Opcodism: The Art of Opcodes
Fascinated by Kazimir Malevich’s Black Square I created the new art genre with the following two artistic installations:
A Pause before Crash
This is 1Mb of PAUSE instructions without the point of return:
_text SEGMENT
main PROC
DW 100000h DUP (90f3h)
main ENDP
_text ENDS
END
When launched it crashes:
0:000> kL
Child-SP RetAddr Call Site
00000000`0012ff58 00000000`7704be3d 1MbPause+0x201011
00000000`0012ff60 00000000`77256a51 kernel32!BaseThreadInitThunk+0xd
00000000`0012ff90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
0:000> ub rip
1MbPause+0x201002:
00000001`40201002 f390 pause
00000001`40201004 f390 pause
00000001`40201006 f390 pause
00000001`40201008 f390 pause
00000001`4020100a f390 pause
00000001`4020100c f390 pause
00000001`4020100e f390 pause
00000001`40201010 cc int 3
You can download the source code, PDB and 64-bit EXE from here:
Do Nothing and Crash
This is 1Mb of NOP instructions without the point of return:
_text SEGMENT
main PROC
DB 100000h DUP (90h)
main ENDP
_text ENDS
END
When launched it crashes too:
0:000> kL
Child-SP RetAddr Call Site
00000000`0012ff58 00000000`7704be3d 1MbNop+0x101011
00000000`0012ff60 00000000`77256a51 kernel32!BaseThreadInitThunk+0xd
00000000`0012ff90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
0:000> ub rip
1MbNop+0x101009:
00000001`40101009 90 nop
00000001`4010100a 90 nop
00000001`4010100b 90 nop
00000001`4010100c 90 nop
00000001`4010100d 90 nop
00000001`4010100e 90 nop
00000001`4010100f 90 nop
00000001`40101010 cc int 3
You can download the source code, PDB and 64-bit EXE from here:
The earliest opcodism binary was created on October 25th, 2006 that I now call Nothingness and Crash: The Smallest Program.
- Dmitry Vostokov @ DumpAnalysis.org -
September 28th, 2009 at 10:47 pm
The assembler is clearly surrounding your 1mb of NOP/Pause instructions with TRAP instructions. There’s not much to it.
September 29th, 2009 at 6:48 am
To Anonymous: of course all works of art can be reduced to their chemical and physical components…
September 30th, 2009 at 4:25 pm
[…] Opcodism art is not only limited to binaries. It also provides beautiful color illustrations of processor opcodes and instructions. In this post I provide illustrations of NOP, PAUSE and INT 3 instructions generated by Dump2Picture from memory dump images of crashed 1MbNop and 1MbPause processes. […]
October 12th, 2009 at 4:09 pm
IEFBR14
Is the name of the shortest program writtern for the IBM-360 system. It was a single instruction long - a return instruction. It was used because the IBM job control language required you to run a program for each step in its job language, so if all you needed was to cause side effects to happen (such as copying files, etc.) you would use IEFBR14 as a sort of single shot null job to move things along.
IEFBR14 had a bug in it. It returned garbage in one of the registers where a result code of 0 was expected to be returned so the operating system would know that the job finished or failed.
They had to issue a revision that doubled the size of the program! A clear instruction, followed by the return instruction.
There was a rule of thumb that said software cost $10 a line to write. I always wondered if the author got a check from IBM for that amount, and how many times more then $10 it must have cost to have reported the bug, authorize the change, test it, and release the fix.
October 14th, 2009 at 2:38 pm
I still remember that in 1987 I encountered a PDP-11 clone and wanted to learn about its assembly language, went to a university library and took 2 volume assembly language book. After 2 weeks I finally realized that I was reading a book about IBM-360
The suspicion aroused when I couldn’t find any reference to EBCDIC on PDP-11…