Menu
I have the following code (after producing the listing file, written for intel 80x86):
1 global _start
2
3 section .data
4 00000000 03000000 x: dd 3
5
6 ;section .text
7
8 _start:
9 00000004 8B0D[00000000] mov ecx, [x]
10 0000000A 000D[16000000] r: add byte [l+6], cl
11 00000010 C605[00000000]30 l: mov byte [x], 48
12 00000017 51 push ecx
13 00000018 B804000000 mov eax, 4 ; For "Write" system call
14 0000001D BB01000000 mov ebx, 1 ; to standard output
15 00000022 B9[00000000] mov ecx, x ; "buffer"
16 00000027 BA01000000 mov edx, 1 ; byte counter
17 0000002C CD80 int 0x80
18 0000002E 59 pop ecx
19 0000002F E2D9 loop r, ecx
20
21 00000031 BB00000000 mov ebx, 0
22 00000036 B801000000 mov eax, 1 ; For "exit" system call
23 0000003B CD80 int 0x80
I'm concentrating now on row 19, and I don't completely understand it. I understand that the binary of the opcode 'loop' is E2.
But from where the D9 byte? how it was calculated?
947
asked Jun 18 '14 07:06
19 0000002F E2D9 loop r, ecx
Where does the second opcode (D9) come from?
The second opcode (0xD9 in this case) is the relative destination address in two's complement - since you are jumping backwards, it is negative in this case:
0x00000031 (The address following the loop instruction)
+ 0xFFFFFFD9 (Signed-extended representation of 0xD9 - actually a negative number, -39 decimal)
============
0x0000000A (The address of the r label)
Note that the destination address is calculated based on the address after the loop instruction.
See also http://www.mathemainzel.info/files/x86asmref.html#loop
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
