Above and Below vs Greater and Less in x86/x64 Architecture

There are two different "families" of integer comparison in x86 assembly language. The first one revolves around the "above" and "below" moniker, and the other one revolves around the "greater" and "less" moniker. It's not very clear what the difference between both "families" of instruction until you take into account signed and unsigned integer comparison. The "above" and "below" family of integer comparison instructions deal with unsigned integer comparison. You could verify this by looking at Intel x86/x64 manual. In the manual, you would find that the "above" and "below" instruction family only check for carry flag (CF) but not the sign flag. Let's see a copy of the instructions explanation from Intel manual:

JA rel8  -- Jump short if above (CF=0 and ZF=0).
JAE rel8 -- Jump short if above or equal(CF=0).
JB rel8 -- Jump short if below (CF=1).
JBE rel8 -- Jump short if below or equal(CF=1 or ZF=1).

As you can see, there's no check for sign flag in the instructions above. Therefore, they are all unsigned comparison. Now, let's have a look to the other family, the "greater" and "less". Again, let's see a copy of the instructions explanation from Intel x86/x64 manual:

JG rel8 -- Jump short if greater (ZF=0 and SF=OF).
JGE rel8 -- Jump short if greater or equal (SF=OF).
JL rel8 -- Jump short if less (SF‚ OF).
JLE rel8 A -- Jump short if less or equal (ZF=1 or SF‚ OF).

As you can see, all of the "greater" and "less" comparison checks against the sign flag (SF). Therefore, they're all signed integer comparison. The difference between the two "families" of instruction could be easily overlooked by those new to x86/x64 assembly language. I hope this post clarify that.

Thoughts on Having Access to Official BIOS Source Code

I have access to official AMI BIOS Core8 source code for more than a year now,
due to one of my work. I think it's good to share the ups and downs of having access to such source code. 

It's nice to have BIOS source code at your hand because you can do a lot of things.
However, having access to the source code doesn't equal understanding the code any better. 
It's quite a steep learning curve to understand how to use the development tools and 
also some code requires you to understand various hardware protocol to have a sense on it. 


Of course, having reversed some BIOS binaries helped me. But, it also produces unwanted effects.
Sometimes, I tend to use "binary surgical" approach instead of trying to use the existing development tools, 
which in the end produces ugly kludge. It takes sometime for me to get used to the development tools.
Overall, though I can say that I learned a lot from the source code.

The Mebromi BIOS Rootkit Hype: An adapted version of Kris Kaspesky ISA ROM shell coders?

Is the Mebromi BIOS Rootkit hype is based on an adapted version of Kris Kaspesky ISA ROM shell coders?


Well, this is probably one of the most hillarious thing that ever happened if it's true. I need to investigate further. I cannot say for sure until further evidence confirm my suspicion. From quick glimpse, it looks like infecting the IVT of Windows XP (probably I'm wrong) . So, stay tuned!

Tweeting New Articles

I'm starting to tweet link to articles I'm writing. I've been too busy lately. Probably that should be enough for sometime. You could follow the update over at twitter @Pinczakko. Of course, this blog will still be more in-depth.