What does push dword ptr [eax+22] mean?

1
votes

I know that e.g. push eax would save eax to the stack and decrement esp by 4. And the push dword ptr means it needs to push 4 bytes, but then I'm confused. Also if it were [esi+22] would this be the same thing?

2
assemblyx86
That was quick, thanks Kerrek. Could I ask, is it correct that just based off that last instruction there is no way the reader would know if it was pointing to ebp+ or ebp- ?Soap
Sorry, I don't quite understand the question - who is "it"? What do you mean by "reader"? Reading the source code, or inspecting the stack?Kerrek SB
(And please add the comment to the answer - that way I get a notification. I just happened to see your comment by chance this time. Or add the '@name' marker.)Kerrek SB
Okay thanks @KerrekSB I'll know for next time. The easiest way to describe my confusion is with an example, if 'push DWORD [ebx + 42]' was 'push DWORD [EBP+42]' I know it would be a parameter, and know where is was at in the stack. While without knowing the value in ebx there would be no way of knowing its offset against ebp (without inspecting the stack, just based that line of source code. I hope that not sounding like a silly question, just trying to get my head around it, thanks.Soap
If ebx contains the beginning of an array, you may want to push some other array element and thus need an offset computation...Kerrek SB

2 Answers

6
votes

The push instruction, much like many other x86 instructions, can take a variety of operands: immediate values, registers, and memory addresses:

push 10                 ; pushes the value 10 (32 bits in 32-bit mode)
push eax                ; pushes the contents of the 32-bit register eax
push DWORD [ebx + 42]   ; pushes 32 bits from the memory location ebx + 42

The register form infers the size from the size of the register. The memory form needs to have the size specified (e.g. here shown in Intel syntax). For immediate values, the operand size is either 16 or 32 bits; the current mode is default, and the other size can be explicitly selected (e.g. push WORD 10 in 32-bit mode).

2
votes

push dword ptr [eax+22] would decrement esp by 4 and then save 4bytes data from memory location ebx + 22. and pop eaxdo in a reverse way, first move the bits storeed in esp to esp + 3 to eax, and increment esp by 4.