assembly x86 code and process virtual memory

Question

i am trying to understand piece of code below

data dd 1,2,3,4,5,6
myfunc:
lea eax, data
cmp eax, DWORD PTR [ebp-8]
jle SHORT L1
mov ecx, DWORD PTR [ebp-8]
add  ecx, DWORD PTR [ebp-4] 
mov DWORD PTR [ebp-4], ecx 
mov edx, DWORD PTR [ebp-4] 
sub edx, DWORD PTR [ebp-8]
mov DWORD PTR [ebp-8], edx
 mov  eax, DWORD PTR [ebp-4]
 sub eax, DWORD PTR [ebp-8]
 mov DWORD PTR [ebp-4], eax
 L1:
 mov eax, DWORD PTR [ebp-8]

first line i understand it will be loaded in the process virtual memory as dd is defined with 4 bytes so something like this perhaps?

data dd 1,2,3,4,5,6

4004000  01 ; 1
4004001  00 ; 0
4004002  00 ; 0
4004003  00 ; 0

4004004  02 ; 2
4004005  00 ; 0
4004006  00 ; 0
4004007  00 ; 0

4004008  03 ; 3
4004009  00 ; 0
400400A  00 ; 0
400400B  00 ; 0

4004008  04 ; 4
4004009  00 ; 0
400400A  00 ; 0
400400B  00 ; 0

400400C  05 ; 5
400400D  00 ; 0
400400E  00 ; 0
400400F  00 ; 0

4004010  06 ; 6
4004011  00 ; 0
4004012  00 ; 0
4004013  00 ; 0

however, the after the label it will load memory address of var data into eax register then compares value of eax with DWORD present at [ebp-8]

what i don't understand is there is no address in ebp as i assume so may be its missing mov ebp,esp ?

also even if i move esp into ebp what i don't understand the part is the code says ebp-8 which should be ebp-4 perhaps to point to the address of first DWORD defined ?

can someone please guide me to the right direction ?

thanks!

Answer 1

... its a block provided to me for research purposes probably from IDA Pro from a disassembled PE to understand what this function is doing along with effect of instructions on cpu registers

... i am trying to understand what does these instructions do when executed

... unfortunately i am still not able to figure out what will be the content of the registers once this subtract and addition happens to the ebp register

mov ecx, DWORD PTR [ebp-8]
add  ecx, DWORD PTR [ebp-4] 
mov DWORD PTR [ebp-4], ecx 
mov edx, DWORD PTR [ebp-4] 
sub edx, DWORD PTR [ebp-8]
mov DWORD PTR [ebp-8], edx
mov  eax, DWORD PTR [ebp-4]
sub eax, DWORD PTR [ebp-8]
mov DWORD PTR [ebp-4], eax

This code in essence just switches the local variables at [ebp-8] and [ebp-4].
In stead of requiring 9 instructions and clobbering 3 registers, it could have been written like:

    mov edx, [ebp-8]
    mov eax, [ebp-4] 
    mov [ebp-4], edx
    mov [ebp-8], eax

---

lea eax, data
cmp eax, DWORD PTR [ebp-8]
jle SHORT L1
...
L1:
mov eax, DWORD PTR [ebp-8]

Re-writing the test for clarity:

    cmp DWORD PTR [ebp-8], data
    jge SHORT L1
    ...
L1:
    mov eax, [ebp-8]

If the local variable at [ebp-8] is greater or equal than the startaddress of the array, it becomes the result in EAX.

If the local variable at [ebp-8] is less than the startaddress of the array, the original contents of [ebp-4] become the result in EAX.

---

If the switching part were of no importance, next code would produce the same EAX:

    mov eax, [ebp-8]
    cmp eax, data
    jge SHORT L1
    mov eax, [ebp-4]
L1: