Hi I`m just wondering how adresses are calculated :

004013CE 8B4760 mov eax, dword ptr [edi+60]
// Adress of Username is pushed in eax, edi = 0012FE8C
// After doing this line eax=002F38E8 ??
// This is not 0012FE8C+60 ? How is this calculated ?

004013D1 8D7760 lea esi, dword ptr [edi+60]
// After doing this line esi=0012FEEC, this is 0012FE8C+60 !

004013D4 8B40F8 mov eax, dword ptr [eax-08]
// The result of this line is eax=00000003 which is the length
// of the Username.
// But I don`t know how this has been calculated ...

Thanx for any help,
bye spuTniK

Here's the idea:

mov eax, dword ptr [edi+60]

Will move whatever's stored at loc. edi+60h. Thus, result will be something quite different than the address itself (usually, one never knows what's hidden in memory)

lea esi, dword ptr [edi+60]

Lea = Load Effective Address. Loads the destination register, with the address in the source register. Hence the result equals edi+60h

mov eax, dword ptr [eax-08]

Same as first case. Check the prog you're debugging for a previous calculation of the name length. You missed it somewhere.

Fake

Hint: learn some more asm, it will aid you alot when trying to understand programs.

unless they use softice of course, thats what you meant
wasn't it fake51 (;

>004013CE 8B4760 mov eax, dword ptr [edi+60]
>// Adress of Username is pushed in eax, edi = 0012FE8C
>// After doing this line eax=002F38E8 ??

trace up to this line, now lets deal with the first part
EDI+60h so 0012FE8C+60 = 0012FEEC, this is what your
suspecting eh?, well take note of the [ ], this a pointer, so infact
its not move edi+60 into eax it is move what is at edi+60
also notice the term DWORD PTR, i.e. a move a dword which is
pointed to at edi+60h, argh whats at edi+60 (0012FEEC) i hear
you scream ok so perhapes its not that dramatic but anyway type
DD EDI+60 or DD 0012FEEC in softice, as you know D is to
dump data, DD will dump in dwords, so its in the format we want
and is easy to read. DB will go back to byte, DW is words, etc,
anyway you should see 002F38E8 in the data window, your
magic number.

please excuse my excessive rambling but ive nothing better to
do right now. hope that helps.

yates.

"d edi+60"
and ya'll see e8 38 2f 00

[QUOTE]Originally posted by [yAtEs]
[B]

unless they softice of course, whats what you meant
was isnt fake51 (;

>>004013CE 8B4760 mov eax, dword ptr [edi+60]
>>// Adress of Username is pushed in eax, edi = 0012FE8C
>>// After doing this line eax=002F38E8 ??

>trace up to this line, now lets deal with the first part
>EDI+60h so 0012FE8C+60 = 0012FEEC, this is what your
>suspecting eh?,
rigth
>well take note of the [ ], this a pointer, so infact
>its not move edi+60 into eax it is move what is at edi+60
So what is at EDI+60 is moved into eax an then placed at
another place in the memory which is 002F38E8 ?
Because after this line eax=002F38E8...
>also notice the term DWORD PTR, i.e. a move a dword which is
>pointed to at edi+60h, argh whats at edi+60 (0012FEEC) i hear
>you scream ok so perhapes its not that dramatic
don`t care - I`m still alive - I know a little about pointers as
I learned C one year ago .
>but anyway type
> DD EDI+60 ..... you should see 002F38E8 in the data window, >your magic number.
Nope - I`m at 0012FEEC

>please excuse my excessive rambling but ive nothing better to
>do right now. hope that helps.

No problem - Thanks alot for your help,
cya spuTniK

>So what is at EDI+60 is moved into eax an then placed at
>another place in the memory which is 002F38E8 ?
>Because after this line eax=002F38E8...

nope, "So what is at EDI+60 is moved into eax" thats it period.

> Nope - I`m at 0012FEEC
heh, read ur first post back, i was refering to the first
edi+60, your at the second one.


yates.

You got me. Point is ofcourse, that you seldom know beforehand what will be at a specific place in mem unless you're either the programmer, or a nifty zen cracker.

Blue skies
Fake

haha omg i must of been half a sleep when i wrote that,
every word is incorrect nearly heh, /me gives fake51 $10
to edit the post (-;

Lol, must admit I had a hard time interpreting the actual meaning of the sentence. Starting point was your smiley, which I guess says a lot

Fake

>[QUOTE]Originally posted by [yAtEs]
>[B]>So what is at EDI+60 is moved into eax an then placed at
>>another place in the memory which is 002F38E8 ?
>>Because after this line eax=002F38E8...

>nope, "So what is at EDI+60 is moved into eax" thats it period.
Hmm I think I got U - but I entered "abc" ( very inventive I know )
and 002F38E8 is not the Ascii-Code for this.

Thx for your patience,
spuTniK

Okay, here's the idea:

Edi+60 is an address, it holds the value 002F38E8h

That, in turn, is another address. It should be the buffer that holds your input, the ABC. It is widely used among programmers to store the length of the input just before the buffer.

So:

Eax holds a pointer to the input, and eax-8 is a pointer to the input length.

Fake