0

I've been studying assembly in school, and I'm trying to apply it to a real situation. I have a product that is no longer supported and I want to see how a portion of the code that uses the CPUID to perform several checks is working. I've only studied the MIPS architecture, so I'm using a reference for the x86 instructions and registers to understand. The disassembly is below:

        007b65ef b8 01 00        MOV        EAX,0x1
                 00 00
        007b65f4 0f a2           CPUID
        007b65f6 a3 28 11        MOV        [DAT_00af1128],EAX                               = ??
                 af 00
        007b65fb 89 1d 24        MOV        dword ptr [DAT_00af1124],EBX                     = ??
                 11 af 00
        007b6601 89 15 20        MOV        dword ptr [DAT_00af1120],EDX                     = ??
                 11 af 00
        007b6607 89 0d 1c        MOV        dword ptr [DAT_00af111c],ECX                     = ??
                 11 af 00

And this is the C code it compiles into

  puVar4 = (undefined4 *)cpuid_Version_info(1);
  _DAT_00af1128 = *puVar4;
  _DAT_00af1124 = puVar4[1];
  _DAT_00af1120 = puVar4[2];
  _DAT_00af111c = puVar4[3];

What I don't understand is how the value of _DAT_00af1128 is being stored, when the assembly is moving the address into the register, and not the other way around. I would have thought it should be MOV EBX, dword ptr [DAT_00af1124]

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
richbai90
  • 4,994
  • 4
  • 50
  • 85
  • 4
    This is Intel syntax; data flow is from right to left. `MOV [DAT_00af1128],EAX` stores the contents of register `eax` into memory at address `DAT_00af1128`. Don't confuse this with AT&T syntax where the operand order is the other way round. – fuz Nov 05 '20 at 22:04
  • 1
    x86 Intel syntax is always `mov dst, src`, unlike MIPS where you have a separate *mnemonic* for load vs store and the operands are always `reg, addr_mode` even for stores. So MIPS has `sw src, dst`, opposite of normal MIPS instructions, possibly because that makes parsing even easier for the assembler. But that wouldn't really explain your confusion; probably fuz is right and you read something about A&T syntax. Unfortunately there are multiple asm syntaxes for x86. – Peter Cordes Nov 06 '20 at 04:35

0 Answers0