dword ptr ss:[esp+0xA] Isn't it correct to get the syntax corresponding to the esp+0xA address?

Question

If the address is like this

esp == 00000000

esp + 5 = 00000005

esp + A = 0000000A

00000005 can contain only one byte character.

Isn't it correct that only one byte of text can be included in 0000000A?

This syntax takes the value in esp+0x5 and compares it with 61.
There must be something in 00000005.

But why does the comment show a string when I got the esp+A address and put it in ecx?
Shouldn't ecx have an address corresponding to esp+A annotated or just one byte value corresponding to 0000000A?

Yes, `esp+A` is a single byte but the code used a `lea` to take its address and then you can interpret it as a string beginning there which the debugger did for you. — Jester, Mar 29 '22 at 15:11
Which part is unclear? Do you know C? If you have a string `char* s = "foobar"` you can have `s[3]=='b'` which is a single character from it, but you can also have `char* x = &s[3]` which would then be `"bar"`. — Jester, Mar 29 '22 at 22:03
I understand that `&` is an address value operator. If you put the address corresponding to `s[3]` in the pointer variable, do you refer to the address of `s[3]` to the end of `s`? — Wonlf, Mar 30 '22 at 00:43
It's the address of `s[3]`. C strings are terminated by a zero byte. If you have something that expects a string, that will automatically go until it finds that zero. The cpu doesn't store a size, it's just the starting address. — Jester, Mar 30 '22 at 01:09
So, can I understand that `esp+A` in the text is the starting address of the string and that it takes all the characters from `esp+A` to `\0`(end of string)? — Wonlf, Mar 30 '22 at 01:23
Yes that is correct, assuming the function it is passed to (which you did not show) expects a zero terminated string. That is what the debugger also assumed, that's why it printed a string for you. — Jester, Mar 30 '22 at 01:28

dword ptr ss:[esp+0xA] Isn't it correct to get the syntax corresponding to the esp+0xA address?

0 Answers0