MOV ECX,DWORD PTR DS:
what does this mean exactly? how do u have an offset added to a register then copy its value to ECX?
what does this mean exactly? how do u have an offset added to a register then copy its value to ECX?
MOV ECX,DWORD PTR DS:
what does this mean exactly? how do u have an offset added to a register then copy its value to ECX?
It's a complex addressing mode.
Judging from the value, I would say that 1005010 is a pointer to some kind of array or such. The eax register will contain some kind of index.
The operation will add 1005010 and eax together, and load the dword from the resulting address. In other words, element 'eax' in the byte array at 1005010.
It could also be the other way around... eax containing the base address of the array, and 1005010 being the 1005010th element in the array.
It could also be the other way around... eax containing the base address of the array, and 1005010 being the 1005010th element in the array.
0x1005010th byte, but (0x1005010/4)th element since we're dealing with DWORDs :)still a little confused ;x
still a little confused ;x
Internally, first EAX and 1005010 are added by the CPU (stored in a temporary location, EAX doesn't get updated). This computed value is a memory address, and the [brackets] are for indirection - so the whole thing means "load the DWORD value from memory address (EAX+1005010) and store in ECX".
Note that you can only use a single pair of brackets (you can't do multiple levels of indirection), and the "REG+offset" thing only works when dealing with memory addresses (ie, you can't do "MOV ECX, EAX+1000" to do "ecx = eax+1000" (but you can use the LEA instruction for that)).
so does EAX contain an address? and the offset is added to it....which points to a dword value? and this value is stored in ECX
eax contains the index.
assume you have an array of dword values.
if you would like to access the 3rd item you would put 3 into eax, multiply it by 4 (as a dword is 4 bytes long) and access it using aka [1005010 + eax]
assume you have an array of dword values.
if you would like to access the 3rd item you would put 3 into eax, multiply it by 4 (as a dword is 4 bytes long) and access it using aka [1005010 + eax]