• Welcome to Valhalla Legends Archive.
 

I don't quite understand this..

Started by iago, May 14, 2004, 01:59 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

iago

May 14, 2004, 01:59 PM
Code Select
.text:15006DD1                 xor     edx, edx
.text:15006DD3                 mov     eax, esi
.text:15006DD5                 div     ecx
.text:15006DD7                 push    edi
.text:15006DD8                 mov     edi, esi
.text:15006DDA                 test    edx, edx
.text:15006DDC                 jz      short loc_15006DE4
.text:15006DDE                 sub     ecx, edx


Can edx possibly be non-zero there?  If not, why would the compiler even allow this?  Note that there aren't any cross references to the middle of that
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Arta

#1
May 14, 2004, 02:22 PM
Yeah, div modifies edx. I think it stores the remainder? Something like that.

Maddox

#2
May 14, 2004, 03:49 PM Last Edit: May 14, 2004, 03:52 PM by Maddox
div edx is equivalent to
temp = edx;
eax = eax / temp;
edx = eax % temp;

This piece of code is probably doing some aligning.
asdf.

Adron

#3
May 14, 2004, 06:14 PM
Quote from: Maddox on May 14, 2004, 03:49 PM
div edx is equivalent to
temp = edx;
eax = eax / temp;
edx = eax % temp;

This piece of code is probably doing some aligning.

div edx would be
__int64 temp = (edx<<32) + eax;
eax = temp / edx;
edx = temp % edx;

Makes more sense to use ecx for dividing, since edx is part of the number you're dividing by edx too.

iago

#4
May 14, 2004, 07:51 PM
ooh, you're right, I didn't even notice that div!  Silly me!  Thanks :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Print
|
Go Up Pages1
User actions