Reputation: 1513
MOV instruction with an offset
Here is a line of assembly code from a core file.
0x00002ac8c957012d <+45>: mov 0x8(%rsp), %rsi
I noticed that registry rsp is at the following location so I use the Examine command to view the content plus 16 more objects/bytes.
> x/16x 0x2acd5752a610
0x2acd5752a610: 0x70 0xa6 0x11 0xff 0x29 0xcd 0x22 0x00
0x2acd5752a618: 0x33 0xee 0xf1 0xa9 0xb2 0xcc 0x34 0x76
When figuring out the offset of 0x8 is this going to be 0 based resulting in the value being 0x33 or just count starting with 1 to 8 from the start which results in the value being 0x00?
Upvotes: 0
Views: 5045
Answers (1)
Reputation: 76617
You are confused by the braindead abomination that is AT&T syntax.
In Intel's intended syntax mov 0x8(%rsp), %rsi translates to:
mov rsi,[rsp+8]
Which means fill the 8 bytes of register rsi with the 8 bytes at address [rsp+8].
Note that rsp is a 64-bit (8 byte) register which handles 8 bytes at a time.
We don't know what the value of rsp is, but we do know that rsp is the stack pointer and +8 means we take the address 8 bytes above the stack pointer, or the second most recently pushed value on the stack (because the stack grows downward).
This instruction is sneaking a peak inside the stack :-)
Upvotes: 4
Related Questions
- How to offset from a local variable using x64 Assembly?
- Understanding mov in assembly
- mov instruction in x86 assembly
- Assembly executing a long jump with an offset with different syntax
- Assembly mov instruction without suffix
- x86 Assembly registers and mov instruction, and jump offset
- Addressing issue with mov instruction in x86
- Assembly offset calculation rule
- x86 simple mov instruction
- Assembly Language x86: Offset of an indirect operand to a structure