Ahmed Mohammed
Reputation: 15
How stosd works in assembly?
Sorry for this question .. just wanted to understand how stosd works in assembly when EAX is zero
mov ecx, 41
lea edi, [variable]
xor eax, eax
rep stosd
I was debugging a malware with these instructions and with each stosd i can see windows directories paths are coming when following edi in dump.
But from where these directories are comming when EAX is zero and not referring to any variable?
Upvotes: 0
Views: 704
Answers (1)
Margaret Bloom
Reputation: 44106
You are seeing the pointers already stored in the array pointed by edi, before each stosd overwrites them with zero.
stosd writes eax to edi and increments it by four (assuming the DF flag is not set, which is usually the case).
That snippet is equivalent to memset(variable, 0, 41*4).
Upvotes: 3
Related Questions
- Assembly instruction reading, leaq
- REPNZ SCAS Assembly Instruction Specifics
- understanding a x86 assembly program
- Understanding x86 r/m32 instruction
- Understanding and analyzing assembly code
- assembly x86 test si
- Translating Assembly to C
- x86 OpCode Instruction Decoding
- x86-64 Load Effective Address Assembly code Reverse Engineering
- reverse engineering doubt