xchg rax, rax – 0x04
Moving along onto page 0x04, we have something different from our last two. It’s also quite short:
That’s it, in its entirety. The al register is the lower 8 bits of the eax/rax register. Let’s demonstrate with LLDB:
register write rax 0x123456789abcdef0
rax = 0x123456789abcdef0
eax = 0x9abcdef0
ax = 0xdef0
ah = 0xde
al = 0xf0
OK, so now we know what the al register is. Now its a matter of trying to figure out what the purpose of xor’ing it with 0x20 might be. Let’s see how 0x20 might be special. It helps to look at it in a few different base representations. 0x20 is base-16, and in base-10 it’s 32, and in binary it’s b00100000. Exactly one bit. So what the xor is doing is toggling the 6th bit.
That information alone is enough to Google what the intention is. Before you do though, here’s a hint. Take a look at an ASCII table, and look at the letters in binary form.
Letter | Binary |
---|---|
A | b01000001 |
a | b01100001 |
B | b01000010 |
b | b01100010 |
C | b01000011 |
c | b01100011 |
etc… |
Thanks to the handy layout of the ASCII table, we can see that the xor toggles whether a letter is uppercase or lowercase.