Hi,

I was debugging with Ollydbg and found an instruction of my interest.

CMP EAX,FFFF89A3


What does this do ? Is it possible to know what are the contents of EAX and FFFF89A3 are ?
Will these contents be meaningful ?
The number FFFF89A3 doesn't look like Hex. What kind of number is it ?

Please reply and that will keep me going.

Thanks

LostPacket
Posted on 2010-09-15 16:11:04 by lostpacket
It compares eax with FFFF89A3, if it were to compare the contents at it would be surrounded by brackets.

Why don't you think FFFF89A3 doesn't look like a Hex number?

Posted on 2010-09-15 16:51:39 by JimmyClif
Everything in a program is stored in hexadecimal form.

Posted on 2010-09-15 17:03:23 by skywalker
  Not entirelly true i think. The numbers either in memory or in registers have no distinct numeric base. I think it'd be more correct to say they exist in binary numeration. It's in fact the smallest unit.
  Bye
Posted on 2010-09-15 17:31:53 by xandaz
All right. I converted hexadecimal to binary and got the result as

11111111111111111000100110100011 http://easycalculation.com/hex-converter.php

The binary to ascii conversion led to : ÿÿ‰£

http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

So it didn't look meaningful to me. ( Or is it not supposed to be "meaningful" ? )

Posted on 2010-09-15 18:40:03 by lostpacket

010101110110100001100001011101000010000001111001011011110111010100100000011011010110100101100111011010000111010000100000011000100110010100100000011010010110111001110100011001010111001001100101011100110111010001100101011001000010000001101001011011100010000001110111011011110111010101101100011001000010000001100010011001010010000001110100011010000110010100100000010000100110100101101110011000010111001001111001001000000111010001101111001000000100010001100101011000110110100101101101011000010110110000100000010000110110111101101110011101100110010101110010011100110110100101101111011011100011111100100000001000000101011101101000011010010110001101101000001000000111011101101001011011000110110000100000011101000111010101110010011011100010000001101111011101010111010000100000011101000110111100100000011000100110010100100000001011010011001100110000001100110011000000110001001011100010000001000011011010000110010101100011011010110010000001110111011010010111010001101000001000000111010001101000011001010010000001010111011010010110111001100100011011110111011101110011001000000100001101100001011011000110001101110101011011000110000101110100011011110111001000101110


http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp
Posted on 2010-09-15 18:55:02 by JimmyClif
JimmyClif said

What you might be interested in would be the Binary to Decimal Conversion?  Which will turn out to be -30301. Check with the Windows Calculator.


Ok. Is that still meaningful ?
Posted on 2010-09-15 19:13:04 by lostpacket
I am sure that it means something in the program, why would it be inside otherwise. Would it be more meaningful if the number were to be 1337 or 42 ?

This is getting ridiculous - you are on an assembly board trying to debug a program without any knowledge of opcodes, the debugger itself or even Hex numbers. Who with common sense asks if a number is meaningful?
Posted on 2010-09-15 19:26:45 by JimmyClif
@JimmyCliff : My biggest concern is if FFFF89A3 pointing towards a string or it itself is a string. Sure I don't know much about opcodes and hex , but I'll start learning.

Offcourse that instruction is important that's why I posted it here.
Posted on 2010-09-15 19:53:59 by lostpacket
You'll also want to start learning ASCII, as it would eliminate one of your two guesses.
Posted on 2010-09-15 21:49:22 by SpooK
Its an immediate hex value.
Bear in mind that -1 is FFFFFFFF in hex (32 bits).
And -2 is FFFFFFFE, so we can surmise that FFFF89A3 is some kind of negative number, without thinking too hard.
We can't tell what the PURPOSE of this value is without some context, but we can be pretty sure it's not an address of some variable of this program (since it would be in the Kernel memory of a 32 bit windows os).
Posted on 2010-09-16 00:34:47 by Homer