O'Reilly logo

Memory Dump Analysis Anthology, Volume 4 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 13. Miscellanious

Assembling Code in WinDbg

One of the readers of Windows Debugging: Practical Foundations book asked why the following code used byte ptr modifier for MOV instruction when assigning a number to a memory location pointed to by a register:

C/C++ code:

int a;
int *pa = &a;

void foo()
{
    __asm
    {
        // ...
        mov eax,   [pa]
        mov [eax], 1
        // ...
    }
}

Generated x86 assembly language code:

0:000:x86> uf foo
[...]
0042d64e c60001 mov byte ptr [eax],1
[...]

It looks like by default Visual C++ inline assembler treats MOV as "byte ptr" because it doesn't know about C or C++ language semantics. It is the sign of a code optimization because the resulted binary code is smaller than the one generated by dword ptr. In order to check that we use a WinDbg ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required