0

Suppose I have the following snippet:

push  ebp                       (1)
mov   ebp,esp                   (2)
mov   eax,0xaf                  (3)
xor   al,al                     (4)
mov   ah,BYTE PTR [ebp+0x9]     (5)

And I call this with the following arguments: 0xdeadbeef, 0xdeefbeab, 0xf00b1den. I'm basically unsure of BYTE PTR is. My assumption:

at (3) the eax stack looks as follows (grouped in 8 for readability):

00000000 00000000 00000000 10101111

at (4):

00000000 00000000 00000000 00000000

at (5):

Is then 0xb1 (the 9th byte in my argument taken as an array) moved in?

00000000 00000000 10110001 00000000

S. L.
  • 630
  • 8
  • 19
  • Well, 5 moves into ah, so it's not going to be moving anything into the lowest 8 bits... – David Wohlferd Oct 01 '18 at 07:17
  • OK you're right, but is my assumption right then? It assumes the pointer is 0xdeadbeefdeefbeabf00b1den? – S. L. Oct 01 '18 at 07:42
  • What do you mean "the eax stack"? It's a register, and doesn't have any stack-like behaviour. It has random access to its sub-components, AX, AH, and AL. – Peter Cordes Oct 01 '18 at 08:38
  • `mov ah,BYTE PTR [ebp+0x9]` even though `mov ah,` already is unambigious, the `BYTE PTR` means that `[ebp+0x9]` has to be handled as a byte value. – Tommylee2k Oct 01 '18 at 08:55
  • OK @Tommylee2k but what is [ebp + 0x9]? – S. L. Oct 01 '18 at 14:11

0 Answers0