esp is the stack pointer, ebp is/was for a stack frame so that when you entered a function ebp could get a copy of esp at that point, everything on the stack before that happens, return address, passed in parameters, etc and things that are global for that function (local variables) will now be a … Read more
There are a few operations you can only do with DI/SI (or their extended counterparts, if you didn’t learn ASM in 1985). Among these are Which are, respectively, operations for repeated (= mass) storing, loading and scanning. What you do is you set up SI and/or DI to point at one or both operands, perhaps put a … Read more
You are correctly reading the value at memory address 0x8048f0b, but the line call 8048f0b <strings_not_equal> indicates that this address is the start of a function (called strings_not_equal()). You wouldn’t expect that to be ASCII – you’d expect it to be more machine code. If you’re looking for the function arguments to strings_not_equal(), those are being pushed onto the stack. … Read more
As Intel’s manual explains, JG interprets the flags as though the comparison was signed, and JA interprets the flags as though the comparison was unsigned (of course if the operation that set the flags was not a comparison or subtraction, that may not make sense). So yes, they’re different. To be precise, ja jumps if CF = 0 and ZF … Read more
It’s just call. Use Intel-syntax disassembly if you want to be able to look up instructions in the Intel/AMD manuals. The q operand-size suffix does technically apply (it pushes a 64-bit return address and treats RIP as a 64-bit register), but there’s no way to override it with instruction prefixes. i.e. calll and callw aren’t encodeable in 64-bit mode, so it’s just … Read more
pushing a value (not necessarily stored in a register) means writing it to the stack. popping means restoring whatever is on top of the stack into a register. Those are basic instructions:
Cmpl subtracts -0x10(%ebp) from $0x7 and modifies flags: AF CF OF PF SF ZF. If memory at -0x10(%ebp) equals immediate 0x7 then the flag ZF is set. This is below EBP so it’s probably a local variable, if this is an un-optimized build using EBP as a frame pointer. jne 80484db means that if the two compared numbers are different … Read more
According to my understanding cmpl compares unsigned. It does both, in a way. The difference in signed vs. unsigned is here the usage of the jump instructions. For >, there is ja for unsigned and jg for signed (jump if above and jump if greater). For <, there is jb for unsigned and jl for signed (jump if below and jump if less). To be exact, here … Read more
As others have pointed out, LEA (load effective address) is often used as a “trick” to do certain computations, but that’s not its primary purpose. The x86 instruction set was designed to support high-level languages like Pascal and C, where arrays—especially arrays of ints or small structs—are common. Consider, for example, a struct representing (x, … Read more
AT&T syntax splits the movzx Intel instruction mnemonic into different mnemonics for different source sizes (movzb vs. movzw). In Intel syntax, it’s: i.e. load a byte from memory at eax+ecx+1 and zero-extend to full register. BTW, most GNU tools now have a switch or a config option to prefer Intel syntax. (Such as objdump -Mintel or gcc -S -masm=intel, although the latter affects … Read more