3

I have the following line in x86 Assembly language that I don't know what it does...

cmp %eax,0x80498d4(,%ebx,4)

I know it's comparing the two halves of the statement but I don't know what the address does in it and what the parentheses do either. Some clarification would be much appreciated!

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Konnor
  • 65
  • 2
  • 6
  • 1
    Possible duplicate of [What does a comma in a parenthesis mean in the AT&T syntax for x86 assembly?](http://stackoverflow.com/questions/18650093/what-does-a-comma-in-a-parenthesis-mean-in-the-att-syntax-for-x86-assembly) – Cody Gray - on strike Dec 24 '16 at 15:04

2 Answers2

6

In AT&T syntax this form represents

OFFSET(BASE REGISTER, INDEX REGISTER, INDEX SCALE)

so the address represented is the value of BASE REGISTER (if present) + INDEX * SCALE (if present) + OFFSET, so

EBX*4 + 0x80498d4 in your case.

500 - Internal Server Error
  • 28,327
  • 8
  • 59
  • 66
  • Ebx in this case is 1 and the other address is -1 so in this case it should be 3 but unfortunately its not working. – Konnor Oct 10 '14 at 00:48
  • What do you meam `the other address`? If `ebx` is 1, then the effective address here is `0x80498d8`. The value in `eax` is compared to the value at that address. – 500 - Internal Server Error Oct 10 '14 at 07:03
  • @Konnor: what exactly do you mean with "it's not working"? Be precise, i.e. do you get an error message, and if so, what exactly is it, or does nothing happen, or what? If nothing happens, what exactly do you expect to happen? I assume there is more assembler code. Post a little more of it (exactly, i.e. copied and pasted). – Rudy Velthuis Oct 10 '14 at 07:48
  • Apologies for not being more clear, this is a binary bomb program so this is the line that basically determines whether the bomb detonates or not, which I've traced to. So the user input, goes into %eax, and I need this compare command to result in a zero flag being set. So I'm confused how it all works because 0x80498d4 has the value of 0xffffffff, so -1 in 2's complement, so I just need to find out how this statement truly works so I can defuse the bomb. I hope this makes it more clear on what I'm trying to achieve. – Konnor Oct 10 '14 at 22:04
  • Actually, @500-InternalServerError I just noticed your comment and it worked! Thanks guys! – Konnor Oct 10 '14 at 22:09
3

That is AT&T syntax:

cmp %eax,0x80498d4(,%ebx,4)

The equivalent in Intel syntax is:

cmp [080498D4H + EBX*4],EAX

It means that it compares the DWORD content at the address [0x80498D4 + 4*EBX] with the content of the EAX register and sets the processor flags as if these two values were subtracted from each other. After that, you can use these flags to do, for instance, a conditional jump.

Rudy Velthuis
  • 28,387
  • 5
  • 46
  • 94