What does the operand of this mov instruction underlined in this image mean?

The above image along with the title fully encapsulates my question 🙂

Extra details (if necessary):
I assume the above is enough information to answer the question, so if you know the answer and you wish to stop reading the rest of the question, that’s totally fine.

I’m trying to understand what happens when a struct is returned by a C function. This is an example from the “Reverse Engineering for Beginners” by Dennis Yurichev page 139 (Returning a struct).

I understand that _a$ and $T3853 are macros, but I don’t understand what the instruction actually does after the macros are replaced by their values.

>Solution :

See above, _a$ and $T3853 are symbols defined to value 12 and 8 respectively. So

mov ecx, DWORD PTR _a$[esp-4]

is the same as

mov ecx, DWORD PTR 12[esp-4]

mov ecx, DWORD PTR [esp-4+12]

mov ecx, DWORD PTR [esp+8]

Dev solutions

Solutions for development problems

What does the operand of this mov instruction underlined in this image mean?

>Solution :

Like this:

Related

Leave a ReplyCancel reply

>Solution :

Share this:

Like this:

Related

Leave a ReplyCancel reply

Discover more from Dev solutions