# Doubt

• March 19th, 2013, 03:19 PM
Khabz
Doubt
On the following code:

mov esi, offset Vec
mov eax, [esi]

Esi contains the 1st position of the vector and Eax contains the 1st number of the same vector.

And here:
mov edi, offset (vec + 4)
mov ebx, [edi]

Edi gets the 2nd position of the vector and ebx contais the 2nd number or is it incorrect?

Consider it to be DWORDS.
• March 19th, 2013, 08:18 PM
Eri523
Re: Doubt
Your assumptions look correct to me.
• March 19th, 2013, 11:39 PM
Coder Dave
Re: Doubt
Quote:

Originally Posted by Khabz
mov esi, offset Vec
mov eax, [esi]

If Vec contains a pointer to some some structure, then eax is assigned a copy of the first attribute of that structure. To assign a copy of the second attribute of that same structure to ebx, follow the above code with:

mov ebx, [esi + 4]

Quote:

mov edi, offset (vec + 4)
mov ebx, [edi]
edi is assigned the pointer that is stored in the double word after vec. ebx is then assigned the value to which this pointer points.

To better illustrate what you are doing, examine the following C++ code:
Code:

```        struct vec_structure         {                 DWORD attribute1;                 DWORD attribute2;         };         vec_structure record;         vec_structure* vec = &record;         DWORD* dummy;         DWORD eax;         DWORD ebx;         // Your code is doing this:         eax = vec->attrubute1;         ebx = *dummy;         // What you want is:         eax = vec->attrubute1;         ebx = vec->attrubute2;```
• March 20th, 2013, 07:19 AM
Eri523
Re: Doubt
As I understand the OP, the label Vec does not refer to a pointer, but a construct (avoiding the word "structure" here because it may suggest a more specific meaning) in memory that is to be considered an array of DWORDs. The offset of +4 given in the sample is expressed in bytes and not scaled by the item size which is unknown in the case of mov ebx, [esi + 4] anyway because it's not explicitly specified using the PTR keyword (and even then it wouldn't influence the meaning of the offset), and may or may not have been specified in the definition of Vec, but then wouldn't influence the meaning of the offset either.

What may be syntactically problematic, though, is the use of parentheses in mov edi, offset (Vec + 4), since that means taking the offset of Vec after it already has been offset by +4.