| View previous topic :: View next topic |
| Author |
Message |
Sean1337
Master Cheater
 Reputation: 0
Joined: 04 May 2007
Posts: 478
|
 Posted: Mon Jun 25, 2007 7:33 am Post subject: Simple ASM CMP question |
 |
|
Just a question from code I'm trying to understand.
The instruction is: CMP bp, [eax+04]
I understand that it's comparing the value of bp to the value of [eax+04]
What I don't understand is this:
- what is bp, is bp the 16 bit register BP? If so, how do I find the address for BP at that instruction because all I can see while tracing (in CE) are 32 bit registers, e.g. EBP, is BP in that instruction the same as EBP?
- [eax+04] - is it referring to the pointer of base eax + offset 4? or does it mean add 4 to the address of eax.
Thanks,
-Sean |
|
| Back to top |
|
 |
TheSorc3r3r
I post too much
 Reputation: 0
Joined: 06 Sep 2006
Posts: 2404
|
| Posted: Mon Jun 25, 2007 11:54 am Post subject: |
|
|
BP is the low word in EBP. Just look at the lower (to the right) 16 bits of EBP. Ex:
EBP:
0x00123456
BP:
0x3456
[eax+4] is the dereference of eax+4 (the r-value... read up on pointers if j00 don't understand).
If you want to view each value in CE write a script that dumps them at the address..
mov [dump_bp], bp
mov edx, [eax+4]
mov [dump_eax], edx
_________________
Don't laugh, I'm still learning photoshop! |
|
| Back to top |
|
|
Sean1337
Master Cheater
Reputation: 0
Joined: 04 May 2007
Posts: 478
|
| Posted: Mon Jun 25, 2007 7:35 pm Post subject: |
|
|
| TheSorc3r3r wrote: | BP is the low word in EBP. Just look at the lower (to the right) 16 bits of EBP. Ex:
EBP:
0x00123456
BP:
0x3456
[eax+4] is the dereference of eax+4 (the r-value... read up on pointers if j00 don't understand).
If you want to view each value in CE write a script that dumps them at the address..
mov [dump_bp], bp
mov edx, [eax+4]
mov [dump_eax], edx |
thanks bro.  +rep |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
