lodsd / stosd assembly instructions : possible errata in reversing book

4
votes

In page 25 of "Practical Reverse Engineering x86 - x64 ARM, Kernel & Obfuscation" I found an assembly code example retranslated to rough C in which lodsd and stosd instructions "translations" seems inverted. Since I'm fairy new to assembly language I'd like to know if it's really an errata or there's something more under the hood that I'm possibly not taking in count. Here's the simple code :

Assembly

01: 8B CA     mov ecx, edx
02:           loc_CFB8F:
03: AD        lodsd
04: F7 D0     not eax
05: AB        stosd
06: E2 FA     loop loc_CFB8F

Rough C

while (ecx != 0) {
eax = *edi;
edi++;
*esi = ~eax;
esi++;
ecx--;
}

In every online explanation I read about lods instruction, it's stated that whatever value is in SI/ESI is stored in AL/AX/EAX and then increments ESI.

Similiarly, stos should represent a rough high level "memset" in which whatever sits in AL/AX/EAX is written to DI/EDI and then increments the register.

But it appears i'm wrong since in the above translation eax gets assigned the dereference of EDI instead of ESI, and right below the value pointed by ESI gets the inverted eax with stos. Am I missing something here ?

1
assemblyx86x86-64

1 Answers

4
votes

You're correct in that the C "translation" appears to have edi and esi swapped. But even with that, there are still a few things wrong with the translation. First, the assembly code will always do one copy, so the corresponding C construct would actually be do ... while. Second, whether the pointers increment or decrement is actually determined by the direction flag, the state of which is not indicated. I'd translate the code as:

// note: this assumes that the direction flag is clear (increment mode)
do {
    eax = *esi;
    esi++;
    *edi = ~eax;
    edi++;
    ecx--;
} while (ecx != 0);