flat assembler
Message board for the users of flat assembler.

Index > Main > need help with this example of lea

Author
Thread Post new topic Reply to topic
theguy



Joined: 22 Jan 2015
Posts: 10
theguy
Here's the code, and read the comment in the code because that's the question.

Code:
lea eax,[esp+4]  ; eax = 0006ff90 .....but mov eax,[esp+4] = 7ffd8000
    


I am using ollydbg and i'm guessing lea loads the address into eax and the mov instruction along with the brackets, loads what is contained at address 0006ff90. Is that what is happening?
Post 08 Feb 2015, 19:12
View user's profile Send private message Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 365
Location: Australia
redsock
Code:
lea eax, [esp+4]    
is the same as
Code:
mov eax, esp
add eax, 4    
versus
Code:
mov eax, [esp+4]    
which loads the dword at the address referenced by esp+4 into eax, entirely different operations.
Post 08 Feb 2015, 19:16
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
theguy wrote:
... i'm guessing lea loads the address into eax and the mov instruction along with the brackets, loads what is contained at address 0006ff90. Is that what is happening?
Yes. LEA is short for Load Effective Address.

And you can use the instruction to do arithmetic operations also:
Code:
lea ecx,[edx+eax*8+0x24] ;ecx = eax * 8 + edx + 0x24    
Post 09 Feb 2015, 01:10
View user's profile Send private message Visit poster's website Reply with quote
lucifer



Joined: 24 Nov 2014
Posts: 4
lucifer
It's best to think of the lea instruction as an arithmetic function. It's used a lot for performing calculations on addresses as well as doing a bunch of calculations on a number all in a single instruction.

For further information it might be useful to read the operation pseudocode in the Intel manuals. For the lea instruction, the brackets aren't really for dereferencing anything as the instruction only deals with the address values.
Post 09 Feb 2015, 20:32
View user's profile Send private message Reply with quote
neville



Joined: 13 Jul 2008
Posts: 507
Location: New Zealand
neville
[quote="redsock"]
Code:
lea eax, [esp+4]    
is the same as
Code:
mov eax, esp
add eax, 4    
There is actually a subtle but significant difference: the LEA instruction does not alter any flags. So the 2nd code fragment should be preceded by a PUSHF and followed by a POPF.

I generally avoid using LEA, but being able to perform arithmetic without affecting the flags has sometimes been useful.

_________________
FAMOS - the first memory operating system
Post 11 Feb 2015, 08:59
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.