(16) 1.The following Intel x86 assembly then traced using the Visual Studio exit
ID: 3752947 • Letter: #
Question
(16) 1.The following Intel x86 assembly then traced using the Visual Studio exit statement is reached), wh Assume that variable data are loaded unknown register or memory contents with question program is assembled and linked using MASM and At the conclusion of the program Gust before the at are the contents (in hexadecimal) of each of the following? in memory beginning at location 00404000h; indicate any (a) the EAX register (d) the EDX register (g) the doubleword at memory location mydata+4 (h) the doubleword at memory location mydata+8 (b) the EBX register (e) the ESI register (c) the ECX register (f) the zero flag : program for test 1. problem1, 09/27/2017 include Irvine32.inc .data mystuff sbyte 10100111b, 2, 7, -2, -3, oFh mydata sdword 2ED85C31h, 10,,1h, 01101001b, 3 code main proc int mov mov mov mov mov mov inc add inc add sub esi, offset mydata+8 edx, [es cl, mystuff+3 ch, mystuff ax, OFEFOh ebx,-2 ah al, 17 dword ptr (esi-4 dh, mystuff+4 ebx, mydata+8 What are results at this point? exit main endp main endExplanation / Answer
Answer is as follows
At first we know that beggining location of program is 00404000 h. Array index of x86 is start form 0.
INT 3 // It is interrupt instuction that is defined for use by debuggers to temporarily replace an instruction in a running program
mov esi offset mydata+8 // the instruction means same as LEA esi, mydata+8, so the given instruction load the address of mydata variable i.e.. 00404004 + 8 = 00404012. 00404000 points to variable mystuff. So now esi contains address 00404012
mov edx,[esi] // in this value stored at memory location present in esi is moved to edx. So we know that esi contains memory location 00404012 that contain -3 of mydata variable. So now edx contains -3.
mov cl,mystuff+3 // In this 4th(start from 0) i.e. -2 value of mystuff array is loaded to register cl, cl register is stored lower bytes(8 bit LSB 0 - 7) of register ecx. -2 is equal to 0000 1010 ( bold bit shows -ve sign) and in hexadecimal it is equal to 0A h or -2
mov ch,mystuff // move the first value of mystuff array to ch i.e. 10100111 i.e. A7 h to register ch. ch register is part of ecx register from bits 8-15. So ecx contains 0000A70A h
mov ax 0FEF0 h // the instruction fills the ax with FEF0. ax is part of eax register with 16 bits LSB's of register eax. So eax contains 0000FEF0 h. Where ah contain FE h and al = F0 h
mov ebx, -2 //-2 is moved to ebx i.e. equal to 1010 (Bold bit indicates -ve sign) So ebx contains only Ah or -2
inc ah// till now ah contains FE which is increment by 1 here. So now ah contian FF. and eax contain FFF0.
add al,17 // till now al contian F0 which is equal to 240 in decimal and 17 is added into it so result is 257 i.e. 101 in hexadecimal. but we know that al is only 8 bit register so it contains 01h only.So now eax contians 0000FF01 h
inc dword ptr[esi - 4] // it would increment the 32 bit data i.e. stored at location esi - 4. So esi contains 00404012 - 4 = 00404008. and 00404008 contains 10 from variable mydata. So it is incremt by 1. So data at location 00404008 is now updated with 11.
add dh, mystuff+4 // in this mystuff that contains 10100111 i.e. A7 and 4 is added to it, that result in AB h. So dh contains AB h. dh is part of edx register with bits 8-15. So edx contains 0000AB00 h.
sub ebx, mydata+8 // mydata contains 2ED85C31 h + 8 = 2ED85C38 is subtract with contents of ebx i.e. A and store abck to ebx. So 2ED85C39 - A = 2ED85C2F.. So ebx contains 2ED85C2F
Now by calculation we get
EAX = 0000FF01 h
EBX = 2ED85C2F h
ECX = 0000A70A h
EDX = 0000AB00 h
ESI = 00404012 (memory location)
Zero flag = ????
dword memory location mydata+4 = mydata located at 00404004 + 4 = 00404008 that contains -5
dword memory location mydata+8 = mydata located at 00404004 + 8 = 00404012 that contains -3
if there is any query please ask in comments....
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.