10NES
aliases: 10NES handshake
The lock-and-key "handshake" software that runs on the NES's Checking Integrated Circuit (CIC).
Glossary
604 technical terms used across Virtus Cyber Academy courses. Each entry has a short definition, the chapter that teaches it in depth, and cross-links to related terms. The same definitions appear as rollover popovers when you hover or tap any underlined term inside a course page.
604 entries
1
2
2A03
aliases: RP2A03G
Shorthand for RP2A03G, the IC package that contains both the Famicom's modified 6502 CPU and custom APU.
6
6502
aliases: MOS 6502
Shorthand for the MOS Technology 6502 8-bit microprocessor. The Famicom's 2A03 package features a Ricoh-manufactured revision of this popular chip lacking decimal mode.
A
abacus
A manual calculating device that represents numbers as bead positions on rods, with separate rods for each place-value digit. Petzold's Chapter 18 opens the historical arc of calculating machines with the abacus as the earliest surviving mechanical aid to arithmetic.
accumulator
aliases: A register
A special CPU register that holds the result of arithmetic and logic operations. On the 6502 the accumulator is named A. Most arithmetic instructions read one operand from A, combine it with another value, and write the result back to A.
ACM
Airbag control module. The vehicle electronic control unit (ECU) that monitors crash sensors and triggers airbag deployment.
ACN
aliases: automated crash notification
Automated crash notification (systems). Telematics systems that automatically alert emergency services when a crash is detected.
address
aliases: memory address
A number that identifies one slot in memory. The CPU uses an address to read or write the value at that slot. On the NES the address space runs 0x0000 through 0xFFFF (64 KiB).
address-bus
The subset of bus wires that carry the address the CPU wants to read from or write to, with width determining the maximum directly-addressable memory size (16 wires = 64 KiB, 32 wires = 4 GiB, 64 wires = 16 EiB). The address is driven by the CPU on every memory transaction and decoded by the memory controller and the peripheral chip-select logic.
address-decoder
A combinational circuit at the front of a memory array that takes the address input and asserts exactly one row's select line, choosing which memory cells the data lines connect to. Petzold's Chapter 16 names the formula 'number_of_values = 2^(number_of_address_inputs)' on page 200: 3 address inputs select among 8 cells, 4 inputs among 16, 10 inputs among 1024.
address-space
aliases: address space
The OS abstraction of a process's view of memory: a private linear range of virtual addresses containing the process's code, data, heap, and stack. The OS and hardware MMU translate these to physical memory locations.
addressing-mode
aliases: addressing mode
The rule for interpreting an instruction's operand. A literal-addressing-mode operand IS the value (the 6502 prefix '#' marks immediate); an absolute-addressing-mode operand is the address of the value. The 6502 has six addressing modes; RV32I-Lite formats are the analogous concept on a modern RISC chip.
AES-cipher
Advanced Encryption Standard. The NIST-standardized symmetric block cipher (FIPS 197) used widely in modern cryptography.
ALGOL
ALGorithmic Language, a family of high-level programming languages designed by an international committee in the late 1950s and early 1960s (ALGOL 58, ALGOL 60, ALGOL 68) whose syntax and block structure became the template for nearly every later procedural language. Petzold's Chapter 24 (p354) names ALGOL 'in many ways a seminal language, the direct ancestor of many popular general-purpose languages of the past 40 years.'
allpass-filter
aliases: allpass filter · phase equalizer
An IIR filter whose magnitude response is unity over its entire frequency range, but whose phase response is variable. Allpass filters are typically appended in cascade following a standard IIR filter to compensate for nonlinear phase response, which makes them useful as phase equalizers in communications systems.
ALU
aliases: arithmetic logic unit
Arithmetic logic unit.
ambiguous-grammar
aliases: ambiguous grammar
A context-free grammar G is ambiguous if some string is derived ambiguously, that is, has two or more different leftmost derivations in G. Some context-free languages can only be generated by ambiguous grammars; these are called inherently ambiguous.
analytical-engine
Charles Babbage's 1837 design for a general-purpose programmable mechanical computer with a store (memory), a mill (CPU), conditional branching, and program input via punched cards. The Analytical Engine was never built but its design anticipated the architectural ideas of stored-program computing by a century; Ada Lovelace's 1843 notes on the Engine are widely cited as the first computer program.
AND-gate
A logic gate whose output is 1 if and only if all inputs are 1, computing the Boolean AND function. Petzold builds the AND gate from two switches in series — current reaches the bulb only when both switches are closed. The truth table has 2^n rows for n inputs; all output 0 except the all-ones row, which outputs 1.
anti-pattern
Generally considered as bad practice.
apatedns
aliases: ApateDNS
A free Mandiant tool that runs a fake DNS server on the local machine: it accepts incoming DNS queries on UDP/53 and replies with an analyst-chosen IP, redirecting malware DNS traffic during dynamic analysis. Restores the original local DNS settings on exit.
API
aliases: application programming interface
Application programming interface.
APU
aliases: Audio Processing Unit
The Famicom's programmable sound generator, which has five dedicated channels: triangle, noise, two pulses, and delta modulation.
ASCII
American Standard Code for Information Interchange.
ASIC
aliases: application-specific integrated circuit
An integrated circuit designed and manufactured for a specific, often proprietary, purpose. Nintendo's custom memory management controllers (e.g., MMC1) are ASICs.
ASIL
aliases: Automotive Safety Integrity Level
Automotive Safety Integrity Level. ISO 26262 risk classification (A through D) for automotive electronic system safety requirements.
ASK-modulation
aliases: amplitude-shift keying
Amplitude-shift keying. A modulation scheme that encodes digital data as variations in the amplitude of a carrier wave.
ASLR
aliases: address space layout randomization
Address Space Layout Randomization.
assembly-language
aliases: assembly · asm
A low-level programming language corresponding closely to its host CPU architecture.
atomic-operation
aliases: atomic operation
"ατομος" stands for "indivisible" in Greek, so an atomic operation is guaranteed not to be interrupted by other threads.
attachthreadinput
Attaches the input processing for one thread to another so that the second thread receives input events such as keyboard and mouse events. Keyloggers and other spyware use this function.
attenuation
An amplitude loss, usually measured in dB, incurred by a signal after passing through a digital filter. Filter attenuation is the ratio at a given frequency of the signal amplitude at the output divided by the signal amplitude at the input.
attribute-table
A 64-byte array located at the end of the Famicom's four name tables that designates the palette entry used for each 16x16-pixel (i.e., 2x2-tile) region of the background.
automation-petzold
Petzold's Chapter 17 thesis: a machine becomes an agent at the moment it can read its own instructions from memory rather than having a human operator drive each step from a control panel. The chapter walks the historical transition from rewired adders to stored-program computers — the move that turns a calculator into a computer.
autoruns-tool
aliases: Autoruns
A Sysinternals utility that scans every known Windows autostart location (registry Run keys, Startup folder, scheduled tasks, services, drivers, shell hooks) and lists what is configured to launch at boot or login. Used during dynamic analysis to find where a sample installed itself for persistence.
B
back-end-compiler
aliases: compiler back end
The portion of a compiler that translates an intermediate representation into the target CPU's machine code, performing instruction selection, register allocation, and target-specific optimization. A multi-target compiler shares one front-end across all targets and uses a separate back-end per CPU family; LLVM has back-ends for x86, ARM, RISC-V, MIPS, PowerPC, and dozens of others.
band-reject-filter
aliases: band reject filter · notch filter
A filter that rejects (attenuates) one frequency band and passes both a lower- and a higher-frequency band. Sometimes called a notch filter.
bandpass-filter
aliases: bandpass filter
A filter that passes one frequency band and attenuates frequencies above and below that band.
bandwidth
The frequency width of the passband of a filter. For a lowpass filter, the bandwidth is equal to the cutoff frequency. For a bandpass filter, the bandwidth is typically defined as the frequency difference between the upper and lower 3 dB points.
bank-switching
A technique used to extend the usable memory addressable by a microprocessor. In the Famicom, mappers could swap banks of ROM into the CPU's address space when values were written to a designated hardware register.
base-eight
aliases: octal
The number system with eight digits (0-7) and place values that are powers of eight. Petzold's Chapter 8 introduces octal as one of the natural groupings of binary: three binary digits encode exactly one octal digit, so a byte is two-and-two-thirds octal digits. Octal was popular on minicomputers with 12-, 24-, or 36-bit words but lost ground to hexadecimal on byte-organized machines.
base-sixteen
The number system with sixteen digits (0-9 then A-F) and place values that are powers of sixteen, the standard human notation for byte-organized computers because four binary digits encode exactly one hex digit and one byte is exactly two hex digits. Petzold's Chapter 15 names hex as 'how humans read what the hardware thinks' — the structure of opcodes, addresses, and packed bit fields is visible at a glance in hex and invisible in decimal.
base-ten
aliases: base 10
The number system that uses ten distinct digits (0-9) and positional notation with place values that are powers of ten. Petzold opens Chapter 7 with the observation that humanity's preference for base ten is an accident of having ten fingers; computers do not have fingers and have settled on base two for entirely different reasons.
base-two
The number system that uses two digits (0 and 1) and positional notation with place values that are powers of two. Petzold's Chapter 8 introduces base two as the natural representation for any electrical computing substrate — a wire is either carrying current or not, and that one bit of distinction is the basic unit a circuit can reliably read.
basic-block
aliases: basic block
A group of instructions that do not have jump/branch instructions, and also don't have jumps inside the block from the outside. In IDA it looks just like as a list of instructions without empty lines.
battery-cell
A chemical device that maintains a voltage difference between its two terminals by means of an internal oxidation-reduction reaction. Petzold's flashlight uses one or two flashlight cells as its power source; the chemistry pushes electrons out of the negative terminal, through the external circuit, and back into the positive terminal.
BCM
aliases: body control module
Body control module. The vehicle ECU that controls body electronics such as power windows, mirrors, central locking, and interior lighting.
beladys-anomaly
aliases: Belady's anomaly
The counter-intuitive observation that, for the FIFO page-replacement policy, increasing the number of physical page frames can sometimes increase the number of page faults rather than decrease them. Belady demonstrated the anomaly in 1969; it shows that not every replacement algorithm is monotonically better with more memory. LRU and OPT are stack algorithms that do not exhibit the anomaly.
bessel-function
aliases: Bessel function
A mathematical function used to produce the most linear phase response of all IIR filters with no consideration of the frequency magnitude response. Filter designs based on Bessel functions have maximally constant group delay.
bias-exponent
An additive constant subtracted from the stored exponent field of a floating-point number to recover the actual exponent value. Bias lets a fixed-width exponent field encode both positive and negative exponents through unsigned arithmetic. IEEE 754 binary32 uses bias 127, binary64 uses bias 1023, binary16 uses bias 15.
big-O-notation
aliases: big O notation · asymptotic upper bound
For functions f, g: N → R+, write f(n) = O(g(n)) if positive integers c and n0 exist such that f(n) ≤ c·g(n) for every n ≥ n0. Says g(n) is an asymptotic upper bound for f(n), suppressing constant factors.
bijection
aliases: correspondence · bijective function
A function f from A to B that is both one-to-one (no two elements of A map to the same element of B) and onto (every element of B is mapped to by some element of A). A bijection pairs the elements of A with the elements of B. Also called injective+surjective.
binary
aliases: base 2
A base 2 number system that represents all numbers as combinations of either 0 or 1. For instance, decimal 9 is %1001 in binary.
binary-digit
One symbol of base-two: either 0 or 1. Petzold's Chapter 9 introduces 'bit' as the abbreviation of 'binary digit' and shows that the bit is the unit of information theory in Shannon's sense — one bit distinguishes between two equally likely outcomes. Every storage cell, every signal wire, every machine-language opcode bit is a bit in this same sense.
binutils
aliases: GNU Binary Utilities
GNU Binary Utilities. The standard toolchain for inspecting and manipulating ELF binaries (objdump, readelf, nm, strings, etc.).
BIOS-firmware
aliases: BIOS
The Basic Input/Output System firmware on IBM PC-compatible computers: a small ROM-resident program that initializes hardware at power-on, runs the bootstrap loader, and provides primitive IO routines (keyboard read, display write, disk sector access) to the operating system. Replaced on most post-2010 PCs by UEFI but the BIOS pattern (firmware that bridges hardware and OS) survives.
bit
aliases: binary digit
Shorthand for "binary digit," the fundamental unit of information that a computer can compute, abstracting the two physical states of any bistable element, e.g., the "on" or "off" state of a semiconductor gate.
bit-depth
In digital audio, the "vertical resolution" of sample data, i.e., the number of bits used to encode a sample's amplitude.
bit-flag
A single bit used to indicate the occurrence of a specific "event," e.g., a carry overflow resulting from binary addition.
bitmap-display
aliases: bitmap
A display in which every pixel of the screen corresponds to one or more bits in main memory (the framebuffer), so software can draw arbitrary pictures by writing patterns into the framebuffer. Bitmap displays replaced character-cell terminals (which could only show fixed-shape characters in fixed grid positions) in the late 1970s and 1980s and made graphical user interfaces possible.
bitplane
aliases: plane · bit plane
One bit per pixel of a multi-bit-per-pixel image, stored as a separate block from the other bits. The NES uses two bitplanes per 8x8 tile: combining one bit from Plane A with one bit from Plane B at the same pixel position gives a 2-bit color index (4 colors).
boolean-algebra
The branch of mathematics that treats AND, OR, and NOT as operations on the two-valued domain {0, 1}, with identities (commutativity, associativity, distributivity, De Morgan's laws) that let formulas be manipulated like ordinary algebra. Petzold's Chapter 10 introduces Boolean algebra as the formal calculus that lets the engineer minimize a circuit on paper before wiring it.
boolean-circuit
aliases: Boolean circuit
A collection of AND, OR, and NOT gates and input wires connected without cycles. Boolean circuits provide a non-uniform model of computation; the size of the smallest circuit family deciding a language is one measure of its computational difficulty.
boot-sector
On disk-based systems, the first sector (typically 512 bytes) of a boot device, loaded into memory and executed by the BIOS to start the operating-system boot sequence. The boot sector is the smallest unit of bootable code; modern UEFI replaces the boot-sector scheme with a partition-table-aware boot manager.
bootstrap-loader
aliases: bootloader · bootstrap
A small piece of code that lives at a fixed address (in ROM, BIOS, or a boot sector) and runs first when the computer powers on, loading the rest of the operating system into memory from disk and transferring control to it. Petzold's Chapter 22 (p328): 'All the ROM needs to contain is a small piece of code known as a bootstrap loader, because that code effectively pulls the rest of the operating system up by its bootstraps.'
BPP
aliases: bounded-error probabilistic polynomial time
BPP is the class of languages decided by probabilistic polynomial-time Turing machines with error probability at most 1/3. Any constant error strictly between 0 and 1/2 yields the same class via amplification. Captures problems solvable efficiently with the help of random bits.
braille
A tactile code in which each letter, digit, and punctuation mark is represented by a 6-cell grid of raised or flat dots, devised by Louis Braille in 1824. Petzold uses Braille to show that a binary code with six bit positions encodes 64 distinct symbols, which is enough for the Latin alphabet plus contractions.
bus-architectural
A shared collection of conductors carrying address, data, and control signals between CPU, memory, and peripherals, used by all attached devices in time-multiplexed fashion. Petzold's Chapter 21 walks the bus as the structural pattern that lets a CPU talk to many devices through one set of wires rather than dedicated point-to-point connections.
butterworth-function
aliases: Butterworth function
A mathematical function used to produce maximally flat filter magnitude responses with no consideration of phase linearity or group delay variations. Butterworth-derived filters have no amplitude ripple in either the passband or the stopband, but have the widest transition region of the most popular filter design functions for a given order.
byte
A unit of 8 bits, holding one number from 0 to 255 (or one signed number from -128 to 127). One byte is the smallest individually addressable storage slot on most modern CPUs.
byte-addressable
A memory organization in which every byte has a distinct address, so a load or store can name any single byte without needing to extract it from a wider word. RV32I-Lite memory is byte-addressable with 32-bit-aligned word access; the Virtus Chapter 3 RAM exposes this by computing the word index as address >> 2 and the byte within the word as address & 3.
C
c0f
aliases: CAN of Fingers
CAN of Fingers. A protocol-fingerprinting tool that identifies CAN bus implementations by analyzing message timing and ID patterns.
cache-consistency-problem
aliases: cache consistency
The problem that arises when multiple clients cache copies of the same data: an update by one client must be visible to the others, in some consistency model. NFS uses a flush-on-close (close-to-open) approach plus a short-lived attribute cache.
cache-miss
aliases: cache miss
An access that does not find its target in a cache and must be served from a slower backing store. Classified as compulsory (cold), capacity (cache too small), or conflict (cache mapping limits) — the 3Cs.
CALL-instruction
A CPU instruction that transfers control to a named address (the start of a subroutine) while also pushing the address of the next sequential instruction onto the stack, so the subroutine knows where to return to. Petzold's Chapter 19 introduces CALL and RETURN as the substrate for nested function invocation. RV32I implements CALL as jal (jump-and-link) which writes the return address into a register rather than memory.
callee
A function being called by another.
caller
A function calling another.
CAM
aliases: cooperative awareness message
Cooperative awareness message. A V2X broadcast that vehicles periodically transmit to share their position, speed, and heading with nearby road users.
CAN-bus
aliases: controller area network
Controller area network. The differential serial bus standard (ISO 11898) used by most modern vehicles to interconnect ECUs.
CANH
aliases: CAN high
CAN high. The high-voltage differential line of a CAN bus pair, which carries the high-side signal of a CAN frame.
CANL
aliases: CAN low
CAN low. The low-voltage differential line of a CAN bus pair, which carries the low-side signal of a CAN frame.
card-edge-connector
The "top-loading" style of cartridge connector that was the industry standard prior to the NES's "front-loading" zero insertion force (ZIF) connector.
caringcaribou
CaringCaribou. An open-source CAN bus auditing framework for fingerprinting ECUs and discovering UDS service IDs.
carry-bit
The bit generated by an adder column when the sum of its inputs is 2 or greater, signaling that 1 must be added to the next more-significant column. The carry-out of one full adder is the carry-in of the next; the carry of the most-significant column becomes the carry-out flag of the whole adder, used by the ALU to detect overflow in unsigned arithmetic.
cascaded-filters
aliases: cascaded filters
A filtering system where multiple individual filters are connected in series; that is, the output of one filter drives the input of the following filter.
CDR
aliases: crash data retrieval
Crash data retrieval. The forensic process and toolset (e.g., Bosch CDR) for extracting event-data-recorder data from a vehicle after a crash.
center-frequency
aliases: center frequency
The frequency lying at the midpoint of a bandpass filter.
certificate-authority
Certificate authority. An entity that issues and signs digital certificates used to verify the identity of parties in a public key infrastructure.
character-code
A mapping from numeric byte (or multi-byte) values to printable and control characters, agreed by both sender and receiver so text can be transmitted as binary data. Petzold's Chapter 20 walks the history of character codes from Baudot to Morse to ASCII to Unicode, with each generation expanding the symbol set.
character-set
The collection of distinct printable and control characters that a particular character code can represent. ASCII has 128 characters (95 printable plus 33 control); Latin-1 has 256; Unicode 15 has roughly 149,000 across all assigned code points. The character set is the alphabet the code maps to.
chebyshev-function
aliases: Chebyshev function · Tchebyschev function
A mathematical function used to produce passband or stopband ripples constrained within fixed bounds. Type I has ripples in the passband and a flat stopband; Type II has flat passbands and ripples in the stopband. Chebyshev filters cannot have ripples in both, and trade steeper roll-off for more nonlinear phase response than Butterworth filters.
checkremotedebuggerpresent
Checks to see if a specific process (including your own) is being debugged. This function is sometimes used as part of an anti-debugging technique.
chiptunes
A genre of electronic music produced using synthesizers sourced from vintage arcade, console, or PC microprocessors, i.e., "chips."
chomsky-normal-form
aliases: Chomsky normal form · CNF
A simplified form of a context-free grammar in which every rule is of the form A → BC or A → a, where a is any terminal and A, B, C are any variables (with B and C not the start variable). The rule S → ε is permitted where S is the start variable.
CHR-ROM
aliases: chr-rom · character ROM
The part of an NES cartridge ROM that holds graphics data: sprite tiles and background tiles, each as a 16-byte 2-bitplane block. The PPU reads CHR-ROM directly to draw the screen.
CIC
aliases: Checking Integrated Circuit · lockout chip
A hardware microcontroller in every NES console and game pak. When a pak is inserted, both lockout chips execute the 10NES handshake software to verify the pak was manufactured by Nintendo under their licensing terms.
CIC-filter
aliases: CIC filter · cascaded integrator-comb filter
Cascaded integrator-comb filter. CIC filters are computationally efficient, linear-phase, recursive, FIR, lowpass filters used in sample rate change applications.
CIRAM
aliases: Character Internal RAM
The 2KB portion of VRAM that stores the Famicom's name and attribute tables.
circuit-complexity
aliases: circuit complexity
The circuit complexity of a language is the size complexity of a minimal circuit family for that language; the circuit depth complexity is defined similarly using depth in place of size. Lower bounds on circuit complexity would yield strong separations between complexity classes.
circuit-electrical
A closed loop of conductive material along which electric current can flow, typically composed of a power source (battery), one or more loads (bulbs, motors, gates), and conductors connecting them. Petzold builds the first circuit in CODE as a flashlight: battery, switch, bulb, two wires. Every digital logic gate the student later wires is structurally a circuit in the same sense.
clock-period
The time interval between successive active edges of a clock signal, equal to the reciprocal of the clock frequency. The clock period must be longer than the worst-case combinational delay between two flip-flops so the second flip-flop sees a settled value when the next active edge arrives. Single-cycle CPUs are bounded by the longest instruction's path.
clock-signal
A periodic square-wave electrical signal that synchronizes the operation of sequential digital circuits, with all flip-flops sharing the clock sampling their inputs on the same edge. The clock's frequency determines how fast the circuit can advance state; the clock period must exceed the longest combinational path between flip-flops so signals settle before the next sampling edge.
cocreateinstance
Creates a COM object. COM objects provide a wide variety of functionality. The class identifier (CLSID) will tell you which file contains the code that implements the COM object. See Chapter 7 for an in-depth explanation of COM.
code-system
A system for mapping units of one alphabet to units of another so messages can be transmitted, stored, or processed. Morse, Braille, ASCII, and machine language are all codes in Petzold's sense. The encoder and decoder must agree on the mapping; neither end can recover the original message without the shared key.
combinational-circuit
A digital circuit whose output is a pure function of its present inputs alone, with no dependence on past inputs and no internal memory. Adders, multiplexers, decoders, and ALU operations are all combinational. Petzold's Chapter 11 builds the entire combinational gate roster before introducing feedback in Chapter 14; the distinction is the chapter hinge between Boolean logic and sequential storage.
compiler-intrinsic
aliases: compiler intrinsic
A function specific to a compiler which is not an usual library function. The compiler generates a specific machine code instead of a call to it. Often, it's a pseudofunction for a specific CPU instruction.
compiler-petzold
aliases: compiler
A program that translates source code written in a high-level language into machine code (or an intermediate form that gets translated further) ahead of execution. Petzold's Chapter 24 names the compiler as the program that lets a human write in ALGOL or FORTRAN and the machine execute in its own instruction alphabet. The Virtus compiler built in Chapters 9-11 emits VM bytecode that the Chapter 7-8 translator turns into RV32I-Lite assembly.
computable-function
aliases: computable function
A function f from strings to strings is computable if some Turing machine M halts on every input w with just f(w) on its tape.
condition-variable
aliases: condvar
A synchronization primitive paired with a mutex that lets a thread atomically release the mutex and wait for a signal from another thread. Used to wait for a state change rather than just for mutual exclusion.
conductor
A material that lets electric current flow with little resistance, typically a metal such as copper, aluminum, or gold. Wires in Petzold's flashlight are copper; the contacts of switches and relays are also conductors. Materials that do not conduct, such as rubber or plastic, are called insulators.
connectnamedpipe
Used to create a server pipe for interprocess communication that will wait for a client pipe to connect. Backdoors and reverse shells sometimes use ConnectNamedPipe to simplify connectivity to a command-and-control server.
context-free-grammar
aliases: context-free grammar · CFG
A formal grammar defined as a 4-tuple (V, Σ, R, S) where V is a finite set of variables, Σ is a finite set of terminals disjoint from V, R is a finite set of rules each mapping a variable to a string of variables and terminals, and S is the start variable. Generates exactly the context-free languages.
context-switch
aliases: context switch
The low-level kernel operation of saving the CPU register state of one process (or thread) and restoring another's. Performed during a system call or timer interrupt when the OS chooses to run a different process.
control-character
A non-printable character used to control the receiving device rather than to represent text: carriage return (CR), line feed (LF), tab, bell, escape, null. ASCII reserves bytes 0x00 through 0x1F plus 0x7F as control characters. The Virtus VOF format uses LF as the line terminator.
control-panel-machine
aliases: control panel
An early computing machine that is programmed by the operator physically setting switches or rewiring patch cables on a front panel, rather than by loading instructions into memory. Petzold's Chapter 17 begins with a control-panel adder and walks the transition to a stored-program model in which the program lives in memory alongside the data.
controlservice
Used to start, stop, modify, or send a signal to a running service. If malware is using its own malicious service, you’ll need to analyze the code that implements the service in order to determine the purpose of the call.
cooperative-scheduler
A scheduling policy in which a running process keeps the CPU until it voluntarily yields, blocks on IO, or terminates, with no involuntary preemption by the OS. Cooperative scheduling is simpler to implement and avoids many synchronization issues but allows a misbehaving process to hang the system. Classic Mac OS pre-X and Windows 3.x used cooperative scheduling; modern OSes use preemptive.
countable-set
aliases: countable
A set A is countable if either it is finite or it has the same size as the natural numbers N, meaning a one-to-one correspondence exists between A and N.
CP-M
aliases: CP/M
Control Program for Microcomputers: a very basic disk OS used before MS-DOS.
CP-M-os
Control Program for Microcomputers: an 8-bit operating system written by Gary Kildall in 1974 that ran on Intel 8080 and Zilog Z80 systems through the late 1970s and was the immediate commercial predecessor of MS-DOS. Petzold's Chapter 22 uses CP/M to illustrate the application programming interface: programs call CP/M routines for keyboard, display, and disk rather than driving the hardware themselves.
CPU
aliases: processor · central processing unit
Central processing unit: the chip that runs the program by fetching instructions, decoding them, and executing the operations they specify. The NES uses a 6502; modern PCs use x86_64 or ARM64.
crash-consistency
The problem of keeping on-disk filesystem state coherent across system crashes that can occur at any moment, including in the middle of a multi-block write. Solutions include journaling (write intent to a log before writing the actual data), copy-on-write (write new blocks elsewhere and atomically swap pointers), and log-structured filesystems (append-only, with garbage collection).
createfilemapping
Creates a handle to a file mapping that loads a file into memory and makes it accessible via memory addresses. Launchers, loaders, and injectors use this function to read and modify PE files.
createmutex
Creates a mutual exclusion object that can be used by malware to ensure that only a single instance of the malware is running on a system at any given time. Malware often uses fixed names for mutexes, which can be good host-based indicators to detect additional installations of the malware.
createprocess
Creates and launches a new process. If malware creates a new process, you will need to analyze the new process as well.
createremotethread
Used to start a thread in a remote process (one other than the calling process). Launchers and stealth malware use CreateRemoteThread to inject code into a different process.
createservice
Creates a service that can be started at boot time. Malware uses CreateService for persistence, stealth, or to load kernel drivers.
createtoolhelp32snapshot
Used to create a snapshot of processes, heaps, threads, and modules. Malware often uses this function as part of code that iterates through processes or threads.
critical-section
aliases: critical section
A piece of code that accesses a shared resource, usually a variable or data structure, that must not be accessed by more than one thread at a time.
CRL
aliases: certificate revocation list
Certificate revocation list. A signed list of digital certificates that have been revoked by a certificate authority before their scheduled expiration.
CRT
aliases: Cathode Ray Tube
A highly pressurized tube containing a barium-coated cathode that, when heated, emits negatively charged electrons. CRT is also shorthand for a television or monitor that contains such a tube.
crystal-oscillator
aliases: Xtal
A vibrating piezoelectric crystal that provides a precise clocking frequency for a microprocessor's CPU.
current-electrical
The flow of electric charge through a conductor, measured in amperes. Current flows when a closed circuit connects the terminals of a battery; the magnitude depends on the voltage applied and the resistance of the path. In Petzold's flashlight, current flows through the filament of the bulb when the switch is closed and the bulb glows.
cutoff-frequency
aliases: cutoff frequency
The highest passband frequency for lowpass filters (and the lower passband frequency for highpass filters) where the magnitude response is within the peak-peak passband ripple region.
CVSS
aliases: common vulnerability scoring system
Common vulnerability scoring system. An open framework for rating the severity of security vulnerabilities on a 0-to-10 scale.
D
D-flip-flop
aliases: DFF
An edge-triggered flip-flop that samples its Data input on the rising (or falling) edge of a Clock signal and holds the sampled value until the next active clock edge. Petzold's Chapter 14 derives the D flip-flop from the D-latch by edge-conditioning the enable signal: 'An edge trigger causes the outputs to change only when the Clock makes a transition from 0 to 1' (p171). The D flip-flop is the cell at the heart of every register.
D-latch
A level-sensitive flip-flop with a single Data input and an Enable input: when Enable is high, the latch's output tracks Data; when Enable is low, the latch holds whatever value Data had at the moment of the falling edge. Petzold's Chapter 14 builds the D-latch by gating an SR-latch with an inverter so D=1 sets and D=0 resets when Enable is asserted.
d-pad
aliases: digital pad · directional pad · cross pad
The patented cross-shaped directional input device first devised by Nintendo engineer Gunpei Yokoi for the portable Game & Watch LCD systems. Became the de facto standard for game controllers after the NES's release.
data-bus
The subset of bus wires that carry the value being read or written, with width determining how many bytes per cycle move between CPU and memory. The 8080's data bus was 8 wires; the 8086's was 16; modern RISC processors have 64- or 128-bit data buses. The data bus is bidirectional: written by CPU on stores, written by memory or peripheral on reads.
data-race
aliases: data race
A specific kind of race condition in which two threads concurrently access the same memory location and at least one of the accesses is a write, with no synchronization ordering them.
De-Morgans-law
aliases: De Morgan's law · De Morgan's laws
The pair of identities NOT(A AND B) = (NOT A) OR (NOT B) and NOT(A OR B) = (NOT A) AND (NOT B), discovered by Augustus De Morgan, that lets a designer rewrite any AND-of-ORs as an OR-of-ANDs and vice versa. Petzold names the law in Chapter 11 to show that an AND with inverted inputs equals NOR and an OR with inverted inputs equals NAND — the structural reason NAND-only and NOR-only constructions can express every Boolean function.
deadlock
A state in which a set of threads each holds some resource and waits forever for one held by another in the set. Requires four conditions: mutual exclusion, hold-and-wait, no preemption, and circular wait. Avoided by ordering lock acquisition or by detect-and-recover schemes.
decibels
aliases: dB
A unit of attenuation, or gain, used to express the relative voltage or power between two signals. For filters, decibels indicate cutoff frequencies (-3 dB) and stopband signal levels (-20 dB).
decimation-filter
aliases: decimation filter
A lowpass digital FIR filter where the output sample rate is less than the filter's input sample rate. The output rate must not violate the Nyquist criterion to avoid aliasing.
decoder-circuit
A combinational circuit that takes an n-bit binary input and asserts exactly one of 2^n output lines, the one whose index matches the input value. The inverse of an encoder. Petzold introduces the decoder in Chapter 16 as the addressing mechanism that lets a RAM array select exactly one cell from many; instruction decoders in the CPU work the same way at the bit-pattern level.
delta-modulation
aliases: DM
A 1-bit, differential pulse-code modulation (DPCM) technique used to sample audio data. Instead of encoding the sample amplitude data, DM encodes the current sample's difference, either positive (1) or negative (0), from the previous sample.
DENM
aliases: decentralized environmental notification message
Decentralized environmental notification message. A V2X event-triggered broadcast warning nearby vehicles about hazards such as accidents or stopped vehicles.
descriptive-complexity
aliases: Kolmogorov complexity · minimal description
For a binary string x, the descriptive complexity K(x) is the length of the shortest description
deterministic-pushdown-automaton
aliases: DPDA · deterministic pushdown automaton
A pushdown automaton in which, for every state, input symbol, and stack symbol, exactly one of the four possible transition forms (reading symbol or ε, popping stack symbol or ε) is nonempty. DPDAs recognize the deterministic context-free languages, a strict subset of context-free languages.
deviceiocontrol
Sends a control message from user space to a device driver. DeviceIoControl is popular with kernel malware because it is an easy, flexible way to pass information between user space and kernel space.
difference-engine
A mechanical calculating machine designed by Charles Babbage in the 1820s to compute polynomial values by the method of finite differences, intended to print mathematical tables free of human error. The full Difference Engine was never completed in Babbage's lifetime; a working version was built from his drawings by the London Science Museum in 1991 and operates correctly to 31 digits.
digital-filter
aliases: digital filter
A computational process, or algorithm, transforming a discrete sequence of numbers (the input) into another discrete sequence of numbers (the output) having a modified frequency-domain spectrum. Implemented in software operating on stored data, or with dedicated hardware.
DIP
aliases: dual in-line package
Dual in-line package. An IC packaging format with two parallel rows of through-hole pins, common on older microcontrollers and EEPROMs.
directory-os
aliases: directory (OS)
A collection of (name, low-level-name) tuples mapping human-readable names to files or other directories. Each directory also has its own inode number and includes special entries '.' (self) and '..' (parent).
directory-tree
aliases: directory hierarchy · filesystem tree
The single tree-shaped namespace organizing all files and directories on a UNIX-style system, starting at the root '/'. Mount operations graft other file systems into subtrees of this hierarchy.
DLC
aliases: data length code · diagnostic link connector
In CAN frames, DLC is the data length code (the 4-bit field giving payload byte count). In vehicle diagnostics, DLC also names the diagnostic link connector (the OBD-II port).
DLL
aliases: dynamic-link library
Dynamic-link library.
DLT
aliases: diagnostic log and trace
Diagnostic log and trace. A standardized AUTOSAR logging protocol for capturing diagnostic events from automotive ECUs.
DMC
aliases: Delta Modulation Channel
An APU channel that can playback prerecorded samples or stream raw PCM data.
dongle
Dongle is a small piece of hardware connected to LPT printer port (in past) or to USB. Its function was similar to a security token, it has some memory and, sometimes, a secret (crypto-)hashing algorithm.
dot-and-dash
The two elementary symbols of Morse code, distinguished by the duration the telegraph key is held down. A dot is a brief press, a dash is roughly three times longer; spaces between presses encode letter and word boundaries. Petzold uses the dot-and-dash alphabet as the chapter-1 entry point for the idea of a code.
DREAD
Damage potential, reproducibility, exploitability, affected users, discoverability. A threat-rating system originally from Microsoft, sometimes used in automotive threat models.
driver-software
aliases: device driver
A piece of operating-system code that translates the OS's generic device-class interface (the things every keyboard or every disk can do) into the specific commands and register accesses of one particular vendor's hardware. Drivers are how an OS supports thousands of distinct devices through a single application API; writing a driver is the standard way to add new-hardware support to Linux, Windows, or macOS.
DSRC
aliases: dedicated short-range communication
Dedicated short-range communication. The 5.9 GHz wireless standard (IEEE 802.11p) designed for V2V and V2I communication.
DTC
aliases: diagnostic trouble code
Diagnostic trouble code. The standardized fault codes (e.g., P0420) that ECUs report when they detect a malfunction, retrievable via OBD-II.
DUT
aliases: device under test
Device under test. The hardware or software component being evaluated in a test setup.
E
ECU
aliases: electronic control unit · engine control unit
Electronic control unit (or engine control unit). Any of the dozens of embedded computers in a modern vehicle that control subsystems such as engine, transmission, ABS, infotainment, and body electronics.
edge-triggered
A clocking discipline in which a sequential element samples its inputs only at the instant the clock signal transitions (the rising or falling edge), not during the time the clock is held at a stable level. Edge-triggering is what distinguishes a flip-flop from a level-sensitive latch and what allows multiple flip-flops to share a clock without race conditions.
EDR
aliases: event data recorder
Event data recorder. The vehicle module that records pre-crash and crash-event data (vehicle speed, throttle position, brake application, etc.); analogous to an aircraft black box.
electromagnet
An iron core wrapped in wire that becomes magnetic when current flows through the wire and loses magnetism when current stops. Petzold introduces the electromagnet in Chapter 6 as the active element inside the telegraph sounder and the relay; both devices use a controlled current to attract a metal lever, converting an electrical signal into a mechanical motion.
ELF
Executable file format widely used in *NIX systems including Linux.
elliptic-function
aliases: elliptic function · Cauer filter
A mathematical function used to produce the sharpest roll-off for a given number of filter taps. Elliptic-designed filters (also called Cauer filters) have the poorest phase linearity of common IIR designs and have equal ripples in passband and stopband.
emulator
Software that mimics a target platform so games from older console, PC, or arcade platforms can run on a more modern machine. Originally a hybrid hardware/software solution meant to support legacy software.
endianness
Byte order.
enumprocesses
Used to enumerate through running processes on the system. Malware often enumerates through processes to find a process to inject into.
enumprocessmodules
Used to enumerate the loaded modules (executables and DLLs) for a given process. Malware enumerates through modules when doing injection.
EOD
aliases: end-of-data
End-of-data (signal). The bit pattern that terminates a data field in some automotive bus protocols.
EOF
aliases: end-of-frame
End-of-frame (signal). The bit pattern that marks the end of a CAN frame on the bus.
EPROM
aliases: Erasable Programmable Read-Only Memory
A ROM whose contents can be erased (typically by exposing it to sustained ultraviolet light) and rewritten.
exec-syscall
aliases: exec() · execvp() · execve()
The UNIX system-call family that replaces the current process image with a new program loaded from disk, preserving the PID. Successful exec never returns; the heap, stack, and code segments are overwritten.
exponent-floating
The power-of-two scale factor in a floating-point number, stored in biased form so positive and negative exponents both encode as unsigned values. IEEE 754 binary32 uses an 8-bit exponent biased by 127 (encoded 0 means -127, encoded 255 reserved for infinity and NaN); binary64 uses 11 bits biased by 1023.
F
famiclone
An unauthorized hardware clone of the Nintendo Famicom. Since Nintendo's NES hardware patents have expired, Famiclones are no longer illegal to manufacture; they are commonly sold in developing markets as low-cost gaming consoles.
Famicom
aliases: Family Computer
Nintendo's first cartridge-based videogame console released in Japan in July 1983, commonly known by its portmanteau Famicom. Distinguished by its white-and-red color scheme, top-loading cartridge slot, and hardwired controllers.
FDS
aliases: Family Computer Disk System
The disk-drive add-on to the Family Computer originally intended to make up for the shortcomings of cartridge mask ROMs. The proprietary disk cards initially had higher capacities, permitted game saves, and were cheaper to manufacture.
feedback-circuit
A circuit in which one of the outputs is fed back to one of the inputs, so the present output depends on the past output and the circuit acquires memory. Petzold's Chapter 14 is built around the single structural move from combinational to sequential: take two NOR gates and wire each output back to the other input, and the resulting circuit has two stable states it can remember.
fetch-decode-execute
aliases: fetch-decode-execute cycle
The three logical phases of a single instruction's processing on a stored-program CPU: fetch the instruction from memory at the address held by the program counter; decode the instruction's bit fields to determine operation, operands, and destination; execute the operation, write back the result, and update the program counter. Single-cycle CPUs perform all three in one clock cycle combinationally; pipelined CPUs overlap them across multiple cycles.
FIFO-policy
First-In-First-Out: a page-replacement policy that evicts the page that has been resident the longest, regardless of recent access pattern. FIFO is simple to implement but performs poorly compared to LRU on most workloads and exhibits Belady's anomaly.
file-descriptor
aliases: fd
A small integer that identifies an open file to a process. Returned by open(); used by read(), write(), and close(). Per-process and points into a kernel-side open file table entry tracking offset and access mode.
file-os
aliases: file (OS)
From the OS's view, an array of bytes that can be created, read, written, and deleted, identified by a low-level name (an inode number). The file system layer translates human-readable paths into this low-level identifier.
filter-coefficients
aliases: filter coefficients · tap weights
The set of constants, also called tap weights, used to multiply against delayed signal sample values within a digital filter structure. For an FIR filter, the filter coefficients are the impulse response of the filter.
filter-order
aliases: filter order
A number describing the highest exponent in either the numerator or denominator of the z-domain transfer function of a digital filter. For tapped-delay-line FIR filters, the filter order is the number of delay elements. Higher orders generally yield better frequency-domain performance at the cost of more computation.
findresource
Used to find a resource in an executable or loaded DLL. Malware sometimes uses resources to store strings, configuration information, or other malicious files. If you see this function used, check for a .rsrc section in the malware’s PE header.
findwindow
Searches for an open window on the desktop. Sometimes this function is used as an anti-debugging technique to search for OllyDbg windows.
finite-automaton
aliases: finite automaton · DFA · deterministic finite automaton
A formal model of computation defined as a 5-tuple (Q, Σ, δ, q0, F) where Q is a finite set of states, Σ is a finite alphabet, δ is the transition function mapping each state-symbol pair to a next state, q0 is the start state, and F is the set of accept states. Recognizes exactly the regular languages.
FIR-filter
aliases: FIR filter · finite impulse response filter
A class of digital filters that have only zeros on the z-plane. FIR impulse responses have finite duration, FIR filters are always stable, and they can have exactly linear phase responses when their impulse-response samples are symmetric or antisymmetric.
first-party
A videogame developer who is also the platform owner/manufacturer. Nintendo was the sole Famicom/NES first-party developer.
fixed-point
A binary numeric representation in which the radix point (the binary equivalent of the decimal point) sits at a fixed position within the bit field, agreed in advance between writer and reader. A 16-bit value with 8 fractional bits represents -128.0 to +127.99609375 in steps of 1/256. Fixed-point is the dominant numeric format on CPUs without floating-point hardware and in embedded signal processing.
flash-erase-block
aliases: erase block · flash block
The unit of flash memory that must be erased as a whole before any of its constituent pages can be reprogrammed. Typically 128 KiB to 2 MiB, containing many smaller (1–8 KiB) pages.
flash-page
aliases: flash NAND page
The smallest unit of read or program within a flash erase block, typically 1–8 KiB. Pages within an erase block must be programmed sequentially after the block is erased, and a page can only be programmed once between erases.
flip-flop
A circuit with two stable states that stores one bit of information by maintaining whichever state it was last set to. Petzold's Chapter 14 names the flip-flop on page 161: 'A flip-flop circuit retains information. It remembers.' Every register, every cache line, every program counter, and every retained bit of state in every device is built from arrays of flip-flops.
floating-point
A binary numeric representation in which the radix point can move (float), with each value encoded as a sign bit, a biased exponent, and a significand (mantissa). The encoding allows a very wide dynamic range — IEEE 754 32-bit float spans roughly 1.18e-38 to 3.4e38 — at the cost of variable absolute precision and complicated arithmetic hardware.
fork-syscall
aliases: fork() · fork system call
The UNIX system call that creates a new process by duplicating the calling process. The original is the parent; the newly created near-identical copy is the child. The child sees a return value of 0; the parent sees the child's PID.
FORTRAN
FORmula TRANslator, the first commercially successful high-level programming language, developed by John Backus at IBM in 1957 for scientific and engineering computation. FORTRAN introduced the compiler as a viable engineering tool and is still in active use in numerical computing (LAPACK, BLAS, climate models) seven decades later.
FPGA
aliases: field-programmable gate array
Field-programmable gate array. A reconfigurable digital logic chip that students program at the register-transfer level using Verilog or VHDL; the Tang Primer 25K is the CSA-101 target.
FPU
aliases: floating-point unit
Floating-point unit.
framebuffer
aliases: frame buffer
A region of memory whose contents are continuously scanned out as the pixels of a display, with one or more bits per pixel encoding color or intensity. Petzold's Chapter 25 (p370) names the framebuffer concept in his account of the Xerox Alto: 'The total amount of memory devoted to the video display was 64 KB... By writing into this video display memory, software could draw pictures on the screen.' The Virtus Console framebuffer at 0x80000000 is a direct implementation of the same idea.
frequency-magnitude-response
aliases: frequency magnitude response · magnitude response
A frequency-domain description of how a filter interacts with input signals, plotted as a curve of filter attenuation in dB versus frequency. Associated with this response is a corresponding phase response.
front-end-compiler
aliases: compiler front end
The portion of a compiler that parses source code, type-checks it, and produces an intermediate representation, independent of any specific CPU. Multi-language compiler infrastructures use one front-end per source language (clang for C and C++, rustc for Rust, swift for Swift), all emitting the same intermediate representation that the back-ends then specialize.
fsck
File system consistency check: a utility that scans a filesystem image for structural inconsistencies (orphaned inodes, double-allocated blocks, bad cross-links, dirty journal entries) and attempts to repair them. fsck is run automatically at boot on unclean shutdowns; modern journaling filesystems (ext4, XFS, NTFS) reduce but do not eliminate the need for fsck.
FSK-modulation
aliases: frequency-shift keying
Frequency-shift keying. A modulation scheme that encodes digital data as discrete shifts between two or more carrier frequencies.
fsync-syscall
aliases: fsync()
A POSIX system call that forces the operating system to flush a file's in-memory dirty pages and metadata to persistent storage. Used to make sure writes survive a crash; correct use is subtle and a frequent source of bugs.
FTL
aliases: flash translation layer
The firmware inside an SSD that presents a normal block-device interface to the host while translating reads/writes into the underlying flash operations (read, program, erase). FTLs are usually log-structured to avoid erase-cost overheads.
full-adder
A combinational circuit that takes three single-bit inputs (A, B, and a carry-in from the previous column) and produces SUM and CARRY-OUT outputs, computing one column of multi-bit binary addition correctly when cascaded. Petzold builds the full adder from two half-adders plus an OR gate. Every multi-bit adder in CSA-101 (4-bit ripple, 16-bit ALU, 32-bit RV32I-Lite ALU) is a chain of full adders.
G
game-pak
aliases: NES cartridge
The marketing term devised by Nintendo of America's Gail Tilden to describe NES cartridges.
garbage-collection-flash
aliases: FTL garbage collection
The background process inside an SSD's FTL that copies still-live pages out of mostly-invalid erase blocks so the block can be erased and reused. The dominant source of write amplification.
GDB
aliases: gnu debugger
GNU debugger.
general-purpose-register
A CPU register that can hold an operand for any arithmetic or logic instruction, in contrast to special-purpose registers (program counter, stack pointer, status flags) that have a fixed architectural role. Petzold's Chapter 19 (p265) names the design tradeoff: more general-purpose registers mean fewer memory accesses per program but a larger register file and more bits per instruction to address them.
getasynckeystate
Used to determine whether a particular key is being pressed. Malware sometimes uses this function to implement a keylogger.
getdc
Returns a handle to a device context for a window or the whole screen. Spyware that takes screen captures often uses this function.
gethostbyname
Used to perform a DNS lookup on a particular hostname prior to making an IP connection to a remote host. Hostnames that serve as command-and-control servers often make good network-based signatures.
getkeystate
Used by keyloggers to obtain the status of a particular key on the keyboard.
getmodulehandle
Used to obtain a handle to an already loaded module. Malware may use GetModuleHandle to locate and modify code in a loaded module or to search for a good location to inject code.
getprocaddress
Retrieves the address of a function in a DLL loaded into memory. Used to import functions from other DLLs in addition to the functions imported in the PE file header.
getstartupinfo
Retrieves a structure containing details about how the current process was configured to run, such as where the standard handles are directed.
gettemppath
Returns the temporary file path. If you see malware call this function, check whether it reads or writes any files in the temporary file path.
getthreadcontext
Returns the context structure of a given thread. The context for a thread stores all the thread information, such as the register values and current state.
gettickcount
Retrieves the number of milliseconds since bootup. This function is sometimes used to gather timing information as an anti-debugging technique. GetTickCount is often added by the compiler and is included in many executables, so simply seeing it as an imported function provides little information.
getversionex
Returns information about which version of Windows is currently running. This can be used as part of a victim survey or to select between different offsets for undocumented structures that have changed between different versions of Windows.
getwindowsdirectory
Returns the file path to the Windows directory (usually C:\Windows). Malware sometimes uses this call to determine into which directory to install additional malicious programs.
GiB
aliases: gibibyte
Gibibyte: 2^30 or 1024 mebibytes or 1073741824 bytes.
GPR
aliases: general purpose registers
General Purpose Registers.
GRC
aliases: GNU Radio Companion
GNU Radio Companion. The block-diagram GUI front-end to GNU Radio used to design software-defined-radio signal-processing flowgraphs.
group-delay
aliases: group delay · envelope delay
The negative derivative of a filter's frequency-domain phase response with respect to frequency. For an ideal lowpass filter, the phase response is linear and the group delay is constant. Group delay can be thought of as the propagation delay of the envelope of an AM signal through the filter (hence the alternate name envelope delay).
GSM
aliases: Global System for Mobile Communications
Global System for Mobile Communications. The 2G cellular standard widely used worldwide and still present in many automotive telematics units.
GUI-display
aliases: GUI · graphical user interface
A graphical user interface: an interactive computer display organized around windows, icons, menus, and a pointing device (mouse, trackpad, touchscreen) rather than around a command line. The GUI was prototyped at Xerox PARC in the 1970s, commercialized by Apple in 1984 with the Macintosh, and standardized across PCs with Microsoft Windows in the 1990s. Every consumer computing device sold today ships a GUI.
H
half-adder
A combinational circuit that takes two single-bit inputs A and B and produces two outputs: SUM = A XOR B, CARRY = A AND B. The half-adder handles one column of a binary addition but cannot accept an incoming carry from a less-significant column, so it cannot be cascaded by itself. Petzold builds the half-adder in Chapter 12 as the foundation for the full adder.
half-band-filter
aliases: half-band filter
A type of FIR filter whose transition region is centered at one-quarter of the sampling rate (fs/4). The end of the passband and the beginning of the stopband are equally spaced about fs/4. Half-band filters are often used in decimation schemes because half of their coefficients are zero.
hard-link
aliases: hard link
An additional directory entry that points to the same inode as another entry. Two hard links to the same file are indistinguishable; the file's data is freed only when its link count reaches zero. Hard links cannot cross file system boundaries.
harvard-architecture
A computer architecture in which program instructions and data live in physically separate memories with separate address spaces, separate buses, and separate fetch paths. Named after the Harvard Mark I (1944). Strict Harvard precludes self-modifying code and many memory-corruption exploits; AVR microcontrollers (Arduino Uno) are strict-Harvard. Modern processors are usually modified-Harvard: unified main memory but separate L1 caches for instruction and data.
HBLANK
aliases: Horizontal Blank
In Famicom programming, HBLANK is the interval of time between when the scanning electron gun reaches the edge of the screen and when it resets to the opposite edge to resume scanline rendering.
heap
Usually, a big chunk of memory provided by the OS so that applications can divide it by themselves as they wish. malloc()/free() work with the heap.
hex-editor
Software that represents a game's raw binary data file as hexadecimal-encoded bytes for the purposes of editing, hacking, or analysis.
hexadecimal
aliases: hex
Base-16 number notation. Digits run 0 through 9 then A through F (A=10, B=11, ..., F=15). Two prefixes mark hex literals in code: '$XX' is the 6502 / classical assembly form; '0xXX' is the C / modern RISC form.
high-level-language
aliases: HLL
A programming language whose statements abstract over the underlying CPU's machine instructions, typically with variables, expressions, control structures, and data types that compile or interpret down to many machine instructions per source line. C, Java, Python, JavaScript, Go, Rust are all high-level languages; assembly is not. Petzold's Chapter 24 introduces the term and walks the historical progression from FORTRAN (1957) through ALGOL to modern languages.
highpass-filter
aliases: highpass filter
A filter that passes high frequencies and attenuates low frequencies. Turning up the treble control on a stereo is an analog example.
HMI
aliases: human-machine interface
Human-machine interface. The display, controls, and software through which a driver or passenger interacts with vehicle systems.
homebrew
A term adopted from the home beer brewing community to describe videogames and software tools created by amateur or non-professional programmers.
HS-CAN
aliases: high-speed CAN
High-speed CAN. The 500 kbit/s CAN bus variant typically used for powertrain and chassis ECUs in modern vehicles.
I
IDA-disassembler
aliases: IDA
Interactive Disassembler and debugger developed by Hex-Rays.
ida-pro
aliases: IDA Pro
The de facto industry-standard interactive disassembler. Supports nearly every processor architecture and binary format, produces cross-reference graphs, and ships a Python scripting interface (IDAPython) plus a plug-in API used by analysts to automate repetitive reverse-engineering tasks.
idempotent-operation
aliases: idempotent · idempotency
An operation whose effect is the same whether performed once or many times. Idempotency lets a client safely retry a request after a possible network loss without worrying whether the original took effect.
IEEE-754
The IEEE standard for binary and decimal floating-point arithmetic, first issued in 1985 and revised in 2008 and 2019. IEEE 754 specifies bit layouts (binary32, binary64, binary128), rounding modes, special values (±0, ±infinity, NaN), and required operations. Every modern CPU's floating-point unit (and the RISC-V F and D extensions) implements IEEE 754.
IIR-filter
aliases: IIR filter · infinite impulse response filter
A class of digital filters that may have both zeros and poles on the z-plane. IIR filters are not guaranteed to be stable and almost always have nonlinear phase responses, but for a given order they have much steeper transition region roll-off than FIR filters.
immediate-mode
aliases: immediate addressing · immediate
The addressing mode where the operand is the literal value, not an address. On the 6502 the '#' prefix marks immediate mode: 'LDA #$01' loads the literal 1 into A; 'LDA $01' loads the value stored at memory address 0x01.
immunity-debugger
aliases: Immunity Debugger
A free Windows debugger derived from OllyDbg with a built-in Python scripting interface that makes automation of unpacking, anti-debug bypass, and shellcode analysis much easier than OllyDbg alone.
impulse-response
aliases: impulse response
A digital filter's time-domain output sequence when the input is a single unity-valued sample (impulse) preceded and followed by zero-valued samples. The filter's frequency-domain response is the discrete Fourier transform of its impulse response.
incompressible-string
aliases: incompressible string
A string x is c-compressible if K(x) ≤ |x| − c. If x is not c-compressible, it is incompressible by c. A string incompressible by 1 is simply called incompressible; such strings have statistical properties resembling random coin tosses.
iNES
aliases: interNES
An early shareware NES emulator released in 1995. Also the community-adopted standard header appended to NES ROMs to indicate mapper number, PRG-ROM banks, mirroring, etc.
inet-addr
aliases: inet_addr
Converts an IP address string like 127.0.0.1 so that it can be used by functions such as connect. The string specified can sometimes be used as a network-based signature.
inetsim
aliases: INetSim
An Internet-services simulator that emulates HTTP, HTTPS, SMTP, DNS, FTP, and other common protocols on an isolated analysis network. Lets malware "phone home" successfully while keeping the sample fully contained on the analyst's LAN.
inode
aliases: i-node · index node
The on-disk data structure that holds the metadata of a single file: owner, permissions, size, timestamps, and pointers to the data blocks. Most UNIX-style file systems identify files internally by their inode number.
inode-number
aliases: i-number
An integer that uniquely identifies a file within a file system. The file's low-level name. Directory entries map human-readable names onto inode numbers.
instruction
One CPU operation. An instruction has an opcode (which operation) and zero or more operands (what the operation acts on). Programs are sequences of instructions stored in memory; the CPU fetches them one at a time and executes them.
instrument-cluster
Instrument cluster. The driver-facing display behind the steering wheel that shows speed, RPM, fuel level, warning lights, and other vehicle status.
insulator
A material that does not let electric current flow under normal voltages: rubber, plastic, glass, dry wood. Insulators sheath wires to keep current confined to the intended path. The transistor's gate region uses an insulator (silicon dioxide in classic CMOS) to separate the gate electrode from the conducting channel.
integral-data-type
aliases: integral data type
Usual numbers, but not a real ones. May be used for passing variables of boolean data type and enumerations.
integrated-circuit
aliases: IC
A complete electronic circuit — many transistors, resistors, and capacitors plus their interconnections — fabricated together on a single piece of semiconductor (a chip or die) by photolithography. Invented independently by Kilby (Texas Instruments) and Noyce (Fairchild) in 1958-1959, the integrated circuit is the technology that made modern computing economically possible. A 2026 microprocessor IC contains billions of transistors.
Intel-8080
An 8-bit microprocessor introduced by Intel in 1974 with seven general-purpose registers (A, B, C, D, E, H, L), a 16-bit address bus (64 KiB address space), and 244 distinct opcodes including CALL and RETURN for subroutines. The 8080 powered the Altair 8800 home-computer kit and is the architectural ancestor of every Intel x86 processor through binary-compatibility chains.
intermediate-representation
aliases: IR
A form of program code that sits between source language and target machine code, used internally by compilers and JIT systems so the same front-end can target many CPUs and the same back-end can serve many source languages. LLVM IR, .NET CIL, JVM bytecode, V8 Ignition bytecode, and WebAssembly are all production intermediate representations. The Virtus VM bytecode of Chapters 7-8 is a pedagogical IR in the same pattern.
internetopen
Initializes the high-level Internet access functions from WinINet, such as InternetOpenUrl and InternetReadFile. Searching for InternetOpen is a good way to find the start of Internet access functionality. One of the parameters to InternetOpen is the User-Agent, which can sometimes make a good network-based signature.
internetopenurl
Opens a specific URL for a connection using FTP, HTTP, or HTTPS. URLs, if fixed, can often be good network-based signatures.
interpreter
A program that reads source code in a high-level language and executes it directly, instruction by instruction, without first translating to machine code. Python's CPython, Bash, and SQL's query executors are interpreters; just-in-time (JIT) systems sit between interpreter and compiler by translating hot paths at runtime. Petzold's Chapter 24 distinguishes interpreters from compilers as separate strategies for closing the gap between source language and CPU instructions.
inverter
A circuit that produces the logical negation of its input: a synonym for NOT-gate, and the simplest building block from which other gates can be derived. Petzold names the inverter in Chapter 11 and uses inverters in Chapter 13 to demonstrate the bit-flipping step of ones-complement subtraction.
ISA
aliases: instruction set architecture
Instruction Set Architecture.
isdebuggerpresent
Checks to see if the current process is being debugged, often as part of an anti-debugging technique. This function is often added by the compiler and is included in many executables, so simply seeing it as an imported function provides little information.
isntadmin
Checks if the user has administrator privileges.
iswow64process
Used by a 32-bit process to determine if it is running on a 64-bit operating system.
IVI
aliases: in-vehicle infotainment
In-vehicle infotainment (system). The dashboard system that integrates audio, navigation, hands-free calling, smartphone integration, and connected services.
J
journal-filesystem
aliases: journaling filesystem
A filesystem that records intended changes in an append-only on-disk log (the journal) before applying them to the main filesystem structures, so a crash mid-write can be cleanly resolved on next boot by replaying or discarding journal entries. ext3, ext4, NTFS, and XFS are journal filesystems; the journal can record metadata only or both metadata and data.
journaling-filesystem
aliases: journaling file system
A file system that records intended metadata changes in a write-ahead log on disk before applying them in place. After a crash, the journal is replayed to bring the on-disk metadata back to a consistent state, avoiding fsck's whole-disk scan.
jump-offset
aliases: jump offset
A part of the JMP or Jcc instruction's opcode, to be added to the address of the next instruction, and this is how the new PC is calculated. May be negative as well.
K
kernel-mode
aliases: kernel mode
A restrictions-free CPU mode in which the OS kernel and drivers execute. cf. user mode.
keygenme
A program which imitates software protection, for which one needs to make a key/license generator.
L
ldrloaddll
Low-level function to load a DLL into a process, just like LoadLibrary. Normal programs use LoadLibrary, and the presence of this import may indicate a program that is attempting to be stealthy.
leaf-function
aliases: leaf function
A function which does not call any other function.
level-sensitive
A clocking discipline in which a sequential element follows its inputs whenever a control signal (the enable or gate) is held at a particular level (high or low), rather than only on a clock edge. The D-latch is level-sensitive; the D flip-flop is edge-triggered. Level-sensitive cells are simpler to build but harder to compose into pipelines.
light-gun
aliases: Zapper
A videogame peripheral that uses a light-sensing circuit housed inside a gun barrel to simulate target shooting on a television monitor.
limited-direct-execution
aliases: LDE · direct execution
The CPU-virtualization protocol where user programs run directly on the CPU at native speed, but with hardware-enforced guard rails (modes, trap tables, and timer interrupts) that hand control back to the OS at safe points.
LIN
aliases: Local Interconnect Network
Local Interconnect Network. A low-cost, low-speed single-wire serial bus (ISO 17987) used for non-critical body electronics like door modules and seat controls.
linear-bounded-automaton
aliases: LBA · linear bounded automaton
A restricted Turing machine whose tape head is not permitted to move off the portion of the tape containing the input. For an input of length n, the available memory is linear in n.
linear-phase-filter
aliases: linear-phase filter
A filter that exhibits a constant change in phase angle as a function of frequency, so its phase plot is a straight line and its group delay is constant. Linear phase preserves the integrity of information-carrying signals, which is important in communications systems.
link-register
aliases: link register
A register where the return address is usually stored. This makes it possible to call leaf functions without using the stack, i.e., faster.
little-o-notation
aliases: little o notation
For functions f, g: N → R+, write f(n) = o(g(n)) if the limit of f(n)/g(n) as n → ∞ is 0. Says f grows strictly slower than g asymptotically, not just within a constant factor.
LNA
aliases: low-noise amplifier
Low-noise amplifier. An RF amplifier placed near an antenna to boost weak received signals while adding minimal noise.
loadlibrary
Loads a DLL into a process that may not have been loaded when the program started. Imported by nearly every Win32 program.
loadresource
Loads a resource from a PE file into memory. Malware sometimes uses resources to store strings, configuration information, or other malicious files.
locality-of-reference
aliases: locality · temporal locality · spatial locality
The observation that programs tend to access the same memory locations (temporal locality) or nearby locations (spatial locality) repeatedly over short windows of time. The reason caches and prefetching work.
log-structured-filesystem
A filesystem that writes all new data and metadata to a sequentially-appended log, treating the disk as a circular buffer with a garbage collector reclaiming space from overwritten or deleted entries. Log-structured filesystems were designed for write performance on rotating disks (Mendel Rosenblum, 1992); the same pattern is now used inside SSD firmware (the FTL) for wear-leveling.
log-structured-FTL
aliases: log-structured flash
A flash translation layer that writes new data sequentially to a log, marks old locations invalid, and reclaims space via garbage collection. Minimizes erase cycles by deferring rewrites and consolidating live data.
logic-gate
A circuit that takes one or more binary input signals and produces a binary output signal computed by a fixed Boolean function. Petzold's Chapter 11 catalogs the seven elementary gates — AND, OR, NOT, NAND, NOR, XOR, XNOR — and shows that any Boolean function can be built by composing them. Logic gates are the indivisible building blocks of every digital circuit in the curriculum.
logspace-class-L
aliases: L-complexity-class · log space class
L is the class of languages decidable in logarithmic space on a deterministic Turing machine (L = SPACE(log n)). NL is the nondeterministic analog (NL = NSPACE(log n)). Log space is just large enough to hold a constant number of pointers into the input.
loop-unwinding
aliases: loop unwinding · loop unrolling
It is when a compiler, instead of generating loop code for n iterations, generates just n copies of the loop body, in order to get rid of the instructions for loop maintenance.
low-level-language
A programming language that maps closely to the CPU's instruction set, typically assembly language with one source statement per machine instruction. Low-level languages give the programmer explicit control over registers and memory but require the programmer to think in the CPU's vocabulary rather than the problem's.
lowpass-filter
aliases: lowpass filter
A filter that passes low frequencies and attenuates high frequencies. Turning up the bass control on a stereo is an analog example.
LRU-policy
Least Recently Used: a page-replacement (or cache-replacement) policy that evicts the page (or line) that has gone the longest without being accessed, on the heuristic that recently-used pages are likely to be used again soon. True LRU requires per-access timestamp updates that are too costly in hardware; production systems approximate LRU with the Clock algorithm or similar.
lsaenumeratelogonsessions
Enumerates through logon sessions on the current system, which can be used as part of a credential stealer.
LSI
aliases: Large Scale Integration
An integrated circuit containing roughly between one thousand and tens of thousands of logic gates/transistors.
M
machine-language-petzold
The actual sequence of bytes the CPU fetches and executes, in which each instruction is a fixed bit pattern that the silicon's instruction decoder interprets as one operation. Machine language is what the assembler emits and what the disassembler reads back; human programmers rarely write machine language directly, instead writing assembly (one mnemonic per instruction) and letting the assembler translate.
mantissa
aliases: significand-mantissa
The significand of a floating-point number: the binary digits that carry the value's precision, normalized so the leading bit is implicitly 1 (in binary IEEE formats). In binary32 the mantissa is 23 bits, giving roughly 7 decimal digits of precision; in binary64 it is 52 bits, giving roughly 15-16 decimal digits.
mapper
Additional cartridge hardware that lets the Famicom perform tasks the base hardware cannot, such as bank switching or scanline counting.
mapping-reducibility
aliases: mapping reducibility · many-one reducibility
Language A is mapping reducible to language B, written A ≤m B, if there is a computable function f such that w ∈ A if and only if f(w) ∈ B. The function f is called the reduction from A to B.
mapviewoffile
Maps a file into memory and makes the contents of the file accessible via memory addresses. Launchers, loaders, and injectors use this function to read and modify PE files. By using MapViewOfFile, the malware can avoid using WriteFile to modify the contents of a file.
mask-ROM
A cost-efficient form of read-only memory named after the "masking" technique used during fabrication.
MBR
aliases: master boot record
Master Boot Record.
MCU
aliases: microcontroller unit
Microcontroller unit. A single-chip computer with CPU, memory, and peripherals integrated; the building block of nearly every embedded vehicle ECU.
memory-cell
A single bit of storage in a memory array, structurally a flip-flop in SRAM or a capacitor in DRAM. Petzold's Chapter 16 builds a memory array from arrays of memory cells plus address decoders and data multiplexers; every byte of RAM in the curriculum is, at the bottom layer, a collection of memory cells.
memory-map
A tabular representation of a microprocessor's addressable memory and each segment's associated function and/or contents.
memory-mapped-IO
aliases: MMIO · memory-mapped I/O
An IO scheme in which peripheral device registers are assigned addresses in the CPU's main memory space, so loads and stores to those addresses become device reads and writes rather than RAM accesses. The Virtus framebuffer at 0x80000000 is memory-mapped; writing to that address paints a pixel on the HDMI monitor. ARM, RISC-V, and modern x86 use memory-mapped IO; classic x86 also has separate port-IO instructions.
memory-mapping
aliases: mmap · memory-mapped file
Mapping a file's contents directly into a process's address space via mmap(), so the file can be read and written via ordinary pointer arithmetic. The kernel handles page-ins and writebacks lazily.
metastability
The condition in which an edge-triggered flip-flop, sampled at the moment its input is transitioning, settles to neither stable state for a non-deterministic interval before eventually resolving to 0 or 1. The probability of long metastability resolution times falls exponentially with the time allowed, but never quite reaches zero; production designs synchronize asynchronous inputs through multiple flip-flops to make the probability acceptably small.
metatile
A graphical and computational object composed of multiple sprites and/or background tiles, typically used to build characters larger than a platform's default sprite size and/or to compress larger groups of graphical elements.
microprocessor
A complete central processing unit fabricated on a single integrated circuit, combining the datapath, register file, control unit, and bus interface that previously required a cabinet of discrete logic. Petzold's Chapter 18 names the Intel 4004 (1971) as the first commercial microprocessor; the Intel 8080 (1974), MOS 6502 (1975), Motorola 6800, and Zilog Z80 followed within a few years.
MIL-lamp
Malfunction indicator lamp. The dashboard "check engine" light, illuminated when the powertrain control module sets an emissions-related DTC.
minuend
The number from which another number is subtracted: in the expression A - B = C, the term A. Petzold uses 'minuend' and 'subtrahend' in Chapter 13 to walk the conversion of subtraction into addition via complementation, the trick that lets a single adder circuit perform both operations.
mirroring
Duplicating a memory area across multiple addresses in a memory map.
MLFQ
Multi-Level Feedback Queue: a CPU scheduling algorithm with multiple priority queues, in which each process starts at the highest priority and is demoted to a lower-priority queue if it uses its full time slice. MLFQ favors short interactive jobs (which finish before being demoted) while preventing long batch jobs from starving CPU-bound work. Variants are used by Linux, Solaris, and Windows.
MMC
aliases: Memory Management Controller · multi-memory controller
The official published name for Nintendo's ASIC mappers. Nintendo's original patents described it as the "multi-memory controller."
mmu
aliases: memory management unit
The hardware unit that translates virtual addresses to physical addresses at every memory access, typically using a multi-level page table walked via a TLB cache.
MMU-hw
aliases: MMU
Memory management unit: a hardware block in the CPU that translates virtual addresses to physical addresses on every memory access, using page tables held in main memory and cached in the TLB. The MMU also enforces page-level permissions (read/write/execute, user/kernel) and traps to the OS on protection violations and missing pages.
monitor-cv
aliases: monitor
A synchronization construct that combines a mutex with one or more condition variables and bundles them with the shared state they protect, presenting the bundle as a single abstract data type with methods that automatically acquire the mutex on entry and release on exit. Monitors are a higher-level alternative to bare mutex/CV programming; Java's synchronized keyword and Python's threading.Condition implement monitor patterns.
moores-law
aliases: Moore's Law
Gordon Moore's 1965 observation that the number of transistors on an economically-manufacturable integrated circuit roughly doubles every 12-24 months (settling around every 18 months for several decades). Moore's Law is an empirical industry trend, not a physical law; it has slowed since roughly 2010 as transistor feature sizes approached fundamental physical limits.
morse-code
A code that maps each letter and digit to a sequence of short and long pulses (dots and dashes), originally devised by Samuel Morse for the electric telegraph. Petzold uses Morse as the opening example of how a small alphabet (two symbols plus inter-symbol timing) can carry an arbitrary written message.
MOS-6502
An 8-bit microprocessor introduced by MOS Technology in 1975 with three 8-bit general-purpose registers (A, X, Y), a 16-bit address bus, and a 56-opcode instruction set built around a 256-byte zero-page memory region used as a pseudo-register file. The 6502 powered the Apple II, Commodore 64, BBC Micro, Atari 2600, and Nintendo Entertainment System; its descendants are still in current production.
MOST-protocol
aliases: Media Oriented Systems Transport
Media Oriented Systems Transport (protocol). A high-speed multimedia bus standard used in many automotive infotainment systems.
MS-CAN
aliases: mid-speed CAN
Mid-speed CAN. An intermediate-rate CAN variant (typically 125 kbit/s) bridging high-speed and low-speed buses in some vehicle architectures.
multiplexer
aliases: mux
A combinational circuit that selects one of several input signals and routes it to a single output, based on a selector input. An N-to-1 multiplexer has N data inputs, ceil(log2 N) select inputs, and one output. Petzold's chapters do not introduce the mux by that name, but the Virtus HDL chapters use it everywhere from Chapter 1 onward; one row of a multiplexer is structurally the same as Petzold's address-decoded RAM cell from Chapter 16.
mutex-os
Mutual-exclusion lock: a synchronization primitive that lets a thread acquire exclusive access to a critical section and forces other threads attempting to acquire it to block until the holder releases. Mutexes are the most common synchronization primitive in operating systems and user-space concurrent code; misuse causes deadlock, starvation, or unprotected race conditions.
mutual-exclusion
aliases: mutex
The property that at most one thread at a time may execute the protected critical section. Implemented in practice with locks, semaphores, or hardware atomic primitives such as compare-and-swap.
N
name-mangling
aliases: name mangling
Used at least in C++, where the compiler needs to encode the name of class, method and argument types in one string, which will become the internal name of the function.
name-table
A 960-byte region in PPU memory used to store pattern tile indices designating the arrangement of the 32x30-tile background. The PPU has addresses for four name tables but sufficient memory for only two, so two are mirrored.
namespace-os
aliases: namespace
A logical scope that maps names (file paths, process IDs, network sockets, user IDs) to underlying resources, in which the same name can refer to different resources in different namespaces. Linux namespaces (mount, network, PID, user, IPC, UTS, time) are the kernel substrate of containers; processes in different namespaces see different views of the system without realizing it.
NaN
aliases: not a number
Not a number: a special cases for floating point numbers, usually signaling about errors.
NAND-gate
A logic gate whose output is the NOT of AND: 0 if and only if all inputs are 1. The NAND gate is universal: every Boolean function can be built from NAND alone, which is the engineering reason why production silicon manufactures NAND (and NOR) more cheaply than any other gate. The Virtus HDL labs build every gate in CSA-101 from NAND only.
negation-circuit
The combinational circuit that converts a signed binary number to its two's-complement negation, built as a bank of inverters followed by an incrementer (adder with carry-in tied to 1). Petzold's Chapter 13 walks the construction and shows that subtraction A - B is performed as A + negation(B); the same adder hardware handles both operations.
NEON
AKA "Advanced SIMD" — SIMD from ARM.
NES
aliases: Nintendo Entertainment System
The "localized" version of the Family Computer released by Nintendo in the United States in 1985 (and elsewhere in subsequent years). Commonly pronounced "Ness" or "N-E-S."
NES-001
aliases: front-loader · toaster
The original model of the NES, commonly called the "front-loader" or "toaster." Included the ZIF cartridge loader, both composite and RF outputs, an expansion port, and the CIC lockout chip.
NES-101
aliases: top-loader
The 1993 redesign of the NES, commonly called the "top-loader." Removed the NES-001's ZIF connector, lockout chip, expansion port, composite output, and front-loading cartridge slot in favor of a card edge connector.
NES-file
aliases: .NES · .nes file
iNES-compatible file extension for dumped cartridge data, including the contents of CHR- and PRG-ROM along with a prepended header.
netcat
aliases: Netcat · nc
The "TCP/IP Swiss Army knife": a small command-line tool that opens, connects to, and forwards arbitrary TCP and UDP sockets. Analysts use Netcat as a fake command-and-control listener when reversing reverse-shell payloads.
NFS
aliases: Network File System
Sun Microsystems' distributed file system, designed around a stateless server protocol so the server can crash and restart while clients simply retry. Pioneered the VFS/Vnode kernel interface for pluggable file systems.
NL-completeness
aliases: NL-complete (def)
A language B is NL-complete if B is in NL and every language A in NL is log-space reducible to B. The hardest problems in NL; if one is in L, then L = NL.
NLFSR
aliases: non-linear feedback shift register
Non-linear feedback shift register. A shift register where feedback bits are combined through a non-linear function; used as building blocks in stream ciphers and keyfob cryptography.
NMI
aliases: Non-Maskable Interrupt
An interrupt handler generated by the 2A03 that signals the start of the VBLANK period.
nondeterministic-finite-automaton
aliases: NFA · nondeterministic finite automaton
A finite automaton that may have multiple legal moves on the same input symbol (including ε-moves with no input), accepting an input if any computation branch ends in an accept state. NFAs and DFAs are equivalent in language-recognition power.
nonrecursive-filter
aliases: nonrecursive filter
A digital filter implementation where no filter output sample is ever retained for later use in computing a future filter output sample. Such filters have no feedback signal paths.
NOP
aliases: no operation
"no operation", idle instruction.
NOR-gate
A logic gate whose output is the NOT of OR: 1 if and only if all inputs are 0. Like NAND, NOR is universal — every Boolean function can be built from NOR alone. Petzold uses NOR in his Chapter 14 construction of the SR latch, the simplest sequential cell.
NOT-gate
aliases: inverter-gate
A logic gate with one input and one output that inverts the input — output is 1 when input is 0, output is 0 when input is 1. Also called an inverter. Petzold builds the NOT gate from a relay wired so that energizing the electromagnet opens the output switch, the inverse of the normal relay action.
NP-completeness
aliases: NP-complete (def) · NP completeness
A language B is NP-complete if B is in NP and every language A in NP is polynomial-time reducible to B. NP-complete languages are the hardest problems in NP: if one is in P, then P = NP.
NTAPI
API available only in the Windows NT line. Largely not documented by Microsoft.
ntqueryinformationprocess
Returns various information about a specified process. This function is sometimes used as an anti-debugging technique because it can return the same information as CheckRemoteDebuggerPresent.
nybble
aliases: nibble
Four bits, or half of a byte.
O
OAM
aliases: Object Attribute Memory
A 256-byte segment of independent PPU memory that stores attributes for the Famicom's sixty-four available onscreen sprites.
OBE-equipment
aliases: onboard equipment
Onboard equipment. The V2X transceivers and supporting electronics installed in a vehicle for connected-vehicle communication.
OEM
aliases: original equipment manufacturer
Original equipment manufacturer. The automaker (e.g., Ford, Toyota) whose name appears on the finished vehicle, as distinct from suppliers like Bosch or Continental.
ohms-law
The relation V = I × R linking voltage (V, in volts), current (I, in amperes), and resistance (R, in ohms) in a conductor: the current through a conductor equals the voltage across it divided by its resistance. Petzold uses Ohm's law to explain why a long telegraph wire weakens the signal — the wire itself has resistance, so the current at the far end is smaller than at the source.
oleinitialize
Used to initialize the COM library. Programs that use COM objects must call OleInitialize prior to calling any other COM functions.
ollydbg
aliases: OllyDbg
A free 32-bit user-mode Windows debugger long favored for malware unpacking and runtime analysis. Provides instruction-level stepping, memory and stack inspection, breakpoints, and a plug-in framework, but is limited to user-mode 32-bit code.
one-way-function
aliases: one-way function · one-way permutation
A length-preserving function f computable in polynomial time such that no probabilistic polynomial-time algorithm, given f(w) for random w, can output any y with f(y) = f(w) except with negligible probability. The existence of one-way functions is the foundational assumption of modern cryptography.
ones-complement
aliases: one's complement
The bitwise inversion of a binary number: every 0 becomes 1, every 1 becomes 0. Equivalently, ones-complement of N equals (2^k - 1) - N for a k-bit number. Petzold's Chapter 13 introduces ones-complement as the first step in computing two's-complement, the standard signed-integer representation in modern computers.
OOK-modulation
aliases: on-off keying
On-off keying. The simplest form of amplitude-shift keying, where a 1 bit transmits the carrier and a 0 bit transmits nothing; common in cheap RF keyfobs.
OOP
aliases: object-oriented programming
Object-Oriented Programming.
opcode
The part of an instruction that names which operation to perform. 'LDA', 'STA', 'JMP' are 6502 opcodes; 'add', 'sub', 'lw' are RV32I-Lite opcodes. The opcode tells the CPU what to do; the operand tells it what to do it to.
open-file-table
aliases: OFT
A per-process kernel data structure mapping file descriptors to information about each open file: the underlying inode, the current read/write offset, and the access mode. The fd is the user-visible index; the OFT entry holds the kernel-side bookkeeping.
openmutex
Opens a handle to a mutual exclusion object that can be used by malware to ensure that only a single instance of malware is running on a system at any given time. Malware often uses fixed names for mutexes, which can be good host-based indicators.
openprocess
Opens a handle to another process running on the system. This handle can be used to read and write to the other process memory or to inject code into the other process.
openscmanager
Opens a handle to the service control manager. Any program that installs, modifies, or controls a service must call this function before any other service-manipulation function.
operand
The part of an instruction that names what the operation acts on. In 'LDA #$42' the operand is '#$42' (a literal); in 'LDA $42' the operand is '$42' (an address). Operand interpretation depends on the addressing mode.
operating-system
A program that manages the hardware of the computer and provides a stable set of services for application programs to use, so each application does not have to talk directly to the disk, display, keyboard, and network. Petzold's Chapter 22 (p330) names three functions of an OS: managing files on disk, loading programs into memory and executing them, and providing programs with easy access to the hardware via the application programming interface.
operating-system-virtus
Virtus OS v1 is the runtime built in Chapter 12: a library of math, memory, screen, keyboard, and audio services bound into the same address space as the application, with no scheduler, no privilege levels, no MMU, and no filesystem. It is the smallest OS that demonstrates Petzold's Chapter 22 third function (the application programming interface) on real silicon; CSA-201's Virtus OS v2 adds the missing pieces.
OR-gate
A logic gate whose output is 1 if any input is 1, computing the Boolean OR function. Petzold builds the OR gate from two switches in parallel — current reaches the bulb if either switch is closed. The truth table for n inputs is the dual of AND: 1 except for the all-zeros row.
oracle-turing-machine
aliases: oracle TM · oracle Turing machine
A modified Turing machine equipped to query an external oracle for membership in some language B. The oracle answers yes/no for any queried string in a single step. Used to formalize relative computability and Turing reducibility.
OSI
aliases: Open Systems Interconnection
Open Systems Interconnection. The seven-layer reference model (physical through application) used to describe and design network protocols.
outputdebugstring
Outputs a string to a debugger if one is attached. This can be used as an anti-debugging technique.
overscan
A variable image area around the four edges of a television screen or monitor that may not reliably be seen by the viewer. Famicom/NES graphics in the overscan area may be cropped, depending on the display.
P
page
aliases: zero page · memory page · paging
A fixed-size chunk of memory addresses, typically 256 bytes on 6502 / 8-bit systems or 4096 bytes on modern CPUs. Memory pages let hardware and software work with memory in regular-sized blocks instead of as individual bytes. The NES 'zero page' is the first 256 bytes of RAM ($00 through $FF).
page-cache
aliases: buffer cache · file cache
A kernel-managed cache of file-data pages held in DRAM. Repeat reads return from cache instead of disk; writes are buffered until flushed by writeback or by an explicit fsync.
page-fault
aliases: page fault
A hardware trap raised when the MMU cannot translate a virtual address — either because the page is not present in memory (a major fault, satisfied from disk) or because the access violates the page's protection bits (a fatal fault).
page-replacement
aliases: page replacement
The policy a virtual-memory system uses to choose which physical page to evict when a page fault occurs and all frames are occupied. FIFO, Random, LRU, Clock, and OPT (theoretical optimum) are the standard policies; modern systems use approximations of LRU augmented with working-set heuristics.
page-table
aliases: page table
A per-process kernel data structure mapping every page-aligned virtual address to its physical-page-frame number, with bits for present/absent, writable, user/kernel, and dirty/referenced. Multi-level tables avoid the cost of a flat array.
passband
That frequency range over which a filter passes signal energy with minimum attenuation, usually defined as the frequency range where the magnitude response is within the peak-peak passband ripple region.
passband-ripple
aliases: passband ripple
Peak-peak fluctuations, or variations, in the frequency magnitude response within the passband of a filter.
pattern-table
The first 8KB of the PPU's VRAM. Each pattern table is 4K and contains either 256 background or sprite tiles.
PCB
aliases: Printed Circuit Board
The material substrate used to support and connect electronic components. Its conductive pathways are typically etched from laminated copper sheets.
PCM-audio
A method of representing a continuous audio signal as discrete digital data. PCM quality is governed by the digital converter's sampling rate and bit depth.
PDB
(Win32) Debugging information file, usually just function names, but sometimes also function arguments and local variables names.
peeknamedpipe
Used to copy data from a named pipe without removing data from the pipe. This function is popular with reverse shells.
peripheral-device
aliases: peripheral
Any device attached to the CPU through the bus or an external interface (USB, PCIe, Ethernet) that is not the CPU itself or main memory: keyboards, mice, displays, disk drives, network cards, GPIO, audio codecs. The Virtus Console's HDMI framebuffer, audio PWM, and DS2 controller interface are peripherals in this sense; the CPU talks to them through memory-mapped IO.
permissions-bits
aliases: permission bits · mode bits
The traditional UNIX file-permission encoding: three triples of read/write/execute bits for owner, group, and other. Displayed as e.g. rwxr-xr-- and represented numerically as three octal digits.
phase-response
aliases: phase response · phase delay
The difference in phase, at a particular frequency, between an input sinewave and the output sinewave at that frequency. Usually depicted as a curve of phase shift versus frequency.
phase-wrapping
aliases: phase wrapping
An artifact of arctangent software routines, used to calculate phase angles, that causes apparent phase discontinuities when a true phase angle in the range -180° to -360° is converted to its equivalent positive angle in the range 0° to +180°.
PID-OBD
aliases: parameter ID
Parameter ID. The OBD-II identifier (e.g., 0x0C for engine RPM) that a scan tool requests to read a specific sensor value from a vehicle ECU.
pixel
Shorthand for "picture element," the smallest graphical unit of a pattern tile.
PKES
aliases: passive keyless entry and start
Passive keyless entry and start. The wireless system that unlocks and starts a vehicle when a key fob is in proximity; the target of well-known relay attacks.
PKI
aliases: public key infrastructure
Public key infrastructure. The framework of certificate authorities, registration authorities, and policies for managing public-key certificates.
place-value
The contribution that a single digit makes to a number, determined by its position and the radix. In base ten the place values from right to left are 1, 10, 100, 1000; in base two they are 1, 2, 4, 8, 16. Petzold uses place-value tables to show that the binary number 11111111 is 255, by simply summing the place values of the 1-positions.
POKE
BASIC language instruction for writing a byte at a specific address.
polynomial-time-reducibility
aliases: polynomial time reducibility · polynomial-time mapping reducibility
Language A is polynomial-time reducible to language B, written A ≤P B, if there is a polynomial-time computable function f such that w ∈ A if and only if f(w) ∈ B. The efficient analog of mapping reducibility, used to relate NP problems.
polynomial-time-verifier
aliases: verifier · polynomial time verifier
A verifier for a language A is an algorithm V such that A = {w | V accepts
portable-executable
aliases: portable executable
PE (Portable Executable) is the Windows executable file format used for .exe, .dll, and .sys files.
positional-notation
A way of writing numbers in which each digit's value depends on its position relative to the radix point, with positions weighted by ascending powers of the base. The same digit '3' in base-ten means three units in the rightmost position, thirty in the next position left, three hundred after that. Petzold uses positional notation as the unifying idea that lets the student translate freely between decimal, binary, octal, and hexadecimal.
powertrain-control-module
Powertrain control module. The vehicle ECU that controls engine and transmission operation; the canonical target of OBD-II diagnostics.
PPU
aliases: picture processing unit
Picture processing unit: the NES's graphics chip. The PPU reads sprite and background data from CHR-ROM, combines it with palette and attribute data, and produces the video signal sent to the TV. The NES PPU runs in parallel with the CPU.
preemptive-scheduler
A scheduling policy in which the OS can interrupt a running process at any time (typically on a timer interrupt) and switch to a different runnable process, even if the running process did not yield voluntarily. Preemption is necessary for interactive responsiveness and to enforce fair sharing; cooperative scheduling (where processes must yield) does neither.
PRG-ROM
aliases: Program ROM · PRG-RAM · Program RAM
The cartridge ROM directly addressed by the CPU. It contains the program's source code and data.
PRNG
aliases: pseudorandom number generator
Pseudorandom number generator. A deterministic algorithm that produces a sequence of numbers approximating random output; quality matters cryptographically.
probabilistic-turing-machine
aliases: probabilistic Turing machine · PTM
A nondeterministic Turing machine in which each nondeterministic step is a coin-flip step with two equally likely next moves. Assigns a probability to each computation branch (and thus to acceptance); decides a language with bounded error probability.
process
The operating system's abstraction of a running program: the contents of its address space, the contents of its CPU registers (program counter, stack pointer, others), and information about its open files and I/O state.
process-control-block
aliases: process control block
A structure inside the kernel that holds the saved state of a single process: its PID, register file snapshot, memory mapping, open file table, scheduling info, and parent/child links. Sometimes simply called a process descriptor.
process-explorer
aliases: Process Explorer
A Sysinternals enhanced Task Manager replacement that shows the process tree, loaded DLLs, open handles, network connections, and digital signature status of every running process. Often the first tool an analyst opens to spot suspicious or unsigned processes.
process-id
aliases: PID · process ID
An integer name assigned by the operating system to each running process. Used by system calls like kill, waitpid, and ptrace to refer to a specific process.
process-list
aliases: process table
A kernel data structure holding information about every process in the system. Each entry is a process control block.
process-monitor
aliases: Process Monitor · procmon
A Sysinternals utility that records every filesystem, registry, network, process, and thread event a chosen process generates. Filters narrow the firehose to the malware's activity, producing a usable behavioral timeline for dynamic analysis.
process-state
aliases: process states
The current execution status of a process, typically one of running, ready, or blocked. Events like scheduling decisions and I/O completion transition a process between states.
program-counter
aliases: program counter
Program Counter. IP/EIP/RIP in x86/64. PC in ARM.
pseudonym-certificate
Pseudonym certificate. A short-lived V2X identity certificate that protects driver privacy by rotating cryptographic identifiers periodically.
PSPACE
aliases: polynomial space class
PSPACE is the class of languages decidable in polynomial space on a deterministic Turing machine: PSPACE = union over k of SPACE(n^k). By Savitch's theorem, PSPACE = NPSPACE. Contains P, NP, and many natural problems such as TQBF.
PSPACE-complete
aliases: PSPACE-completeness
A language B is PSPACE-complete if B is in PSPACE and every language A in PSPACE is polynomial-time reducible to B. Captures the hardest problems in PSPACE. The reduction model is polynomial-time, not polynomial-space, because reductions must be cheaper than the problems themselves.
punched-card
A stiff paper card with rectangular holes punched in specific positions to encode data, used as the primary input medium for tabulating machines (Hollerith, 1890 US Census) and later early computers (IBM mainframes through the 1970s). Petzold's Chapter 18 walks the punched card from Jacquard's loom (1801) through Hollerith's census tabulator into early electromechanical computing.
pushdown-automaton
aliases: pushdown automaton · PDA
A nondeterministic finite automaton augmented with a stack, formalized as a 6-tuple (Q, Σ, Γ, δ, q0, F) where Γ is the stack alphabet and δ specifies stack push/pop along with state transitions. PDAs recognize exactly the context-free languages.
PWM
aliases: pulse width modulation
Pulse width modulation. A technique that encodes information or controls power by varying the duty cycle of a square wave; ubiquitous in motor and LED control.
Q
QoS
aliases: quality of service
Quality of service. The set of techniques (priority queueing, traffic shaping, etc.) used to provide bandwidth and latency guarantees to selected network flows.
quadrature-filter
aliases: quadrature filter
A dual-path digital filter operating on complex signals. One filter operates on the in-phase i(n) data, and the other processes the quadrature-phase q(n) data. Normally performed on complex signals whose spectra are centered at zero Hz, using lowpass digital filters.
queryperformancecounter
Used to retrieve the value of the hardware-based performance counter. This function is sometimes using to gather timing information as part of an anti-debugging technique. It is often added by the compiler and is included in many executables, so simply seeing it as an imported function provides little information.
queueuserapc
Used to execute code for a different thread. Malware sometimes uses QueueUserAPC to inject code into another process.
quotient
Division result.
R
race-condition
aliases: race condition
A defect that arises when multiple threads enter a critical section at roughly the same time, each attempting to update shared data, producing an outcome that depends on thread interleaving.
RAID
aliases: redundant array of inexpensive disks
A storage architecture that combines multiple disks into one logical volume, trading capacity, performance, and redundancy by striping, mirroring, or computing parity. Levels include RAID-0 (stripe), RAID-1 (mirror), RAID-4/5 (parity), and RAID-6 (dual parity).
RAM
aliases: random-access memory
Random-access memory: storage the CPU can read and write during program execution. RAM contents are lost when power goes off. On the NES the CPU sees 2 KiB of internal RAM mirrored across $0000 through $1FFF.
RAM-array
A two-dimensional grid of memory cells addressed by an address decoder on one axis and read or written by data lines on the other. Petzold's Chapter 16 builds increasingly large RAM arrays — a 16-bit array, a 64-bit array, a 1024-bit array — by stacking smaller arrays with an outer decoder selecting which inner array to use. The Virtus HDL chapters perform the same scaling in Verilog onto FPGA block RAM.
read-enable
A control input on a memory array that gates its data output: when asserted the array drives the read data lines with the contents of the selected cell; when deasserted the lines are tri-stated (high-impedance) so another array can drive them. Modern multi-port register files often combine read-enable with the address-decoder so reads happen combinationally without an explicit enable signal.
readprocessmemory
Used to read the memory of a remote process.
real-number
aliases: real number
Numbers which may contain a dot. This is float and double in C/C++.
recursive-filter
aliases: recursive filter
A digital filter implementation where current filter output samples are retained for later use in computing future filter output samples. Such filters have feedback signal paths.
register
A CPU's smallest, fastest storage slot. The 6502 has three general-purpose registers (A, X, Y), a program counter, a stack pointer, and a status register. RV32I-Lite has 31 general-purpose 32-bit registers (x1 through x31, plus the always-zero x0).
register-allocator
aliases: register allocator
The part of the compiler that assigns CPU registers to local variables.
registerhotkey
Used to register a handler to be notified anytime a user enters a particular key combination (like CTRL-ALT-J), regardless of which window is active when the user presses the key combination. This function is sometimes used by spyware that remains hidden from the user until the key combination is pressed.
registration-authority
Registration authority. A PKI component that handles certificate requests on behalf of a certificate authority but does not itself sign certificates.
regopenkey
Opens a handle to a registry key for reading and editing. Registry keys are sometimes written as a way for software to achieve persistence on a host. The registry also contains a whole host of operating system and application setting information.
regshot
aliases: Regshot
A free utility that takes a snapshot of the Windows registry, lets the analyst run a malware sample, then diffs against a second snapshot to enumerate every registry key the sample added, deleted, or modified.
regular-expression
aliases: regular expression · regex
An expression built inductively from alphabet symbols, ε, and ∅ by applying union, concatenation, and star. Regular expressions describe exactly the regular languages, the same class recognized by finite automata.
regular-language
aliases: regular language
A language is called a regular language if some finite automaton recognizes it.
relay
A switch that is opened or closed by an electromagnet rather than by hand, so a small input current can control a much larger output current. Petzold's Chapter 6 names the relay as the device that turns the telegraph wire into a logic substrate: two relays in series compute AND, two in parallel compute OR, a relay wired to break a circuit when energized computes NOT. Every electromechanical computer between roughly 1937 and 1955 was built from relays.
repeater-relay
An early telegraph station device, also called a relay, that receives a weak incoming signal and uses it to drive a fresh strong outgoing signal on the next segment of wire, so messages can travel coast-to-coast without the signal dying from accumulated resistance. Petzold uses the repeater as the introduction to the relay's logical role: once a device can examine an input and produce a controlled output, the same device can be wired to compute a Boolean function.
resistance-ohm
A material property that opposes the flow of electric current, measured in ohms. Higher resistance means less current for the same voltage; the relationship is Ohm's law, V = I × R. In Petzold's circuits, the bulb filament has enough resistance to glow when current flows through it, and the long telegraph wire has enough resistance to attenuate the signal over miles.
resumethread
Resumes a previously suspended thread. ResumeThread is used as part of several injection techniques.
RETURN-instruction
A CPU instruction that ends a subroutine by popping a return address off the stack (or reading it from the link register) and jumping to that address, resuming execution at the instruction after the matching CALL. RV32I implements RETURN as jalr x0, 0(ra) — jump to whatever address ra holds, throwing away the new return address.
reverse-engineering
aliases: reverse engineering
Act of understanding how the thing works, sometimes in order to clone it.
RFID
aliases: radio-frequency identification
Radio-frequency identification. A short-range RF technology that powers tags via the reader's field and reads back a tag-stored identifier; used in immobilizers and toll collection.
ripple
Fluctuations (measured in dB) in the passband or stopband of a filter's frequency-response curve. Elliptic and Chebyshev-based filters have equiripple characteristics; Bessel and Butterworth filters have no passband ripple.
ripple-carry-adder
A multi-bit adder built by cascading N full adders, where each adder's carry-out feeds the next adder's carry-in. The carry signal ripples from least-significant bit to most-significant bit, so the total propagation delay is proportional to N. Petzold's Chapter 12 builds an 8-bit ripple adder; the curriculum repeats the construction for 4 bits in Lab 1.4 and 32 bits in the Chapter 2 ALU.
RISC
aliases: reduced instruction set computing
Reduced instruction set computing.
RLE
aliases: Run Length Encoding
A simple form of compression commonly used in the 8-bit era to eliminate the redundancy of multiple repeated tiles. Instead of listing each tile in sequence, a tile's reference is provided, followed by its "run length" and a terminating byte.
roll-off
aliases: rolloff
The steepness, or slope, of the filter response in the transition region from the passband to the stopband. A digital filter with a roll-off of 12 dB/octave means the second-octave frequency is attenuated by 24 dB and the third by 36 dB.
ROM
aliases: read-only memory
Read-only memory: storage that holds program code and fixed data permanently. ROM contents survive power-off. The NES cartridge contains two ROM chips: PRG-ROM (program code) and CHR-ROM (graphics data).
RP
aliases: randomized polynomial time
RP is the class of languages decided by probabilistic polynomial-time Turing machines where inputs in the language are accepted with probability at least 1/2 and inputs not in the language are rejected with probability 1. One-sided error: false negatives possible, no false positives.
RPM
aliases: revolutions per minute
Revolutions per minute. The standard unit for engine speed, reported by the powertrain control module on the CAN bus and on PID 0x0C.
RTR-can
Remote transmission request. The CAN frame flag that requests data from another node; standard CAN nodes respond with the matching data frame.
S
sample
In audio, a discrete digital representation of a continuous signal. In musical practice, a sample is a short, often looped, section of previously recorded musical material.
sampling-rate
In digital audio, the number of samples encoded per second, commonly measured in kilohertz (kHz). CD-quality audio has a sampling rate of 44,100 samples per second, or 44.1kHz.
scanline
A single line, or row, of the raster scanning pattern traced by the CRT's electron gun.
scheduler
aliases: CPU scheduler · process scheduler
The OS subsystem that chooses which ready process or thread to run next on a CPU. Scheduling policies include FIFO, SJF, round-robin, MLFQ, and proportional share.
SDK
aliases: software development kit
Software development kit. The vendor-supplied bundle of headers, libraries, sample code, and build tools needed to develop software for a specific platform.
SDR
aliases: software-defined radio
Software-defined radio. A radio receiver/transmitter where most signal processing is done in software, enabling protocol-agnostic RF analysis with cheap hardware like the RTL-SDR.
second-party
A videogame developer who is either partly owned or funded by the platform manufacturer to produce games exclusive to that platform.
security-cookie
aliases: security cookie
A random value, different at each execution.
segmentation-fault
aliases: segfault · SIGSEGV
The fatal trap delivered to a process when it accesses a virtual address whose page is not mapped or whose protection bits forbid the access. Historically tied to segmented memory; now a generic name for any invalid-memory trap.
semaphore
Dijkstra's classic synchronization primitive: an integer counter manipulated atomically with sem_wait (P, decrement-and-block-if-negative) and sem_post (V, increment-and-wake). Used to build mutexes, signal events, and bound resources.
sequential-circuit
A digital circuit whose output depends on both the current inputs and a stored history of past inputs, achieved by feeding outputs back into inputs through storage elements (latches or flip-flops). Petzold's Chapter 14 is the conceptual hinge: every prior chapter built combinational circuits, every subsequent chapter assumes sequential storage as the substrate for registers, RAM, and CPU state.
setwindowshookex
Sets a hook function to be called whenever a certain event is called. Commonly used with keyloggers and spyware, this function also provides an easy way to load a DLL into all GUI processes on the system. This function is sometimes added by the compiler.
shape-factor
aliases: shape factor
A measure of the steepness of a filter's roll-off, normally defined as the ratio of a filter's passband width to the passband width plus the transition-region width. The smaller the shape factor, the steeper the roll-off; an ideal filter with zero transition width has a shape factor of unity.
shellexecute
Used to execute another program. If malware creates a new process, you will need to analyze the new process as well.
sign-bit
The most-significant bit of a two's-complement signed integer, indicating sign: 0 for non-negative, 1 for negative. In a 32-bit word, bit 31 is the sign bit; sign-extension (Chapter 3) replicates this bit into the higher positions when widening a signed value.
sign-extension
The operation of widening a signed integer to more bits by replicating the sign bit into all the new higher-order positions, preserving the numerical value. A 16-bit -1 (0xFFFF) sign-extends to a 32-bit -1 (0xFFFFFFFF); a 16-bit 1 (0x0001) sign-extends to a 32-bit 1 (0x00000001). RV32I's I-format immediate is sign-extended from 12 to 32 bits at decode time.
signal-petzold
aliases: Petzold signal
The carrier of information from one place to another over a physical medium. Petzold opens CODE with two children using flashlights to flash codes across an alley; the flashlight beam, the wire in a telegraph, and the radio wave are all signals in the same sense. The presence or absence of the signal is what the receiver examines and acts on.
signal-unix
aliases: UNIX signal · POSIX signal
An asynchronous notification delivered to a process to indicate an event such as a timer firing or a fatal error. Common signals include SIGKILL, SIGTERM, SIGINT, and SIGSEGV. Programs install handlers to react.
signed-integer
A binary number that encodes both positive and negative values, typically using two's-complement representation. In a k-bit signed integer the leftmost bit is the sign bit (0 = non-negative, 1 = negative) and the remaining bits encode magnitude (in two's complement, the negative range extends one further than the positive). RV32I uses 32-bit signed integers for most arithmetic instructions.
SIM-card
aliases: subscriber identity module
Subscriber identity module. The smart card that authenticates a cellular subscriber to a GSM/LTE network; embedded variants (eSIM) appear in many telematics units.
SIMD
aliases: single instruction multiple data
Single instruction, multiple data.
sounder
The electromagnet-and-lever assembly at the receiving end of a telegraph that clicks audibly when current arrives on the line, so the operator can hear the incoming Morse code. The clicks of the sounder are the historical ancestor of every audible alert in computing, and the lever-pulled-by-electromagnet mechanism is the same one the relay inherits.
space-complexity
aliases: space complexity
For a deterministic Turing machine M that halts on all inputs, the space complexity is the function f(n) giving the maximum number of tape cells M scans on any input of length n. For a nondeterministic TM, take the maximum across all branches.
speedrun
A competitive gameplay practice that aims to complete a game as quickly as possible, without the assistance of cheats, hacks, or computer tools.
spinlock
aliases: spin lock
A lock implementation that, when contended, busy-waits by repeatedly testing whether the lock has been released. Cheap when held briefly on a multiprocessor, but wastes CPU and risks priority inversion when held long or used on a uniprocessor.
sprite
A small graphic the PPU draws on top of the background, used for movable objects (player characters, enemies, projectiles). NES sprites are 8x8 pixels (or 8x16 in tall-sprite mode), stored as 16 bytes in CHR-ROM in the same 2-bitplane format as background tiles.
SR-latch
aliases: RS latch · SR flip-flop · R-S flip-flop
The simplest flip-flop, built from two cross-coupled NOR (or NAND) gates with inputs Set and Reset. Asserting Set drives the output to 1; asserting Reset drives it to 0; releasing both leaves the output in whatever state it last held. The R=S=1 input combination is forbidden because both outputs would attempt to be 0 simultaneously, leaving the circuit in an undefined state.
stack-frame
aliases: stack frame
A part of the stack that contains information specific to the current function: local variables, function arguments, RA, etc.
stack-pointer
aliases: stack pointer
A register pointing to a place in the stack.
startservicectrldispatcher
Used by a service to connect the main thread of the process to the service control manager. Any process that runs as a service must call this function within 30 seconds of startup. Locating this function in malware tells you that the function should be run as a service.
starvation-os
A condition in which a thread can never make progress because the scheduler or lock acquisition repeatedly favors other threads, even though no deadlock cycle exists. Starvation is distinct from deadlock: the system is making progress overall, but one particular thread never gets its turn. Fair lock implementations and aging in scheduling are the standard mitigations.
stateless-protocol
aliases: stateless protocol
A network protocol whose server keeps no per-client state between requests. After a server crash, clients simply retry; no recovery handshake or state replay is needed. The key design choice that makes NFS fast to recover.
stdout
aliases: standard output
Standard output.
stopband
That band of frequencies attenuated by a digital filter.
stored-program-model
aliases: stored program
The architectural principle that program instructions and data both live in the same readable-writable memory, with the CPU fetching instructions from memory addresses identified by a program counter. Named for John von Neumann's 1945 First Draft Report on the EDVAC, the model lets programs be loaded, modified, generated by other programs, and stored alongside their data. Petzold's Chapter 17 walks the move concretely: the operator stops rewiring the machine and starts typing instructions into RAM alongside the data.
strings-tool
aliases: Strings
A Sysinternals command-line tool that extracts printable ASCII and Unicode strings from a binary. Used during basic static analysis to surface hardcoded URLs, IP addresses, filenames, registry keys, and other indicators embedded in the sample.
subroutine
aliases: routine
A reusable block of code with a defined entry point and a defined exit, called from elsewhere in the program by a CALL instruction and returning to the caller via a RETURN instruction. Petzold's Chapter 19 names subroutines as 'extremely important features of any processor — they allow a programmer to implement subroutines, which are snippets of frequently used code.' Subroutines are the substrate for every function call, every library, every OS service.
subtrahend
The number being subtracted in a subtraction problem: in the expression A - B = C, the term B. Petzold's Chapter 13 derivation of two's-complement subtraction works by negating the subtrahend (taking its ones-complement and adding 1) and then adding the result to the minuend, so the adder hardware handles both operations.
superuser-root
aliases: root user · superuser
On UNIX, the privileged user (UID 0) able to control any process, read or write any file, and configure the system. Operating-system books advise invoking root sparingly and only for administrative tasks.
suspendthread
Suspends a thread so that it stops running. Malware will sometimes suspend a thread in order to modify it by performing code injection.
swap-space
aliases: swap space
A region of persistent storage (a dedicated partition or file) where the OS evicts pages from main memory when RAM is exhausted. Lets the address-space abstraction extend beyond physical memory at the cost of latency.
SWD
aliases: Serial Wire Debug
Serial Wire Debug. The two-wire ARM debug protocol (a JTAG alternative) used to flash and debug ARM Cortex microcontrollers.
switch-electrical
A mechanical device that opens or closes a conductive path, allowing or interrupting the flow of current in a circuit. Petzold's chapters 4-10 build the entire computational substrate from switches: a hand-pressed switch in the flashlight, a key-pressed switch in the telegraph, a relay-actuated switch in the gates, and finally a voltage-actuated switch in the transistor.
symbolic-link
aliases: symlink · soft link
A special file whose contents are a path string interpreted by the kernel as a redirection to another file. Unlike a hard link, a symlink can cross file system boundaries and may dangle if its target is deleted.
system-call
aliases: syscall
A controlled entry point from user-mode code into the kernel that requests an operating-system service. The CPU executes a trap instruction that switches to kernel mode and jumps to a pre-specified handler.
T
tabulating-machine
An electromechanical machine that reads punched cards and accumulates counts or totals from the encoded data, invented by Herman Hollerith for the 1890 US Census and commercialized by his Tabulating Machine Company (later IBM). The tabulating machine is the commercial ancestor of the computer and the immediate predecessor of relay-based and vacuum-tube computers.
tail-call
aliases: tail call
It is when the compiler (or interpreter) transforms the recursion (with which it is possible: tail recursion) into an iteration for efficiency.
tap
A multiplication operation inside a digital filter that computes the product of a single data value times a single filter coefficient.
TAS
aliases: Tool-Assisted Speedrun
A speedrun performed on and assisted by an emulator and its associated tools, such as save states, re-recording, frame-by-frame advance, and scripting macros.
TCU
aliases: transmission control unit · transmission control module
Transmission control unit (also transmission control module, TCM). The vehicle ECU that controls automatic-transmission shifting and clutch behavior.
TDMA
aliases: time division multiple access
Time division multiple access. A channel-access scheme that divides a shared medium into time slots assigned to different transmitters.
telegraph
A long-distance signaling system that uses electric pulses on a wire to transmit coded messages, invented in the 1830s and dominant for inter-city communication until the telephone. Petzold's Chapter 6 walks the telegraph as the historical bridge from circuits that carry information to circuits that process it — once you have a wire that decides whether to actuate a switch at the far end, you have the substrate for digital logic.
third-party
A videogame developer licensed to produce games for another company's platform.
thread
A separate stream of execution within a process, sharing the address space and open files but with its own program counter and stack. Multiple threads in one process can run in parallel on a multicore CPU.
thunk-function
aliases: thunk function
Tiny function with a single role: call another function.
tile
A small fixed-size graphic block used for the background layer. NES tiles are 8x8 pixels stored as 16 bytes in CHR-ROM in the same 2-bitplane format as sprites. The PPU composes the screen background by drawing a grid of tiles.
time-class-NP
aliases: NP (complexity class)
NP is the class of languages that have polynomial-time verifiers. Equivalently, the class of languages decidable in nondeterministic polynomial time. NP contains many problems of practical interest such as HAMPATH and SAT.
time-class-P
aliases: P (complexity class) · polynomial time class
P is the class of languages decidable in polynomial time on a deterministic single-tape Turing machine: P = union over k of TIME(n^k). Invariant across polynomially-equivalent computation models and roughly corresponds to problems realistically solvable on a computer.
time-complexity
aliases: time complexity · running time
For a deterministic Turing machine M that halts on all inputs, the time complexity (or running time) is the function f(n) giving the maximum number of steps M uses on any input of length n.
TIME-complexity-class
aliases: TIME(t(n)) · time complexity class
TIME(t(n)) is the collection of all languages decidable by some O(t(n)) time deterministic Turing machine.
timer-interrupt
aliases: preemption timer
A periodic hardware interrupt that fires at a programmed interval and jumps the CPU into a kernel handler. Lets the OS reclaim the CPU from a running process and run the scheduler, enabling non-cooperative preemption.
TLB
aliases: translation lookaside buffer
A small high-speed cache inside the MMU that holds recent virtual-to-physical address translations. A TLB miss triggers a full page-table walk, which is much slower than a hit.
TLB-cache
Translation Lookaside Buffer: a small fully-associative cache in the MMU that holds recent virtual-to-physical address translations, so most memory accesses can be translated without consulting the page tables in main memory. TLB miss rate is a key performance metric for memory-intensive workloads; a TLB shootdown is the cross-CPU invalidation when a page mapping changes.
TPMS
aliases: tire pressure monitor sensor
Tire pressure monitor sensor. The in-wheel radio transmitters that report tire pressure; analyzed widely in the literature on automotive RF attacks.
tracker
Music sequencing software that uses a vertical display based around columnar monophonic tracks, each typically designating a hardware channel from the source platform.
transfer-function
aliases: transfer function
A mathematical expression of the ratio of the output of a digital filter divided by the input of the filter as expressed in a transform domain (such as the z-domain, Laplace, or frequency). Given the transfer function, one can determine the filter's frequency magnitude and phase responses.
transistor
A semiconductor switching element invented at Bell Labs in 1947 by Bardeen, Brattain, and Shockley, in which a small voltage on a control terminal (gate) allows or blocks current between two other terminals (source and drain). Transistors replaced vacuum tubes in computers in the late 1950s; modern CPUs contain tens of billions of transistors on a single integrated circuit.
transition-region
aliases: transition region · transition band
The frequency range over which a filter transitions from the passband to the stopband. Sometimes called the transition band.
transversal-filter
aliases: transversal filter
In digital filtering, another name for FIR filters implemented with nonrecursive structures.
trap-instruction
aliases: trap
A CPU instruction that saves register state, switches the processor from user mode to kernel mode, and jumps to a pre-specified destination in the trap table. The mechanism that implements system calls and synchronous exceptions.
trap-table
aliases: interrupt vector table · IDT
A kernel-controlled table set up at boot that maps each trap or interrupt cause to the address of its handler. The OS configures it so that user-mode code cannot redirect handlers.
trapdoor-function
aliases: trapdoor function
A family of one-way functions f_i with an auxiliary generator G producing (index i, trapdoor t) pairs and a polynomial-time inverter h such that h(t, f_i(w)) recovers w. Hard to invert without the trapdoor; easy with it. Foundational primitive for public-key cryptography.
trim-operation
aliases: TRIM
A storage API command that tells an SSD a block (or range) of logical addresses is no longer in use by the file system, freeing the FTL to reclaim and erase the underlying flash without preserving stale data.
truth-table
A complete tabular specification of a Boolean function: every possible combination of input values listed on the left, the corresponding output on the right. Petzold uses truth tables throughout the gate chapters as the bridge between specification and implementation — if you can write the table, you can build the gate, and the gate is correct exactly when its outputs match the table on every row.
turing-decidable
aliases: decidable · recursive language
A language is Turing-decidable if some Turing machine decides it; that is, the machine halts on every input and either accepts or rejects (never loops). Also called recursive in older texts. Every decidable language is Turing-recognizable, but not conversely.
turing-machine
aliases: Turing machine · TM
A formal model of computation defined as a 7-tuple (Q, Σ, Γ, δ, q0, q_accept, q_reject) consisting of a finite control, a tape alphabet, a transition function reading and writing tape cells and moving a head left or right, a start state, and distinct accept and reject states. The Turing-machine model captures the informal notion of algorithm.
turing-recognizable
aliases: recursively enumerable
A language is Turing-recognizable if some Turing machine recognizes it (accepts every string in the language and either rejects or loops on strings not in the language). Also called recursively enumerable in older texts.
turing-reducibility
aliases: Turing reducibility
Language A is Turing reducible to language B, written A ≤T B, if A is decidable relative to B (that is, decidable by an oracle Turing machine with an oracle for B). Strictly more powerful than mapping reducibility.
twos-complement
aliases: two's complement
The signed-integer representation in which a negative number -N is encoded as the ones-complement of N plus 1, giving an asymmetric range (-2^(k-1) through 2^(k-1)-1 for k bits) with a single zero representation. Petzold's Chapter 13 derives two's-complement from the ones-complement subtraction trick; the representation is universal in modern computers because subtraction reduces to negation-then-add, reusing one adder.
U
UDS
aliases: Unified Diagnostic Services
Unified Diagnostic Services. The ISO 14229 protocol that standardizes diagnostic and reprogramming services across automakers; the target of most vehicle-pentest reconnaissance.
UHF
aliases: ultra-high-frequency
Ultra-high-frequency. The 300 MHz to 3 GHz band; covers most automotive keyfob, TPMS, and short-range wireless.
Unicode
A universal character-encoding standard that aims to represent every writing system in human use plus mathematical, scientific, and symbolic notation, currently encoding around 149,000 code points across 161 scripts. Unicode is encoded on the wire and in files via UTF-8 (1 to 4 bytes per code point, ASCII-compatible), UTF-16, or UTF-32. Modern operating systems and programming languages use Unicode as the default text encoding.
universal-gate
A logic gate from which every Boolean function can be built using only copies of that gate, with no other gate types required. NAND and NOR are the only single-input-type universal gates; AND, OR, and NOT alone are not universal individually but the set {AND, OR, NOT} is. Petzold's Chapter 11 names this property as the engineering reason silicon manufacturers focused on NAND and NOR.
unix-shell
aliases: shell
A user-mode program that prints a prompt, reads commands typed by the user, and uses fork/exec/wait to launch them. The separation of fork from exec lets the shell modify the about-to-run program's environment, enabling I/O redirection and pipes.
upx
aliases: UPX
An open-source executable packer widely used by both legitimate software and malware. UPX-compressed binaries can usually be unpacked with the same tool's --decompress flag, making UPX detection and stripping a routine first step in static analysis.
urldownloadtofile
A high-level call to download a file from a web server and save it to disk. This function is popular with downloaders because it implements all the functionality of a downloader in one function call.
user-mode
aliases: user mode
A restricted CPU mode in which it all application software code is executed. cf. kernel mode.
USRP
aliases: Universal Software Radio Peripheral
Universal Software Radio Peripheral. The Ettus Research SDR hardware family widely used in academic RF security research.
UTP
aliases: unshielded twisted-pair
Unshielded twisted-pair. The dominant Ethernet cabling type; pairs of insulated copper wires twisted together to reduce electromagnetic interference.
V
V2I
aliases: vehicle-to-infrastructure
Vehicle-to-infrastructure (also car-to-infrastructure, C2I, in Europe). V2X communication between a vehicle and roadside equipment such as signs or traffic signals.
V2V
aliases: vehicle-to-vehicle
Vehicle-to-vehicle (also car-to-car, C2C, in Europe). V2X communication directly between vehicles for safety-critical messaging.
V2X
aliases: vehicle-to-anything
Vehicle-to-anything (also car-to-anything, C2X, in Europe). Umbrella term for connected-vehicle wireless communication including V2V, V2I, and vehicle-to-pedestrian.
vacuum-tube
An electronic switching element from the early 20th century: a sealed glass envelope containing a heated cathode that emits electrons, a controlling grid, and a collecting anode. Vacuum tubes can switch much faster than relays (microseconds vs milliseconds) and were the active element in ENIAC, Whirlwind, and the early commercial computers (UNIVAC, IBM 700-series) before transistors replaced them in the late 1950s.
VBLANK
aliases: Vertical Blank
In Famicom programming, VBLANK is the interval of time between when the electron gun completes its raster scanning pattern and when it resets to the screen's upper corner to recommence scanning.
vehicle-interface
Vehicle interface. The connector and electronics through which an external tool (scan tool, ECU programmer, dongle) attaches to the vehicle bus, typically via the OBD-II port.
VIN
aliases: vehicle identification number
Vehicle identification number. The 17-character ISO 3779 identifier stamped on every modern vehicle and stored electronically in multiple ECUs.
virtual-address
aliases: virtual address
VA (Virtual Address) is the memory address a process sees, mapped by the operating system or CPU to a physical address.
virtual-machine
Virtual machine. An emulated computer running on top of a host operating system; analysts run unknown binaries inside VMs to contain potential malware behavior.
virtual-machine-jvm
An abstract computer specified by an intermediate-representation instruction set and executed by an interpreter or JIT on the host's real CPU. The Java Virtual Machine (Sun 1995, now Oracle) was the breakout commercial demonstration; .NET CLR, V8 Ignition, WebAssembly runtimes, and Python's CPython all use the same pattern. The Virtus VM is a pedagogical JVM in miniature.
virtual-memory
The abstraction that gives every process its own private linear address space, mapped by the kernel and the MMU to physical memory and to swap on disk. Virtual memory enables process isolation, larger-than-RAM working sets via paging, copy-on-write semantics, shared libraries, and memory-mapped files. The Virtus CSA-101 OS does not have virtual memory; CSA-201 adds it.
virtualallocex
A memory-allocation routine that can allocate memory in a remote process. Malware sometimes uses VirtualAllocEx as part of process injection.
virtualprotectex
Changes the protection on a region of memory. Malware may use this function to change a read-only section of memory to an executable.
vnode
aliases: VFS layer
The kernel abstraction Sun introduced to plug different file systems into one operating system. A vnode hides the on-disk format behind a uniform interface; the VFS layer dispatches file operations to the underlying file system implementation.
VoIP
aliases: voice over IP
Voice over IP. The transmission of voice traffic as packetized data over an IP network instead of the traditional circuit-switched telephone network.
volatility
aliases: Volatility Framework
An open-source memory-forensics framework that parses Windows, Linux, and macOS memory images to extract process lists, network connections, loaded modules, registry hives, and injected code regions. Standard tool for live-incident triage and post-incident analysis.
voltage
The electrical pressure that pushes charge through a conductor, measured in volts. Petzold introduces voltage by analogy to water pressure in a pipe: a battery raises the voltage on one terminal, and current flows from high voltage to low whenever a closed conductive path is available. In digital logic, two voltage ranges encode the binary symbols 0 and 1.
von-Neumann-architecture
A computer architecture in which program instructions and data share a single memory and a single bus to the CPU, named after John von Neumann's 1945 description. Contrasts with Harvard architecture, in which program and data have physically separate memories. The Virtus RV32I-Lite CPU is von-Neumann at the architectural level (one address space) and modified-Harvard at the FPGA implementation level (separate BRAM regions for instruction and data).
VPW
aliases: variable pulse width
Variable pulse width. The single-wire modulation used by the legacy J1850 VPW vehicle bus, primarily on older GM vehicles.
VRAM
aliases: Video RAM
In Famicom parlance, VRAM is the memory allotted to the PPU's name tables and palettes (CIRAM) as well as the CHR-ROM/RAM on the cartridge.
W
wait-syscall
aliases: wait() · waitpid()
A UNIX system call that lets a parent process suspend until one of its child processes completes. Returns the child's exit status.
WAVE-standard
aliases: Wireless Access in Vehicular Environments
Wireless Access in Vehicular Environments. The IEEE 1609 family of standards that, with IEEE 802.11p, defines short-range vehicular wireless networking.
waveform
A visual representation of sound's variation in air pressure (i.e., amplitude) over time. Waveforms are commonly named according to their approximate geometric shape, e.g., square wave, triangle wave, sawtooth.
wear-leveling
aliases: wear leveling
The FTL strategy of distributing erase/program cycles across all blocks (including those holding cold, rarely-rewritten data) to prevent any single block from wearing out long before the rest of the device.
wear-out
aliases: flash wear out
The gradual loss of flash-cell reliability after enough erase/program cycles. Each cell has a finite endurance budget (often a few thousand to a few hundred thousand cycles, depending on cell type) before it can no longer hold charge reliably.
windbg
aliases: WinDbg
Microsoft's free debugger, capable of both user-mode and kernel-mode debugging on Windows. Often the only practical option for kernel-mode rootkit analysis, and integrates tightly with Microsoft symbol servers for resolving Windows function names.
Windows-NT
aliases: Windows NT
Windows NT, 2000, XP, Vista, 7, 8.
winexec
Used to execute another program. If malware creates a new process, you will need to analyze the new process as well.
wireshark-tool
aliases: Wireshark
An open-source packet-capture and analysis tool that decodes hundreds of protocols. Used during malware dynamic analysis to inspect command-and-control traffic, identify network-based indicators, and extract embedded payloads from captured streams.
word-aligned
A memory address that is an integer multiple of the word size (4 bytes for 32-bit RISC-V), so the low bits of the address are zero. Word-aligned access is single-cycle on most RISC processors; unaligned access either traps or splits into two cycles in hardware. RV32I-Lite restricts lw and sw to word-aligned addresses; CSA-201 expands to byte and half-word access.
word-datatype
aliases: word data type
Data type fitting in GPR. In the computers older than PCs, the memory size was often measured in words rather than bytes.
write-amplification
aliases: WAF · write amplification factor
The ratio of physical bytes actually written to flash divided by logical bytes the host asked the SSD to write. Caused by FTL garbage collection moving live pages and by rewriting whole erase blocks for small updates.
write-enable
A control input on a memory cell or register that, when asserted at the active clock edge, causes the cell to latch the value on its data input; when deasserted, the cell holds its previous value regardless of the data input. The Virtus 8-entry register file uses a write-enable per port to gate writes to specific registers; x0 is implemented by gating its write-enable to permanent low.
writeprocessmemory
Used to write data to a remote process. Malware uses WriteProcessMemory as part of process injection.
wsastartup
Used to initialize low-level network functionality. Finding calls to WSAStartup can often be an easy way to locate the start of network-related functionality.
X
Xerox-Alto
aliases: Alto · Xerox PARC Alto
The 1973 research computer built at Xerox PARC that pioneered the bitmap display, the mouse, overlapping windows, WYSIWYG editing, Ethernet, and the laser printer — every defining feature of the modern personal computer. Petzold's Chapter 25 walks the Alto as the design that Steve Jobs, Bill Gates, and many others saw in the late 1970s and built into the Apple Macintosh (1984), Microsoft Windows (1985), and every GUI desktop since.
XNOR-gate
A logic gate whose output is 1 if and only if its inputs are equal: the NOT of XOR, also called the equality gate. Petzold pairs XNOR with XOR in his Chapter 11 gate roster; the gate is most useful in comparison circuits, where a bank of XNORs over corresponding bits of two words signals equality when every output is 1.
XOR
aliases: exclusive or
eXclusive OR.
XOR-gate
A logic gate whose output is 1 if exactly one input is 1 (for the 2-input case) or, more generally, if an odd number of inputs are 1: the exclusive-OR function. Petzold introduces XOR in his Chapter 12 adder construction — XOR is the sum bit of a half-adder, because two binary digits sum to 1 only when they differ.
xoring
Often used in the English language, which implying applying the XOR operation.
Y
yara
aliases: YARA
A pattern-matching framework that describes malware families as rules combining strings, byte sequences, and boolean logic. Rules can be applied to files, processes, or memory dumps to classify samples and triage incident-response evidence.
Z
Z80
aliases: Zilog Z80
Shorthand for the popular, low-cost Zilog Z80 8-bit microprocessor, introduced in 1976. Used in the Nintendo Game Boy, Sega Master System, ColecoVision, Pac-Man, and Donkey Kong arcade boards.
zero-page
The memory addresses located at the start of a CPU's memory map, beginning with a leading zero. In 8-bit architectures, addressing zero page memory takes fewer processor cycles, so it stores data that requires frequent access.
zero-page-6502
On the MOS 6502 and related 8-bit CPUs, the first 256 bytes of RAM (addresses 0x0000 through 0x00FF), accessible through a one-byte addressing mode that is faster and produces shorter instructions than full 16-bit addresses. Programs treat zero-page as a pseudo-register file, supplementing the 6502's three real registers. The NES uses zero page heavily for sprite tables, scratch, and game-state variables.
zero-phase-filter
aliases: zero-phase filter
An offline filtering method (operating on a block of input samples) which cancels the nonlinear phase response of an IIR filter.
ZIF-connector
aliases: Zero Insertion Force connector
Nintendo's patented, VCR-style cartridge loading mechanism used in the NES. Proved more susceptible to corrosion, debris, and wear after long-term use; Nintendo eventually returned to the traditional card edge connector in the NES-101.