targets . 21 2.1.11 The −MW Option: Watcom Make quoting style . 21 2.1.12 The −F Option: Selecting a Debug Information Format . 21 2.1.13 The −g Option: Enabling Debug Information. 21 2.1.14 The −X Option: Selecting an Error Reporting Format . 21 2.1.15 The −Z Option: Send Errors to a File. 22 2.1.16 The −s Option: Send Errors to stdout ..........................22 2.1.17 The −i Option: Include File Search Directories . 22 2.1.18 The −p Option: Pre−Include a File . 22 2.1.19 The −d Option: Pre−Define a Macro .
    [Show full text]
  • NASM — the Netwide Assembler Version 2.09.04
    NASM — The Netwide Assembler version 2.09.04 -~~..~:#;L .-:#;L,.- .~:#:;.T -~~.~:;. .~:;. E8+U *T +U' *T# .97 *L E8+' *;T' *;, D97 `*L .97 '*L "T;E+:, D9 *L *L H7 I# T7 I# "*:. H7 I# I# U: :8 *#+ , :8 T, 79 U: :8 :8 ,#B. .IE, "T;E* .IE, J *+;#:T*" ,#B. .IE, .IE, © 1996−2010 The NASM Development Team — All Rights Reserved This document is redistributable under the license given in the file "LICENSE" distributed in the NASM archive. Contents Chapter 1: Introduction . .15 1.1 What Is NASM? . .15 1.1.1 Why Yet Another Assembler?. .15 1.1.2 License Conditions . .15 1.2 Contact Information . .16 1.3 Installation. .16 1.3.1 Installing NASM under MS−DOS or Windows . .16 1.3.2 Installing NASM under Unix . .17 Chapter 2: Running NASM . .18 2.1 NASM Command−Line Syntax . .18 2.1.1 The −o Option: Specifying the Output File Name . .18 2.1.2 The −f Option: Specifying the Output File Format . .19 2.1.3 The −l Option: Generating a Listing File . .19 2.1.4 The −M Option: Generate Makefile Dependencies . .19 2.1.5 The −MG Option: Generate Makefile Dependencies . .19 2.1.6 The −MF Option: Set Makefile Dependency File . .19 2.1.7 The −MD Option: Assemble and Generate Dependencies. .19 2.1.8 The −MT Option: Dependency Target Name. .20 2.1.9 The −MQ Option: Dependency Target Name (Quoted) . .20 2.1.10 The −MP Option: Emit phony targets. .20 2.1.11 The −F Option: Selecting a Debug Information Format .
    [Show full text]
  • Linux Assembly HOWTO Linux Assembly HOWTO
    Linux Assembly HOWTO Linux Assembly HOWTO Table of Contents Linux Assembly HOWTO..................................................................................................................................1 Konstantin Boldyshev and François−René Rideau................................................................................1 1.INTRODUCTION................................................................................................................................1 2.DO YOU NEED ASSEMBLY?...........................................................................................................1 3.ASSEMBLERS.....................................................................................................................................1 4.METAPROGRAMMING/MACROPROCESSING............................................................................2 5.CALLING CONVENTIONS................................................................................................................2 6.QUICK START....................................................................................................................................2 7.RESOURCES.......................................................................................................................................2 1. INTRODUCTION...............................................................................................................................2 1.1 Legal Blurb........................................................................................................................................2
    [Show full text]
  • Different Emulators to Write 8086 Assembly Language Programs
    Different Emulators to write 8086 assembly language programs Subject: IWM Content • Emu8086 • TASM(Turbo Assembler) • MASM(Microsoft Macro Assembler) • NASM(Netwide Assembler) • FASM(Flat Assembler) Emu8086 • Emu8086 combines an advanced source editor, assembler, disassembler, software emulator with debugger, and step by step tutorials • It permit to assemble, emulate and debug 8086 programs. • This emulator was made for Windows, it works fine on GNU/Linux (with the help of Wine). • The source code is compiled by assembler and then executed on Emulator step-by-step, allowing to watch registers, flags and memory while program runs. how to run program on Emu8086 • Download Emu8086 through this link : https://download.cnet.com/Emu8086-Microprocessor- Emulator/3000-2069_4-10392690.html • Start Emu8086 by running Emu8086.exe • Select “Examples" from "File" menu. • Click “Emulate” button (or press F5). • Click “Single Step” button (or press F8) and watch how the code is being executed. Turbo Assembler(Tasm) • Turbo Assembler (TASM) is a computer assembler developed by Borland which runs on and produces code for 16- or 32-bit x86 DOS or Microsoft Windows. • The Turbo Assembler package is bundled with the Turbo Linker, and is interoperable with the Turbo Debugger. • Turbo Assembler (TASM) a small 16-bit computer program which enables us to write 16 bit i.e. x86 programming code on 32-bit machine. It can be used with any high level language compliers like GCC compiler set to build object files. So that programmers can use their daily routine machines to write 16-bit code and execute on x86 devices. how to run program using TASM • Download TASM through this link : https://techapple.net/2013/01/tasm-windows-7-windows-8-full- screen-64bit-version-single-installer/ • Start TASM by running tasm.exe • It will open DOSBOX.
    [Show full text]
  • First Osborne Group (FOG) Records
    http://oac.cdlib.org/findaid/ark:/13030/c8611668 No online items First Osborne Group (FOG) records Finding aid prepared by Jack Doran and Sara Chabino Lott Processing of this collection was made possible through generous funding from the National Archives’ National Historical Publications & Records Commission: Access to Historical Records grant. Computer History Museum 1401 N. Shoreline Blvd. Mountain View, CA, 94043 (650) 810-1010 [email protected] August, 2019 First Osborne Group (FOG) X4071.2007 1 records Title: First Osborne Group (FOG) records Identifier/Call Number: X4071.2007 Contributing Institution: Computer History Museum Language of Material: English Physical Description: 26.57 Linear feet, 3 record cartons, 5 manuscript boxes, 2 periodical boxes, 18 software boxes Date (bulk): Bulk, 1981-1993 Date (inclusive): 1979-1997 Abstract: The First Osborne Group (FOG) records contain software and documentation created primarily between 1981 and 1993. This material was created or authored by FOG members for other members using hardware compatible with CP/M and later MS and PC-DOS software. The majority of the collection consists of software written by FOG members to be shared through the library. Also collected are textual materials held by the library, some internal correspondence, and an incomplete collection of the FOG newsletters. creator: First Osborne Group. Processing Information Collection surveyed by Sydney Gulbronson Olson, 2017. Collection processed by Jack Doran, 2019. Access Restrictions The collection is open for research. Publication Rights The Computer History Museum (CHM) can only claim physical ownership of the collection. Users are responsible for satisfying any claims of the copyright holder. Requests for copying and permission to publish, quote, or reproduce any portion of the Computer History Museum’s collection must be obtained jointly from both the copyright holder (if applicable) and the Computer History Museum as owner of the material.
    [Show full text]
  • Internals of the Netwide Assembler ======
    Internals of the Netwide Assembler ================================== The Netwide Assembler is intended to be a modular, re-usable x86 assembler, which can be embedded in other programs, for example as the back end to a compiler. The assembler is composed of modules. The interfaces between them look like: +--- preproc.c ----+ | | +---- parser.c ----+ | | | | float.c | | | +--- assemble.c ---+ | | | nasm.c ---+ insnsa.c +--- nasmlib.c | | +--- listing.c ----+ | | +---- labels.c ----+ | | +--- outform.c ----+ | | +----- *out.c -----+ In other words, each of `preproc.c', `parser.c', `assemble.c', `labels.c', `listing.c', `outform.c' and each of the output format modules `*out.c' are independent modules, which do not directly inter-communicate except through the main program. The Netwide *Disassembler* is not intended to be particularly portable or reusable or anything, however. So I won't bother documenting it here. :-) nasmlib.c --------- This is a library module; it contains simple library routines which may be referenced by all other modules. Among these are a set of wrappers around the standard `malloc' routines, which will report a fatal error if they run out of memory, rather than returning NULL. preproc.c --------- This contains a macro preprocessor, which takes a file name as input and returns a sequence of preprocessed source lines. The only symbol exported from the module is `nasmpp', which is a data structure of type `Preproc', declared in nasm.h. This structure contains pointers to all the functions designed to be callable from outside the module. parser.c -------- This contains a source-line parser. It parses `canonical' assembly source lines, containing some combination of the `label', `opcode', `operand' and `comment' fields: it does not process directives or macros.
    [Show full text]
  • Lab # 1 Introduction to Assembly Language
    Assembly Language LAB Islamic University – Gaza Engineering Faculty Department of Computer Engineering 2013 ECOM 2125: Assembly Language LAB Eng. Ahmed M. Ayash Lab # 1 Introduction to Assembly Language February 11, 2013 Objective: To be familiar with Assembly Language. 1. Introduction: Machine language (computer's native language) is a system of impartible instructions executed directly by a computer's central processing unit (CPU). Instructions consist of binary code: 1s and 0s Machine language can be made directly from java code using interpreter. The difference between compiling and interpreting is as follows. Compiling translates the high-level code into a target language code as a single unit. Interpreting translates the individual steps in a high-level program one at a time rather than the whole program as a single unit. Each step is executed immediately after it is translated. C, C++ code is executed faster than Java code, because they transferred to assembly language before machine language. 1 Using Visual Studio 2012 to convert C++ program to assembly language: - From File menu >> choose new >> then choose project. Or from the start page choose new project. - Then the new project window will appear, - choose visual C++ and win32 console application - The project name is welcome: This is a C++ Program that print "Welcome all to our assembly Lab 2013” 2 To run the project, do the following two steps in order: 1. From build menu choose build Welcome. 2. From debug menu choose start without debugging. The output is To convert C++ code to Assembly code we follow these steps: 1) 2) 3 3) We will find the Assembly code on the project folder we save in (Visual Studio 2012\Projects\Welcome\Welcome\Debug), named as Welcome.asm Part of the code: 2.
    [Show full text]
  • Assembly Language Step-By-Step: Programming with DOS and Linux
    Assembly Language Step-by-Step: Programming with DOS and Linux, Second Edition by Jeff Duntemann ISBN:0471375233 John Wiley & Sons © 2000 (613 pages) A “Lost World” journey into 16-bit assembler programming concepts and techniques. <?xml version="1.0" encoding="ISO-8859-1"?> Table of Contents Assembly Language Step-by-Step—Programming with DOS and Linux, Second Edition Foreword Introduction - "Why Would You Want to Do That?" Another Pleasant Valley Saturday Understanding What Computers Chapter 1 - Really Do Chapter 2 - Alien Bases Getting Your Arms around Binary and Hexadecimal Chapter 3 - Lifting the Hood Discovering What Computers Actually Are The Right to Assemble The Process of Making Assembly Language Chapter 4 - Programs NASM-IDE: A Place to Stand Give me a lever long enough, and a Chapter 5 - place to stand, and I will move the Earth. An Uneasy Alliance The x86 CPU and Its Segmented Memory Chapter 6 - System Following Your Instructions Meeting Machine Instructions up Close Chapter 7 - and Personal Chapter 8 - Our Object All Sublime Creating Programs that Work Dividing and Conquering Using Procedures and Macros to Battle Chapter 9 - Complexity Bits, Flags, Branches, and Tables Easing into Mainstream Chapter 10 - Assembly Programming Chapter 11 - Stringing Them Up Those Amazing String Instructions The Programmer's View of Linux Tools and Skills to Help You Write Chapter 12 - Assembly Code under a True 32-Bit OS Coding for Linux Applying What You've Learned to a True Chapter 13 - Protected Mode Operating System Conclusion - Not the End, But Only the Beginning Appendix A - Partial 8086/8088 Instruction Set Reference Appendix B - Segment Register Assumptions for Real Mode Segmented Model Appendix C - Web URLs for Assembly Programmers Appendix D - Segment Register Assumptions Appendix E - What's on the CD-ROM? Index List of Figures List of Tables Back Cover The bestselling guide to assembly language--now updated and expanded to include coverage of Linux.
    [Show full text]
  • Intel X86 Assembly Language & Microarchitecture
    Intel x86 Assembly Language & Microarchitecture #x86 Table of Contents About 1 Chapter 1: Getting started with Intel x86 Assembly Language & Microarchitecture 2 Remarks 2 Examples 2 x86 Assembly Language 2 x86 Linux Hello World Example 3 Chapter 2: Assemblers 6 Examples 6 Microsoft Assembler - MASM 6 Intel Assembler 6 AT&T assembler - as 7 Borland's Turbo Assembler - TASM 7 GNU assembler - gas 7 Netwide Assembler - NASM 8 Yet Another Assembler - YASM 9 Chapter 3: Calling Conventions 10 Remarks 10 Resources 10 Examples 10 32-bit cdecl 10 Parameters 10 Return Value 11 Saved and Clobbered Registers 11 64-bit System V 11 Parameters 11 Return Value 11 Saved and Clobbered Registers 11 32-bit stdcall 12 Parameters 12 Return Value 12 Saved and Clobbered Registers 12 32-bit, cdecl — Dealing with Integers 12 As parameters (8, 16, 32 bits) 12 As parameters (64 bits) 12 As return value 13 32-bit, cdecl — Dealing with Floating Point 14 As parameters (float, double) 14 As parameters (long double) 14 As return value 15 64-bit Windows 15 Parameters 15 Return Value 16 Saved and Clobbered Registers 16 Stack alignment 16 32-bit, cdecl — Dealing with Structs 16 Padding 16 As parameters (pass by reference) 17 As parameters (pass by value) 17 As return value 17 Chapter 4: Control Flow 19 Examples 19 Unconditional jumps 19 Relative near jumps 19 Absolute indirect near jumps 19 Absolute far jumps 19 Absolute indirect far jumps 20 Missing jumps 20 Testing conditions 20 Flags 21 Non-destructive tests 21 Signed and unsigned tests 22 Conditional jumps 22 Synonyms and terminology 22 Equality 22 Greater than 23 Less than 24 Specific flags 24 One more conditional jump (extra one) 25 Test arithmetic relations 25 Unsigned integers 25 Signed integers 26 a_label 26 Synonyms 27 Signed unsigned companion codes 27 Chapter 5: Converting decimal strings to integers 28 Remarks 28 Examples 28 IA-32 assembly, GAS, cdecl calling convention 28 MS-DOS, TASM/MASM function to read a 16-bit unsigned integer 29 Read a 16-bit unsigned integer from input.
    [Show full text]
  • Сравнение Ассемблерных Трансляторов Крис Касперски, Aka Мыщъх, Aka Nezumi, Aka Elrton, Aka Souriz, No E-Mail
    сравнение ассемблерных трансляторов крис касперски, aka мыщъх, aka nezumi, aka elrton, aka souriz, no e-mail. проблема выбора "единственного правильного" ассемблерного транслятора мучает не только начинающих, но и профессиональных программистов. у каждого продукта есть своя когорта поклонниках и спор о преимуществах/недостатках рискует превратиться в священные войны с выносом тел погибших. на форумах такие дискуссии лучше не разводить и вещать в одностороннем порядке, как мыщъх, собственно, и поступил, сравнив MASM, TASM, FASM, NASM, YASM и некоторые другие ассемблеры по всему спектру критериев, значимость которых каждый должен оценивать сам введение Компиляторы языков высокого уровня (Си, Паскаль) в определенной степени совместимы между собой и хотя исходный текст, предназначенный для одного компилятора, не всегда без переделок транслируется на другом, синтаксис и прочие языковые концепции остаются неизменными, позволяя "летать" между MS VC, Intel C++, GCC, Open WATCOM, сравнивая полноту поддержки Стандарта, скорость трансляции, качество кодогенерации, популярность компилятора и вытекающее отсюда изобилие (недостаток) библиотек и компонент к нему. С трансляторами ассемблера все обстоит иначе. Казалось бы, x86 ассемблер — он и в Африке ассемблер, так ведь нет! Помимо поддержки мнемоник машинных команд, каждый транслятор обладает своим собственным набором директив и макросредств, зачастую ни с чем не совместимых. Ассемблерный листинг, "заточенный", например, под MASM, бесполезно переносить на FASM, поскольку, _возможности,_ предоставляемые
    [Show full text]
  • Hydan: Hiding Information in Program Binaries
    Hydan: Hiding Information in Program Binaries Rakan El-Khalil and Angelos D. Keromytis Department of Computer Science, Columbia University in the City of New York {rfe3,angelos}@cs.columbia.edu Abstract. We present a scheme to steganographically embed information in x86 program binaries. We define sets of functionally-equivalent instructions, and use a key-derived selection process to encode information in machine code by using the appropriate instructions from each set. Such a scheme can be used to water- mark (or fingerprint) code, sign executables, or simply create a covert communi- cation channel. We experimentally measure the capacity of the covert channel by determining the distribution of equivalent instructions in several popular operat- ing system distributions. Our analysis shows that we can embed only a limited 1 amount of information in each executable (approximately 110 bit encoding rate), although this amount is sufficient for some of the potential applications men- tioned. We conclude by discussing potential improvements to the capacity of the channel and other future work. 1 Introduction Traditional information-hiding techniques encode ancillary information inside data such as still images, video, or audio. They typically do so in a way that an observer does not notice them, by using redundant bits in the medium. The definition of “redundancy” depends on the medium under consideration (cover medium). Because of their invasive nature, information-hiding systems are often easy to detect, although considerable work has gone into hiding any patterns [1]. In modern steganography, a secret key is used to both encrypt the information-to-be-encoded and select a subset of the redundant bits to be used for the encoding process.
    [Show full text]