James Taylor Posted August 1, 2018 Posted August 1, 2018 (edited) i am new to assembly programming. First i thank to member of tuts4you for being helpful in needy times. I am learning assembly from online and books. i am stuck on point. I am having problem using 1. lea eax, [esp-04h*2] 2. mov [ebx-04h], bp ; 3. cmp [esi+eax-06h], 'KCUF' 4. cmp word ptr [ebx+18h], 01h 5. cmp dword ptr [esi], 00455000h or similar code snippet. Thanks, I know this is very basic question to ask but i wanna learn from here as well. Please take some moment and explain what address mode it is and what does the code do. Thanks Edited August 1, 2018 by James Taylor
CodeExplorer Posted August 1, 2018 Posted August 1, 2018 (edited) 1. lea eax, [esp-04h*2] lea stands for load effective address so it evaluate esp-04h*2 and it will place the result in eax 2. mov [ebx-04h], bp ; mov = move; but actually in assembler is just set the first operand with second operand: so it will set the word (1 word = 2 bytes) from the evaluated address [ebx-04h] with bp register 3. cmp [esi+eax-06h], 'KCUF' cmp = compare; will compare the dword from the address [esi+eax-06h] with 'KCUF' I assume that first operand is a dword due to size of second: which has 4 chars = 4 bytes = 1 dword! 4. cmp word ptr [ebx+18h], 01h compare the word from the address [ebx+18h] with 1 5. cmp dword ptr [esi], 00455000h compare the dword from the address given by esi with 00455000 h - stand for hexadecimal value! Edited August 1, 2018 by CodeExplorer
James Taylor Posted August 1, 2018 Author Posted August 1, 2018 1. lea eax, [esp-04h*2] I understand what lea mean. I want to understand [esp-04h*2] [esi+eax-06h] Thanks
evlncrn8 Posted August 1, 2018 Posted August 1, 2018 its maths.. [esi+eax-06h] would be the same as [a+b-6] .. do the substitition get the value in esi add eax to it subtract 6 come on.. you arent even trying and this is getting REALLY tedious
James Taylor Posted August 1, 2018 Author Posted August 1, 2018 3 hours ago, evlncrn8 said: its maths.. [esi+eax-06h] would be the same as [a+b-6] .. do the substitition get the value in esi add eax to it subtract 6 come on.. you arent even trying and this is getting REALLY tedious in your opinion esi+eax these will be added and then 6 will be subtracted as order or precedence of operation? Then what's the memory adddress.?
evlncrn8 Posted August 1, 2018 Posted August 1, 2018 (edited) i give up.. its maths dude.. simple math in the debugger see what esi is, and what eax are and so some simple math, infact the debugger might even do it for you do some damn homework yourself, and answer your own questions now please stop quoting me, i have simply realised you are beyond help and thus.. i give up Edited August 1, 2018 by evlncrn8
James Taylor Posted August 1, 2018 Author Posted August 1, 2018 7 minutes ago, evlncrn8 said: i give up.. its maths dude.. simple math in the debugger see what esi is, and what eax are and so some simple math, infact the debugger might even do it for you do some damn homework yourself, and answer your own questions now please stop quoting me, i have simply realised you are beyond help and thus.. i give up please don't get mad. from now ono will try first and ask later Thanks i am debugging now.
evlncrn8 Posted August 1, 2018 Posted August 1, 2018 and yet you quote me... does stupidity come naturally to you ? or is it just ignorance ?
CodeExplorer Posted August 1, 2018 Posted August 1, 2018 (edited) 1 hour ago, James Taylor said: in your opinion esi+eax these will be added and then 6 will be subtracted as order or precedence of operation? Then what's the memory adddress.? operations are computed in the order in which they are written; [esi+eax-06h] : first you do esi+eax then you substract from it 06. esi, eax, etc. are registers: most important difference between memory and registers are that CPU registers are much faster! CPU registers and memory are used for holding data! memory address = pointer = any value is accessed by this; in compiled exes they are no names for variables (names are lost) instead of names are replaced by their addresses. Edited August 1, 2018 by CodeExplorer
LCF-AT Posted August 1, 2018 Posted August 1, 2018 Hi, I see you 2 will be best friends forever. Hint: Check out IA-32 Opcode Map 1.5 by Yury Lukach so there you have many infos about opcodes at once... ...about the LEA command.Yes,the memory address is the result of [X] like the others said already eax+esi-6 = address.Its diffrent to mov command what moves the source and lea not also if both using brackets.Just keep the brackets away in your head for this example... ...in OllyDBG you can see the result address on fly in pane window.Just play a little around. greetz
James Taylor Posted August 1, 2018 Author Posted August 1, 2018 (edited) 30 minutes ago, LCF-AT said: Hi, I see you 2 will be best friends forever. Hint: Check out IA-32 Opcode Map 1.5 by Yury Lukach so there you have many infos about opcodes at once... ...about the LEA command.Yes,the memory address is the result of [X] like the others said already eax+esi-6 = address.Its diffrent to mov command what moves the source and lea not also if both using brackets.Just keep the brackets away in your head for this example... ...in OllyDBG you can see the result address on fly in pane window.Just play a little around. greetz Thanks a lot i really appreciate it. You guy make this forum great. one more question what will be the c pseudo code for this? Thanks Edited August 1, 2018 by James Taylor
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now