x86 Assembly, Array of Pointer

Reverse Engineering Leave a comment

Dear Friends,

I would like to write about array of pointer in assembly so that you can idea during reversing the code.

I have simple application like below, it will retrieve a pointer from array that point to a string of month. I will pick array no 1 where it will return February.

When translated to assembly, it will be like below

main function
get_month function

We can see from the above image that in the get_month function the passed parameter is stored in eax. In order to get the element of the array, the application will use __data_start__[eax*4]. why eax shall be multiplied by 4? Because this is array of pointer where each pointer has been aligned to 4 bytes element. Element of array is accessed via its first element and multiplied with the size of each element.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s