Menu
I was going through some disassembly of a CRT library (the SEH prolog in particular) when I suddenly came across this strange instruction bnd ret. Can anyone explain the meaning of the f2 prefix right before c3 (ret opcode)?
729
The BND prefix is part of Intel MPX (Memory Protection Extensions) and indicates the return target (or in general the branch target, as BND can be applied to any control flow instruction) should be checked against the bounds specified in the BND0 to BND3 registers, else an exception will be generated -- indicating a potential stack overflow, programming error or malicious code attack.
On processors that do not support Intel MPX, or when MPX is disabled, the BND prefix behaves as a no-op, so there is no need to compile two versions of the code (one with and one without BND prefixes).
Note that the encoding of the BND prefix is the same as that of the REPNE prefix (both are F2h), so older disassemblers that don't know about MPX yet, may show this instruction sequence as REPNE RET (or REPNE JMP, REPNE CALL, etc.). This use is unrelated to the REP RET idiom where the prefix is assumed to have no-op behavior and is used purely to work around a performance issue on older CPUs.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
