I'm just doing some analysis of a disassembled 32-bit program I wrote in C. Here is a portion of the output from the disassembler:
41153c 02 00 add al, [eax]
41153e 00 00 add [eax], al
411540 44 inc esp
411541 15 41 00 F8 FF adc eax, 0xfff80041 ; "A"
411546 FF invalid
I'm just trying to make sense of the ADC instruction. From what I've read in both the Intel developers manual, and various articles on x86 ASM the opcode 0x15 is the ADC instruction using EAX as the destination, and it would appear that following the opcode is a four byte 'immediate' that indicates the memory address for use in the add with carry.
However I'm a little unsure as to why the following byte (0xFF) is being marked as invalid.
I'm quite new to assembler, but I'm assuming that this is something to do with the carry flag, and might possibly be there to sign extend the value.
I've used two separate disassemblers to look at the code, and whilst one marks it as invalid, the other simply ignores it.
If someone could offer some advice, I'd appreciate it.
Thanks
UPDATE
I'll add a bit more information to this post, as there are another two ADC operations, and one of them doesn't have the extra 'invalid' byte
411547 FF 04 00 inc [eax+eax]
41154a 00 00 add [eax], al
41154c 61 popa
41154d 15 41 00 EC FF adc eax, 0xffec0041 ; "A"
411552 FF invalid
411553 FF 04 00 inc [eax+eax]
411556 00 00 add [eax], al
411558 5C pop esp
411559 15 41 00 74 65 adc eax, 0x65740041 ; "A"
41155e 73 74 jnc 0x4115d4 ↓
The second ADC that's taking place also has the extra 0xff 'invalid' byte, however the third does not.
From what I can see, the only difference between all three ADC operations is that the first two start with 0xff and have an extra 'invalid' byte, whilst the third does not. I'm assuming that this is forming some kind of flag to indicate if the extra byte is needed.
