Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need help about explaining some ASM code

vietwowvietwow Member Posts: 1
Hi all,

I'm a newbie in ASM. I write a smallest code in C :

[code]// vietwow.cpp : Defines the entry point for the console application.

#include "stdafx.h"

int _tmain(int argc, _TCHAR* argv[])
int a =5;

And compile it with MS VS2008. And then I use IDA for reading ASM of it :

[code]_wmain proc near

var_CC= byte ptr -0CCh
var_8= dword ptr -8

push ebp
mov ebp, esp
sub esp, 0CCh
push ebx
push esi
push edi
lea edi, [ebp+var_CC]
mov ecx, 33h
mov eax, 0CCCCCCCCh
rep stosd
mov [ebp+var_8], 5
xor eax, eax
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
_wmain endp[/code]

I have some question :

1/ In my code, I only declare 1 local variable (named i) and assign value "5" to it => it's var_8. So what is var_CC ? I try some another case and see that var_CC always available in every code

2/ what does "rep stosd" means ? It have read about stosd but I don't understand its role in this context ?

Anybody can help me ?

Best Regards,


  • AsmGuru62AsmGuru62 Member Posts: 6,519
    [color=Blue]The compiler inserts some debugging code, however, I am like you, not seeing a reason for this.

    Local variables area in this function are of size 0CCh bytes. This is what that line tells us:[/color]
    [code]sub sp, 0CCh[/code]
    [color=Blue]No idea why it is that big. I think that compiler sometimes reserve some room for some intermediate results or some service areas within locals, however, again - I do not see any of that.

    In DEBUG mode VC++ compiler generates code to fill (initialize) all local bytes to a value of 0xCC - it is done to make a crash if uninitialized local variable is used. Say, you have a pointer and you did not initialize it. First, compiler will warn you and if you will still run the code - it will access the memory at 0xCCCCCCCC and it will crash, obviously.

    This is exactly what is done by following lines:[/color]
    mov ecx, 33h
    rep stosd
    [color=Blue]STOSD writes the value of EAX at the address in EDI, then EDI moves forward by 4 bytes (a size of a DWORD on 32-bit system). Now, REP STOSD will repeat the STOSD the # of times stored in ECX. In other words that code writes 0x33 DWORDs of value 0xCCCCCCCC beginning at address in EDI - where locals begin.

    Having said all that - I still see only 4 bytes of locals in there. Unless, you are not showing the complete code.

    Try the following: place your integer variable into other function and see how local room is generated there. It is possible that very first entry point into application (_tmain) has some undocumented service areas.[/color]
    int foo (int a)
    [color=Green]// Check the code in IDA here ^^^[/color]

    int b=a;
    return 0;

    int _tmain ()
    foo ();
    return 0;
Sign In or Register to comment.