flat assembler
Message board for the users of flat assembler.

 Index > Main > need help with this example of lea
Author
 Thread
theguy

Joined: 22 Jan 2015
Posts: 10
theguy 08 Feb 2015, 19:12
Here's the code, and read the comment in the code because that's the question.

Code:
```lea eax,[esp+4]  ; eax = 0006ff90 .....but mov eax,[esp+4] = 7ffd8000
```

I am using ollydbg and i'm guessing lea loads the address into eax and the mov instruction along with the brackets, loads what is contained at address 0006ff90. Is that what is happening?
08 Feb 2015, 19:12
redsock

Joined: 09 Oct 2009
Posts: 430
Location: Australia
redsock 08 Feb 2015, 19:16
Code:
`lea eax, [esp+4]    `
is the same as
Code:
```mov eax, esp
add eax, 4    ```
versus
Code:
`mov eax, [esp+4]    `
which loads the dword at the address referenced by esp+4 into eax, entirely different operations.
08 Feb 2015, 19:16
revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20248
Location: In your JS exploiting you and your system
revolution 09 Feb 2015, 01:10
theguy wrote:
... i'm guessing lea loads the address into eax and the mov instruction along with the brackets, loads what is contained at address 0006ff90. Is that what is happening?
Yes. LEA is short for Load Effective Address.

And you can use the instruction to do arithmetic operations also:
Code:
`lea ecx,[edx+eax*8+0x24] ;ecx = eax * 8 + edx + 0x24    `
09 Feb 2015, 01:10
lucifer

Joined: 24 Nov 2014
Posts: 4
lucifer 09 Feb 2015, 20:32
It's best to think of the lea instruction as an arithmetic function. It's used a lot for performing calculations on addresses as well as doing a bunch of calculations on a number all in a single instruction.

For further information it might be useful to read the operation pseudocode in the Intel manuals. For the lea instruction, the brackets aren't really for dereferencing anything as the instruction only deals with the address values.
09 Feb 2015, 20:32
neville

Joined: 13 Jul 2008
Posts: 507
Location: New Zealand
neville 11 Feb 2015, 08:59
[quote="redsock"]
Code:
`lea eax, [esp+4]    `
is the same as
Code:
```mov eax, esp
add eax, 4    ```
There is actually a subtle but significant difference: the LEA instruction does not alter any flags. So the 2nd code fragment should be preceded by a PUSHF and followed by a POPF.

I generally avoid using LEA, but being able to perform arithmetic without affecting the flags has sometimes been useful.

_________________
FAMOS - the first memory operating system
11 Feb 2015, 08:59
 Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

 Jump to: Select a forum Official----------------AssemblyPeripheria General----------------MainTutorials and ExamplesDOSWindowsLinuxUnixMenuetOS Specific----------------MacroinstructionsOS ConstructionIDE DevelopmentProjects and IdeasNon-x86 architecturesHigh Level LanguagesProgramming Language DesignCompiler Internals Other----------------FeedbackHeapTest Area

Forum Rules:
 You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum

Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.