I'm tracing through a program with an ASM debugger ollydbg and I come across this code snippet, which is a loop segment:
CPU Disasm
Address Hex dump Command Comments
007D05EC |. 33C9 XOR ECX,ECX
007D05EE |. 8BFF MOV EDI,EDI
007D05F0 |> 8B54B4 10 /MOV EDX,DWORD PTR SS:[ESI*4+ESP+10]
007D05F4 |. 8BFA |MOV EDI,EDX
007D05F6 |. 0FAFFE |IMUL EDI,ESI
007D05F9 |. 8BDA |MOV EBX,EDX
007D05FB |. D3EB |SHR EBX,CL
007D05FD |. 03F8 |ADD EDI,EAX
007D05FF |. 83C1 10 |ADD ECX,10
007D0602 |. 83C6 01 |ADD ESI,1
007D0605 |. 03DF |ADD EBX,EDI
007D0607 |. 33DA |XOR EBX,EDX
007D0609 |. 81F9 B0000000 |CMP ECX,0B0
007D060F |. 8BC3 |MOV EAX,EBX
007D0611 |.^ 7C DD \JL SHORT 007D05F0
I can follow and get what the other operators do and it makes sense when I trace through it. But the SHR EBX, CL doesn't make sense to me.
//Shouldn't in asm
SHR EBX, CL
//be the same as doing this in c/c++?
//that's how it read when I checked the asm reference anyway
ebx >>= CL;
But what I am seeing instead when tracing is that if the loop iteration is odd, discard the LSB and shift the MSB into it's place. If it's even then ebx is unchanged. Each loop iteration, the ecx register changes as follows:
**ecx**
0x0000 -- loop 0
0x0010 -- loop 1
0x0020 -- loop 2
..
0x00A0 -- loop 10
What I was expecting to see was after the 2nd or 3rd loop, was that ebx would always be zero'ed out because 0x20 your already shifting 32 bits.
I'm kind of confused, can someone shed some light on this?
Thanks