Read bytes from Dump in Masm

Question

In one part of my application i need read a bytes

invoke GlobalAlloc,GMEM_MOVEABLE or GMEM_ZEROINIT, eax; eax = size   
mov  hMemory,eax
invoke GlobalLock,hMemory
mov  pMemory,eax   

How can "move" the first 4 bytes of pMemory to eax?? and later move the next 2 bytes to ebx??

Example:

1A5288.... 12 34 56 78 12 34

so

eax = 12345678
ebx = 00001234

Answer 1

According to your example you are fighting with the "little endian" byte order. A byte sequence of 12 34 56 78 is loaded into a 32-bit register as 78563412. You can reverse the byte order in a 32/64-bit register with BSWAP. In the second case you need to reverse the byte order in the lower two bytes of the 32-bit register. Here is XCHG or ROR 8 | ROL 8 the appropriate instruction.

Example:

include \masm32\include\masm32rt.inc

.data
    hMemory DWORD ?
    pMemory DWORD ?
    myMemory DB 12h, 34h, 56h, 78h, 12h, 34h

.code
main PROC
    mov eax, 32
    invoke GlobalAlloc,GMEM_MOVEABLE or GMEM_ZEROINIT, eax; eax = size
    mov  hMemory,eax
    invoke GlobalLock,hMemory
    mov  pMemory,eax

    mov ecx, LENGTHOF myMemory
    lea esi, myMemory
    mov edi, pMemory
    rep movsb                       ; [pMemory] = 12 34 56 78 12 34

    mov esi, pMemory
    mov eax, [esi]                  ; eax = 78563412
    bswap eax                       ; eax = 12345678

    movzx ebx, word ptr [esi+4]     ; ebx = 00003412
    xchg bh, bl                     ; ebx = 00001234
  ; ror bx, 8                       ; equivalent to `xchg bh, bl`

    printf ("eax = %08X\nebx = %08X\n", eax, ebx)

    xor eax, eax                    ; Return 0
    ret
main ENDP

END main