Dear Friends,
I would like to write about array of pointer in assembly so that you can idea during reversing the code.
I have simple application like below, it will retrieve a pointer from array that point to a string of month. I will pick array no 1 where it will return February.
When translated to assembly, it will be like below
We can see from the above image that in the get_month function the passed parameter is stored in eax. In order to get the element of the array, the application will use __data_start__[eax*4]. why eax shall be multiplied by 4? Because this is array of pointer where each pointer has been aligned to 4 bytes element. Element of array is accessed via its first element and multiplied with the size of each element.
