Log in

View Full Version : floating point

The Keeper
July 5th, 2002, 17:08
hi,

i've debugged a prog in softice and when i arrive this line
fadd real4 ptr [4014E4]
i do a dl 4014e4 but i get the wrong value
when debugging with ollydbg i get the correct one, i tried to reproduce it by doing something like

xx dq 32.123

fadd real4 ptr [xx] ; when im on this line i do a dl xx and i get ???? then i press f10 and the xx becomes the number i assigned to it
why i can see the real value with olly and not with sice? and why with sice on my prog it works..looks weird, maybe the format of real4 or something?

i just want that when i see fadd real4 ptr [xx] in softice i can see the value of xx

thanks in advance
nofurs
July 5th, 2002, 17:52
Hi The Keeper,
what about this
? 4014E4
The Keeper
July 5th, 2002, 18:25
hi cluesurf,

that doesnt work, the value is a floating point one. ie: 42.24
nikolatesla20
July 5th, 2002, 19:52
Yes, the way a float is stored in memory is not how you would expect to see it !

The instructions you refer to was an indirect address

fadd blahblah,[address]

looking at <address> won't tell you crap. YOu have to look at *address, where the actual data would be. You have to dereference the pointer. This is an indirect address operation. That might be why SI doesn't show you the right value.

-nt20
The Keeper
July 5th, 2002, 22:49
well, i tried dl *address and ? *address but still nothing
amois
July 6th, 2002, 05:43
Did you try to watch Floating Window [WF] ?

regards
The Keeper
July 7th, 2002, 18:00
yes amois i did

take this program as example


.data

xx dq 32.14

.code

fld1
fadd real4 ptr [xx] ; in this line i do dl xxan nothing shows but when i pass this line i get the xx value, weird or ?
nikolatesla20
July 7th, 2002, 19:11
Well, you mentioned in your first post that when you did a dl xx, that SI just showed ????

In windows programs the pages are not loaded until they are referenced - maybe this is why your small test didnt work? because you are the program does not attempt to access the data segment until after the floating point add operation.

The OS will not load the data segment until it needs to use it, such as if an instruction attempts to reference data in it.

I've seen this type of thing before too in PE files where I've added a section manually with some data - in SI is still would just show a ???? until some instruction actually used some data from the segment.

Maybe this is why you got the ????

You can use the PAGEIN command to force SI to load the memory page so you can see it. Just do a PAGEIN <address> where address is an address in the section you are interested in, such as that [xx] you talk about....


-nt20
The Svin
July 7th, 2002, 20:48
real4 means 4 bytes real format(32 bits)
dq = qword = 8 byte(64bits)