Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
3
cmp DWORD PTR [ebp-0x4], 0x9
Why is DWORD PTR needed and what does it mean?
5 replies to this topic
#1
Posted 02 October 2010 - 09:38 AM
JewFro297
-
- Members
-
- 224 posts
Programming Professional
While debugging, I come across a line that is something like
Why is DWORD PTR needed and what does it mean?
Why is DWORD PTR needed and what does it mean?
Yea Dat's right.
Apple sucks :thumbup:
[SIGPIC][/SIGPIC]
Apple sucks :thumbup:
[SIGPIC][/SIGPIC]
Back to top|
|
|
#2
Posted 02 October 2010 - 09:58 AM
Alexander
-
- Moderators
-
- 4,118 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
This assembly is still fresh to me, but:
X DWORD PTR [Y], Z: Do operation X on the 32 bit representation of Z in the 4 bytes of the address of Y. The D in DWORD stands for double, which is 32 bits in this case. byte and word PTR would be used in place for 8 and 16 bits respectively.
So for your assembly instruction:
Compare the 32 bit representation of 0x9 into the 4 bytes starting at the address of (ebp - 0x4). Hopefully Dargueta can correct me if I am wrong.
X DWORD PTR [Y], Z: Do operation X on the 32 bit representation of Z in the 4 bytes of the address of Y. The D in DWORD stands for double, which is 32 bits in this case. byte and word PTR would be used in place for 8 and 16 bits respectively.
So for your assembly instruction:
Compare the 32 bit representation of 0x9 into the 4 bytes starting at the address of (ebp - 0x4). Hopefully Dargueta can correct me if I am wrong.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
#3
Posted 02 October 2010 - 10:04 AM
JewFro297
-
- Members
-
- 224 posts
Programming Professional
Perfect, thanks. Do you happen to know what it would be for a 64 bit representation?
Yea Dat's right.
Apple sucks :thumbup:
[SIGPIC][/SIGPIC]
Apple sucks :thumbup:
[SIGPIC][/SIGPIC]
#4
Posted 02 October 2010 - 10:10 AM
Alexander
-
- Moderators
-
- 4,118 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
QWORD in spec if I can recall, Q standing for Quad or 16 bytes.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
#5
Posted 02 October 2010 - 10:11 AM
JewFro297
-
- Members
-
- 224 posts
Programming Professional
#6
Posted 08 October 2010 - 04:27 PM
dargueta
-
- Moderators
-
- 4,705 posts
Writes binary right handed and hex left handed
- Programming Language:C, Java, C++, PHP, Python, Perl, Assembly, Bash, Others
- Learning:JavaScript
Nullw0rm's right, except about the QWORD size. It's 8 bytes, not 16.
One thing I should add, though: I've seen some reference manuals say that you always need to specify the operation size whenever you use memory. This is not true; you only need to do so when it's not deduceable:
Rule of thumb - you only need to specify the operation size if:
1) You have a memory operand and an integer
2) You're using one of the movzx or movsx instructions, in which case you must always specify the size.
The movzx and movsx functions just scale integers by either sign- or zero-extending them. This is equivalent to a typecast in C/C++ :
One thing I should add, though: I've seen some reference manuals say that you always need to specify the operation size whenever you use memory. This is not true; you only need to do so when it's not deduceable:
mov eax, [ebp + 8] ; must be 32-bit because of EAX mov ax, [ebp + 8] ; must be 16-bit mov al, [ebp + 8] ; 8-bit BUT: mov [ebp + 8], 3 ; How is 3? One byte, two bytes, four bytes? Must have: mov DWORD [ebp + 8], 3 ; represent 3 as 0x0000003 mov WORD [ebp + 8], 3 ; represent 3 as 0x0003 mov BYTE [ebp + 8], 3 ; represent 3 as 0x03
Rule of thumb - you only need to specify the operation size if:
1) You have a memory operand and an integer
2) You're using one of the movzx or movsx instructions, in which case you must always specify the size.
The movzx and movsx functions just scale integers by either sign- or zero-extending them. This is equivalent to a typecast in C/C++ :
unsigned short a = 3; unsigned long b = (unsigned long)a;The typecast code would look something like:
movzx eax, DWORD [ebp - 12] mov [ebp - 16], eaxassuming that a is at ebp-12 and b is at ebp-16. If the numbers were signed then the code would use movsx.
Edited by dargueta, 08 October 2010 - 04:29 PM.
Formatting
sudo rm -rf /
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
