Move twice from and to, the same location
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I'm trying to reverse a function and i came across this lines inside the function
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
Why does line 3 needed?
If i need to save the result line 2 saved that and EAX already have the result,
So why is line 3 needed.
Am i missing something?
ida disassembly
New contributor
add a comment |Â
up vote
2
down vote
favorite
I'm trying to reverse a function and i came across this lines inside the function
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
Why does line 3 needed?
If i need to save the result line 2 saved that and EAX already have the result,
So why is line 3 needed.
Am i missing something?
ida disassembly
New contributor
1
It might be that the binary is not optimized and the line 3 is part of the next instruction that uses the HeapAllocâÂÂs result
â Paweà  à Âukasik
2 hours ago
@Paweà Âà Âukasik even if it's in used in the next instruction EAX already has the result/
â Moshe D
2 hours ago
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I'm trying to reverse a function and i came across this lines inside the function
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
Why does line 3 needed?
If i need to save the result line 2 saved that and EAX already have the result,
So why is line 3 needed.
Am i missing something?
ida disassembly
New contributor
I'm trying to reverse a function and i came across this lines inside the function
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
Why does line 3 needed?
If i need to save the result line 2 saved that and EAX already have the result,
So why is line 3 needed.
Am i missing something?
ida disassembly
ida disassembly
New contributor
New contributor
edited 2 hours ago
New contributor
asked 2 hours ago
Moshe D
1113
1113
New contributor
New contributor
1
It might be that the binary is not optimized and the line 3 is part of the next instruction that uses the HeapAllocâÂÂs result
â Paweà  à Âukasik
2 hours ago
@Paweà Âà Âukasik even if it's in used in the next instruction EAX already has the result/
â Moshe D
2 hours ago
add a comment |Â
1
It might be that the binary is not optimized and the line 3 is part of the next instruction that uses the HeapAllocâÂÂs result
â Paweà  à Âukasik
2 hours ago
@Paweà Âà Âukasik even if it's in used in the next instruction EAX already has the result/
â Moshe D
2 hours ago
1
1
It might be that the binary is not optimized and the line 3 is part of the next instruction that uses the HeapAllocâÂÂs result
â Paweà  à Âukasik
2 hours ago
It might be that the binary is not optimized and the line 3 is part of the next instruction that uses the HeapAllocâÂÂs result
â Paweà  à Âukasik
2 hours ago
@Paweà Âà Âukasik even if it's in used in the next instruction EAX already has the result/
â Moshe D
2 hours ago
@Paweà Âà Âukasik even if it's in used in the next instruction EAX already has the result/
â Moshe D
2 hours ago
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
It's not needed at all.
However, some compilers may generate that assembly when compiled without optimization.
For example, gcc -O0
generates: (from godbolt)
f():
push rbp
mov rbp, rsp
sub rsp, 16
call fake_heapalloc()
mov DWORD PTR [rbp-4], eax
mov eax, DWORD PTR [rbp-4]
mov edi, eax
call g(int)
nop
leave
ret
from C++ source code
int fake_heapalloc();
void g(int i);
void f()
int i;
i=fake_heapalloc();
g(i);
Because it's not optimized, the i
is stored on the stack (instead of in a register) and the redundant move to/from stack code is generated.
Alternatively, some programmer may manually insert the assembly instruction there to... I don't know, it's unlikely.
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
add a comment |Â
up vote
1
down vote
This is to save the value on the stack and continue to work with that value in further instruction(s) as already mentioned in the comments. This happens if no optimization is done.
You have to look at it separately.
Consider this in pseudocode.
var_4 = HeapAlloc()
func1(var_4)
Then the result would be similar to your assembler output namely:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
4. push eax
5. call func1
And in that case you are right, the value is still in eax
.
But now consider that:
var_4 = HeapAlloc()
between_func()
func1(var_4)
The assembler output would be similar to this
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. call between_func
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
You can refer a pseudocode line to a section of the assembler code.
var_4 = HeapAlloc()
Corresponds to:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
between_func()
Corresponds to:
3. call between_func
func1(var_4)
Corresponds to:
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
And if you omit the between_func()
then you will get to the result you have. Concluded, the two instructions are compiled independently.
New contributor
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
It's not needed at all.
However, some compilers may generate that assembly when compiled without optimization.
For example, gcc -O0
generates: (from godbolt)
f():
push rbp
mov rbp, rsp
sub rsp, 16
call fake_heapalloc()
mov DWORD PTR [rbp-4], eax
mov eax, DWORD PTR [rbp-4]
mov edi, eax
call g(int)
nop
leave
ret
from C++ source code
int fake_heapalloc();
void g(int i);
void f()
int i;
i=fake_heapalloc();
g(i);
Because it's not optimized, the i
is stored on the stack (instead of in a register) and the redundant move to/from stack code is generated.
Alternatively, some programmer may manually insert the assembly instruction there to... I don't know, it's unlikely.
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
add a comment |Â
up vote
1
down vote
It's not needed at all.
However, some compilers may generate that assembly when compiled without optimization.
For example, gcc -O0
generates: (from godbolt)
f():
push rbp
mov rbp, rsp
sub rsp, 16
call fake_heapalloc()
mov DWORD PTR [rbp-4], eax
mov eax, DWORD PTR [rbp-4]
mov edi, eax
call g(int)
nop
leave
ret
from C++ source code
int fake_heapalloc();
void g(int i);
void f()
int i;
i=fake_heapalloc();
g(i);
Because it's not optimized, the i
is stored on the stack (instead of in a register) and the redundant move to/from stack code is generated.
Alternatively, some programmer may manually insert the assembly instruction there to... I don't know, it's unlikely.
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
add a comment |Â
up vote
1
down vote
up vote
1
down vote
It's not needed at all.
However, some compilers may generate that assembly when compiled without optimization.
For example, gcc -O0
generates: (from godbolt)
f():
push rbp
mov rbp, rsp
sub rsp, 16
call fake_heapalloc()
mov DWORD PTR [rbp-4], eax
mov eax, DWORD PTR [rbp-4]
mov edi, eax
call g(int)
nop
leave
ret
from C++ source code
int fake_heapalloc();
void g(int i);
void f()
int i;
i=fake_heapalloc();
g(i);
Because it's not optimized, the i
is stored on the stack (instead of in a register) and the redundant move to/from stack code is generated.
Alternatively, some programmer may manually insert the assembly instruction there to... I don't know, it's unlikely.
It's not needed at all.
However, some compilers may generate that assembly when compiled without optimization.
For example, gcc -O0
generates: (from godbolt)
f():
push rbp
mov rbp, rsp
sub rsp, 16
call fake_heapalloc()
mov DWORD PTR [rbp-4], eax
mov eax, DWORD PTR [rbp-4]
mov edi, eax
call g(int)
nop
leave
ret
from C++ source code
int fake_heapalloc();
void g(int i);
void f()
int i;
i=fake_heapalloc();
g(i);
Because it's not optimized, the i
is stored on the stack (instead of in a register) and the redundant move to/from stack code is generated.
Alternatively, some programmer may manually insert the assembly instruction there to... I don't know, it's unlikely.
answered 21 mins ago
user202729
2367
2367
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
add a comment |Â
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
(this contains essentially the same information as other answers, just worded in a different way)
â user202729
21 mins ago
add a comment |Â
up vote
1
down vote
This is to save the value on the stack and continue to work with that value in further instruction(s) as already mentioned in the comments. This happens if no optimization is done.
You have to look at it separately.
Consider this in pseudocode.
var_4 = HeapAlloc()
func1(var_4)
Then the result would be similar to your assembler output namely:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
4. push eax
5. call func1
And in that case you are right, the value is still in eax
.
But now consider that:
var_4 = HeapAlloc()
between_func()
func1(var_4)
The assembler output would be similar to this
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. call between_func
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
You can refer a pseudocode line to a section of the assembler code.
var_4 = HeapAlloc()
Corresponds to:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
between_func()
Corresponds to:
3. call between_func
func1(var_4)
Corresponds to:
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
And if you omit the between_func()
then you will get to the result you have. Concluded, the two instructions are compiled independently.
New contributor
add a comment |Â
up vote
1
down vote
This is to save the value on the stack and continue to work with that value in further instruction(s) as already mentioned in the comments. This happens if no optimization is done.
You have to look at it separately.
Consider this in pseudocode.
var_4 = HeapAlloc()
func1(var_4)
Then the result would be similar to your assembler output namely:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
4. push eax
5. call func1
And in that case you are right, the value is still in eax
.
But now consider that:
var_4 = HeapAlloc()
between_func()
func1(var_4)
The assembler output would be similar to this
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. call between_func
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
You can refer a pseudocode line to a section of the assembler code.
var_4 = HeapAlloc()
Corresponds to:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
between_func()
Corresponds to:
3. call between_func
func1(var_4)
Corresponds to:
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
And if you omit the between_func()
then you will get to the result you have. Concluded, the two instructions are compiled independently.
New contributor
add a comment |Â
up vote
1
down vote
up vote
1
down vote
This is to save the value on the stack and continue to work with that value in further instruction(s) as already mentioned in the comments. This happens if no optimization is done.
You have to look at it separately.
Consider this in pseudocode.
var_4 = HeapAlloc()
func1(var_4)
Then the result would be similar to your assembler output namely:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
4. push eax
5. call func1
And in that case you are right, the value is still in eax
.
But now consider that:
var_4 = HeapAlloc()
between_func()
func1(var_4)
The assembler output would be similar to this
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. call between_func
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
You can refer a pseudocode line to a section of the assembler code.
var_4 = HeapAlloc()
Corresponds to:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
between_func()
Corresponds to:
3. call between_func
func1(var_4)
Corresponds to:
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
And if you omit the between_func()
then you will get to the result you have. Concluded, the two instructions are compiled independently.
New contributor
This is to save the value on the stack and continue to work with that value in further instruction(s) as already mentioned in the comments. This happens if no optimization is done.
You have to look at it separately.
Consider this in pseudocode.
var_4 = HeapAlloc()
func1(var_4)
Then the result would be similar to your assembler output namely:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. mov eax, [ebp+var_4]
4. push eax
5. call func1
And in that case you are right, the value is still in eax
.
But now consider that:
var_4 = HeapAlloc()
between_func()
func1(var_4)
The assembler output would be similar to this
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
3. call between_func
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
You can refer a pseudocode line to a section of the assembler code.
var_4 = HeapAlloc()
Corresponds to:
1. call ds:HeapAlloc
2. mov [ebp+var_4], eax
between_func()
Corresponds to:
3. call between_func
func1(var_4)
Corresponds to:
4. mov eax, [ebp+var_4]
5. push eax
6. call func1
And if you omit the between_func()
then you will get to the result you have. Concluded, the two instructions are compiled independently.
New contributor
edited 5 mins ago
New contributor
answered 1 hour ago
pudi
538
538
New contributor
New contributor
add a comment |Â
add a comment |Â
Moshe D is a new contributor. Be nice, and check out our Code of Conduct.
Moshe D is a new contributor. Be nice, and check out our Code of Conduct.
Moshe D is a new contributor. Be nice, and check out our Code of Conduct.
Moshe D is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2freverseengineering.stackexchange.com%2fquestions%2f19488%2fmove-twice-from-and-to-the-same-location%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
It might be that the binary is not optimized and the line 3 is part of the next instruction that uses the HeapAllocâÂÂs result
â Paweà  à Âukasik
2 hours ago
@Paweà Âà Âukasik even if it's in used in the next instruction EAX already has the result/
â Moshe D
2 hours ago