An example of a global variable

This example runs in VS2008 and is designed to help us familiarize ourselves with the basic operations of debugging, disassembly, and so on in VS2008. and help understand assembly language.

Basic Debugging Methods

Debug or Release

F10: Stepping, not entering function

F11: Stepping, going into the function

F5: Start Debugging

Breakpoint: A program line can be set on a breakpoint, the program debugging through the place will stop. You can view variables, memory, register equivalents at this time

F9

#include "stdafx.h"

int gi;

int _tmain (int argc, _tchar* argv[])

{

GI = 12;

return 0;

}

Disassembly View Assembly code

Ctrl+alt+d (not necessarily, alt+8)

debugging → window → disassembly (note that this option appears only after you click Debug)

10:gi = 12;

0041138E mov dword ptr ds:[00417140h], 0Ch

In the Disassembly window, explain the various options for right-click Popup

0041138E mov dword ptr ds:[00417140h], 0Ch

The front 0041138E represents the instruction store address

Behind the Mov dword ptr ds:[00417140h], 0Ch is assembly instruction

We can see that 0Ch is the source operand 12 The destination address is DWORD ptr ds:[00417140h]

When we right-click in the Disassembly code form, and then we can choose what we need to display in the disassembly results, if we choose to display the symbol name, then DWORD ptr [GI (417140h)],0ch will appear the GI variable name, and in fact, the assembly instruction will not appear in the variable name, It just makes it easy for us to understand.

When we choose to display the code byte, our disassembly results will

0041138E C7 0C xx/xx mov dword ptr [GI (417140h)],12345678h

Between the instruction store address and the assembly instruction appeared C7 0C 00 00 00 is the machine code of the MOV instruction.

C7 05 (on behalf of the MOV instruction) 40 71 41 00 (address 00417140H) 0C 00 00 00 (for Value 12)

Question one: 00417140h is the address of GI.

Question two: mov instruction really put in 0041138Eh.

How to empirically.

#include "stdafx.h"

int gi;

int _tmain (int argc, _tchar* argv[])

{

GI = 0x12345678;

printf ("%x", &gi);

GetChar ();

return 0;

}

printf ("%x\n", &gi);

It's too much trouble.

Debugging à window → monitoring à→ monitoring 1

Enter &gi (select a blank line, click the Name column)

We continue to analyze the machine code of the MOV instruction: Before the analysis of the address, the third block from right to left to see is the 0000000C is 12, and the int type is 4 bytes on the 32-bit machine, so this instruction uses 4 bytes to represent 12.

So we seem to find a rule that the integers represented on the computer are stored in memory in reverse bytes. 0000000C in memory is 0C 00 00 00 00417140 is 40 71 41 00

We can verify that the GI = 12 is changed to GI = 0x12345678

We again in GI = 0x12345678 position interrupt point debugging, again disassembly view MOV instruction machine code

0041138E C7 (417140h)],12345678h, all-in-a-.

78 56 34 12 That's exactly what we expected.

This leads to knowledge of how integers are represented on a computer. How to store integers in memory is just a specification, divided into big-endian machines and small-end machines.

Small-end machine: The lowest byte of the integer logic is placed in the lowest address of memory, the secondary low byte is placed in the secondary low address of memory, and then stored in sequence. For example, 0x12345678 put in memory is 78563412. Intel's X86 Series CPU sister is a small end machine

Big-end machine: the opposite of the small terminal machine. 0x12345678 put in memory is 12345678.

PowerPC Sun's SPARC Motorola 6800 is the big-endian machine.

Now we want to see the effect of the MOV instruction execution, to see the effect of the assignment, we need to use another debugging tool---------memory Observation form. Select debug → window → memory → memory 1 after VC2008 we can see a memory viewing window, we enter the address of the GI we want to view

See after 00417140

The above diagram shows the 12 bytes of memory from the 0x00417140 address,

Look out. The four bytes of 0x00417140 represent a value of 0

After we press the F11 key, go to step into debugging, execute the current function, skip to the next statement

In fact, F10 can also complete the relevant functions

Both are debugs, and there is no difference between the two on a normal statement, which is to execute the next line of statements, but it is not the same if the current row is a function call.
The effect of F10 is to execute the next statement
The effect of F11 is to go inside the calling function and execute the next line of statements inside the function.

GI memory 00417140 becomes 78563412 This is the result of the assignment after the change.

PS: While debugging this step, GI = 0x12345678 debugging to this step, but this statement is not actually executed.

At this point we analyzed the structure of the MOV instruction, the storage of integers in memory, and verified that the GI storage address is 00417140H

Now look before the question raised, MOV in 0041138Eh.

How to design the experiment. Since the instruction is still stored in memory and is essentially some data in memory, can we observe it in the memory form. for GI = 0x12345678;

The assembly instruction holds the value of the address (assuming 0041138Eh) is the machine code of the MOV instruction

C7 05 40 71 41 00 78 56 34 12

We again in the memory form address bar input 0041138Eh, enter, the result is found to store the MOV instruction machine code

It is true that the memory paragraph is stored in the machine code of the MOV instruction.

Let's do another experiment by changing the value of the memory in the memory form to change the GI value,

We're going to change it to 987654.

We calculate the hexadecimal value by widows our own programmer's calculator.

000f1206

Because it is the small end machine that holds our attention order

We changed the memory form to

See, I changed the wrong, changed to a f1200600.

F11 After one step debugging, we monitor the form to see the GI value,

Use hex to view results in a watch form: Because the debugger uses hexadecimal numbers to display pointer variable values. We just have to cheat it, cast the variable being viewed to void * we enter (void *) GI and we'll find

It's a 0xf1200600, really.