0

I was studying assembly and I would like some additional clarifications for the below code

MOV DWORD PTR SS: [ESP+16], 6E616C41

So basically where is it loading 6E616C41 to?

I've learned that stack grows in decreasing order in some architecture so if

ESP 006FFEF0

Is 6E616C41 moved to the location 006FFEF0 - 16 = 006FFEDA ?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Nimrod
  • 375
  • 1
  • 12
  • It's not loading it, it's *storing* it to memory, 16 bytes above the current stack pointer. Note the +16, not -16. And note that `16` is in decimal, not hex. – Peter Cordes May 23 '21 at 07:01
  • How's the address calculated? 006FFEF0 - 16? – Nimrod May 23 '21 at 07:05
  • 1
    No, `0x006FFEF0 + 16`, not `-`. With both numbers in hex, `0x006FFEF0 + 0xa`. The stack grows downward, but that just means that `push` decrements, `pop` increments. Not that addressing modes work differently when ESP is involved. IDK if that's why you were negating, instead of a typo? – Peter Cordes May 23 '21 at 07:07
  • Yes, sorry. It's clear now, thanks – Nimrod May 23 '21 at 07:10
  • 1
    @Peter Cordes: 16 decimal is 10h hex, not 0Ah. – ecm May 23 '21 at 08:03
  • 1
    @ecm: derp, thanks. I think I was looking at the `...A` number in the question, and/or converted it to 0x10 in my head and then converted 10d -> 0xa as I was typing :/ – Peter Cordes May 23 '21 at 08:08

0 Answers0