Hy, I have a question about the exact form of an instruction....

I realized an EXE in VB6 that calls an assembly DLL which in turn calls an asm .SYS driver (under W2k).
I use DeviceIoControl to communicate with the driver to which I pass a structure filled by the DLL with data.
The driver performs the right action by reading a value in this struct (read/write).


All works well but, playing with DUMPBIN, I discovered that an instruction in the driver was not assembled as I expected to.

Let's look at the source:

In my DLL :

.data
dStructc2 DD ?;Code 0ffffffffh = WRITE, 00000000h = READ

.code
........

mov dStructc1, edx; Value goes in struct
mov dStructc2, 0ffffffffh
push 0
........

DUMPBIN /DISASM :

1000122C: 89 15 08 32 00 10 mov dword ptr ds:[10003208h],edx
10001232: C7 05 0C 32 00 10 mov dword ptr ds:[1000320Ch],0FFFFFFFFh
FF FF FF FF
1000123C: 6A 00 push 0

The instruction at 10001232 was assembled WELL, as I expected!

While, in my driver:

;dStructc2 DD esi+8 operation code
........
cmp DWORD PTR , 0ffffffffh
jne Input
........

DUMPBIN /DISASM :

00010363: 83 7E 08 FF cmp dword ptr ,0FFh
00010367: 75 08 jne 00010371

mmm it looks strange!!!! 0FFh is NOT 0FFFFFFFFh !!! What is going wrong ?

The last surprise :

DUMPPE -disasm :

00010363: 83 7E 08 FF cmp dword ptr ,0FFFFFFFFh
00010367: 75 08 jne 00010371

This disassembler gives another result!!! But the binary code contains 0FFh and not 0FFFFFFFFh!

Regards,

fooCoder
Posted on 2003-05-07 12:15:43 by fooCoder
Well, that's the short form of the CMP instruction. When you see an instruction like that one, the operand is sign extended to make the real operand. There are such forms of ADD, OR, ADC, SBB, AND, SUB and XOR too.
Posted on 2003-05-07 12:41:23 by Sephiroth3
Thank you Sephiroth3, now I can go to sleep peaceful! :)


fooCoder
Posted on 2003-05-08 11:10:26 by fooCoder