i have seen with ollydbg tha if i write
mov ,eax
this changes the vaue of stack (in esp+8)
but if i do this:
mov ebx,
mov ,eax
first ebx have the pointer to a variable y second, eax is copied into the variable, not into the stack.
i?m very newbie in ASM
somebody can explain me that?
another question:
why , the debugger shows
mov dword ptr DS:,eax
when i only code mov ,eax?
thanks.
mov ,eax
this changes the vaue of stack (in esp+8)
but if i do this:
mov ebx,
mov ,eax
first ebx have the pointer to a variable y second, eax is copied into the variable, not into the stack.
i?m very newbie in ASM
somebody can explain me that?
another question:
why , the debugger shows
mov dword ptr DS:,eax
when i only code mov ,eax?
thanks.
mov ebx, ;fetches VALUE from esp+8, not a pointer to esp+8
mov ,eax ;shoves value of eax into where ebx is pointing
if you wanted ebx to point to esp+8, you could use:
lea ebx,esp+8 ;load effective address of esp+8 into ebx
mov ,eax ;shoves value of eax into where ebx is pointing
DS is actually a register - its the Data Segment register, and contains by default the address of the start of your .DATA area of your code.
mov dword ptr DS:,eax will shove the value of eax into "address of start of your data segment plus OFFSET contained in ebx"
Is that helpful?
mov ,eax ;shoves value of eax into where ebx is pointing
if you wanted ebx to point to esp+8, you could use:
lea ebx,esp+8 ;load effective address of esp+8 into ebx
mov ,eax ;shoves value of eax into where ebx is pointing
DS is actually a register - its the Data Segment register, and contains by default the address of the start of your .DATA area of your code.
mov dword ptr DS:,eax will shove the value of eax into "address of start of your data segment plus OFFSET contained in ebx"
Is that helpful?
yes...
but then, exist another code option to do that??:
mov ebx,
mov ,eax
because with
mov ,eax changes the stack,not the pointer that is in the stack, and i cant understand that.
but then, exist another code option to do that??:
mov ebx,
mov ,eax
because with
mov ,eax changes the stack,not the pointer that is in the stack, and i cant understand that.
Both and are memory locations. The stack is simply defined as the locations associated with ESP. Only if EBX is loaded with pointer values associated with the stack, will it affect the stack. In other words, if EBX points to Y, but Y is not on the stack, then will not access the stack.
Maybe this might clarify things, maybe not but I will try.
the square brackets [] mean Indirection, aka a pointer, and they mean to read or write to a MEMORY LOCATION and not simply to a register.
The fact that a register is inside them simply means that register is being used as a pointer to the memory location.
Stack is just memory too, and use of ESP is no different to any other register.
One thing that confuses a lot of people is this:
mov MyVariable, eax
mov , eax
ARE THE SAME THING, but
mov ebx,eax
mov ,eax
ARE NOT THE SAME THING
This is due to MASM automatically handling variable indirection for you.
If you ever store data to or from a variable in data segment, the compiler ALWAYS generates [] for you, as you will see in a disassembler or debugger.
You can mov register, memory
You can mov memory, register
You can mov register, register
But you cannot mov memory, memory
also note that is really memory since its an Indirect access.
so mov ,register is really mov memory,register
I hope that helps !!
the square brackets [] mean Indirection, aka a pointer, and they mean to read or write to a MEMORY LOCATION and not simply to a register.
The fact that a register is inside them simply means that register is being used as a pointer to the memory location.
Stack is just memory too, and use of ESP is no different to any other register.
One thing that confuses a lot of people is this:
mov MyVariable, eax
mov , eax
ARE THE SAME THING, but
mov ebx,eax
mov ,eax
ARE NOT THE SAME THING
This is due to MASM automatically handling variable indirection for you.
If you ever store data to or from a variable in data segment, the compiler ALWAYS generates [] for you, as you will see in a disassembler or debugger.
You can mov register, memory
You can mov memory, register
You can mov register, register
But you cannot mov memory, memory
also note that is really memory since its an Indirect access.
so mov ,register is really mov memory,register
I hope that helps !!
One thing that confuses a lot of people is this:
mov MyVariable, eax
mov , eax
ARE THE SAME THING, but
mov ebx,eax
mov ,eax
ARE NOT THE SAME THING
The second part is correct for all asm variations I know (/me ignores GAS syntax which uses a (IMO) terrible syntax ).
The first part, in MASM it's the same, but what my confiuse many is that some assemblers interprent them different, like fasm (personally I perfer the fasm syntax, if you like I can explain the difference).
The way OllyDBG shows you is also the way you must type it into MASM.
mov eax, dword ptr
or
mov eax,dword ptr ss:
will get correct results using MASM
if you dissasemble with MASM you will see that it is:
mov eax, which is also correct but MASM needs you to specify with "dword ptr"
Say you type: mov eax,
MASM will dissable as:
mov eax,ebx <------wrong
and if you type: move eax,dword ptr
then it will dissasemble as:
mov eax, <------- correct
mov eax, dword ptr
or
mov eax,dword ptr ss:
will get correct results using MASM
if you dissasemble with MASM you will see that it is:
mov eax, which is also correct but MASM needs you to specify with "dword ptr"
Say you type: mov eax,
MASM will dissable as:
mov eax,ebx <------wrong
and if you type: move eax,dword ptr
then it will dissasemble as:
mov eax, <------- correct