I have the following code :
CMP BYTE PTR [ESP+5],61 ; ESP is 0012F9AC
JNZ SHORT ....
The following is in the memory
Address Data
0012F9AC 0012FA94
0012F9B0 61616161
0012F9B4 61616161
Now, the way I understand it is that it is comparing 0x61 to the value at (0x0012F9AC + 5) which is 0x12F9B1. According to the memory 'dump' the value at address 0x12F9B1 is 0x61. So why is it still insisting on doing the jump ?
On
The stack is DWORD aligned. Notice your address of the 2 strings, they are a DWORD apart. What you have are pointers, so of course it is not going to match.
[esp] == return address
[esp + 4] == pointer to first string
[esp + 8] == pointer to second string
Try this:
DoIt:
mov eax, [esp + 4]
cmp byte ptr [eax], 061H
jnz NotA
PrintText "a"
jmp Over
NotA:
PrintText "NOT A"
Over:
ret 4 * 2
Now I can just inc eax to get the next character.
Not sure of your context, so I created a test proc, and passed 2 stings to it.
Let's put it this way: Do you want the box - esp, or do you want what's IN the box [esp]?
On
The original question quotes this:
Address Data
0012F9AC 0012FA94
0012F9B0 61616161
0012F9B4 61616161
This shows clearly the following points:
The answer given by Gunner is totally bogus for this question. These "a"s are right there, not pointers to them !
However, as noted by others, any decent assembler, when they see this line: ...
CMP BYTE PTR [ESP+5],61 ; ESP is 0012F9AC
... they will interpret ",61" above as decimal, so the compare will fail, because 61 decimal is not equal to 61 hexadecimal. THIS is the real reason why the compare will fail.
Just correct like this:
CMP BYTE PTR [ESP+5],61h ; ESP is 0012F9AC
and the problem is solved.
Sorry, not and expert in assembly, but is the ,61 really 0x61? You could try ,97 as a quick check.
Update: I see blackbear got there first with the same comment.