What does MOV EAX, DWORD PTR DS:[ESI] mean and what does it do?
Asked Answered
D

1

54

Alright so I have this line in my assembly

MOV EAX, DWORD PTR DS:[ESI]

where ESI is 00402050 (ascii, "123456789012")

After this instruction: EAX = 34333231

What really happened here? How is this value calculated, and why?
Where could I get some good reference on this kind of thing?

Ducat answered 11/7, 2010 at 20:28 Comment(0)
S
78

Registers in square brackets such as [ESI] are dereferenced pointers. The instruction you quote moves the DWORD (a 32-bit/4-byte value) in memory location specified by ESI into register EAX. In your case, memory location 00402050, read as a DWORD, contains 34333231.

Written in pseudo-C:

DWORD EAX;   /* Declaring the registers as we find them in silico */
DWORD ESI;

ESI = 0x00402050;  /* Set up your initial conditions for ESI */
EAX = *((DWORD *)ESI);   /* mov EAX, DWORD PTR [ESI] */
/*  ^ ^  ^^^^^^^    */
/*  | |     |       */
/*  | |     +-----------  From "DWORD PTR" we get "DWORD *" in C.          */
/*  | |             */ 
/*  | +-----------------  The C dereferencing operator * replaces [].      */
/*  |               */ 
/*  +-------------------  The C assignment operator = replaces mov opcode. */ 

In your case, it is not true that 0x00402050 "equals" the string "1234567890" -- rather it points to the memory which contains that string.

The value which you obtain, 0x34333231 is comprised from the ASCII values for the digits "1234", which are the first four bytes (i.e., the first DWORD) of the string. They appear in reversed order because the Intel architecture is "little endian" in the byte representation of a DWORD in memory.

In your example at this time, the mov instruction is loading ASCII characters as if they were the four bytes of an unsigned long value, when they are actually a string of single-byte characters.

Stercoricolous answered 11/7, 2010 at 21:2 Comment(6)
You should also mention that DS:[ESI] notation means that that ESI holds an offset from address in DS (data segment register), so the instruction moves double word (32-bit value) from address DS + ESI to register EAX.Geniculate
I'm not 100% sure agree that would be pedagogical at this stage. In protected mode DS is a selector, not a segment. I believe OP is in a protected mode because Linux, Windows and MacOS all run in VM-enabled protected mode and OP doesn't seem to be an embedded systems programmer. Given the complex situation which is actually very simple (DS is mapped to the whole address range and the selector base is zero), why attempt to peel that onion?Stercoricolous
@Nikolai, I am glad it was mentioned here for some 'completeness.'Stercoricolous
I have a question to *((DWORD *)ESI) from the pseudocode. At the beginning you say registers with brackets are dereferenced pointers. So in that line, does the DWORD * ESI is equivalent to something like int *p ?Paganism
Yes, exactly similar.Spraggins
@NikolaiNFetissov That was exactly what I wanted to find out.Curren

© 2022 - 2024 — McMap. All rights reserved.