X86-assembly/Instructions/rdtsc

From aldeid
Jump to navigation Jump to search
You might also see: Read Time Stamp Counter (RDTSC)
You are here:
rdtsc

Description

  • The rdtsc (Read Time-Stamp Counter) instruction is used to determine how many CPU ticks took place since the processor was reset.
  • Loads the current value of the processor's time-stamp counter into the EDX:EAX registers
  • It is commonly used as a timing defense (anti-debugging technique).

Opcode

0F 31

Flags affected

None

Example

rdtsc                       ; get current timestamp (saved in a 64 bit value: EDX [first half], EAX [second half])
xor ecx,ecx                 ; sets ECX to zero
add ecx,eax                 ; save timestamp to ECX
rdtsc                       ; get another timestamp
sub eax,ecx                 ; compute elapsed ticks
cmp eax,0FFF
jb short bintext.0041B652   ; jump if less than FFF ticks (assumes that program is not running under a debugging tool)
rdtsc
push eax
retn                        ; else, jump to bad location to make the program crash

Comments

Retrieved from "https://www.aldeid.com/w/index.php?title=X86-assembly/Instructions/rdtsc&oldid=30985"