SlideShare a Scribd company logo

How "mov

ā€¢Download as PPTX, PDFā€¢
ā€¢
Y
yeokm1

This document summarizes a research paper that shows the x86 instruction set mov can be Turing complete. It explains how a Turing machine works and what it means for an instruction set to be Turing complete. It then analyzes the mov instruction and outlines how memory, registers and the transition state table would need to be designed to fulfill the requirements of a Turing machine using only mov instructions. This involves representing the tape as memory locations, using registers to track state and symbols, and implementing logic to read/write symbols, consult the transition table and move the head based on the table.

Software
1 of 44
mov is Turing-complete Authored by: Stephen Dolan (PhD Candidate) 19 July 2013 Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf Practical implementation by: Chris Domas Papers We Love #14 (26 Oct 2015) By: Yeo Kheng Meng (yeokm1@gmail.com) https://github.com/yeokm1/mov-is-turing-complete1
This presentation is best viewed with the animations. 2
How did I know of this paper? Hacker News: June 21 Link to: https://github.com/xoreaxeaxeax/movfuscator Inspired by mov is Turing-complete 3
Schedule of presentation ā€¢ 2 parts in this presentation 1. Purely theoretical talk about the paper (~40mins) 2. How things work in practice? (~15 mins) ā€¢ Short demo using Chris Domas implementation ā€¢ Challenges of a practical implementation 4
Motivation ā€¢ x86 instruction set is bloated ā€¢ 500 ā€“ 1000 instructions depending on sources ā€¢ Is it possible to reduce everything to one instruction? ā€¢ Initially a thought experiment by Stephen Dolan ā€¢ Actual implementation by Chris Domasā€™s Movfuscator ā€¢ https://github.com/xoreaxeaxeax/movfuscator 5
Some disclaimers by the paper ā€¢ Not purely mov-only ā€¢ A single ā€œjmpā€ instruction is used to loop back to the beginning ā€¢ Solved by Chris Domasā€™s implementation ā€¢ Invalid memory address 0 to halt execution ā€¢ No other forms of circumventing the rules ā€¢ No self-modifying code ā€¢ No runtime code generation 6
Scope of the problem Title: mov is Turing-complete 1. What is a Turing machine? 2. What it means to be Turing-complete? 3. What is ā€œmovā€? 4. What it takes for ā€œmovā€ to be Turing Complete? 7
1. What is a Turing machine? Source: http://stackoverflow.com/a/236022 Theoretical Finite State Machine (FSM) model Characteristics Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Head (Scanner) ā€¢ Reads/Writes to cells ā€¢ Can move left/right to next cell State register ā€¢ Remember current state of FSM Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table8
2. What it means to be Turing-complete? A programming language must be able to compute any problem a Turing machine can. -> Have the same characteristics as a Turing machine Characteristics Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Head (Scanner) ā€¢ Reads/Writes to cells ā€¢ Can move left/right to next cell State register ā€¢ Remember current state of FSM Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table 9
3. What is mov? ā€¢ x86 assembly instruction to move contents from one location to another. ā€¢ General syntax : mov destination, source ā€¢ Copies (not cut) from source to destination ā€¢ Comes in 5 forms Syntax Explanation mov Rdest, Rsrc Register <- Register mov Rdest, c Register <- Constant mov [Rsrc + Roffset], c Memory <- Constant mov Rdest, [Rsrc + Roffset] Register <- Memory mov [Rdest + Roffset], Rsrc Memory <- Register Square[x] brackets means memory access at location index specified by x. 10
4. What it takes for ā€œmovā€ to be Turing Complete? Turing Machine Characteristics In context of mov-only instruction Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet ??? Head (Scanner) ā€¢ Reads/Writes to cells ā€¢ Can move left/right to next cell Read/Write to memory at multiple locations ā€¢ mov State register ā€¢ Remember current state of FSM Just reserve one register to remember state Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol ???? Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ??? ļƒ¼ ļƒ¼ 11
What we have to do? Unfulfilled Turing characteristics Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table 12
Building our Turing machine 13
Designing the tape Unfulfilled Turing characteristic Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Current Symbol | Null Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Left Symbol 3 | Point to Left symbol 4 Left Symbol 4 | Point to Left symbol 5 Right Symbol 3 | Point to Right symbol 4 Right Symbol 4 | Point to Right symbol 5 Left Stack Right Stack ā€¢ Current symbol ā€¢ Left/Right stack to hold everything ā€¢ Each symbol cell holds 2 things 1. Pointer to symbol value 2. Pointer to next cell <= Move tape to the left <= Current symbol goes left : : Left Symbol 0 | Point to Left symbol 1 Current Symbol | Null 14
Designing the tape Unfulfilled Turing characteristic Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Current Symbol | Null Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Left Symbol 3 | Point to Left symbol 4 Left Symbol 4 | Point to Left symbol 5 Right Symbol 3 | Point to Right symbol 4 Right Symbol 4 | Point to Right symbol 5 Left Stack Right Stack ā€¢ Current symbol ā€¢ Left/Right stack to hold everything ā€¢ Each symbol cell holds 2 things 1. Pointer to symbol value 2. Pointer to next cell => Move tape right => Current symbol goes right : : Right Symbol 0 | Point to Right symbol 1 Current Symbol | Null 15
Designing the transition state table ā€¢ Table of linked cells, easier for mov to use ā€¢ Each cell contains a value and points to next cell ā€¢ N: Dummy pointer indicating end of list Unfulfilled Turing characteristic Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Current State Qx Points to Trigger symbol of possible transition | Point to alternative transition cell Trigger symbol | Point to new symbol cell New symbol | Point to direction cell Direction | Point to next state cell Next State | End of list State Q0 State Q1 16
Now to the mov stuff 17
Equality checking (Problem) ā€¢ We want to check if Ri == Rj? ā€¢ Output result of comparison 0/1 register Rk 18
Equality checking (Example 1) ā€¢ Assume both are equal at Ri = Rj = 6 ā€¢ We want to check if Ri == Rj. ā€¢ Expected output at register Rk = 1 ā€¢ mov [Ri], 0 -> mov [6], 0 ā€¢ mov [Rj], 1 -> mov [6], 1 ā€¢ mov Rk, [Ri] -> mov Rk, [6] Mem Address 0 1 2 3 4 5 6 7 8 Contents - - - - - - - - Register Contents Rk (Result) Ri 6 Rj 6 ā€¦ ā€¦ 01 Memory address range of the machine 1 - 19
Equality checking (Example 2) ā€¢ Assume both are NOT equal at Ri = 5, Rj = 2 ā€¢ We want to check if Ri == Rj. ā€¢ Expected output at register Rk = 0 ā€¢ mov [Ri], 0 -> mov [5], 0 ā€¢ mov [Rj], 1 -> mov [2], 1 ā€¢ mov Rk, [Ri] -> mov Rk, [5] Mem Address 0 1 2 3 4 5 6 7 8 Contents - - - - - - - Register Contents Rk (Result) Ri 5 Rj 2 ā€¦ ā€¦ 01 Memory address range of the machine 0 - - 20
Value selection ā€¢ Given Rc being 0 or 1, pick either value Ra or Rb ā€¢ Put result in Rd ā€¢ We can use Rlookup as start index of ā€œlookup-tableā€ ā€¢ mov [Rlookup], Ra ā€¢ mov [Rlookup + 1], Rb ā€¢ mov Rd, [Rlookup + Rc] // Rc is 0 or 1 ā€¢ If Rc == 0 : Rd = Ra ā€¢ Else: Rd = Rb Lookup Addresses Rlookup Rlookup + 1 Contents Lookup table - -Ra Rb 21
Our architecture so far Setting aside some registers Register Purpose SYMBOL Pointer to current symbol read from tape LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested (First word of transition points to trigger symbol) LOOKUP Points to lookup table (scratch space) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table 22
Logic Process Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL Pointer to current symbol read from tape LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table 23
Logic Process (Step: 1 & 2) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL Pointer to current symbol read from tape LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) ā€¦ ā€¦ Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Consult transition state table ā€¢ Retrieve current symbol, compare with trigger symbol ā€¢ Extra temporary registers X, Y & M ā€¢ mov X, [SYMBOL] // get current symbol ā€¢ mov Y, [CTRANS] // get pointer to trigger symbol ā€¢ mov Y, [Y] // get trigger symbol ā€¢ mov [X], 0 //Put 0 inside memory using Y as index ā€¢ mov [Y], 1 //Put 1 inside memory using X as index ā€¢ mov M, [X] //M gets 0/1 depending on equality Pointer to trigger symbolTrigger symbol Current symbolX (Temp) Y (Temp) 1 if equal, 0 otherwiseM (Result) 24
Logic Process (Step: 3) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Modify the symbol ā€¢ M from Step 2. Extra temporary registers X, Y, Z. ā€¢ Choose between current/new symbol -> write symbol ā€¢ mov X, [CTRANS] // get pointer to trigger symbol ā€¢ mov X, [X + 1] // Load pointer to new symbol by skipping trigger symbol ā€¢ mov X, [X] // load new symbol ā€¢ mov Y, [SYMBOL] // load old symbol ā€¢ mov [LOOKUP], Y //determine new symbol == X/Y? ā€¢ mov [LOOKUP + 1], X ā€¢ mov Z, [LOOKUP + M] ā€¢ mov [SYMBOL], Z //write the selected symbol back Pointer to trigger symbol Old symbol X (Temp) Y (Temp) Pointer to new symbolNew symbol Result 0/1 of transition comparison from Step 2M (Match) Z (Temp) Y X Selected new symbol value from X or Y Pointer to current symbol read from tape 25
Logic Process (Step: 4.1) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Load tape direction of transition, regardless of transition matching ā€¢ M from Step 2. Result register D to choose direction. ā€¢ mov D, [CTRANS] // get pointer to trigger symbol ā€¢ mov D, [D+1] // load new symbol pointer ā€¢ mov D, [D+1] //load direction pointer ā€¢ mov D, [D] // load direction Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 D (Result) Pointer to trigger symbolPointer to new symbolPointer to directionDirection value 0/1 26
Current Symbol | Point to Left/Right symbol 1 Logic Process (Step: 4.2) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Depending on tape direction, push current symbol cell into stack ā€¢ M from Step 2, D from Step 4.1, Temporary Register X. ā€¢ //Get the first cell from left/right stack as next cell for current symbol ā€¢ mov [LOOKUP], LEFT ā€¢ mov [LOOKUP + 1], RIGHT ā€¢ mov X, [LOOKUP + D] ā€¢ mov [SYMBOL + 1], X //Point the current symbolā€™s next pointer to the next cell ā€¢ //Select new value for first symbol LEFT ā€¢ mov [LOOKUP], SYMBOL ā€¢ mov [LOOKUP + 1], LEFT ā€¢ mov LEFT, [LOOKUP + D] ā€¢ //Select new value for first symbol RIGHT ā€¢ mov [LOOKUP], RIGHT ā€¢ mov [LOOKUP +1] , SYMBOL ā€¢ mov RIGHT, [LOOKUP + D] Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 D (Result) Direction value 0/1 from Step 4.1 X (Temp) Pointer to first cell of left/right stack Left RightSymbol LeftRight Symbol 27
Current Symbol | Point to Left/Right symbol 1 Logic Process (Step: 4.3) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Preparation to pop stack ā€¢ Invert Register D if no movement is actually required i.e. M == 0 ā€¢ M from Step 2, D from Step 4.1, Temporary Register X. ā€¢ //Put negation of D into X ā€¢ mov [LOOKUP], 1 //Reverse order of selection ā€¢ mov [LOOKUP + 1], 0 //Reverse order of selection ā€¢ mov X, [LOOKUP + D] ā€¢ //Use M to select between D or X (D-negation) ā€¢ mov [LOOKUP], X ā€¢ mov [LOOKUP +1], D ā€¢ mov D, [LOOKUP + M] Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 D (Result) Direction value 0/1 from Step 4.1 X (Temp) Negation of D 1 0X (D-negation) D Direction value to determine pop decision 28
Left symbol 0 | Point to Left symbol 1 Logic Process (Step: 4.4) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ We need a new current symbol, pop a cell from one side based on D ā€¢ D from Step 4.3, Temporary Register X. ā€¢ //Select new value for SYMBOL from either LEFT or RIGHT stack ā€¢ mov [LOOKUP], RIGHT ā€¢ mov [LOOKUP + 1], LEFT ā€¢ mov SYMBOL, [LOOKUP + D] ā€¢ mov X, [SYMBOL + 1] //Find new top of stack ā€¢ //Find new top value for LEFT ā€¢ mov [LOOKUP], LEFT ā€¢ mov [LOOKUP + 1], X ā€¢ mov LEFT, [LOOKUP + D] //If D == 1, we just popped the left stack, set X to LEFT ā€¢ //Find new value for RIGHT ā€¢ mov [LOOKUP], X ā€¢ mov [LOOKUP + 1], RIGHT ā€¢ mov RIGHT, [LOOKUP + D] //If D == 0, we just popped the right stack, set X to RIGHT Pointer to current symbol read from tape D (Result) X (Temp) Direction value to determine pop decision Right symbol 0 | Point to Right symbol 1 Top value of stack we popped from Right Left Current Symbol | Point to Left/Right symbol 1 Left XX Right 29
Logic Process (Step: 5) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Find next transition ā€¢ M from Step 2, Temporary Registers X & Y. ā€¢ If current transition matches, go to first transition of next state, ā€¢ else, go to next transition of current state ā€¢ //get next transition of current state ā€¢ mov X, [CTRANS + 1] ā€¢ //get first transition of next state ā€¢ mov Y, [CTRANS] //get current transition ā€¢ mov Y, [Y + 1] //skip trigger symbol ā€¢ mov Y, [Y + 1] //skip new symbol ā€¢ mov Y, [Y + 1] //skip direction ā€¢ mov Y, [Y] //Select next transition ā€¢ mov [LOOKUP], X ā€¢ mov [LOOKUP + 1], Y ā€¢ mov CTRANS, [LOOKUP + M] Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 X (Temp) Y (Temp) Pointer to next transition of current state Pointer to first transition of next state X Y 30
Logic Process (Extra Step 6) Halting the machine Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Halt machine if CTRANS is N ā€¢ Assume load from address 0 halts machine ā€¢ Temporary register H, X ā€¢ //Set H = 1 if CTRANS is N (end of state list or no outgoing transitions) ā€¢ mov [N], 0 ā€¢ mov [CTRANS], 1 ā€¢ mov H, [N] ā€¢ //select between 0 and N depending on H value ā€¢ mov [LOOKUP], 0 ā€¢ mov [LOOKUP + 1], N ā€¢ mov X, [LOOKUP + H] ā€¢ mov X, [X] // load from 0 or end of list. Program will terminate here if X is 0 ā€¢ jmp start //Go back to top of program Pointer to current symbol read from tape H (Temp) Whether to halt? 0:No, 1:Yes 0 N X (Temp) To test whether machine to halt 31
Practical time 32
Chris Domasā€™s movfuscator ā€¢ https://github.com/xoreaxeaxeax/movfuscator ā€¢ C compiler that compiles into mov instructions ā€¢ Uses LCC as frontend 33
Why is it called movfuscator? ā€¢ To defeat reverse-engineering ā€¢ Disassembled output: GCC movfuscator 34
Why is called movfuscator? ā€¢ Control flow graph generated by disassemblers vs Source Slide 109-110: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf Typical mov-only 35
Quick demo 36
Our hello world program GCC (hwgcc.sh) Movcc (hwmov.sh) Compile program and run gcc -g hw.c -o hw-gcc.out && ./hw-gcc.out movcc -g hw.c -o hw-movcc.out && ./hw-movcc.out Disassemble program & output to file objdump -M intel -S -l hw-gcc.out > hw-gcc.asm objdump -M intel -S -l hw-movcc.out > hw-movcc.asm Open in sublime subl hw-gcc.asm subl hw-movcc.asm 37
Enhancement: Remove jmp at the end ā€¢ mov cs, ax //Illegal mov instruction cannot modify code segment register ā€¢ Solution concept: ā€¢ OS raises SIGILL (illegal instruction signal) ā€¢ Code to capture SIGILL signal ā€¢ Call sigaction() to tell OS we have handled the instruction ā€¢ Reload the stack (Go back to top) Source Slide 101: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf 38
Problem 1 : Branching ā€¢ Issue: All mov instructions always execute ā€¢ Use dummy data if mov instructions must be ignored ā€¢ start: ā€¢ 0x1000 mov ā€¦ ā€¢ 0x1004 mov ā€¦ ā€¢ 0x1008 mov ā€¦ ā€¢ 0x100c mov ā€¦ ā€¢ 0x1010 mov ā€¦ ā€¢ 0x1014 mov ā€¦ ā€¢ 0x1018 mov ā€¦ ā€¢ 0x101c mov ā€¦ ā€¢ 0x1020 mov ā€¦ ā€¢ 0x1024 mov ā€¦ ā€¢ 0x1028 mov ā€¦ ā€¢ 0x102c mov ā€¦ ā€¢ 0x1030 jmp start <- Branch from here <- to here Destination: 0x1010 Step 1: Store address 0x1010 somewhere Step 2: Switch memory pointers to dummy data Step 3: Proceed and loop around if needed Step 4: Check if this block is meant to be executed Step 5: Switch to real data and continue execution 39
Problem 2: Arithmetic ā€¢ For eg: add32 Source Slide 133: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf Macro expansion 40
Problem 2: Arithmetic ā€¢ For division >7000 mov instructions!!! (with the help of macros) Source Slide 141: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf 41
Problem 3: Speed ā€¢ Unsolvable ā€¢ Many mov instructions for a single instruction 42
Our Fibonacci program GCC (fibgcc.sh) Movcc (fibmov.sh) Compile program gcc fib.c -o fib-gcc.out movcc fib.c -o fib-movcc.out Run ./fib-gcc.out ./fib-movcc.out 43
The End/References ā€¢ http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf ā€¢ http://www.gwern.net/Turing-complete ā€¢ https://github.com/xoreaxeaxeax/movfuscator ā€¢ https://www.youtube.com/watch?v=R7EEoWg6Ekk 44

Recommended

Portacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒ
Portacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒPortacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒ
Portacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒSatoshi imai
Ā 
std::pin ć®å‹˜ę‰€
std::pin ć®å‹˜ę‰€std::pin ć®å‹˜ę‰€
std::pin ć®å‹˜ę‰€Hiroaki Goto
Ā 
č©³čŖ¬WebAssembly
č©³čŖ¬WebAssemblyč©³čŖ¬WebAssembly
č©³čŖ¬WebAssemblyē„åø ä¼Šč—¤
Ā 
高åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£
高åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£é«˜åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£
高åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£DADA246
Ā 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux KernelAdrian Huang
Ā 
PHPerć ć£ć¦Microservices恗恟恄ļ¼
PHPerć ć£ć¦Microservices恗恟恄ļ¼PHPerć ć£ć¦Microservices恗恟恄ļ¼
PHPerć ć£ć¦Microservices恗恟恄ļ¼Shinichi Takahashi
Ā 
WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™
WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™
WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™Takaya Saeki
Ā 
Linux恮Full tickless悒試恗恦ćæ恟
Linux恮Full tickless悒試恗恦ćæ恟Linux恮Full tickless悒試恗恦ćæ恟
Linux恮Full tickless悒試恗恦ćæ恟Hiraku Toyooka
Ā 

Recommended

Portacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒ
Portacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒPortacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒ
Portacle : Common Lisp恮ć‚Ŗćƒ¼ćƒ«ć‚¤ćƒ³ćƒÆćƒ³é–‹ē™ŗē’°å¢ƒSatoshi imai
Ā 
std::pin ć®å‹˜ę‰€
std::pin ć®å‹˜ę‰€std::pin ć®å‹˜ę‰€
std::pin ć®å‹˜ę‰€Hiroaki Goto
Ā 
č©³čŖ¬WebAssembly
č©³čŖ¬WebAssemblyč©³čŖ¬WebAssembly
č©³čŖ¬WebAssemblyē„åø ä¼Šč—¤
Ā 
高åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£
高åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£é«˜åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£
高åŗ¦ć«ęœ€é©åŒ–ć•ć‚ŒćŸē§»ę¤åÆčƒ½ćŖćƒ”ćƒ¢ćƒŖćƒžćƒćƒ¼ć‚øćƒ£DADA246
Ā 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux KernelAdrian Huang
Ā 
PHPerć ć£ć¦Microservices恗恟恄ļ¼
PHPerć ć£ć¦Microservices恗恟恄ļ¼PHPerć ć£ć¦Microservices恗恟恄ļ¼
PHPerć ć£ć¦Microservices恗恟恄ļ¼Shinichi Takahashi
Ā 
WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™
WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™
WebAssembly恮Webä»„å¤–ć®ć“ćØćœć‚“ć¶č©±ć™Takaya Saeki
Ā 
Linux恮Full tickless悒試恗恦ćæ恟
Linux恮Full tickless悒試恗恦ćæ恟Linux恮Full tickless悒試恗恦ćæ恟
Linux恮Full tickless悒試恗恦ćæ恟Hiraku Toyooka
Ā 
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…Ryuichi Sakamoto
Ā 
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ APIē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ APIAkihiro Ikezoe
Ā 
ContainerćØName Space Isolation
ContainerćØName Space IsolationContainerćØName Space Isolation
ContainerćØName Space Isolationmaruyama097
Ā 
XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹
XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹
XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹Developer Solutionsäŗ‹ę„­éƒØ ćƒ”ć‚·ć‚¦ć‚¹ę Ŗ式会ē¤¾ ļ¼ˆę—§ć‚°ćƒ¬ćƒ¼ćƒ—ć‚·ćƒ†ć‚£ę Ŗ式会ē¤¾ļ¼‰
Ā 
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2Masatoshi Tada
Ā 
Requirement Analysis Tree
Requirement Analysis TreeRequirement Analysis Tree
Requirement Analysis TreeKent Ishizawa
Ā 
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusablebrainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusableroodni
Ā 
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁Shun Iwase
Ā 
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍yoshiaki iwanaga
Ā 
QEMU-SystemC (FDL)
QEMU-SystemC (FDL)QEMU-SystemC (FDL)
QEMU-SystemC (FDL)MĆ rius MontĆ³n
Ā 
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroidLinuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroiddemuyan
Ā 
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹ć‚„ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹Koichi Tanaka
Ā 
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒKazuki Onishi
Ā 
UEFIć§å§‹ć‚ć‚‹Linux From Scratch
UEFIć§å§‹ć‚ć‚‹Linux From ScratchUEFIć§å§‹ć‚ć‚‹Linux From Scratch
UEFIć§å§‹ć‚ć‚‹Linux From ScratchYuma Ohgami
Ā 
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718Mao Ohnishi
Ā 
LLVMęœ€é©åŒ–ć®ć“ć¤
LLVMęœ€é©åŒ–ć®ć“ć¤LLVMęœ€é©åŒ–ć®ć“ć¤
LLVMęœ€é©åŒ–ć®ć“ć¤MITSUNARI Shigeo
Ā 
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆Tsuyoshi OZAWA
Ā 
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹Kosuke Ito
Ā 
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØMySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØyoku0825
Ā 
initramfs恫恤恄恦
initramfs恫恤恄恦initramfs恫恤恄恦
initramfs恫恤恄恦Kazuhiro Nishiyama
Ā 
Lecture 12 Bottom-UP Parsing.pptx
Lecture 12 Bottom-UP Parsing.pptxLecture 12 Bottom-UP Parsing.pptx
Lecture 12 Bottom-UP Parsing.pptxYusra11491
Ā 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator ajay singh
Ā 

More Related Content

What's hot

Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…Ryuichi Sakamoto
Ā 
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ APIē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ APIAkihiro Ikezoe
Ā 
ContainerćØName Space Isolation
ContainerćØName Space IsolationContainerćØName Space Isolation
ContainerćØName Space Isolationmaruyama097
Ā 
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2Masatoshi Tada
Ā 
Requirement Analysis Tree
Requirement Analysis TreeRequirement Analysis Tree
Requirement Analysis TreeKent Ishizawa
Ā 
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusablebrainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusableroodni
Ā 
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁Shun Iwase
Ā 
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍yoshiaki iwanaga
Ā 
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroidLinuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroiddemuyan
Ā 
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹ć‚„ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹Koichi Tanaka
Ā 
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒKazuki Onishi
Ā 
UEFIć§å§‹ć‚ć‚‹Linux From Scratch
UEFIć§å§‹ć‚ć‚‹Linux From ScratchUEFIć§å§‹ć‚ć‚‹Linux From Scratch
UEFIć§å§‹ć‚ć‚‹Linux From ScratchYuma Ohgami
Ā 
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718Mao Ohnishi
Ā 
LLVMęœ€é©åŒ–ć®ć“ć¤
LLVMęœ€é©åŒ–ć®ć“ć¤LLVMęœ€é©åŒ–ć®ć“ć¤
LLVMęœ€é©åŒ–ć®ć“ć¤MITSUNARI Shigeo
Ā 
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆Tsuyoshi OZAWA
Ā 
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹Kosuke Ito
Ā 
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØMySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØyoku0825
Ā 
initramfs恫恤恄恦
initramfs恫恤恄恦initramfs恫恤恄恦
initramfs恫恤恄恦Kazuhiro Nishiyama
Ā 

What's hot (20)

Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Slurm恮ć‚øćƒ§ćƒ–ć‚¹ć‚±ć‚øćƒ„ćƒ¼ćƒŖćƒ³ć‚°ćØå®Ÿč£…
Ā 
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ APIē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
ē¤¾å†…Java8勉強会 ćƒ©ćƒ ćƒ€å¼ćØć‚¹ćƒˆćƒŖćƒ¼ćƒ API
Ā 
ContainerćØName Space Isolation
ContainerćØName Space IsolationContainerćØName Space Isolation
ContainerćØName Space Isolation
Ā 
XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹
XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹
XAMLć§ę„­å‹™ć‚¢ćƒ—ćƒŖ恌恓悓ćŖć«å¤‰ć‚ć‚‹ļ¼ćƒ‡ć‚¶ć‚¤ćƒ³åæ—å‘ć«ć‚ˆć‚‹ę„­å‹™ć‚¢ćƒ—ćƒŖ恮äŗ‹ä¾‹ē“¹ä»‹
Ā 
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
ć‚¹ćƒ†ćƒƒćƒ—ćƒ»ćƒć‚¤ćƒ»ć‚¹ćƒ†ćƒƒćƒ—ć§å­¦ć¶ćƒ©ćƒ ćƒ€å¼ćƒ»Stream apiå…„é–€ #jjug ccc #ccc h2
Ā 
Requirement Analysis Tree
Requirement Analysis TreeRequirement Analysis Tree
Requirement Analysis Tree
Ā 
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusablebrainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
brainfuckć‚’åćč‡Ŗ作č؀čŖžbf-reusable
Ā 
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
恊恙恙悁Vimćƒ—ćƒ©ć‚°ć‚¤ćƒ³ć¾ćØ悁
Ā 
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
ē¬¬äø‰å›žć‚ć‚Šćˆć‚‹ē¤¾å†…勉強会 ć€Œć„ć‚ćŒćŒć®Lombok怍
Ā 
QEMU-SystemC (FDL)
QEMU-SystemC (FDL)QEMU-SystemC (FDL)
QEMU-SystemC (FDL)
Ā 
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroidLinuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Linuxć‚«ćƒ¼ćƒćƒ«ć‹ć‚‰ē“č§£ćAndroid
Ā 
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹ć‚„ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
悄ćÆć‚ŠćŠå‰ć‚‰ć®MVCćÆé–“é•ć£ć¦ć„ć‚‹
Ā 
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
ćƒ—ćƒ­ć‚»ć‚¹ćØć‚³ćƒ³ćƒ†ć‚­ć‚¹ćƒˆć‚¹ć‚¤ćƒƒćƒ
Ā 
UEFIć§å§‹ć‚ć‚‹Linux From Scratch
UEFIć§å§‹ć‚ć‚‹Linux From ScratchUEFIć§å§‹ć‚ć‚‹Linux From Scratch
UEFIć§å§‹ć‚ć‚‹Linux From Scratch
Ā 
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
ćƒˆć‚™ćƒ”ć‚¤ćƒ³é§†å‹•čØ­čØˆć®ę‰ćˆę–¹ 20150718
Ā 
LLVMęœ€é©åŒ–ć®ć“ć¤
LLVMęœ€é©åŒ–ć®ć“ć¤LLVMęœ€é©åŒ–ć®ć“ć¤
LLVMęœ€é©åŒ–ć®ć“ć¤
Ā 
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Linux KVM ć®ć‚³ćƒ¼ćƒ‰ć‚’čæ½ć„恋恑恦ćæ悈恆
Ā 
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Bitbucketć‚’ę“»ē”Øć—ćŸć‚³ćƒ¼ćƒ‰ćƒ¬ćƒ“ćƒ„ćƒ¼ę”¹å–„äŗ‹ä¾‹
Ā 
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØMySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
MySQL 5.7ć«ć‚„ć‚‰ć‚ŒćŖć„ćŸć‚ć«ćŠć¼ćˆć¦ćŠć„ć¦ć»ć—ć„ć“ćØ
Ā 
initramfs恫恤恄恦
initramfs恫恤恄恦initramfs恫恤恄恦
initramfs恫恤恄恦
Ā 

Similar to How "mov

Lecture 12 Bottom-UP Parsing.pptx
Lecture 12 Bottom-UP Parsing.pptxLecture 12 Bottom-UP Parsing.pptx
Lecture 12 Bottom-UP Parsing.pptxYusra11491
Ā 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator ajay singh
Ā 
PRBS generation
PRBS generationPRBS generation
PRBS generationajay singh
Ā 
Operators loops conditional and statements
Operators loops conditional and statementsOperators loops conditional and statements
Operators loops conditional and statementsVladislav Hadzhiyski
Ā 
C language
C languageC language
C languageRobo India
Ā 
Q-Step_WS_02102019_Practical_introduction_to_Python.pdf
Q-Step_WS_02102019_Practical_introduction_to_Python.pdfQ-Step_WS_02102019_Practical_introduction_to_Python.pdf
Q-Step_WS_02102019_Practical_introduction_to_Python.pdfMichpice
Ā 
Bottom - Up Parsing
Bottom - Up ParsingBottom - Up Parsing
Bottom - Up Parsingkunj desai
Ā 
Central processing unit
Central processing unitCentral processing unit
Central processing unitHeman Pathak
Ā 
Data Structures 6
Data Structures 6Data Structures 6
Data Structures 6Dr.Umadevi V
Ā 
PDA and Turing Machine (1).ppt
PDA and Turing Machine (1).pptPDA and Turing Machine (1).ppt
PDA and Turing Machine (1).pptAayushSingh233965
Ā 
[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2
[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2
[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2Yo Halb
Ā 
Data structures and algorithms
Data structures and algorithmsData structures and algorithms
Data structures and algorithmsJulie Iskander
Ā 
Implementation of lexical analyser
Implementation of lexical analyserImplementation of lexical analyser
Implementation of lexical analyserArchana Gopinath
Ā 
Circular link list.ppt
Circular link list.pptCircular link list.ppt
Circular link list.pptTirthika Bandi
Ā 
Basics in algorithms and data structure
Basics in algorithms and data structure Basics in algorithms and data structure
Basics in algorithms and data structure Eman magdy
Ā 
Optimizing Set-Similarity Join and Search with Different Prefix Schemes
Optimizing Set-Similarity Join and Search with Different Prefix SchemesOptimizing Set-Similarity Join and Search with Different Prefix Schemes
Optimizing Set-Similarity Join and Search with Different Prefix SchemesHPCC Systems
Ā 
Lexical analysis, syntax analysis, semantic analysis. Ppt
Lexical analysis, syntax analysis, semantic analysis. PptLexical analysis, syntax analysis, semantic analysis. Ppt
Lexical analysis, syntax analysis, semantic analysis. Pptovidlivi91
Ā 
Cache aware hybrid sorter
Cache aware hybrid sorterCache aware hybrid sorter
Cache aware hybrid sorterManchor Ko
Ā 

Similar to How "mov (20)

Lecture 12 Bottom-UP Parsing.pptx
Lecture 12 Bottom-UP Parsing.pptxLecture 12 Bottom-UP Parsing.pptx
Lecture 12 Bottom-UP Parsing.pptx
Ā 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator
Ā 
PRBS generation
PRBS generationPRBS generation
PRBS generation
Ā 
Operators loops conditional and statements
Operators loops conditional and statementsOperators loops conditional and statements
Operators loops conditional and statements
Ā 
C language
C languageC language
C language
Ā 
Q-Step_WS_02102019_Practical_introduction_to_Python.pdf
Q-Step_WS_02102019_Practical_introduction_to_Python.pdfQ-Step_WS_02102019_Practical_introduction_to_Python.pdf
Q-Step_WS_02102019_Practical_introduction_to_Python.pdf
Ā 
Bottom - Up Parsing
Bottom - Up ParsingBottom - Up Parsing
Bottom - Up Parsing
Ā 
Instruction types
Instruction typesInstruction types
Instruction types
Ā 
Central processing unit
Central processing unitCentral processing unit
Central processing unit
Ā 
Data Structures 6
Data Structures 6Data Structures 6
Data Structures 6
Ā 
PDA and Turing Machine (1).ppt
PDA and Turing Machine (1).pptPDA and Turing Machine (1).ppt
PDA and Turing Machine (1).ppt
Ā 
[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2
[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2
[YIDLUG] Programming Languages Differences, The Underlying Implementation 1 of 2
Ā 
Data structures and algorithms
Data structures and algorithmsData structures and algorithms
Data structures and algorithms
Ā 
Implementation of lexical analyser
Implementation of lexical analyserImplementation of lexical analyser
Implementation of lexical analyser
Ā 
Circular link list.ppt
Circular link list.pptCircular link list.ppt
Circular link list.ppt
Ā 
Basics in algorithms and data structure
Basics in algorithms and data structure Basics in algorithms and data structure
Basics in algorithms and data structure
Ā 
sorting_part1.ppt
sorting_part1.pptsorting_part1.ppt
sorting_part1.ppt
Ā 
Optimizing Set-Similarity Join and Search with Different Prefix Schemes
Optimizing Set-Similarity Join and Search with Different Prefix SchemesOptimizing Set-Similarity Join and Search with Different Prefix Schemes
Optimizing Set-Similarity Join and Search with Different Prefix Schemes
Ā 
Lexical analysis, syntax analysis, semantic analysis. Ppt
Lexical analysis, syntax analysis, semantic analysis. PptLexical analysis, syntax analysis, semantic analysis. Ppt
Lexical analysis, syntax analysis, semantic analysis. Ppt
Ā 
Cache aware hybrid sorter
Cache aware hybrid sorterCache aware hybrid sorter
Cache aware hybrid sorter
Ā 

More from yeokm1

I became a Private Pilot and this is my story
I became a Private Pilot and this is my storyI became a Private Pilot and this is my story
I became a Private Pilot and this is my storyyeokm1
Ā 
What's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeWhat's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeyeokm1
Ā 
Speaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior DevsSpeaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior Devsyeokm1
Ā 
Reflections on Trusting Trust for Go
Reflections on Trusting Trust for GoReflections on Trusting Trust for Go
Reflections on Trusting Trust for Goyeokm1
Ā 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectreyeokm1
Ā 
Gentoo on a 486
Gentoo on a 486Gentoo on a 486
Gentoo on a 486yeokm1
Ā 
BLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev ScoutBLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev Scoutyeokm1
Ā 
BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017yeokm1
Ā 
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiteryeokm1
Ā 
PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)yeokm1
Ā 
SP Auto Door Unlocker
SP Auto Door UnlockerSP Auto Door Unlocker
SP Auto Door Unlockeryeokm1
Ā 
SP IoT Doorbell
SP IoT DoorbellSP IoT Doorbell
SP IoT Doorbellyeokm1
Ā 
Distance Machine Locker
Distance Machine LockerDistance Machine Locker
Distance Machine Lockeryeokm1
Ā 
A Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech ThingA Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech Thingyeokm1
Ā 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chatyeokm1
Ā 
The slide rule
The slide ruleThe slide rule
The slide ruleyeokm1
Ā 
Windows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareWindows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareyeokm1
Ā 
Repair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker TrainingRepair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker Trainingyeokm1
Ā 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardwareyeokm1
Ā 
Getting Started with Raspberry Pi
Getting Started with Raspberry PiGetting Started with Raspberry Pi
Getting Started with Raspberry Piyeokm1
Ā 

More from yeokm1 (20)

I became a Private Pilot and this is my story
I became a Private Pilot and this is my storyI became a Private Pilot and this is my story
I became a Private Pilot and this is my story
Ā 
What's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light planeWhat's inside a Cessna 172 and flying a light plane
What's inside a Cessna 172 and flying a light plane
Ā 
Speaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior DevsSpeaking at Tech meetups/conferences for Junior Devs
Speaking at Tech meetups/conferences for Junior Devs
Ā 
Reflections on Trusting Trust for Go
Reflections on Trusting Trust for GoReflections on Trusting Trust for Go
Reflections on Trusting Trust for Go
Ā 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectre
Ā 
Gentoo on a 486
Gentoo on a 486Gentoo on a 486
Gentoo on a 486
Ā 
BLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev ScoutBLE Localiser (Full) for iOS Dev Scout
BLE Localiser (Full) for iOS Dev Scout
Ā 
BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017BLE Localiser for iOS Conf SG 2017
BLE Localiser for iOS Conf SG 2017
Ā 
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiter
Ā 
PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)PCB Business Card (Singapore Power)
PCB Business Card (Singapore Power)
Ā 
SP Auto Door Unlocker
SP Auto Door UnlockerSP Auto Door Unlocker
SP Auto Door Unlocker
Ā 
SP IoT Doorbell
SP IoT DoorbellSP IoT Doorbell
SP IoT Doorbell
Ā 
Distance Machine Locker
Distance Machine LockerDistance Machine Locker
Distance Machine Locker
Ā 
A Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech ThingA Science Project: Building a sound card based on the Covox Speech Thing
A Science Project: Building a sound card based on the Covox Speech Thing
Ā 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chat
Ā 
The slide rule
The slide ruleThe slide rule
The slide rule
Ā 
Windows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardwareWindows 3.1 (WFW) on vintage and modern hardware
Windows 3.1 (WFW) on vintage and modern hardware
Ā 
Repair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker TrainingRepair Kopitiam Circuit Breaker Training
Repair Kopitiam Circuit Breaker Training
Ā 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardware
Ā 
Getting Started with Raspberry Pi
Getting Started with Raspberry PiGetting Started with Raspberry Pi
Getting Started with Raspberry Pi
Ā 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
Ā 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
Ā 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
Ā 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
Ā 
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024StefanoLambiase
Ā 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
Ā 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
Ā 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
Ā 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
Ā 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
Ā 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
Ā 
GOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdfGOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdfAlina Yurenko
Ā 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
Ā 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
Ā 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
Ā 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
Ā 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
Ā 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
Ā 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
Ā 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
Ā 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Ā 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Ā 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Ā 
Call Girls In Mukherjee Nagar šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SE...
Call Girls In Mukherjee Nagar šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SE...Call Girls In Mukherjee Nagar šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SE...
Call Girls In Mukherjee Nagar šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SE...
Ā 
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Ā 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
Ā 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
Ā 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Ā 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
Ā 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
Ā 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
Ā 
GOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdfGOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM ā€“ DEVOXX GREECE.pdf
Ā 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Ā 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
Ā 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
Ā 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
Ā 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
Ā 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
Ā 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
Ā 

How "mov

  • 1. mov is Turing-complete Authored by: Stephen Dolan (PhD Candidate) 19 July 2013 Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf Practical implementation by: Chris Domas Papers We Love #14 (26 Oct 2015) By: Yeo Kheng Meng (yeokm1@gmail.com) https://github.com/yeokm1/mov-is-turing-complete1
  • 2. This presentation is best viewed with the animations. 2
  • 3. How did I know of this paper? Hacker News: June 21 Link to: https://github.com/xoreaxeaxeax/movfuscator Inspired by mov is Turing-complete 3
  • 4. Schedule of presentation ā€¢ 2 parts in this presentation 1. Purely theoretical talk about the paper (~40mins) 2. How things work in practice? (~15 mins) ā€¢ Short demo using Chris Domas implementation ā€¢ Challenges of a practical implementation 4
  • 5. Motivation ā€¢ x86 instruction set is bloated ā€¢ 500 ā€“ 1000 instructions depending on sources ā€¢ Is it possible to reduce everything to one instruction? ā€¢ Initially a thought experiment by Stephen Dolan ā€¢ Actual implementation by Chris Domasā€™s Movfuscator ā€¢ https://github.com/xoreaxeaxeax/movfuscator 5
  • 6. Some disclaimers by the paper ā€¢ Not purely mov-only ā€¢ A single ā€œjmpā€ instruction is used to loop back to the beginning ā€¢ Solved by Chris Domasā€™s implementation ā€¢ Invalid memory address 0 to halt execution ā€¢ No other forms of circumventing the rules ā€¢ No self-modifying code ā€¢ No runtime code generation 6
  • 7. Scope of the problem Title: mov is Turing-complete 1. What is a Turing machine? 2. What it means to be Turing-complete? 3. What is ā€œmovā€? 4. What it takes for ā€œmovā€ to be Turing Complete? 7
  • 8. 1. What is a Turing machine? Source: http://stackoverflow.com/a/236022 Theoretical Finite State Machine (FSM) model Characteristics Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Head (Scanner) ā€¢ Reads/Writes to cells ā€¢ Can move left/right to next cell State register ā€¢ Remember current state of FSM Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table8
  • 9. 2. What it means to be Turing-complete? A programming language must be able to compute any problem a Turing machine can. -> Have the same characteristics as a Turing machine Characteristics Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Head (Scanner) ā€¢ Reads/Writes to cells ā€¢ Can move left/right to next cell State register ā€¢ Remember current state of FSM Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table 9
  • 10. 3. What is mov? ā€¢ x86 assembly instruction to move contents from one location to another. ā€¢ General syntax : mov destination, source ā€¢ Copies (not cut) from source to destination ā€¢ Comes in 5 forms Syntax Explanation mov Rdest, Rsrc Register <- Register mov Rdest, c Register <- Constant mov [Rsrc + Roffset], c Memory <- Constant mov Rdest, [Rsrc + Roffset] Register <- Memory mov [Rdest + Roffset], Rsrc Memory <- Register Square[x] brackets means memory access at location index specified by x. 10
  • 11. 4. What it takes for ā€œmovā€ to be Turing Complete? Turing Machine Characteristics In context of mov-only instruction Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet ??? Head (Scanner) ā€¢ Reads/Writes to cells ā€¢ Can move left/right to next cell Read/Write to memory at multiple locations ā€¢ mov State register ā€¢ Remember current state of FSM Just reserve one register to remember state Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol ???? Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ??? ļƒ¼ ļƒ¼ 11
  • 12. What we have to do? Unfulfilled Turing characteristics Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table 12
  • 13. Building our Turing machine 13
  • 14. Designing the tape Unfulfilled Turing characteristic Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Current Symbol | Null Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Left Symbol 3 | Point to Left symbol 4 Left Symbol 4 | Point to Left symbol 5 Right Symbol 3 | Point to Right symbol 4 Right Symbol 4 | Point to Right symbol 5 Left Stack Right Stack ā€¢ Current symbol ā€¢ Left/Right stack to hold everything ā€¢ Each symbol cell holds 2 things 1. Pointer to symbol value 2. Pointer to next cell <= Move tape to the left <= Current symbol goes left : : Left Symbol 0 | Point to Left symbol 1 Current Symbol | Null 14
  • 15. Designing the tape Unfulfilled Turing characteristic Operates on tape ā€¢ Finite length ā€¢ Divided into cells ā€¢ Each cell contains symbol of finite alphabet Current Symbol | Null Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Left Symbol 3 | Point to Left symbol 4 Left Symbol 4 | Point to Left symbol 5 Right Symbol 3 | Point to Right symbol 4 Right Symbol 4 | Point to Right symbol 5 Left Stack Right Stack ā€¢ Current symbol ā€¢ Left/Right stack to hold everything ā€¢ Each symbol cell holds 2 things 1. Pointer to symbol value 2. Pointer to next cell => Move tape right => Current symbol goes right : : Right Symbol 0 | Point to Right symbol 1 Current Symbol | Null 15
  • 16. Designing the transition state table ā€¢ Table of linked cells, easier for mov to use ā€¢ Each cell contains a value and points to next cell ā€¢ N: Dummy pointer indicating end of list Unfulfilled Turing characteristic Transition state table ā€¢ Lookup next state & symbol, tape direction based on current state & symbol Current State Qx Points to Trigger symbol of possible transition | Point to alternative transition cell Trigger symbol | Point to new symbol cell New symbol | Point to direction cell Direction | Point to next state cell Next State | End of list State Q0 State Q1 16
  • 17. Now to the mov stuff 17
  • 18. Equality checking (Problem) ā€¢ We want to check if Ri == Rj? ā€¢ Output result of comparison 0/1 register Rk 18
  • 19. Equality checking (Example 1) ā€¢ Assume both are equal at Ri = Rj = 6 ā€¢ We want to check if Ri == Rj. ā€¢ Expected output at register Rk = 1 ā€¢ mov [Ri], 0 -> mov [6], 0 ā€¢ mov [Rj], 1 -> mov [6], 1 ā€¢ mov Rk, [Ri] -> mov Rk, [6] Mem Address 0 1 2 3 4 5 6 7 8 Contents - - - - - - - - Register Contents Rk (Result) Ri 6 Rj 6 ā€¦ ā€¦ 01 Memory address range of the machine 1 - 19
  • 20. Equality checking (Example 2) ā€¢ Assume both are NOT equal at Ri = 5, Rj = 2 ā€¢ We want to check if Ri == Rj. ā€¢ Expected output at register Rk = 0 ā€¢ mov [Ri], 0 -> mov [5], 0 ā€¢ mov [Rj], 1 -> mov [2], 1 ā€¢ mov Rk, [Ri] -> mov Rk, [5] Mem Address 0 1 2 3 4 5 6 7 8 Contents - - - - - - - Register Contents Rk (Result) Ri 5 Rj 2 ā€¦ ā€¦ 01 Memory address range of the machine 0 - - 20
  • 21. Value selection ā€¢ Given Rc being 0 or 1, pick either value Ra or Rb ā€¢ Put result in Rd ā€¢ We can use Rlookup as start index of ā€œlookup-tableā€ ā€¢ mov [Rlookup], Ra ā€¢ mov [Rlookup + 1], Rb ā€¢ mov Rd, [Rlookup + Rc] // Rc is 0 or 1 ā€¢ If Rc == 0 : Rd = Ra ā€¢ Else: Rd = Rb Lookup Addresses Rlookup Rlookup + 1 Contents Lookup table - -Ra Rb 21
  • 22. Our architecture so far Setting aside some registers Register Purpose SYMBOL Pointer to current symbol read from tape LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested (First word of transition points to trigger symbol) LOOKUP Points to lookup table (scratch space) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table 22
  • 23. Logic Process Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL Pointer to current symbol read from tape LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ ā€¦ Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table 23
  • 24. Logic Process (Step: 1 & 2) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL Pointer to current symbol read from tape LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) ā€¦ ā€¦ Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Consult transition state table ā€¢ Retrieve current symbol, compare with trigger symbol ā€¢ Extra temporary registers X, Y & M ā€¢ mov X, [SYMBOL] // get current symbol ā€¢ mov Y, [CTRANS] // get pointer to trigger symbol ā€¢ mov Y, [Y] // get trigger symbol ā€¢ mov [X], 0 //Put 0 inside memory using Y as index ā€¢ mov [Y], 1 //Put 1 inside memory using X as index ā€¢ mov M, [X] //M gets 0/1 depending on equality Pointer to trigger symbolTrigger symbol Current symbolX (Temp) Y (Temp) 1 if equal, 0 otherwiseM (Result) 24
  • 25. Logic Process (Step: 3) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Modify the symbol ā€¢ M from Step 2. Extra temporary registers X, Y, Z. ā€¢ Choose between current/new symbol -> write symbol ā€¢ mov X, [CTRANS] // get pointer to trigger symbol ā€¢ mov X, [X + 1] // Load pointer to new symbol by skipping trigger symbol ā€¢ mov X, [X] // load new symbol ā€¢ mov Y, [SYMBOL] // load old symbol ā€¢ mov [LOOKUP], Y //determine new symbol == X/Y? ā€¢ mov [LOOKUP + 1], X ā€¢ mov Z, [LOOKUP + M] ā€¢ mov [SYMBOL], Z //write the selected symbol back Pointer to trigger symbol Old symbol X (Temp) Y (Temp) Pointer to new symbolNew symbol Result 0/1 of transition comparison from Step 2M (Match) Z (Temp) Y X Selected new symbol value from X or Y Pointer to current symbol read from tape 25
  • 26. Logic Process (Step: 4.1) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Load tape direction of transition, regardless of transition matching ā€¢ M from Step 2. Result register D to choose direction. ā€¢ mov D, [CTRANS] // get pointer to trigger symbol ā€¢ mov D, [D+1] // load new symbol pointer ā€¢ mov D, [D+1] //load direction pointer ā€¢ mov D, [D] // load direction Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 D (Result) Pointer to trigger symbolPointer to new symbolPointer to directionDirection value 0/1 26
  • 27. Current Symbol | Point to Left/Right symbol 1 Logic Process (Step: 4.2) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Depending on tape direction, push current symbol cell into stack ā€¢ M from Step 2, D from Step 4.1, Temporary Register X. ā€¢ //Get the first cell from left/right stack as next cell for current symbol ā€¢ mov [LOOKUP], LEFT ā€¢ mov [LOOKUP + 1], RIGHT ā€¢ mov X, [LOOKUP + D] ā€¢ mov [SYMBOL + 1], X //Point the current symbolā€™s next pointer to the next cell ā€¢ //Select new value for first symbol LEFT ā€¢ mov [LOOKUP], SYMBOL ā€¢ mov [LOOKUP + 1], LEFT ā€¢ mov LEFT, [LOOKUP + D] ā€¢ //Select new value for first symbol RIGHT ā€¢ mov [LOOKUP], RIGHT ā€¢ mov [LOOKUP +1] , SYMBOL ā€¢ mov RIGHT, [LOOKUP + D] Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 D (Result) Direction value 0/1 from Step 4.1 X (Temp) Pointer to first cell of left/right stack Left RightSymbol LeftRight Symbol 27
  • 28. Current Symbol | Point to Left/Right symbol 1 Logic Process (Step: 4.3) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Preparation to pop stack ā€¢ Invert Register D if no movement is actually required i.e. M == 0 ā€¢ M from Step 2, D from Step 4.1, Temporary Register X. ā€¢ //Put negation of D into X ā€¢ mov [LOOKUP], 1 //Reverse order of selection ā€¢ mov [LOOKUP + 1], 0 //Reverse order of selection ā€¢ mov X, [LOOKUP + D] ā€¢ //Use M to select between D or X (D-negation) ā€¢ mov [LOOKUP], X ā€¢ mov [LOOKUP +1], D ā€¢ mov D, [LOOKUP + M] Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 D (Result) Direction value 0/1 from Step 4.1 X (Temp) Negation of D 1 0X (D-negation) D Direction value to determine pop decision 28
  • 29. Left symbol 0 | Point to Left symbol 1 Logic Process (Step: 4.4) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ We need a new current symbol, pop a cell from one side based on D ā€¢ D from Step 4.3, Temporary Register X. ā€¢ //Select new value for SYMBOL from either LEFT or RIGHT stack ā€¢ mov [LOOKUP], RIGHT ā€¢ mov [LOOKUP + 1], LEFT ā€¢ mov SYMBOL, [LOOKUP + D] ā€¢ mov X, [SYMBOL + 1] //Find new top of stack ā€¢ //Find new top value for LEFT ā€¢ mov [LOOKUP], LEFT ā€¢ mov [LOOKUP + 1], X ā€¢ mov LEFT, [LOOKUP + D] //If D == 1, we just popped the left stack, set X to LEFT ā€¢ //Find new value for RIGHT ā€¢ mov [LOOKUP], X ā€¢ mov [LOOKUP + 1], RIGHT ā€¢ mov RIGHT, [LOOKUP + D] //If D == 0, we just popped the right stack, set X to RIGHT Pointer to current symbol read from tape D (Result) X (Temp) Direction value to determine pop decision Right symbol 0 | Point to Right symbol 1 Top value of stack we popped from Right Left Current Symbol | Point to Left/Right symbol 1 Left XX Right 29
  • 30. Logic Process (Step: 5) Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Find next transition ā€¢ M from Step 2, Temporary Registers X & Y. ā€¢ If current transition matches, go to first transition of next state, ā€¢ else, go to next transition of current state ā€¢ //get next transition of current state ā€¢ mov X, [CTRANS + 1] ā€¢ //get first transition of next state ā€¢ mov Y, [CTRANS] //get current transition ā€¢ mov Y, [Y + 1] //skip trigger symbol ā€¢ mov Y, [Y + 1] //skip new symbol ā€¢ mov Y, [Y + 1] //skip direction ā€¢ mov Y, [Y] //Select next transition ā€¢ mov [LOOKUP], X ā€¢ mov [LOOKUP + 1], Y ā€¢ mov CTRANS, [LOOKUP + M] Pointer to current symbol read from tape M (Match) Result 0/1 of transition comparison from Step 2 X (Temp) Y (Temp) Pointer to next transition of current state Pointer to first transition of next state X Y 30
  • 31. Logic Process (Extra Step 6) Halting the machine Current State Trigger Symbol New Symbol Tape Direction Next State Mem Address LOOKUP LOOKUP + 1 Contents Right Symbol 1 | Point to Right symbol 2 Left Symbol 1 | Point to Left symbol 2 Left Symbol 2 | Point to Left symbol 3 Right Symbol 2 | Point to Right symbol 3 Current Symbol | Null Left Symbol 3 | Point to Left symbol 4 Right Symbol 3 | Point to Right symbol 4 Tape (Left/Right Stack) Transition State Table Lookup table Register Purpose/Contents SYMBOL LEFT Pointer to first symbol on the left stack RIGHT Pointer to first symbol on the right stack CTRANS Pointer to transition to be tested LOOKUP Points to lookup table (scratch space) Logic Process 1. Read current symbol from tape 2. Consult transition state table 3. Modify the symbol 4. Move the head left/right/stay 5. Stay/Go to another state based on state table ā€¢ Halt machine if CTRANS is N ā€¢ Assume load from address 0 halts machine ā€¢ Temporary register H, X ā€¢ //Set H = 1 if CTRANS is N (end of state list or no outgoing transitions) ā€¢ mov [N], 0 ā€¢ mov [CTRANS], 1 ā€¢ mov H, [N] ā€¢ //select between 0 and N depending on H value ā€¢ mov [LOOKUP], 0 ā€¢ mov [LOOKUP + 1], N ā€¢ mov X, [LOOKUP + H] ā€¢ mov X, [X] // load from 0 or end of list. Program will terminate here if X is 0 ā€¢ jmp start //Go back to top of program Pointer to current symbol read from tape H (Temp) Whether to halt? 0:No, 1:Yes 0 N X (Temp) To test whether machine to halt 31
  • 33. Chris Domasā€™s movfuscator ā€¢ https://github.com/xoreaxeaxeax/movfuscator ā€¢ C compiler that compiles into mov instructions ā€¢ Uses LCC as frontend 33
  • 34. Why is it called movfuscator? ā€¢ To defeat reverse-engineering ā€¢ Disassembled output: GCC movfuscator 34
  • 35. Why is called movfuscator? ā€¢ Control flow graph generated by disassemblers vs Source Slide 109-110: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf Typical mov-only 35
  • 37. Our hello world program GCC (hwgcc.sh) Movcc (hwmov.sh) Compile program and run gcc -g hw.c -o hw-gcc.out && ./hw-gcc.out movcc -g hw.c -o hw-movcc.out && ./hw-movcc.out Disassemble program & output to file objdump -M intel -S -l hw-gcc.out > hw-gcc.asm objdump -M intel -S -l hw-movcc.out > hw-movcc.asm Open in sublime subl hw-gcc.asm subl hw-movcc.asm 37
  • 38. Enhancement: Remove jmp at the end ā€¢ mov cs, ax //Illegal mov instruction cannot modify code segment register ā€¢ Solution concept: ā€¢ OS raises SIGILL (illegal instruction signal) ā€¢ Code to capture SIGILL signal ā€¢ Call sigaction() to tell OS we have handled the instruction ā€¢ Reload the stack (Go back to top) Source Slide 101: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf 38
  • 39. Problem 1 : Branching ā€¢ Issue: All mov instructions always execute ā€¢ Use dummy data if mov instructions must be ignored ā€¢ start: ā€¢ 0x1000 mov ā€¦ ā€¢ 0x1004 mov ā€¦ ā€¢ 0x1008 mov ā€¦ ā€¢ 0x100c mov ā€¦ ā€¢ 0x1010 mov ā€¦ ā€¢ 0x1014 mov ā€¦ ā€¢ 0x1018 mov ā€¦ ā€¢ 0x101c mov ā€¦ ā€¢ 0x1020 mov ā€¦ ā€¢ 0x1024 mov ā€¦ ā€¢ 0x1028 mov ā€¦ ā€¢ 0x102c mov ā€¦ ā€¢ 0x1030 jmp start <- Branch from here <- to here Destination: 0x1010 Step 1: Store address 0x1010 somewhere Step 2: Switch memory pointers to dummy data Step 3: Proceed and loop around if needed Step 4: Check if this block is meant to be executed Step 5: Switch to real data and continue execution 39
  • 40. Problem 2: Arithmetic ā€¢ For eg: add32 Source Slide 133: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf Macro expansion 40
  • 41. Problem 2: Arithmetic ā€¢ For division >7000 mov instructions!!! (with the help of macros) Source Slide 141: https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf 41
  • 42. Problem 3: Speed ā€¢ Unsolvable ā€¢ Many mov instructions for a single instruction 42
  • 43. Our Fibonacci program GCC (fibgcc.sh) Movcc (fibmov.sh) Compile program gcc fib.c -o fib-gcc.out movcc fib.c -o fib-movcc.out Run ./fib-gcc.out ./fib-movcc.out 43
  • 44. The End/References ā€¢ http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf ā€¢ http://www.gwern.net/Turing-complete ā€¢ https://github.com/xoreaxeaxeax/movfuscator ā€¢ https://www.youtube.com/watch?v=R7EEoWg6Ekk 44