How is MOVSX instruction sign extending input in this case?

Question

I have the following disassembly:

[dest] = d5 cd e8 ca 68

movzx   eax, [ebp+dest]
# value of edx at this point is: F7FBB898
movsx   edx, al
# value of edx after this is: FFFFFFD5

# [ebp+var_E] stores 0
movzx   eax, [ebp+var_E]
movsx   eax, al
# eax = 0 here
add     eax, edx
# eax becomes FFFFFFD5
cmp     eax, 0D5h
jnz     short loc_565564E6

I have given the explanation and flow for each instruction below:

1. It reads a byte from the [dest] and stores it in eax.
2. Value of edx initially is: F7FBB898. After, movsx edx, al instruction it becomes FFFFFFD5. How can I make sure the value of edx will be 0x000000d5 at this point?

What should be my initial value in [dest] so that after these operation, the final value in eax is 0xd5 and not 0xFFFFFFD5

Answer 1

You should use movzx ( Move with Zero-Extend ) instead of movsx ( Move with Sign-Extension ) if you want to extend the value with zeros without looking at its sign.

When you use movsx to move 0xd5 to edx , it will copy the lower to bytes into edx and fill the remaining with the MSB of the copied value ( 0xd5 = 0b11010101 , the MSB is 1), which fills the 6 remaining bytes with 0xFFFFFF . With movzx , the remaining bytes are filled with 0x000000 regardless of the MSB.