Chapter 7 Quiz: First Programs
No answers are provided in this file. Use GDB, NASM, and the chapter text to verify your answers.
Multiple Choice
1. After executing mov eax, 0xDEADBEEF when RAX previously contained 0xFFFFFFFF00000000, what is the complete 64-bit value of RAX?
A) 0xFFFFFFFFDEADBEEF
B) 0x00000000DEADBEEF
C) 0xDEADBEEF00000000
D) 0x00000000FFFFFFFF
2. After executing mov al, 0xFF when RAX previously contained 0x1234567800000000, what is the complete 64-bit value of RAX?
A) 0x00000000000000FF
B) 0x12345678000000FF
C) 0x123456780000FF00
D) 0x00000000FFFFFF00
3. You execute add rax, rbx where RAX = 0xFFFFFFFFFFFFFFFF and RBX = 0x0000000000000001. Which flags are set in RFLAGS after this instruction?
A) ZF=1, CF=1, OF=0, SF=0 B) ZF=1, CF=0, OF=1, SF=0 C) ZF=1, CF=1, OF=1, SF=0 D) ZF=0, CF=1, OF=0, SF=1
4. After sub rax, rax where RAX = 0x0000000000000005, what are the resulting flags?
A) CF=0, OF=0, SF=0, ZF=1 B) CF=1, OF=0, SF=0, ZF=0 C) CF=0, OF=1, SF=0, ZF=1 D) CF=0, OF=0, SF=1, ZF=0
5. Which of the following correctly explains why xor eax, eax is preferred over mov rax, 0 for zeroing RAX?
A) xor eax, eax executes faster because XOR completes in fewer clock cycles than MOV
B) xor eax, eax is a 2-byte instruction while mov rax, 0 requires 7 bytes; the processor also has special zero-detection circuitry that can eliminate the data dependency
C) xor eax, eax avoids writing to RAX so it doesn't stall the pipeline
D) xor eax, eax is the only correct way to zero a 64-bit register
6. Before a Linux x86-64 syscall, you load the syscall number in RAX and up to six arguments in RDI, RSI, RDX, and three others. What is the correct fourth argument register for a syscall (NOT for a function call)?
A) RCX B) R8 C) R10 D) R9
7. After a syscall instruction returns, which two registers are guaranteed to have been modified (clobbered) by the kernel, regardless of which syscall was invoked?
A) RAX and RDX B) RDI and RSI C) RCX and R11 D) R8 and R9
8. A program calls sys_write(1, buf, 20) (write 20 bytes to stdout). After the syscall returns, RAX contains 0xFFFFFFFFFFFFFFF2. What does this indicate?
A) 18 bytes were successfully written B) A write error occurred; the actual error code is the negated value of RAX C) 20 bytes were written and 18 bytes are still pending D) The write succeeded and RAX contains a file descriptor
9. In the naive strlen loop shown in the chapter, the instruction movzx rcx, BYTE [rdi] is used to load a byte. Why is movzx used instead of mov cl, [rdi]?
A) mov cl, [rdi] is an invalid instruction on x86-64
B) movzx rcx, BYTE [rdi] is faster because it reads 64 bits at once
C) Writing to CL (an 8-bit register) does not zero the upper 56 bits of RCX; a subsequent comparison cmp rcx, 0 could use a stale non-zero value from before the load
D) movzx automatically advances the pointer in RDI
10. The SCASB instruction scans for a byte. Its operands are implicit. Which registers does SCASB use, and what does it do to them after each execution?
A) Compares [RDI] to AL; increments or decrements RDI based on the direction flag B) Compares [RSI] to AL; increments or decrements RSI based on the direction flag C) Compares [RBX] to CL; increments RBX unconditionally D) Compares [RDI] to CL; sets ZF and leaves RDI unchanged
11. A MinOS bootloader is assembled with nasm -f bin -o boot.bin boot.asm. The source file begins with ORG 0x7C00. Which of the following best describes what ORG does in this context?
A) ORG loads the binary at address 0x7C00 when executed B) ORG tells the BIOS where to find the boot sector on disk C) ORG tells the assembler to resolve all address references as if the binary is loaded at 0x7C00, but does not itself add any bytes to the output D) ORG inserts a JMP to address 0x7C00 at the start of the binary
12. A NASM bootloader source file totals 312 bytes before the boot signature. What times directive correctly pads to byte 510 and adds the 0xAA55 boot signature?
A) times 200 db 0 then dw 0xAA55
B) times 510 - ($ - $$) db 0` then `dw 0xAA55`
C) `times 512 - ($ - $$) db 0xAA55
D) db 0xAA, 0x55 at offset 510
13. The 8-bytes-at-a-time strlen technique loads a qword and then computes t = t - 0x0101010101010101. It then ANDs the result with ~t and checks for a bit pattern. What property of this computation detects a zero byte?
A) If any byte in the qword is zero, subtracting 0x01 from it causes a borrow that sets the high bit of that byte position B) XOR of any byte with 0x01 produces 0 if the byte was zero C) Subtracting 0x0101... causes all bytes to become zero simultaneously D) The AND operation directly extracts zero bytes from the qword
14. In the MinOS bootloader, a far JMP is used immediately after the BIOS-loaded entry point. What specific problem does this far JMP solve?
A) It transitions the CPU from real mode to protected mode B) It enables the A20 line so addresses above 1 MB are accessible C) It normalizes CS to a known value (0x0000), since different BIOSes may load the bootloader with CS:IP = 0x07C0:0x0000 or 0x0000:0x7C00 D) It loads the second stage bootloader from the next disk sector
True / False
15. inc rax and dec rax do not modify the Carry Flag (CF). This is intentional: it allows INC/DEC to be used inside loops that also check CF (for example, from a prior RCRCL operation) without disturbing it.
16. In the System V AMD64 ABI, the caller is responsible for saving RAX before making a function call if it needs to use the return value after the call.
17. If sys_write is called with a count argument of 0, it will always return 0 immediately without any write occurring, and this is defined behavior in the Linux kernel.
18. The neg rax instruction sets CF to 1 unless the original value was 0 (in which case CF = 0). This allows neg to be used as a subtraction from zero that correctly sets flags.
19. After movsx rax, BYTE [rbp - 1] where the byte at [rbp - 1] is 0xFF (255 unsigned, -1 signed), RAX will contain 0xFFFFFFFFFFFFFFFF.
Short Answer
20. Write the five-instruction sequence (before the syscall) to call sys_exit(42) on Linux x86-64. Specify which register holds which value and why.
21. A function my_func needs to preserve the value of RBX across its body. Write the three-line pattern that correctly saves RBX on entry and restores it before returning, using the standard ABI mechanism.
22. Explain in one sentence each why the following two strlen implementations give different performance characteristics, even though they produce identical results:
; Version A: byte-by-byte
.loop: movzx rcx, BYTE [rdi]; test rcx, rcx; jz .done; inc rdi; jmp .loop
; Version B: 8-bytes-at-a-time
; (loads qword, uses bitmask to detect zero byte)
Bonus Question 23. The chapter shows that sys_write to stdout may write fewer bytes than requested (partial write). Write pseudocode (in any language or as assembly comments) for a write_all wrapper that loops until all bytes are written or an error occurs. What specific condition do you check on each iteration to determine whether to continue looping?
Bonus Question 24. The MinOS bootloader uses BITS 16 at the top of the file. Explain what BITS 16 tells NASM, and what would happen if you accidentally omitted it — specifically, what would change about how NASM encodes a simple instruction like mov ax, 0?