Difference between dword ptr and dword ptr:es

StackOverflow https://stackoverflow.com/questions/8304914

  •  25-10-2019
  •  | 
  •  

Question

I was just checking the disassembly of my C++ program in VS2010. Here it is : 

int main()
{
00B613A0  push        ebp  
00B613A1  mov         ebp,esp  
00B613A3  sub         esp,0D4h  
00B613A9  push        ebx  
00B613AA  push        esi  
00B613AB  push        edi  
00B613AC  lea         edi,[ebp-0D4h]  
00B613B2  mov         ecx,35h  
00B613B7  mov         eax,0CCCCCCCCh  
00B613BC  rep stos    dword ptr es:[edi]  
00B613BE  mov         eax,dword ptr [___security_cookie (0B67000h)]  
00B613C3  xor         eax,ebp  
00B613C5  mov         dword ptr [ebp-4],eax  
    char temp[] = "hello";
00B613C8  mov         eax,dword ptr [string "hello" (0B6573Ch)]  
00B613CD  mov         dword ptr [ebp-10h],eax  
00B613D0  mov         cx,word ptr ds:[0B65740h]  
00B613D7  mov         word ptr [ebp-0Ch],cx  

    return 0;
00B613DB  xor         eax,eax  
}

The lines in question are:

00B613BC  rep stos    dword ptr es:[edi]  

00B613D0  mov         cx,word ptr ds:[0B65740h]

I do not get why they use dword ptr es:[edi] and word ptr ds:[0B65740h]. Although I'm aware of what dword ptr means, I do not get the last part that is added, :es and :ds. I have seen this syntax quite a few times now to let it go unnoticed.

Thanks,

Devjeet

Was it helpful?

Solution

These are just artifacts of the disassembler. The ES segment register is already the default segment register used by the STOS instruction, the DS segment register is already the default segment register used for that MOV instruction. Hard to call it a bug but it is certainly unnecessary and inconsistently applied. I reckon that this is triggered by the REP prefix for the STOS instruction and the operand size prefix for that MOV instruction (16 bits instead of 8 or 32). A segment override is also a prefix.

32-bit code uses the flat memory model, the ES, DS, CS and SS segment registers map the entire 4 gigabyte address space. So there is very little reason to need a segment register override. Very different from 16-bit code where the segment registers are important to allow addressing more than 64 KB of memory. You will see segment overrides for the FS register in exception handling code. It points to the Thread Information Block, FS:[0] contains the current SEH frame.

OTHER TIPS

ES is implied as the destination segment for the repeated string operations, but since DS and ES are guaranteed to always be the same on WIN32, it doesn't really matter if the ES override is present (explicit or implied).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top