NASM - The Netwide Assembler
NASM Forum => Programming with NASM => Topic started by: JohnG on May 29, 2022, 11:12:58 PM
-
Hi all,
What is the purpose of the code line XOR EAX,EBP ?
Have found some explanation of it, but they differ and do not explain it well.
John
-
XOR performs a bitwise XOR operation between its two operands (i.e. each bit of the result is 1 if and only if exactly one of the corresponding bits of the two inputs was 1), and stores the result in
the destination (first) operand.
So if a bit is 0 or 1 in both operands, it will be set to 0 in EAX, otherwise it will be set to 1. The purpose depends on the rest of the nearby code (ie what EAX and EBP were previously set to, and what your code is going to do with the result)
-
Hi,
Thanks for the quick response, if both operands are just hex values ok, but if they are memory addresses ?
John
-
Hi John,
Thanks Debs.
XORing two memory addresses seems a bit unlikely. Can we see some context?
Best,
Frank
-
As Frank says, it seems unlikely to be XORing two memory addresses. If you can provide a few lines of code either side of the instruction, it might help us understand what the code is trying to do.
-
Hi all,
I think it might be only one address (ebp) still not sure why you would do it.
EAX - ABB63DCD
EBP - 004FFB3C (stack addr )
-
That doesn't make sense to me. It looks like some strange code generated by a compiler, but from your attached code I can't figure out what it is meant to do. Or the disassembler got something wrong, I haven't checked if it could be something else.
-
Hi John,
Too cryptic for me!
Here is your file:
00132A9D | A1 08501300 | mov eax,dword ptr ds:[0x135008] |
00132AA2 | 3145 FC | xor dword ptr ss:[ebp-0x4],eax |
00132AA5 | 33C5 | xor eax,ebp |
00132AA7 | 50 | push eax |
It appears to be a disassembly... but not Nasm syntax!
What happens when you run it? What gets pushed? What do you do with it then? Print it? That would be too much to ask.I suppose...
I think what is being XORed are contents of memory, not memory addresses. That might help a little... but not much. Well... first load eax from a variable. Then xor that with... [ebp + 4] is probably a parameter passed to a subroutine. Then THAT is xored with ebp. Very strange!
I take it that you don't have source code? Commented source code would be really nice! Can you disassemble it with ndisasm? That will disassemble the executable header, too, which is a PITA. I like Agner Fog's "objconv" as a disassembler. It will produce Nasm syntax, and knows where the code starts!
That's not much help. Can you help us any more? Can we get this code? Can you Tell us what it does, overall?
Maybe more later,
Frank