trying to understand this instruction in context w. Segment registers

0

I am trying to understand this instruction:

 0x80496fa <yellow_preflight+18>:     mov    eax,ds:0x804c220

and these are the register values at runtime:

  EAX: 0x000000D2  EBX: 0xB7FB6FF4  ECX: 0xBFFFF438  EDX: 0xBFFFF3A4  o d I t S z A P c 
  ESI: 0x00000000  EDI: 0x00000000  EBP: 0xBFFFF468  ESP: 0xBFFFF450  EIP: 0x080496FF
  CS: 0073  DS: 007B  ES: 007B  FS: 0000  GS: 0033  SS: 007B

So for my understanding if this was just a regular mov instruction w/o the 'ds:' prefix in the source address. Then eax should hold the '0x0804c220' Value. But when i step further in the execution the value of eax becomes

EAX: 0xB7FB7440 

instead of the expected value. So i am trying to find a explanation for this behavior. Thanks in advance.

assembly
x86
gdb
asked on Stack Overflow Feb 24, 2015 by Dirk • edited Feb 24, 2015 by Jester

2 Answers

1

The ds: is a so called segment override prefix.

For example, let's say you write down this in your source code (NASM syntax):

mov eax, [0x804c220]

You did not use a segment prefix, but the assembler will use the default segment for this kind of memory access, the ds (data segment). It will transform your code to this on its own:

 mov eax, [ds:0x804c220]

That is why using the ds: prefix in the source code would make no difference in your example. But when you use a different segment overwrite prefix, it will make a difference. For example in this case the assembler will use the fs instead of default ds segment:

 mov eax, [fs:0x804c220] 

answered on Stack Overflow Feb 24, 2015 by Blechdose • edited Feb 24, 2015 by Blechdose
0

ds:0x804c220 is an address; the instruction is moving the value at that address into eax.

answered on Stack Overflow Feb 24, 2015 by Scott Hunter

User contributions licensed under CC BY-SA 3.0