一些组装说明

Question

Could you please help me understand the purpose of the two assembly instructions in below ? (for more context, assembly + C code at the end). Thanks !

movzx  edx,BYTE PTR [edx+0xa]
mov    BYTE PTR [eax+0xa],dl

===================================

Assembly code below:

push   ebp    
mov    ebp,esp
and    esp,0xfffffff0
sub    esp,0x70
mov    eax,gs:0x14
mov    DWORD PTR [esp+0x6c],eax
xor    eax,eax
mov    edx,0x8048520
lea    eax,[esp+0x8]
mov    ecx,DWORD PTR [edx]
mov    DWORD PTR [eax],ecx
mov    ecx,DWORD PTR [edx+0x4]
mov    DWORD PTR [eax+0x4],ecx
movzx  ecx,WORD PTR [edx+0x8]
mov    WORD PTR [eax+0x8],cx
movzx  edx,BYTE PTR [edx+0xa]    ; instruction 1
mov    BYTE PTR [eax+0xa],dl     ; instruction 2
mov    edx,DWORD PTR [esp+0x6c]
xor    edx,DWORD PTR gs:0x14
je     804844d <main+0x49>
call   8048320 <__stack_chk_fail@plt>
leave  
ret

===================================

C source code below (without libraries inclusion):

int main() {
    char str_a[100];    
    strcpy(str_a, "eeeeefffff");
}

Answer 1

It inlined the strcpy() call, the code generator can tell that 11 bytes need to be copied. The string literal "eeeeefffff" has 10 characters, one extra for the zero terminator.

The code optimizer unrolled the copy loop to 4 moves, moving 4 + 4 + 2 + 1 bytes. It needs to be done this way because there is no processor instruction that moves 3 bytes. The instructions you are asking about copy the 11th byte. Using movzx is a bit overkill but it is probably faster than loading the DL register.

Observe the changes in the generated code when you alter the string. Adding an extra letter should unroll to 3 moves, 4 + 4 + 4. When the string gets too long you ought to see it fall back to something like memmove.