Sign in to follow this  
nuclear123

assembly lang question

Recommended Posts

nuclear123    119
i think i might be misunderstanding this code[font=arial, verdana, tahoma, sans-serif][size=2]

MOV EDI,EDI // ignore
push EBP // save callers stack frame base[/size][/font]
mov ebp, esp // re-adjust base stack frame pointer for this function
mov eax, dword ptr ss:[ebp+8] // go to address ebp+8 on the stack, and get the DWORD value stored there and put it in eax
xor edx, edx // assign edx to 0
lea ecx, dword ptr ds:[eax+4] // add 4 to the address in eax and assign the sum to ECX
mov dword ptr ds:[eax], edx // treat the value moved into eax as a ptr that holds an address which points to a dword and mov 0 into the location it's pointing to


is it safe to say that
mov eax, dword ptr ss:[ebp+8] <---- at ebp+8 there is a 4 byte address which is being moved into eax
mov dword ptr ds:[eax], edx <---- travel to the address stored in eax and store a 4 byte value of 00000000 there

Share this post


Link to post
Share on other sites
alvaro    21247
Yes, I also think that's what the code is doing. In case this is not clear to you, ebp+8 points to an argument that the caller has pushed onto the stack before making the call.

Where did you get this code? There are a couple of odd things in there (using "ds:" in the lea instruction doesn't seem to do anything, and that MOV EDI,EDI is a no-op too).

Share this post


Link to post
Share on other sites
frob    44919
[quote name='alvaro' timestamp='1306334409' post='4815611']
Where did you get this code? There are a couple of odd things in there (using "ds:" in the lea instruction doesn't seem to do anything, and that MOV EDI,EDI is a no-op too).
[/quote]

It's pretty clearly a disassembly of a compiled program.


The "move edi,edi" is there for hot-patching and is added to all functions. Visual Studio and other debuggers can use it to patch on the fly (such as Edit-And-Continue mode), and it can be used to patch an executable after ship.


The rest of the disassembly is dereferencing a pointer passed to the function in preparation for using the data.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this