The above image along with the title fully encapsulates my question 🙂
Extra details (if necessary):
I assume the above is enough information to answer the question, so if you know the answer and you wish to stop reading the rest of the question, that’s totally fine.
I’m trying to understand what happens when a struct is returned by a C function. This is an example from the “Reverse Engineering for Beginners” by Dennis Yurichev page 139 (Returning a struct).
I understand that _a$ and $T3853 are macros, but I don’t understand what the instruction actually does after the macros are replaced by their values.
>Solution :
See above, _a$ and $T3853 are symbols defined to value 12 and 8 respectively. So
mov ecx, DWORD PTR _a$[esp-4]
is the same as
mov ecx, DWORD PTR 12[esp-4]
or
mov ecx, DWORD PTR [esp-4+12]
or
mov ecx, DWORD PTR [esp+8]