WEBVTT 00:01.140 --> 00:08.670 Now that we have discussed MOV instruction and add instruction, let's discuss some differences between 00:08.670 --> 00:13.200 these two instructions which can benefit us in exploit development. 00:13.890 --> 00:19.180 Let's assume that we want to move the value to in the ATX register. 00:19.890 --> 00:27.140 I have shown you earlier, when moving small values into a register like are eggs using more instruction, 00:27.150 --> 00:29.250 it is going to cause null bytes. 00:29.670 --> 00:34.910 So let's discuss how we can achieve this without causing any null bytes. 00:35.250 --> 00:45.900 So let's create a new program called NULL Bytes Dot Nazan and let's use the same old global directive 00:46.320 --> 00:48.030 which is global start. 00:48.660 --> 00:59.070 And let's use a start here and let's use move our eggs comma to. 01:01.480 --> 01:07.090 Let's save the program and let's quickly assemble and link it. 01:31.100 --> 01:32.570 That boy is missing here. 01:33.000 --> 01:34.250 Let's surrender once again. 01:34.790 --> 01:35.300 There you go. 01:35.330 --> 01:43.100 Now let's use object dump and let's try a dash cam and then bash the lights. 01:43.580 --> 01:44.480 Let's hit enter. 01:45.830 --> 01:49.820 As you can see here, this instruction is causing null bites. 01:50.250 --> 01:57.890 Now, you have to remember that in larger programs, the ATX register may contain some values and you 01:57.890 --> 02:00.440 may not be able to store the intended values. 02:00.710 --> 02:06.180 So it is always a good idea to initialize the target register with the value zero. 02:06.560 --> 02:10.970 So let's first do that, then NHLBI start Nazan. 02:13.040 --> 02:13.640 And. 02:16.530 --> 02:25.470 Move rigs come up zero, let's assemble and linking once again. 02:36.650 --> 02:37.290 There it is. 02:37.760 --> 02:41.390 Let's once again use object dump and see what happens. 02:43.490 --> 02:44.090 Look at that. 02:44.240 --> 02:52.730 We tried moving the value zero into the register and even this instruction has caused some null bytes. 02:53.030 --> 03:01.190 So typically we can overcome this problem by performing an exclusive or operation on a register with 03:01.190 --> 03:01.790 itself. 03:02.090 --> 03:03.790 So let's see how we can do that. 03:04.340 --> 03:13.100 I'm opening my null bytes Darwinism once again, and instead of using MOV instruction, I'm going to 03:13.100 --> 03:16.730 use Anzar ATX, Qamar IREX. 03:17.360 --> 03:23.570 Now, regardless of what value Attic's contains before executing this design instruction, it is going 03:23.570 --> 03:25.710 to become zero, right? 03:25.730 --> 03:33.950 So let's assemble and link it and see if we have removed null bytes from this first instruction and 03:33.950 --> 03:36.590 once again assemble and link it. 03:37.250 --> 03:40.490 And let's use object up and Baringo. 03:40.610 --> 03:46.940 The first instruction doesn't have any null bytes anymore, but the second instruction still have it. 03:47.270 --> 03:54.170 So one way to do it, if you still want to use more instruction, is to use the subbranches, just like 03:54.170 --> 03:55.360 we have seen earlier. 03:55.760 --> 03:56.870 So let's quickly do that. 03:59.390 --> 04:08.840 So instead of using IDEX, I'm going to use L, which is a sub register and let's quickly assemble and 04:08.840 --> 04:09.440 link it. 04:12.400 --> 04:19.330 Next used object once again and look at that, we have avoided Lullabye in the second instruction as 04:19.330 --> 04:20.690 well, right? 04:20.800 --> 04:26.340 This is a nice way of doing it, but there is another way that is using ad instruction. 04:26.710 --> 04:38.560 So what we can do is we can simply replace this move in instruction by just using our eggs, but by 04:38.560 --> 04:40.020 using add instruction. 04:40.870 --> 04:47.080 So we are using add our eggs comma to essentially we are adding the value to to zero. 04:47.080 --> 04:50.620 So our eggs ultimately contains the value too. 04:51.130 --> 04:56.260 So let's save the file, assemble and link it once again. 04:58.370 --> 05:01.600 Let's use object up and look at that. 05:02.020 --> 05:05.830 Even the add instruction doesn't come with any animal bites. 05:06.340 --> 05:13.840 So clearly we can use add instruction as an alternative to move instruction if we want to avoid null 05:13.840 --> 05:14.260 bytes. 05:14.830 --> 05:19.710 I'm going to discuss how this exclusive our instruction works in the next video. 05:19.990 --> 05:21.160 So see you there.