How is MOVSX instruction sign extending input in this case?

Question

I have the following disassembly:

[dest] = d5 cd e8 ca 68

movzx   eax, [ebp+dest]
# value of edx at this point is: F7FBB898
movsx   edx, al
# value of edx after this is: FFFFFFD5

# [ebp+var_E] stores 0
movzx   eax, [ebp+var_E]
movsx   eax, al
# eax = 0 here
add     eax, edx
# eax becomes FFFFFFD5
cmp     eax, 0D5h
jnz     short loc_565564E6

I have given the explanation and flow for each instruction below:

1. It reads a byte from the [dest] and stores it in eax.
2. Value of edx initially is: F7FBB898. After, movsx edx, al instruction it becomes FFFFFFD5. How can I make sure the value of edx will be 0x000000d5 at this point?

What should be my initial value in [dest] so that after these operation, the final value in eax is 0xd5 and not 0xFFFFFFD5

Answer 1

You should use movzx (Move with Zero-Extend) instead of movsx (Move with Sign-Extension) if you want to extend the value with zeros without looking at its sign.

When you use movsx to move 0xd5 to edx, it will copy the lower to bytes into edx and fill the remaining with the MSB of the copied value (0xd5 = 0b11010101, the MSB is 1), which fills the 6 remaining bytes with 0xFFFFFF. With movzx, the remaining bytes are filled with 0x000000 regardless of the MSB.