If Vec contains a pointer to some some structure, then eax is assigned a copy of the first attribute of that structure. To assign a copy of the second attribute of that same structure to ebx, follow the above code with:
mov ebx, [esi + 4]
mov edi, offset (vec + 4)
mov ebx, [edi]
edi is assigned the pointer that is stored in the double word after vec. ebx is then assigned the value to which this pointer points.
To better illustrate what you are doing, examine the following C++ code:
Code:
struct vec_structure
{
DWORD attribute1;
DWORD attribute2;
};
vec_structure record;
vec_structure* vec = &record;
DWORD* dummy;
DWORD eax;
DWORD ebx;
// Your code is doing this:
eax = vec->attrubute1;
ebx = *dummy;
// What you want is:
eax = vec->attrubute1;
ebx = vec->attrubute2;
As I understand the OP, the label Vec does not refer to a pointer, but a construct (avoiding the word "structure" here because it may suggest a more specific meaning) in memory that is to be considered an array of DWORDs. The offset of +4 given in the sample is expressed in bytes and not scaled by the item size which is unknown in the case of mov ebx, [esi + 4] anyway because it's not explicitly specified using the PTR keyword (and even then it wouldn't influence the meaning of the offset), and may or may not have been specified in the definition of Vec, but then wouldn't influence the meaning of the offset either.
What may be syntactically problematic, though, is the use of parentheses in mov edi, offset (Vec + 4), since that means taking the offset of Vecafter it already has been offset by +4.
I was thrown out of college for cheating on the metaphysics exam; I looked into the soul of the boy sitting next to me.
This is a snakeskin jacket! And for me it's a symbol of my individuality, and my belief... in personal freedom.
Reply With Quote
Originally Posted by Khabz
Bookmarks