what does eax have after mov eax,dword ptr [edi]

StackOverflow https://stackoverflow.com/questions/9116892

  •  21-04-2021
  •  | 
  •  

Question

I have the following assembly code on Windows and I want to make sure that I understand correctly. edi contains some address i.e. 0x6090F454

In this case, what should eax have after the first mov instruction?

775672f3  mov eax,dword ptr [edi]

775672f5  mov dword ptr [ebp-50h],0 
775672fc  mov dword ptr [ebp-48h],0 

77567303  cmp eax,0FFFFFFFFh

It seems to me that eax must have the value but I am not so sure about that. For your information, C++ code for the above assembly is

if (sem->num != INVALID_FLAG) {
    ....
}

Also, here is what's store in edi.

0:024> dd edi
6090f454  0c0e8fe0 ffffffff 00000000 00000000

Thank you in advance.

Was it helpful?

Solution

The line:

mov eax,dword ptr [edi]

will simply load whatever is stored at the address edi. So it's a simple data load.

Since you don't show what is at address edi (0x6090F434), we can't tell you exactly what eax will be.

Based on the C++ code that is given, it looks like edi is the address of the num field. So it's reading num into a register, then comparing it against 0xFFFFFFFF which is the INVALID_FLAG constant.

OTHER TIPS

EAX will contain the 32-bit value at 0x6090F434, assuming that address is 'exists' i.e. memory is assigned to your process at that address.

Which seems obvious, so I wonder if that's really what you want to know?

Here is a description to the assembly code posted by you:

mov eax,dword ptr [edi]

Move the value stored at memory address contained in the edi register to the eax register.

Your windbg output for the edi register shows:

6090f454 0c0e8fe0 ffffffff 00000000 00000000

The first value here is the memory address contained in the edi register. The next value, 0c0e8fe0 is the dword located at that memory address.

An easier way to understand and visualize would be:

dword ptr [edi] =  0c0e8fe0
dword ptr [edi+4] = ffffffff
dword ptr [edi+8] = 00000000

So, dd command is showing you the address in the first column and the dword data in the next 4 columns.

The assembly language instruction, 

mov eax, dword ptr [edi]

will move the value 0c0e8fe0 into the eax register.

Similarly the next 2 instructions in your assembly language code will store the value 0 at the memory address pointed to by ebp-50 and ebp-48 respectively.

Usually, [ebp-4], [ebp-8] and so on, are used to reference the local variables in a program.

The last instruction,

cmp eax,0FFFFFFFFh

Compare the dword stored in eax register which is, 0c0e8fe0 with 0FFFFFFFFh. In this case, the values are not equal and so the Zero Flag will not be set.

Usually in assembly language code, a cmp instruction is followed by a conditional jump which checks a flag status.

So, you could have a jz or a jnz instruction following the cmp instruction.

Hope this helps you to make more sense out of the assembly language code.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top