Menu
I want to simulate a iret condition on a Linux x86_64 server. I found there are three instructions
I can't tell the difference of them,and which one to use. thanks for anyone's help!!
I have another question about simulate iret,can you have a look?http://stackoverflow.com/questions/11756274/how-to-simulate-a-iret-on-linux-x86-64
774
iret reverses the operation of an INT or CALL that caused the task switch if NT equals 1. The task executing iret is updated and saved in its task segment. The code that follows iret is executed if the task is re-entered.
The IRET instruction is used to exit from an interrupt procedure while RET is to return from an subroutine. IRET is similar to RET except that RET will just pop two bytes to PC while IRET will reset the interrupt enable (IEN) flip flop and two bytes will be popped from the stack.
The IRET instruction is used at the end of an interrupt service procedure to return execution to the interrupted program. To do this return, the 8086 copies the saved value of IP from the stack to IP, the stored value of CS from the stack to CS, and the stored value of the flags back to the flag register.
From this link:
IRET returns from an interrupt (hardware or software) by means of popping IP (or EIP), CS, and the flags off the stack and then continuing execution from the new CS:IP.
IRETW pops IP, CS and the flags as 2 bytes each, taking 6 bytes off the stack in total. IRETD pops EIP as 4 bytes, pops a further 4 bytes of which the top two are discarded and the bottom two go into CS, and pops the flags as 4 bytes as well, taking 12 bytes off the stack.
IRET is a shorthand for either IRETW or IRETD, depending on the default BITS setting at the time.
Very similar is also for IRETQ
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
