Exercise 3: Unassembling and Reading Instructions

Objectives:

• Reinforce the preceeding lab exercises

• Learn how to unassemble instructions

• Learn how to read instructions

• Learn about variable length instructions

We will now look at instructions.

• In what type of segment are instructions found?

• Are instructions EVER executed in any other segment type?

• Unassemble the instructions which would have been next to execute ( if the application hadn't trapped ) by entering "U". The default address is CS:IP initially. You can unassemble further with repeated use of "U". To unassemble at a particular place, specify the address; for example CS:IP.

• What was the next instruction which would have executed?

• Unassemble using an address range to see some previous instructions. Type "U CS:IP-20 IP-10". This will unassemble from ip-20 to ip-10. Now type "U CS:IP-21 IP-10" and "U CS:IP-22 IP-10. Observe what is happening by closely observing the address at which each instruction begins.

• Now type "U CS:IP-18 IP" to see the TWO instructions immediately before the failing instruction

• Which one loaded the address used in the next (failing) instruction?

• Did the address come from this routine's private data, or was it a parameter passed by the caller?

• Circumstantially at least, what seems to be wrong?

This page left mostly blank so that the next pair of pages will face each other.

---

[Back: Observations About Unassembling From an Unknown Starting Place]
[Next: Exceptions]