while i was practicing reverse engineering on a crack-me i found myself confusing by this instruction
MOV DWORD PTR [6CCCDC],EDX
it shouldn't be allowed because the intel syntax is MOV dest,src
Thanks for those who'll help;
Asked
Active
Viewed 75 times
-3
Azazel
- 1
- 3
-
See http://stackoverflow.com/questions/2987876/what-does-dword-ptr-mean. (Size Directive) – polarysekt Sep 10 '14 at 00:41
-
Practice some more ;) – 500 - Internal Server Error Sep 10 '14 at 00:43
-
Assembly? There's not one thing called assembly and you must add the correct architecture tag in the question – phuclv Sep 10 '14 at 03:33
2 Answers
1
It's valid, and follows the syntax MOV dest,src you mention actually.
The easy part, EDX is the source, it reads the value from that CPU register.
Then [6CCCDC] is the destination. Note the square brackets, they means that the number is a pointer instead of an immediate value. So the destination is the memory address 0x6CCCDC.
DWORD PTR is a modifier that indicates the size of the data being operated on, 32 bits here. In this particular instruction, it's redundant, as the dword can be inferred from using EDX, a 32 bits register. Depending on the exact compiler, it may be optional or mandatory. It's useful in immediate-to-memory transfers as it specifies the width of the hardcoded constant.
In short, the whole instructions means "Take the value of the EDX register and put it in the 32 bits memory location beginning at 6CCCDC.
Alejandro
- 7,290
- 4
- 34
- 59
0
Why shouldn't it be allowed?
EDX is src, and DWORD PTR [6CCCDC] is dest. Therefore this moves EDX to DWORD PTR [6CCCDC].
simonzack
- 19,729
- 13
- 73
- 118