is the lea edx, [esp+24]  start of array  ? and eax, [esp+140] index?

then whats add eax, edx  doing here and this source code mean ? can you please explain

lea edx, [esp+24] - load effective address edx as esp + 24 ... look upon this as pointing to an array

mov eax, [esp+140] ; load some pointer to an address .. look upon this as the index

add eax, ebx ; pretty much index + base.. 

movzx eax, byte ptr [eax] ; load value from the area

----

the movzx part could have been written as 

movzx eax, byte ptr [eax+ebx]

same thing essentially, just removing the add eax, ebx (which is probably there as there'll be some reuse or whatnot later)

 

Edited June 4, 20187 yr by evlncrn8
got the index and array mixed up, was 1/2 asleep when i typed it

At [esp+24] there is a local byte array.

At [esp+140] there is a local integer variable, which is used as an index into the array.

int eax = (int)localarray[*integervar]

Finally, the value read from the array is compared to 0x59 and the JCC taken if they are not equal.

 

Quote

is the lea edx, [esp+24]  start of array  ? and eax, [esp+140] index?

indeed, yes.

Quote

then whats add eax, edx  doing here and this source code mean ? can you please explain

it adds the index to the start of the array, so it can be dereferenced in one go.

Could also have been written differently, probably edx is used again later on.

Edited June 4, 20187 yr by deepzero

2 hours ago, deepzero said:

At [esp+24] there is a local byte array.

At [esp+140] there is a local integer variable, which is used as an index into the array.

int eax = (int)localarray[*integervar]

Finally, the value read from the array is compared to 0x59 and the JCC taken if they are not equal.

 

indeed, yes.

it adds the index to the start of the array, so it can be dereferenced in one go.

Could also have been written differently, probably edx is used again later on.

Is the theory is, 

lea  edx, [esp+18h]

Load the starting address of array. 

mov  eax, [esp+8ch]

this will be indexing variable of array.

add  eax, edx

copy the offset of edx into eax ;    edx  = starting offset of the array

movzx eax, byte ptr [eax]

mov the first element of arrary into eax for testing byte.

cmp  al, 49h 

compare the byte

jnz.....

.....

 

Thanks. 

Almost.

Quote

 

add  eax, edx

copy the offset of edx into eax ;    edx  = starting offset of the array

 

'add eax,edx' adds edx to eax:    eax = eax + edx.

Since eax contains the index and edx the start of the array, after the instruction eax will point into the array at that specific index.

 

18 minutes ago, deepzero said:

Almost.

'add eax,edx' adds edx to eax:    eax = eax + edx.

Since eax contains the index and edx the start of the array, after the instruction eax will point into the array at that specific index.

 

Since eax = 0,1,2,3,4... (index)

add eax,edx ; eax = offset of edx + 1,3,4,5(index)?

ex: eax  = offset + 1 - first element +2 second element; 

 

 

Quote

add eax,edx ; eax = offset of edx + 1,3,4,5(index)?

yes. It doesnt matter whether you add the index to the base of the array, or the base to the index.

The compiler likely chose to do it this way because the base (edx) is used again later on.

The use of eax is also faster than for other registers in many cases, which is why it's favoured.