What exactly does the 3-operand imul instruction do in ia-32 assembly?

Question

I'm reading the instruction

imul 0xffffffd4(%ebp, %ebx, 4), %eax

and I'm baffled by what it's doing exactly. I understand that imul multiplies, but I can't figure out the syntax.

Answer 1

(I know and prefer Intel/MASM syntax, so I will use that. Note that the order of operands is reversed in AT&T.)

Your instruction is actually a two-operand imul, which in Intel syntax is:

imul eax, DWORD PTR [ebp + ebx*4 + 0FFFFFFD4h]

Where eax is the destination operand and the memory location is the source operand. The two-operand imul performs a multiplication of the source and destination operands and stores the result in the destination. Unlike 1-operand, it doesn't write a high half anywhere, so the same instruction works for signed and unsigned, like with add and left shift.

This instruction is multiplying a register by the integer in an array. Most likely this appears in a loop and the array is a local variable (on the stack starting at ebp-44).

---

The three-operand imul instruction is:

imul dest, source1, immediate
imul reg,  r/m,   imm           ; showing what kind of operand is allowed

The source1 operand (either a memory location or a register) is multiplied by the immediate operand (either an 8-bit or 16/32-bit constant) and the result is stored in the dest operand (a 16, 32 or 64-bit register).

See Intel's manual entry for imul: https://www.felixcloutier.com/x86/imul

Answer 2

Hooray for AT&T assembly base/index syntax! It's not a 3-operand multiply at all. It's the same 2-operand one you know and love, it's just that the first one is a bit complicated. It means:

%ebp + (4 * %ebx) + 0xffffffd4

Or:

%ebp + (4 * %ebx) - 44

To be a bit clearer (and in base 10). The AT&T base/index syntax breaks down as:

offset(base, index, multiplier)