I'm trying to debug a program with ollydbg and I have a doubt to index mode address using SS prefix.
Here's a screenshot:
At this point, the instruction
MOV BYTE PTR SS:[EBP-1],BL
will move the 8-bits from EBX to address pointed in EBP(0012FDCC) subtracted of one - 0012FDCB.
If above is not correct, please, tell me.
In ollydbg program, lower right has a representation of the stack with the first column to the address. Why there is not a entry to 0012FDCB an where is 0012FDCB pointing to?
I know nothing about ollydbg; hopefully someone who is familiar with it will also post an answer.
Your understanding of what the instruction you showed us will do is mostly correct: it will move the contents of BL, (which is the lower 8-bits of EBX,) to the address in the stack segment pointed by [EBP minus 1]. If EBP is 0012FDCCh, then the byte will be stored at 0012FDCBh.
We usually do not say that 0012FDCBh points anywhere, we just say that it is a memory location, which in this case contains a byte, even though technically it would be more correct to say that it is the address of a memory location, and therefore in a sense the number 'points' to a byte. But we prefer to think of pointers or registers pointing to memory, not pure numbers.
I have no idea why ollydbg is not showing 0012FDCBh. Are you sure it is not showing it? Is it perhaps showing 0012FDCCh and 0012FDC8h? If so, then it is simply showing stack memory grouped in DWORDs, so 0012FDCBh is not shown because it corresponds to one of the four bytes that live within the DWORD at 0012FDC8h. Look at the DWORD value stored in 0012FDC8h, single-step over the MOV instruction, and you should see the most-significant byte of that word changing to the value of BL. (If the value in that address differed from the value of BL.) Ollydbg may also be showing memory grouped in rows longer than just one DWORD, but the same principle applies.