Develop Reference

Assembly safes and keys- why it won't work?

So we have like this safes challenge in assembly, you need to create safes and keys that will break them and end the infinite loop.
Here's an example for a safe:
loopy:
mov ax, [1900]
cmp ax,1234
jne loopy
and a key:
loopy2:
mov ax, 1234
mov [1900],ax
jmp loopy2
So I have a safe and a key, and I don't understand why it doesn't work:
here's my safe:
org 100h
mySafe:
mov dx,5
mov ax, [5768h]
mov bx,7
mov word [180h],2
mul word [180h]
mov [180h],bx
push ax
dec bx
mov cx,dx
mov ax,dx
loopy1:
add bx,ax
loop loopy1
dec bx
pop ax
add ax,bx
mul word [180h]
cmp ax,350
jne mySafe
And here's my key:
org 100h
loopy:
mov word [5768h],10
jmp loopy
ret
The right answer to break the loop should be 10 and it works when I put in on the safe, somehow with the key it doesn't work and I can't figure out why..
(the "word" is needed for nasm)

The value in dx used as the counter for the loop instruction comes from the first mul instruction.
This multiplication is just doubling the key, so dx is either 0 or 1 (an easy way to see this is to think of the multiplication as a left shift by one or by remembering that the sum of two n-bit numbers has at most n+1 bits)
If dx is zero, the whole loopy1 block does nothing (as dx also sets ax) and the value in ax at the end of the safe is 7*(5 +2k) where k is the key (see the commented code below).
It is then easy to see that 350 = 7*(5+2k) => 2k = 45 has no solution. Therefore no key for which dx is zero can unlock the safe.
A key has dx 0 iif its value is less than 32768 (again, this is easy to see when thinking of the multiplication as a left shift by one).
Corollary: 10 cannot be a solution.
safe:
mov dx,5
mov ax, [k] ;ax = k (key)
mov bx,7
mov word [aux],2
mul word [aux] ;dx = 0 ax = 2k
mov [aux],bx ;aux = 7
push ax ;ax = 2k
dec bx ;bx = 6
dec bx ;bx = 5
pop ax ;ax = 2k
add ax,bx ;ax = 5 + 2k
mul word [aux] ;ax = 7*(5 +2k)
cmp ax,350
ret
If there is a key that unlocks the safe then it must be greater or equal to 32768 so that dx is 1 after the first multiplication.
With this condition, the value in ax at the end of the safe can be written as 7*(6 + (2k & 0xffff)) => k & 0x7fff = 22.
Adding the condition stated at the very beginning of this section, the final value for k is 32768 + 22 = 32790 or 0x8016 in hex.
I've leaped quite a few logical steps in manipulating the equation and forming the result but, again, thinking of 2k as a shift may help visualize them.
Corollary: Due to the algebraic structure involved, this is the only solution.
safe:
mov dx,5
mov ax, [k] ;ax = k
mov bx,7
mov word [aux],2
mul word [aux] ;dx:ax = 2k
mov [aux],bx ;[aux] = 7
push ax ;dx = 1 ax = 2k & 0xffff
dec bx ;bx = 6
mov cx,dx ;cx = 1
mov ax,dx ;ax = 1
loopy1:
add bx,ax ;bx = 6 + 1
dec cx
jnz loopy1
dec bx ;bx = 6
pop ax ;ax = 2k & 0xffff
add ax,bx ;ax = 6 + (2k & 0xffff)
mul word [aux] ;ax = 7*(6 + (2k & 0xffff))
cmp ax,350
ret
Considering that you have a mov dx, 5 before the first multiplication, did you (or the author of the safe) forget that mul affects dx?
If you wrap the first mul in push dx / pop dx (or just move mov dx, 5 after it), you would get, at the end of the safe, a value in ax equals to 7*(30 +2k) which implies k = 10 indeed.

Sorting a list of ten numbers with selection sort in assembly language

sorting a list of ten numbers with selection sort in assembly language.
How does i convert this bubble sort method into selection sort method
`[org 0x0100]
jmp start
data: dw 60, 55, 45, 50, 40, 35, 25, 30, 10, 0
swap: db 0
start: mov bx, 0 ; initialize array index to zero
mov byte [swap], 0 ; rest swap flag to no swaps
loop1: mov ax, [data+bx] ; load number in ax
cmp ax, [data+bx+2] ; compare with next number
jbe noswap ; no swap if already in order
mov dx, [data+bx+2] ; load second element in dx
mov [data+bx+2], ax ; store first number in second
mov [data+bx], dx ; store second number in first
mov byte [swap], 1 ; flag that a swap has been done
noswap: add bx, 2 ; advance bx to next index
cmp bx, 18 ; are we at last index
jne loop1 ; if not compare next two
cmp byte [swap], 1 ; check if a swap has been done
je start ; if yes make another pass
mov ax, 0x4c00 ; terminate program
int 0x21`

The key here is to change your loop. Currently it's swapping adjacent numbers. You need to change it to copy the rightmost element into a register, and shift the pre-existing sorted array to the right until the element you just shifted is greater than or equal to the previously rightmost element you just copied into your register.

Maybe this will be helpfull. I wrote this a long time ago. Realmode intel assembler.
MAIN.ASM
SSTACK SEGMENT PARA STACK 'STACK'
DW 128 DUP(?)
SSTACK ENDS
DSEG SEGMENT PUBLIC 'DATA'
S LABEL BYTE
ARR DB 'IHGFED27182392JASKD1O12312345CBA'
LEN EQU ($-S)
PUBLIC TMP
PUBLIC MIN
TMP DW ?
MIN DW ?
DSEG ENDS
CSEG SEGMENT 'CODE'
ASSUME CS:CSEG, SS:SSTACK, DS:DSEG
EXTRN OUTPUT:NEAR
EXTRN SORT:NEAR
START: MOV AX, DSEG
MOV DS, AX
MOV BX, OFFSET ARR
MOV CX, LEN
CALL OUTPUT
MOV AX, 60
CMP AX, 0
JZ NO_SORT
CMP AX, 1
JZ NO_SORT
MOV BX, OFFSET ARR
MOV CX, LEN
CALL SORT
NO_SORT: MOV BX, OFFSET ARR
MOV CX, LEN
CALL OUTPUT
MOV AH, 4CH
MOV AL, 0
INT 21H
CSEG ENDS
END START
SORT.ASM
DSEG SEGMENT PUBLIC 'DATA'
EXTRN TMP:WORD
EXTRN MIN:WORD
DSEG ENDS
CSEG SEGMENT 'CODE'
ASSUME CS:CSEG, DS:DSEG
PUBLIC SORT
SORT PROC; (AX - N, BX - ARRAY ADDRESS, CX - ARRAY LENGTH)
PUSH SI
PUSH DI
PUSH DX
CALL COMPARE_MIN
DEC CX
MOV AX, CX
XOR SI, SI
XOR DI, DI
L1:
PUSH CX
MOV MIN, SI
MOV TMP, DI
INC DI
MOV CX, AX
L2:
MOV DH, BYTE PTR[BX+DI]
PUSH SI
MOV SI, MIN
MOV DL, BYTE PTR[BX+SI]
POP SI
CMP DH, DL
JA OLD_MIN
NEW_MIN: MOV MIN, DI
OLD_MIN: INC DI
DEC CX
CMP CX, TMP
JNZ L2
SWAP: PUSH DI
MOV DI, MIN
MOV DL, BYTE PTR[BX+DI]
MOV DH, BYTE PTR[BX+SI]
MOV BYTE PTR [BX+SI], DL
MOV BYTE PTR [BX+DI], DH
POP DI
INC SI
MOV DI, SI
POP CX
LOOP L1
POP DX
POP DI
POP DI
RET
SORT ENDP
COMPARE_MIN PROC; (AX - A, CX - B CX - MIN)
PUSH AX
CMP AX, CX
JB B__A
JA A__B
A__B: MOV CX, CX
JMP EX
B__A: MOV CX, AX
JMP EX
EX: POP AX
RET
COMPARE_MIN ENDP
CSEG ENDS
END
OUTPUT.ASM
CSEG SEGMENT 'CODE'
ASSUME CS:CSEG
PUBLIC OUTPUT
OUTPUT PROC ; (BX - ARRAY ADDRESS, CX - ARRAY LENGTH)
PUSH DX
PUSH SI
PUSH AX
XOR SI, SI
MOV AH, 02H
OUTARR: MOV DL,[BX+SI]
INT 21H
INC SI
LOOP OUTARR
MOV DL, 10
INT 21H
POP AX
POP SI
POP DX
RET
OUTPUT ENDP
CSEG ENDS
END

Jumping to random code when using IDIV

I am relatively new to assembler, but when creating code what works with arrays and calculates the average of each row, I encountered a problem that suggests I don't know how division really works. This is my code:
.model tiny
.code
.startup
Org 100h
Jmp Short Start
N Equ 2 ;columns
M Equ 3 ;rows
Matrix DW 2, 2, 3 ; elements
DW 4, 6, 6 ; elements]
Vector DW M Dup (?)
S Equ Type Matrix
Start:
Mov Cx, M;20
Lea Di, Vector
Xor Si, Si
Cols: Push Cx
Mov Cx, N
Xor Bx, Bx
Xor Ax, Ax
Rows:
Add Ax, Matrix[Bx][Si]
Next:
Add Bx, S*M
Loop Rows
Add Si, S
Mov [Di], Ax
Add Di, S
Pop Cx
Loop Cols
Xor Bx, Bx
Mov Cx, M
Mov DX, 2
Print: Mov Ax, Vector[Bx]
IDiv Dx; div/idiv error here
Add Bx, S
Loop Print
.exit 0
There are no errors when compiling. Elements are counted correctly, but when division happens the debugger shows the program jumping to apparently random code. Why is this happening and how can I resolve it?

If you use x86 architecture, IDiv with 16-bit operand will also take Dx as a part of the integer to be divided and throw an exception (interrupt) if the quotient is too large to fit in 16bits.
Try something like this:
Mov Di, 2
Print: Mov Ax, Vector[Bx]
Cwd ; sign extend Ax to Dx:Ax
IDiv Di

Find the two largest numbers passed on the stack and multiply them, return DX:AX pair

I have an assignment where we are passed 4 values on the stack (v1, v2, v3, v4), are to find the two largest values out of the four, and then multiply them together to return the DX:AX pair.
This is the code that I have come up with so far, comparing all the values to one another and storing the highest value in AX and the second highest value in BX. The problem is that the code hangs when tested in DOSbox, and I'm not sure what is causing it.
EDIT: Finished and working!
;---------------------------------------
;
; Code Segment
;
;---------------------------------------
_linkhll:
push bp ; saves the caller's bp
mov bp,sp ; loads bp from sp
MOV AX,[bp+4] ;Load v1 to AX
MOV BX,[bp+6] ;Load v2 to BX
;---------------------------------------
; Find the first largest number
;---------------------------------------
CMP AX,BX ;compare value 1 and 2
JE doubles
CMP AX,BX
JA L2 ;AX > BX, goto L2
MOV AX,BX ;make v2 the largest number
L2:MOV BX,[bp+8] ;Load v3 to BX
CMP AX,BX ;compare value AX and v3
JE doubles
CMP AX,BX
JA L3 ;AX > BX, goto L3
MOV AX,BX ;make v3 the largest number
L3:MOV BX,[bp+10] ;Load v3 to BX
CMP AX,BX ;compare value AX and v4
JE doubles
JA S1 ;AX > BX, goto L3
MOV AX,BX ;make v4 the largest number
JMP s1
doubles:
MOV CX,[bp+8] ;mov v3 to cx
CMP AX,CX ; BX > CX
JA v4bigger ; yes, skip to v4 test
MOV AX,CX ;if no, make CX the new AX
v4bigger:
MOV CX,[bp+10] ;v4 to CX
CMP BX,CX ;Compare to current highest
JA mult
MOV BX,CX
JMP mult
;---------------------------------------
; Find the second largest number
;---------------------------------------
S1:MOV BX,[bp+4] ;Load v1 to BX
MOV CX,[bp+6] ;load v2 to CX
CMP AX,BX ;compare value AX and v1
JE v2mov ;AX = BX, multiply them
CMP AX,CX ;compare value AX and v2
JE s2 ;AX = CX, mov cx to bx and multiply
CMP BX,CX ;Compare v1 and v2
JA S2 ;BX > CX goto S2
v2mov:
MOV BX,CX ; make v2 the current second highest
S2:MOV CX,[bp+8] ;load v3 to CX
CMP AX,CX ;compare value AX and v3
JE s3 ;AX = CX, goto S3
CMP BX,CX ;Compare AX and v3
JA S3 ;BX > CX goto S3
v3mov:
MOV BX,CX ;mov v3 to 2nd highest number spot
S3:MOV CX,[bp+10] ;load v4 to CX
CMP AX,CX ;compare value AX and v4
JE mult ;AX = CX, goto S3 // mult????
CMP BX,CX ;Compare AX and v3
JA mult ;BX > CX goto S3
v4mov:
MOV BX,CX ;Make v4 second highest number
mult:
MUL BX ;multiply ax by bx
POP BP
;
;
;
ret ;
;
end ;
;---------------------------------------

You're pushing bp on the stack at the start of your function. But you don't pop it off the stack before returning. Hence, when the ret instruction executes and tries to get the return address off the stack it gets the old value of bp instead.

a program works in Turbo Debugger when I step through it, but when I run it in TD or DOS it stops and Ctrl+Alt+Delete becomes the only option

The program was meant to display char table using BIOS int 10h, and it does it but only when I step through it in td. I thought that maybe while in debugger uninitialized registers contain zero, but while running they can possibly contain trash, therefore I put mov ax, 0003h instead of mov al, 3 and added xor dx, dx; but it does not works either.
.model tiny
.code
org 100h
start:
mov ax, 0003h
int 10h
xor dx, dx
mov si, 256
mov ax, 0900h
mov cx, 1
xor bh, bh
mov bl, 00011111b
cloop:
int 10h
push ax
mov ah, 2
inc dl
int 10h
mov ax, 0920h
int 10h
mov ah, 2
inc dl
int 10h
pop ax
inc al
test al, 0Fh
jnz con_loop
mov ah, 2
inc dh
xor dl, dl
int 10h
pop ax
con_loop:
dec si
jnz cloop
ret
end start

You need an additional PUSH. You should never trust BIOS/DOS/others to preserve AX even if it is not an output register.
test al,0Fh
jnz con_loop
push ax ;You forgot this!!!
mov ah,2
inc dh
xor dl,dl
int 10h
pop ax
con_loop:

You've got a pop instruction that doesn't correspond to a push:
push ax
...
pop ax
inc al
...
int 10h
pop ax <-- HERE
con_loop:
That last pop should be removed.