Comment on Windows Defender Anti-vitus Bypassed Using Direct Syscalls & XOR Encryption
Malfeasant@lemm.ee 5 days agoYes, but it’s not universal that xoring a register with itself is more performant than simply loading it with 0.
Comment on Windows Defender Anti-vitus Bypassed Using Direct Syscalls & XOR Encryption
Malfeasant@lemm.ee 5 days agoYes, but it’s not universal that xoring a register with itself is more performant than simply loading it with 0.
QBertReynolds@sh.itjust.works 5 days ago
I never made that claim, nor did the person you corrected.
Malfeasant@lemm.ee 4 days ago
Yes, but that’s why x86 assembly programmers do it…
QBertReynolds@sh.itjust.works 4 days ago
No argument there. It’s also why it’s done in ARM, 8080, SM83, z80, 6502, and basically every other assembly language. It’s only not done in RISC-V because you can fold 0 into any instruction as an operand, therefore eliminating the need to clear a register before an instruction.
So why correct the person with a more narrow claim that makes it seem like xor being faster than loading zero is a rarity in CPU architectures? If I said “birds can fly”, and your response was “eagles can fly. Ftfy. Not all birds can fly”, it would be both true and utterly unhelpful.
Malfeasant@lemm.ee 3 days ago
Hey look, I’m good at something.