Image source: Webcomic xkcd Memory When the program Cave Story begins to run, every ASM address will refer to a location in the computer's memory. Some of these memory locations can be modified (you can store/load numbers held inside those addresses by using instructions like MOV). Other memory locations cannot be modified when the game is running (read-only addresses). Pointers Let's look at some more ASM code: MOV EAX,12 MOV ECX,8002 MOV EDX,AA91BDWhat does the code do? Easy. It stores the hex numbers 12, 8002, and AA91BD into EAX, ECX, and EDX respectively. Each box you see here represents a register. The boxes have green lids labeled with the name of the register: either EAX, ECX, or EDX. What is a pointer? A pointer is anything, such as a register or a number, that "points to" an address where data can be modified. For example, MOV DWORD [49E6D0],60 uses the hex number 49E6D0 to point to the address 49E6D0, where a DWORD-sized chunk of data can be stored.Okay good. So MOV DWORD [49E6D0],60 stores the number 60 into the memory location (or address) 49E6D0. The square brackets mean, "use this number as an address".Indirect Addressing Indirect addressing is a fancy term that means using a register to refer to an address instead of a number. Let's assume that EAX holds the number 49E6E8. Then what does MOV DWORD [EAX],100 do?We can see that the "box" with the blue lid [EAX] is exactly the same as the box with the blue lid [49E6E8]. In this case, doing MOV DWORD [EAX],100 is the same as MOV DWORD [49E6E8],100 .Both instructions store the hex number 100 into the address 49E6E8. Notice that EAX itself did not get modified. EAX still holds the number 49E6E8 even after MOV DWORD [EAX],100 . When you put EAX or any other register inside square brackets, the register simply defines the label located on the blue lid of a box, so to speak.We can even do something more complicated than this. Look at the following code: MOV EDX,490000 ;store hex number 490000 into EDX. MOV DWORD [EDX+9C6C],3 ;store hex number 3 into the address pointed to by EDX+9C6C.Whoa... EDX plus 9C6C? Think about it... if EDX holds 490000, then EDX + 9C6C = 499C6C. (Use the Windows calculator to do hex math if you're confused). When EDX holds 490000, MOV DWORD [EDX+9C6C],3 is the same thing as MOV DWORD [499C6C],3 . The DWORD-sized piece of data located at memory address 499C6C will now have the value of 3. Whew.Even after MOV DWORD [EDX+9C6C],3 was executed, notice that EDX itself also did not get modified. EDX contained 490000 and it still contains 490000. The register EDX (see the green box labeled EDX) does not hold 499C6C, and it definitely does not hold the number 3.
What if you actually wanted EDX to hold 499C6C or 3? Just use MOV directly. MOV EDX,490000 ;store hex number 490000 into EDX.
MOV DWORD [EDX+9C6C],3 ;store 3 to address 499C6C. EDX still holds 490000!
MOV EDX,499C6C ;Now EDX actually holds 499C6C.
MOV EDX,3 ;Now EDX actually holds 3.
Memory to Memory Storage: One at a TimeThere is one other thing that I must mention about memory locations. Let's say that you are trying to take the number inside DWORD [450600] and copy that number to DWORD [49E670]. This seems straightforward, just use MOV. Right? MOV DWORD [49E670],DWORD [450600] ;Store the number located in [450600] to [49E670]?This won't work. OllyDbg will say "Constant is out of range" or something equally ridiculous. Memory-to-memory storage does not work directly. If you want to move the number from DWORD [450600] to DWORD [49E670], you need to temporarily use a register (such as EAX) to hold that number. MOV EAX,DWORD [450600] ;Store the number located in [450600] to EAX. MOV DWORD [49E670],EAX ;Store the number located in EAX to [49E670].So remember - you cannot use two memory locations (known as memory operands) in a single MOV statement. You need a register to transport information from one memory location to another memory location. So, memory-to-memory storage always requires at least 2 MOV instructions. Previous Lesson: Using MOV Next Lesson: Polar Life Capsule Table of Contents |