I just had a question I couldn't seem to find a decent answer to.
I'm given this code:
0020 mov eax, [ebp+0x0c]; value inside = 0x000000ff
0023 mov cl, [ebp+ox08]; value inside- 0x82
0026 cmp al, cl
0028 jl label ;label is at address 003c, jl is signed
002a nop
002b
...
003c label:sub al,cl
If the value in [ebp+0x08] is 0x82 and ecx is 0xabcd1234 before executing this code,
what is the value of eax after executing this code?
Would it clear the upper bits so that ecx is 0x00000082 or would ecx be 0xabcd1282?
Also what's the address from which the offset to the jl instruction is calculated?
And how would you determine the value of the offset for the jl instruction?
Isn't the value of al greater than cl? So wouldn't jl not jump?
thanks in advance
The value in ecx after loading cl is 0xabcd1282.
cl (signed -126 / unsigned 130) is less than al (signed -1 / unsigned 255) regardless of whether it is treated as signed or unsigned. (In this case, it is treated as signed by jl.) So the jump is not taken. Since we don't know what instructions are between 0x2b and 0x3c, there's no way to know what the final values of eax and ecx are.
The offset for the jump is 0x12 (0x3c - 0x2a, the address of the destination minus the address of the next instruction).