Comment on Windows Defender Anti-vitus Bypassed Using Direct Syscalls & XOR Encryption
QBertReynolds@sh.itjust.works 4 days agoThere are a lot more architectures than just x86 that are capable of XORing a register with itself (ie. ARM and RISC-V), and if you took OP to mean the accumulation register specifically, pretty much all CPUs going back as far as I can think have had that functionality.
Malfeasant@lemm.ee 4 days ago
Yes, but it’s not universal that xoring a register with itself is more performant than simply loading it with 0.
QBertReynolds@sh.itjust.works 4 days ago
I never made that claim, nor did the person you corrected.
Malfeasant@lemm.ee 3 days ago
Yes, but that’s why x86 assembly programmers do it…
QBertReynolds@sh.itjust.works 3 days ago
No argument there. It’s also why it’s done in ARM, 8080, SM83, z80, 6502, and basically every other assembly language. It’s only not done in RISC-V because you can fold 0 into any instruction as an operand, therefore eliminating the need to clear a register before an instruction.
So why correct the person with a more narrow claim that makes it seem like xor being faster than loading zero is a rarity in CPU architectures? If I said “birds can fly”, and your response was “eagles can fly. Ftfy. Not all birds can fly”, it would be both true and utterly unhelpful.