Menu
77f4bcbc 8945fc mov dword ptr [ebp-4],eax
And here's the rule:
88 /r MOV r/m8,r8 2/2 Move byte register to r/m byte
89 /r MOV r/m16,r16 2/2 Move word register to r/m word
89 /r MOV r/m32,r32 2/2 Move dword register to r/m dword
How to interpret 8945fc to mov dword ptr [ebp-4],eax?
521
An opcode identifies which basic computer operation in the instruction set is to be performed. It is used when writing machine code. It tells the computer to do something. Each machine language instruction typically has both an opcode and operands.
In computing, an opcode (abbreviated from operation code, also known as instruction machine code, instruction code, instruction syllable, instruction parcel or opstring) is the portion of a machine language instruction that specifies the operation to be performed.
We have here a three-byte instruction: 89 45 fc. The first byte is the opcode byte. Looking it up in the table, we can see that it's a MOV instruction and it takes a Mod R/M byte. The Mod R/M byte has the following layout:
7 6 5 4 3 2 1 0
+-----+---------+---------+
| Mod | Reg | R/M |
+-----+---------+---------+
Let's look at the second byte of the instruction. 0x45 is 01.000.101 in binary. Thus, Mod is 01, Reg is 000 and R/M is 101.
Looking up in the reference, e.g. here, we can see that the combination of Mod=01 and R/M=101 corresponds to the [EBP+sbyte] operand. The "sbyte" is an 8-bit signed displacement which is encoded in the third byte: 0xFC. Since the displacement is signed, it has to be interpreted as such number, i.e. -4.
The "/r" note next to the instruction tells us that the register (second) operand is specified by the Reg field of the instruction. Reg=000 is al/ax/eax. Assuming a 32-bit mode by default, this will mean eax.
Assembling all of the above, we get
MOV [EBP-4], EAX
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
