0
(gdb) disass p
Dump of assembler code for function p:
   0x080484d4 <+0>:    push   ebp
   0x080484d5 <+1>:    mov    ebp,esp
   0x080484d7 <+3>:    sub    esp,0x68
   0x080484da <+6>:    mov    eax,ds:0x8049860      <---
   0x080484df <+11>:   mov    DWORD PTR [esp],eax   <---

   ...

   0x0804853d <+105>:  leave
   0x0804853e <+106>:  ret

I want to understand something about the two lines denoted with arrows in the code above.

I know the first mov instruction moves the address ds:0x8049860 into the register eax, and then in the second line we mov the content of eax (I suppose it contains an address at this point) into the 32-bits memory pointed with esp. (I hope this is correct, please correct me if I'm wrong).

What I dont understand is why we need the register eax as an intermediary between the two instructions?

Would it be possible if we replaced the two instructions with something like mov DWORD PTR [esp], ds:0x8049860?

Glitch
  • 155
  • 1
  • 9
  • 4
    The `mov eax,ds:0x8049860` is a memory read (somewhat confusing disassembly). In more usual intel syntax that would look like `mov eax, [0x8049860]`. `mov` can not have 2 memory operands so you need the temporary. – Jester Jan 04 '22 at 14:51
  • When you say a memory read, does this mean the content of ```ds:0x8049860``` is moved to eax? – Glitch Jan 04 '22 at 14:56
  • Yes, that is correct. – Jester Jan 04 '22 at 14:57
  • I want to ask the ```DWORD PTR [esp]``` thingy, is it used for derefrencing the esp? – Glitch Jan 04 '22 at 15:02
  • 3
    It's somewhat of a missed optimization; a compiler could have used `push dword ptr [0x8049860]` (after subtracting only 4 instead of 8 from the stack pointer beforehand); see [What C/C++ compiler can use push pop instructions for creating local variables, instead of just increasing esp once?](https://stackoverflow.com/q/49485395) (and the linked duplicates at the top of the page for why `mov` from mem to mem isn't encodeable in x86 machine code) – Peter Cordes Jan 04 '22 at 15:07

0 Answers0