6
votes

I am trying to learn more about assembly and disassembly. My goal is to modify the way a specific address is being written using a debugger (olly). Preferably by incrementing it by a number (20, 50, etc..) I can identify the address of the floating point number (in this case located at 33B7420C).

When I set a breakpoint on memory access write it brings me to 00809B2E which has the following assembly:

FSTP DWORD PTR DS:[ESI+1224]

What exactly is it doing in this address? I know that the FPU register has the number i'm looking for but not sure what all this address is doing.

The closest I come to googling is: What does MOV EAX, DWORD PTR DS:[ESI] mean and what does it do?

A copy of the registers shows the following:

EAX 00000000
ECX 00A16E40 EZ.00A16E40
EDX FFFFFFFF
EBX 33B74578
ESP 0018FA90
EBP 00000000
ESI 33B72FE8
EDI 33B74578
EIP 00809B2E <EZ.Breakpoint for time>
C 0  ES 002B 32bit 0(FFFFFFFF)
P 0  CS 0023 32bit 0(FFFFFFFF)
A 0  SS 002B 32bit 0(FFFFFFFF)
Z 0  DS 002B 32bit 0(FFFFFFFF)
S 0  FS 0053 32bit 7EFDD000(FFF)
T 0  GS 002B 32bit 0(FFFFFFFF)
D 0
O 0  LastErr ERROR_SUCCESS (00000000)
EFL 00210202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 valid 1150.0000000000000000
ST1 zero  0.0
ST2 zero  0.0
ST3 empty 64.951911926269531250
ST4 empty -13.250000000000000000
ST5 empty 64.951911926269531250
ST6 empty 64.951911926269531250
ST7 empty 0.0239995196461677551
           3 2 1 0      E S P U O Z D I
FST 2927  Cond 0 0 0 1  Err 0 0 1 0 0 1 1 1  (LT)
FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1

Any help would be appreciated, Thanks!

3
You should get a copy of the x86 assembly reference for explanations of particular instructions. Asking SO each time you encounter an instruction does not scale well.Raymond Chen

3 Answers

15
votes

FSTP stores a floating point number from the top of the floating-point register stack (ST0) to the designated memory region. Using the DWORD modifier means that a 32-bit float will be written. The P suffix indicates that the floating-point register stack will be popped after the operation.

So, in effect, this instruction puts 1150.0 (as a 32-bit float) at DS:[ESI+1224], then pops the register stack (which causes ST0 = 0.0, ST1 = 0.0, ST2 = <empty>, etc.).

1
votes

It's storing ST0 (1150.0) in single-precision to your address. And popping said value from the FPU stack.

-3
votes

To add 50 (0x32 being hex for 50):

mov eax, dword[ds:esi+0x1224]
add eax, 0x32
mov dword[ds:esi+0x1224], eax