Menu
I was debugging CLR code in assembly, and got to a line
mov rax, qword ptr [ff4053c0h]
I think qword ptr [ff4053c0h] refers to a string I'm interested in, but ff4053c0h is not a valid memory location. Reading about qword ptr it seems to reference an address based on a base register (e.g. qword ptr [rsp+30h] is 30 bytes into the stack), but I can't find what it means with no base register.
441
QwordEdit. The Dword stands for quadword. On the x86 architecture, a Qword is the size of sixty-four bits.
Basically, it means "the size of the target operand is 32 bits", so this will bitwise-AND the 32-bit value at the address computed by taking the contents of the ebp register and subtracting four with 0.
The first lines of the function main refers to rbp and rsp ; these are special purpose registers. rbp is the base pointer, which points to the base of the current stack frame, and rsp is the stack pointer, which points to the top of the current stack frame.
When no base register is provided, it means data segment (http://www.osdata.com/system/physical/memory.htm). In your code, mov rax, qword ptr [ff4053c0h] means "take 8 bytes from data segment offset FF4053C0h and put them in RAX".
As you are pointing correctly, the presence of a base register like rsp clearly indicates stack segment. In your case, no base register means data segment.
Now, about the big number "FF4053C0h", which is "4 282 405 824", it's perfectly possible to have 4Gb of addressable memory (http://wiki.osdev.org/Protected_Mode), which confirms that your line of code might be valid and it's accessing offset FF4053C0h in a huge data segment (http://www.ece.unm.edu/~jimp/310/slides/micro_arch2.html).
Another source = Assembly: Using the Data Segment Register (DS) .
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
