mov dword ptr DS:[861e74],188
i thought DS,SS,CS,and etc. werent used anymore in x86 assembly? why is this statement using it when i debug a program and look at it?
also what is this doing?
moving value 188 into a dword in the data segment at offset 861e74?
i thought DS,SS,CS,and etc. werent used anymore in x86 assembly? why is this statement using it when i debug a program and look at it?
also what is this doing?
moving value 188 into a dword in the data segment at offset 861e74?
EVERY memory reference uses DS by default or any other selector register if explicitly overriden. The same way EVERY code reference uses CS by default. And every string instrunction uses ES. They are still used in protected mode, but in a completely different way (and they are now called 'selector registers' not 'segment registers'). You can just ignore it unless you are interested in the CPU's protected mode of operation, itself.
And yes, it moves a dword 0x000000bc (188) into memory cells at addresses 0x00861e74, 0x00861e75, 0x00861e76, 0x00861e77. Intel-compatible CPU are little-endian, so the memory byte at address 0x00861e74 would get the "188" while the other 3 would be zeroed-out.
On Windows DS is always equal to ES (they point to the same selector). You can try explicitly overriding a memory reference with ES and such instruction will still work (and will be 1 byte longer).
And yes, it moves a dword 0x000000bc (188) into memory cells at addresses 0x00861e74, 0x00861e75, 0x00861e76, 0x00861e77. Intel-compatible CPU are little-endian, so the memory byte at address 0x00861e74 would get the "188" while the other 3 would be zeroed-out.
On Windows DS is always equal to ES (they point to the same selector). You can try explicitly overriding a memory reference with ES and such instruction will still work (and will be 1 byte longer).
EVERY memory reference uses DS by default or any other selector register if explicitly overriden. The same way EVERY code reference uses CS by default. And every string instrunction uses ES. They are still used in protected mode, but in a completely different way (and they are now called 'selector registers' not 'segment registers'). You can just ignore it unless you are interested in the CPU's protected mode of operation, itself.
References to ESP and EBP use SS by default - also, ES is for the string store while DS is for string load. Minor clarifications, and not that important under a flat-mode OS, but oh well :)Oops, sorry - my mistake ^^'
f0dder,
es is also used for string scan. ;-)
es is also used for string scan. ;-)
es is also used for string scan. ;-)
Thanks for adding that to the mix, it's been ages since I've used scas :) (blame intel for having complex instructions that are slower than what you can compose from simple instructions :( ).