Easy newbie question about opcode
Hi
The following code:
jmp dword ptr [00402808]
in the debugger it's written this way:
jmp dword ptr ds:[<&user32.MessageBoxA>]
I want to know what they both mean, I only know jmp is an unconditional jump. Also I seek information on these registers that I can't seem to understand:
CS - code seg.
DS - data seg.
SS - ??
Please, detailed explanations/links. Thanks a lot gentlemen
The following code:
jmp dword ptr [00402808]
in the debugger it's written this way:
jmp dword ptr ds:[<&user32.MessageBoxA>]
I want to know what they both mean, I only know jmp is an unconditional jump. Also I seek information on these registers that I can't seem to understand:
CS - code seg.
DS - data seg.
SS - ??
Please, detailed explanations/links. Thanks a lot gentlemen
"dword ptr" and the [braces] basically mean:
read (the braces) a DWORD (the ptr) from the given address and jump to it. The DWORD variable at location 00402808 through 0040280B contains the address of the code (which is MessageBox in this case) to jump to.
The "DS:" is implicit. Since you're reading the value of a variable and variables are in DS, you are actually reading DS:00402808; the debugger barely reminds you of this fact.
SS is short for "Stack Segment" and is the segment of the memory where the stack for the current task is located. The stack is a "push value in, pop value out when needed" kind of temporary storage for... well, anything temporary. Suppose you want to exchange the values of two registers without using the XCHG command or a third temporary register: What you do is, "push" the value of one onto the stack, give one register the value of the other, and "pop" back the value from the stack, i.e. temporary storage. Some instructions such as CALL and RET also use the stack (to save and restore the IP of the calling function, respectively). It is a different topic altogether, and I'm sure lots of experts (with better explaining capabilities than me :) would help you understand it if you asked.
Anyway, SS is used together with SP (Stack Pointer) to pin-point to the top of the stack. SS points to the big block of memory reserved for the stack and doesn't change very often, whereas SP points to the "top" of the stack within that big block of memory, and is changed with every stack operation (PUSH or POP).
read (the braces) a DWORD (the ptr) from the given address and jump to it. The DWORD variable at location 00402808 through 0040280B contains the address of the code (which is MessageBox in this case) to jump to.
The "DS:" is implicit. Since you're reading the value of a variable and variables are in DS, you are actually reading DS:00402808; the debugger barely reminds you of this fact.
SS is short for "Stack Segment" and is the segment of the memory where the stack for the current task is located. The stack is a "push value in, pop value out when needed" kind of temporary storage for... well, anything temporary. Suppose you want to exchange the values of two registers without using the XCHG command or a third temporary register: What you do is, "push" the value of one onto the stack, give one register the value of the other, and "pop" back the value from the stack, i.e. temporary storage. Some instructions such as CALL and RET also use the stack (to save and restore the IP of the calling function, respectively). It is a different topic altogether, and I'm sure lots of experts (with better explaining capabilities than me :) would help you understand it if you asked.
Anyway, SS is used together with SP (Stack Pointer) to pin-point to the top of the stack. SS points to the big block of memory reserved for the stack and doesn't change very often, whereas SP points to the "top" of the stack within that big block of memory, and is changed with every stack operation (PUSH or POP).
ASKER
But what if I put the code simply this way:
> jmp [00402808]
Wouldn't it make the same effect as before? Also, what do the 3 letters "ptr" mean?
> jmp [00402808]
Wouldn't it make the same effect as before? Also, what do the 3 letters "ptr" mean?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You still might have a question about this:
jmp dword ptr ds:[<&user32.MessageBoxA>]
Why jump to an address that is specified somewhere else? Why not simply:
jmp MessageBoxA
? That is because MessageBoxA is a function in an external DLL. The DLL gets loaded into memory at runtime. When the compler compiles the code, it does not know the correct address. So it allocates a fixed location in local memory for storage of the correct address. Then when the system loads the program, the loader needs only to place the address in one place, rather than going through the entire program to update each opcode that jumps to that function.
jmp dword ptr ds:[<&user32.MessageBoxA>]
Why jump to an address that is specified somewhere else? Why not simply:
jmp MessageBoxA
? That is because MessageBoxA is a function in an external DLL. The DLL gets loaded into memory at runtime. When the compler compiles the code, it does not know the correct address. So it allocates a fixed location in local memory for storage of the correct address. Then when the system loads the program, the loader needs only to place the address in one place, rather than going through the entire program to update each opcode that jumps to that function.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much all who participated this topic. All your help is very appreciated. Whoever I "rewarded" the answers that more effectively pointed me to the solution.
This is an indirect unconditional jump. Go to the address specified in the dword at address 00402808
> CS - code seg.
> DS - data seg.
SS - stack seg
ES,FS,GS - auxiliary segs
The most authoritative source is http://developer.intel.com/design/pentium/manuals/