Assembly language Test Point 10.5 the conflict between theory and reality

Wang Shuang assembly language Detection Point 10.5 (1):

After the following program executes, what is the number in AX?

Assume Cs:code

Stack segment

DW 8 DUP (0)

Stack ends

Code segment

Start
MOV Ax,stack
MOV Ss,ax
MOV sp,16
MOV Ds,ax
MOV ax,0
Call word ptr ds:[0eh];
Inc AX
Inc AX
Inc AX
MOV ax,4c00h
int 21h

Code ends

End Start

Answer: ax=3

Analysis:

1, the subject stack segment with DW 8 DUP (0) defines 16 bytes of memory 0 of the stack, so ds:[0]~ds:[f] memory unit is all 0, of course, ds:[0e] unit of memory naturally 0!

2, the subject DS=SS, also namely the data section and the stack paragraph in the same paragraph, sp=16, points to the top of the stack, when the instruction executes to call word ptr ds:[0eh] This instruction, the equivalent is carried out: (1) PUSH IP (at this time the value of the IP is the call statement the next statement of the offset address, That is, Inc Ax's offset address), because the initial stack top pointer is pointing to 16, so when the push IP executes, the pointer is ip=ip-2, so that the IP points to 14, that is, 0eh, and then call word ptr Ds:[0eh] next instruction Inc Ax offset address into the stack to Oeh; (2) JMP WORD PTR SS (because DS equals ss): [0EH], at which point the program jumps to Cs:ss:[oeh], because the value of Ss:[0eh] is 0, so jump to cs:0 to start execution, That is, the first statement of the program MOV AX; (3) when the program executes again to call word ptr ds:[0eh], the pointer jumps to Ds:[0eh], and at this point: [0eh] The value is not 0, it has become the last time the call was pressed on the stack of the INC The move address at AX, which causes the jump to execute call word ptr Ds:[0eh] to jump directly to the instruction Inc,ax, 3 times in a row, Ax has a value of 3.

In fact, the detection point 10.5 (2) is consistent with this problem, nothing more than pressure on the stack when the value of a CS!

This post is loaded in pear Garden Deep Blog

I have encountered the following problems when I use debug single-Step execution

ax=141e bx=0000 cx=0029 dx=0000 sp=0010 bp=0000 si=0000 di=0000
ds=141e es=140e ss=141e cs=141f ip=000a NV up EI PL NZ NA PO NC
141f:000a B80000 MOV ax,0000
-T

ax=0000 bx=0000 cx=0029 dx=0000 sp=0010 bp=0000 si=0000 di=0000
ds=141e es=140e ss=141e cs=141f ip=000d NV up EI PL NZ NA PO NC
141f:000d ff160e00 call [000E] ds:000e=
-T

ax=0000 bx=0000 cx=0029 dx=0000 sp=000e bp=0000 si=0000 di=0000
ds=141e es=140e ss=141e cs=141f ip=3302 NV up EI PL NZ NA PO NC
141f:3302 ES:
141f:3303 0bc0 OR Ax,ax

That is, after executing the call statement, the IP is changed to 3302, which means Ds:[0eh] The total content is 3302?

And with this question, I'm going to start over again.

141f:0003 8ed0 MOV ss,ax
-D 141e:00
141e:0000 xx xx xx xx xx, xx xx, XX, ....... 00-00 >141e:0010 B8 1E 8E D0 BC 00-8e D8 B8 xx xx FF 0E ..........
141e:0020 B8 4C CD-21 5F C4, FF [email protected]@@. l.!. _....V
141e:0030 FF E8 BC 44-83 C4 3E 60 08 00. 6$!.. D....> '.
141e:0040 3 A 8B 9E ff 8B 36-d2 8A (+): R.. 6.%....P.
141e:0050 0A C0 C4 5E 26-83 7F, a. 1E A1 A4. T (. ^.&....t ...
141e:0060 8a-86 ff 2A E4 B8 FD. 9.R.W ..... p.*. P..
141e:0070 ff E8 77-63 C4 FF 36 24 21. p.6$!. Wc.... 6$!
-T

ax=141e bx=0000 cx=0029 dx=0000 sp=0010 bp=0000 si=0000 di=0000
ds=140e es=140e ss=141e cs=141f ip=0008 NV up EI PL NZ NA PO NC
141f:0008 8ed8 MOV Ds,ax
-D 141e:00
141e:0000 xx xx xx xx 1E 14-00 xx 1F 0F 0E ......... .....
141e:0010 B8 1E 8E D0 BC 00-8e D8 B8 xx xx FF 0E ..........
141e:0020 B8 4C CD-21 5F C4 (e-mail protected]@@. l.!. _....v
141e:0030 FF E8 BC 44-83 C4 3E 60 08 00. 6$!.. D....> '.
141e:0040 (3 a 8B 9E) ff 8B 36-d2 8A XX R.. 6.%....P.
141e:0050 0A C0 C4 5E A1 26-83 7F xx A4 T (. ^.&....t ...
141e:0060-8a-86 ff 2A E4-B8 FD. 9.R.W ... p.*. P..
141e:0070 FF E8 77-63 C4 FF 36 24 21. p.6$!. Wc.... 6$!
-

This means that after running MOV ds,ax 141e:00 to 141e:0010 content changed completely messy

The more messy is

-T

ax=0000 bx=0000 cx=0029 dx=0000 sp=0010 bp=0000 si=0000 di=0000
ds=141e es=140e ss=141e CS=141F IP=000D NV up EI PL NZ NA PO NC
141f:000d ff160e00 call [000E] ds:000e=0e0f
-D 141e:00
141e:0000 xx (xx), 00-00 0D 00 1F 0F 0E ........ .....
141e:0010 B8 1E 8E D0 BC 00-8e D8 B8 xx xx FF 0E .........
141e:0020 B8 4C CD-21 5F C4, FF [email protected]@@. l.!. _....V
141e:0030 FF E8 BC 44-83 C4 3E 60 08 00. 6$!.. D....> '.
141e:0040 3 A 8B 9E ff 8B 36-d2 8A (+): R.. 6.%....P.
141e:0050 0A C0 C4 5E 26-83 7F, a. 1E A1 A4. T (. ^.&....t ...
141e:0060 8a-86 ff 2A E4 B8 FD. 9.R.W ..... p.*. P..
141e:0070 ff E8 77-63 C4 FF 36 24 21. p.6$!. Wc.... 6$!
-T

ax=0000 bx=0000 cx=0029 dx=0000 sp=000e bp=0000 si=0000 di=0000
ds=141e es=140e ss=141e cs=141f ip=3302 NV up EI PL NZ NA PO NC
141f:3302 ES:
141f:3303 0bc0 OR Ax,ax
-

Before call run Ds:[0eh] there is not 0000 even 3302 is not this is what? Completely messy

-

Assembly language Test Point 10.5 the conflict between theory and reality