James Taylor Posted June 4, 2018 Posted June 4, 2018 is the lea edx, [esp+24] start of array ? and eax, [esp+140] index? then whats add eax, edx doing here and this source code mean ? can you please explain
evlncrn8 Posted June 4, 2018 Posted June 4, 2018 (edited) lea edx, [esp+24] - load effective address edx as esp + 24 ... look upon this as pointing to an array mov eax, [esp+140] ; load some pointer to an address .. look upon this as the index add eax, ebx ; pretty much index + base.. movzx eax, byte ptr [eax] ; load value from the area ---- the movzx part could have been written as movzx eax, byte ptr [eax+ebx] same thing essentially, just removing the add eax, ebx (which is probably there as there'll be some reuse or whatnot later) Edited June 4, 2018 by evlncrn8 got the index and array mixed up, was 1/2 asleep when i typed it
deepzero Posted June 4, 2018 Posted June 4, 2018 (edited) At [esp+24] there is a local byte array. At [esp+140] there is a local integer variable, which is used as an index into the array. int eax = (int)localarray[*integervar] Finally, the value read from the array is compared to 0x59 and the JCC taken if they are not equal. Quote is the lea edx, [esp+24] start of array ? and eax, [esp+140] index? indeed, yes. Quote then whats add eax, edx doing here and this source code mean ? can you please explain it adds the index to the start of the array, so it can be dereferenced in one go. Could also have been written differently, probably edx is used again later on. Edited June 4, 2018 by deepzero 1
James Taylor Posted June 4, 2018 Author Posted June 4, 2018 2 hours ago, deepzero said: At [esp+24] there is a local byte array. At [esp+140] there is a local integer variable, which is used as an index into the array. int eax = (int)localarray[*integervar] Finally, the value read from the array is compared to 0x59 and the JCC taken if they are not equal. indeed, yes. it adds the index to the start of the array, so it can be dereferenced in one go. Could also have been written differently, probably edx is used again later on. Is the theory is, lea edx, [esp+18h] Load the starting address of array. mov eax, [esp+8ch] this will be indexing variable of array. add eax, edx copy the offset of edx into eax ; edx = starting offset of the array movzx eax, byte ptr [eax] mov the first element of arrary into eax for testing byte. cmp al, 49h compare the byte jnz..... ..... Thanks.
deepzero Posted June 4, 2018 Posted June 4, 2018 Almost. Quote add eax, edx copy the offset of edx into eax ; edx = starting offset of the array 'add eax,edx' adds edx to eax: eax = eax + edx. Since eax contains the index and edx the start of the array, after the instruction eax will point into the array at that specific index. 1
James Taylor Posted June 4, 2018 Author Posted June 4, 2018 18 minutes ago, deepzero said: Almost. 'add eax,edx' adds edx to eax: eax = eax + edx. Since eax contains the index and edx the start of the array, after the instruction eax will point into the array at that specific index. Since eax = 0,1,2,3,4... (index) add eax,edx ; eax = offset of edx + 1,3,4,5(index)? ex: eax = offset + 1 - first element +2 second element;
deepzero Posted June 4, 2018 Posted June 4, 2018 Quote add eax,edx ; eax = offset of edx + 1,3,4,5(index)? yes. It doesnt matter whether you add the index to the base of the array, or the base to the index. The compiler likely chose to do it this way because the base (edx) is used again later on.
Peter Ferrie Posted July 6, 2018 Posted July 6, 2018 The use of eax is also faster than for other registers in many cases, which is why it's favoured. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now