Hello

cmp edx, eax
in this case should i use ? eax and ? edx or ? *eax and ? *edx or to see whats being compared ?

? and d are the same right ?

cmp eax, [edx]
in this case should i use ? eax and ? edx or ? *eax and ? *edx to see whats being compared ?

cmp eax, dword ptr [edx]
in this case should i use ? eax and ? edx or ? *eax and ? *edx to see whats being compared ?

when i refer using the ? i assume ? == d

im confused with these things
tnx all

First of all, d != ?. They're not the same. D is used for the data window, ? is for evaluating an expression.

So, for cmp eax.edx you would use ? eax and ? edx
For cmp eax,[edx] you would use ? eax and d edx
And since cmp eax,dword ptr [edx] equals cmp eax,[edx], procedure is the same

Normally, you wouldn't bother using ? eax or ? edx, since it's much easier to have the register window open (issue a wr to open it).

Read Mammon's essay about soft-ice and how to use it, it should be easy to find.

Blue skies
Fake

One more thing. As was mentioned above, with the processor registers window open [WR toggles the window] you can also see what eax and edx contain directly. Maybe they contain actual values like 8010FFFF, etc. Or maybe they contain the addresses where the actual data value exists, e.g. 004CBD76, etc. You'll get the hang of telling the difference pretty quickly. If eax contains a data value you'll see it. If it contains the address of where the data value is stored then you could do a D eax and see the value that is located at the address in eax in the data window [WD toggles the data window].

In general, D address (like 004CBD76) displays the value at that address. If it is another address, D that address will reveal the value at that address. D register (like eax, esp, etc) displays the value at the address in that register assuming the register actually contains a valid address. If that value is yet another address, D *register will show what lies there. This is used a lot in checking what is being pushed onto the stack (passed into the Call) just before some Call is executed. For some useful info on that see:

http://users.supernet.com/dharp/files/Rhayader.txt


BTW - it's usually easier to do a DD the first time. DD will display the memory location in 32 bit (double) format in the data window which is usually more convenient for making sense out of the results. After that just do a D and it will retain the same format. DD - Display in Double format, DW - Display in Word format, DB - Display in Byte format.

Cheers,
zitterbe