int 0x03 vs int3

[gregkatz]

In the primer, you mention int 0x03 ("\xcc"). But that doesn't seem to really be the case, at least not with nasm. I think you have to use int3 to get it to assemble to \xcc.

(If this was done intentionally as part of the challenge, please disregard.)

Also, I was wondering if you could answer a question about the difference between \xcc and \xcd\x03? In the shortest challenge, I noticed using \xcd\x03 instead of \xcc puts a different value in my eax register. Any idea why? I think the answer is somewhere in this passage from the Intel manual Vol. 2A 3-457:

The INT 3 instruction generates a special one byte opcode (CC) that is intended for calling the debug exception handler. (This one byte form is valuable because it can be used to replace the first byte of any instruction with a breakpoint, including other one byte instructions, without over-writing other code). To further support its function as a debug breakpoint, the interrupt generated with the CC opcode also differs from the regular software interrupts as follows: *Interrupt redirection does not happen when in VME mode; the interrupt is handled by a protected-mode handler. *The virtual-8086 mode IOPL checks do not occur. The interrupt is taken without faulting at any IOPL level. Note that the “normal” 2-byte opcode for INT 3 (CD03) does not have these special features