0

While disassembling simple C code with GCC I came across:

mov (%eax), eax

My understanding of assembly is that when you have () surrounding a register, you are adding some number to the memory address, i.e., 0x4(%eax) would mean 4 bytes above the register %eax.

Here, however, there is no number before the (), so it appears to be copying the value in the register to itself.

I have noticed that the %eax register is used quite commonly to return variables and this line occurs immediately after a function call, so my guess is that this instruction is actually telling the machine to take whatever was in the %eax register for the called function (i.e., the return value) and put in the %eax register for the current function.

Is this correct? If not, what have I got wrong, and what is it actually doing?

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
wolfPack88
  • 4,163
  • 4
  • 32
  • 47

1 Answers1

2

() in at&t syntax denotes memory dereferencing, you should probably read about the effective address syntax. The equivalent C code would be eax=*eax; meaning, load the 4 bytes from memory using the current value of eax as address, and overwrite eax with the fetched value.

Function calls and returns do not affect the values of registers (except stack and instruction pointer of course), there is no notion of eax of the caller or the callee.

PS: you can switch gdb into intel syntax mode using set disassembly-flavor intel, if you are not happy with at&t.

Jester
  • 56,577
  • 4
  • 81
  • 125