TechQA.

x86 LEA with ESP + offset

848 views Asked by At

I am learning x86 through the book Practical Malware Analysis, and I often see things like:

lea   edx, [esp+24Ch+name]
push  edx
push  ...
call ds:bind

I understand how LEA works, and that this is basically storing the value of esp+24C+name in edx. Which is probably a pointer to the front of a string.

What I don't understand is how the compiler came up with this. Where is this storage at? Is this somewhere in the stack? If not why is esp being used?

I think the programmer in me is having a difficult time with what feels like "magic numbers" from the compiler.

assembly x86 reverse-engineering disassembly
Original Q&A
1

There are 1 answers

2
Devolus On BEST ANSWER

The compiler doesn't have to use ebp as a base register. It can decide to calculate the stack individually, and then use the stack pointer directly. In GCC you can use -fomit-frame-pointer to achieve this optimization. The compiler can then generate code that either keeps a fixed size stack, or by keeping count of it. Depends on the function.

Related Questions in ASSEMBLY

Related Questions in X86

Related Questions in REVERSE-ENGINEERING

Related Questions in DISASSEMBLY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions