Sunday, March 7, 2021

Tip in moving data to memory

In this code, we want to replace a WORD on in myVar by 3.


.data
myVar DWORD 12345678h

.code
mov ax,3
mov WORD PTR myVar+2,ax
mov eax,myVar


The question is: which WORD will be replaced?


If we look closely, myVar has 2 WORD parts.


1234h - 1st WORD
5678h - 2nd WORD


Remember that this will be store in little endian format in memory so the layout would be:


78 -- 1 byte storage
56 -- 1 byte storage
34 -- 1 byte storage
12 -- 1 byte storage


In our code above, we used PTR to replace the 2nd word of myVar. From the layout, the 2nd WORD is:


34 -- 1 byte storage
12 -- 1 byte storage


So if we run the code, the resulting value of EAX is:


00035678h
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)