flat assembler
Message board for the users of flat assembler.

Index > Windows > VisualC++ ASM

Author
Thread Post new topic Reply to topic
sujan



Joined: 19 Jan 2006
Posts: 1
sujan
Hello,

Could you guys please hlep me to understand the purpose of the following VisualC++ ASM code that I found in every VC++ disassembly code?

mov eax, 0CCCCCCCCh
rep stos dword ptr [edi]

Thank you.
Post 19 Jan 2006, 09:44
View user's profile Send private message Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight
Basically it initilizes all local variables used by the current function with the value 0CCCCCCCCh this is really pointless because you will most likely initilize the function anyway. my opinion is that it's a waste of processor time. but it is a good example of how to quickly fill a section of memory with a certan value.
Post 19 Jan 2006, 10:57
View user's profile Send private message Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost
not really to do with VC++, but for disassembling most C Very Happy

mov eax, #
or xor eax, eax etc

then

mov edi, address
rep stos dword ptr [edi]/ES:[EDI]

is usually a call to memset

_________________
redghost.ca
Post 20 Jan 2006, 02:19
View user's profile Send private message AIM Address MSN Messenger Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
That code only shows up in DEBUG builds of vc++ software,
BUILD | CONFIG | Release option, will build a more optimized executable without the debugging stuff like mov eax,0CCCCCCCCh.
Post 21 Jan 2006, 04:52
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend
0CCh is int 3 opcode and it is put there, because if the program has some bug and if the excution flow jumps somewhere illegal the program will crash, and then it shows you all the registers' contents, stack, etc.
Post 21 Jan 2006, 11:19
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17665
Location: In your JS exploiting you and your system
revolution
Often this memory filling also helps when debugging to see what memory is used during the program run time. You can optimise the stack allocation better when you know the expected maximum usage by seeing where the '0xcccccccc' values have been overwritten with code or data used during a test run.
Post 21 Jan 2006, 16:00
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.