15

Possible Duplicate:
What’s the purpose of the LEA instruction?
LEA instruction?

So I'm working on the binary bomb assignment for class (it has a bunch of phases where you have to step through the assembly code of a program and find a passphrase to decode the "bomb").

I can't complete my current phase because I don't understand the lea command. I've read that it's commonly used for arithmetic, but I just don't understand how it does it.

The command I'm looking at in particular is

lea -0x18(%ebp), %ebx
lea -0x8(%ebp), %esi

followed by a

mov -0x4 (%ebx), %eax
add -0x8(%ebx), %eax

in the next line eax and ebx are compared, if they're equal the program continues, else the bomb explodes.

I've figured enough out about this phase to know it wants 6 numbers, the first two being 0 and 1. After that it does some manipulations to determine if the rest of the sequence is correct (I'm assuming the lea commands are what i need to decode to find the next numbers).

Now what I couldn't find is what the -0x18 in particular refers to. what's the negative sign do? does it indicate subtraction? is it looking 18 bytes before ebp?

Thanks for any help here.

Community
  • 1
  • 1
SRansom
  • 337
  • 2
  • 3
  • 6

2 Answers2

32

The LEA instruction computes a memory address using the same arithmetic that a MOV instruction uses. But unlike the MOV instruction, the LEA instruction just stores the computed address in its target register, instead of loading the contents of that address and storing it.

Consider your first LEA instruction:

lea -0x18(%ebp), %ebx

This instruction computes the sum of -0x18 and the value in the EBP register. It gets some result S. It stores S in the EBX register.

In the addend -0x18, the “-” is a negative sign and the “0x” means it's a hexadecimal constant. So the addend is negative 1816, which is -2410. So this LEA instruction simply subtracts 24 from the value in EBP and stores the result in EBX.

Contrast this with your MOV instruction:

mov -0x4(%ebx), %eax

This instruction computes the sum of -0x4 and the value in the EBX register. It gets some result S. Then it fetches the value of the word at address S in memory, getting some value M. It stores M in the EAX register.

rob mayoff
  • 375,296
  • 67
  • 796
  • 848
1

The LEA instruction loads the address that will be evaluated with the particular addressing mode into the destination register. Consider these two cases:

lea -0x18(%ebp), %ebx
mov -0x18(%ebp), %ebx

The first instruction loads the address calculated as offset -0x18 relative the current value of ebp into ebx. The second instruction loads the memory content at this address into ebx.

The negative offset means that location is below the address in a register and positive offset means that the location is above the address in a register. It is common to represent a memory with the zero address at bottom and the addresses grow toward the top in the drawings:

0xFFFFFFFC   !_______!
    ....
+0x4(ebp) -> !_______! 
(ebp) ->     !_______! 
-0x4(ebp) -> !_______! 
    ....
0x00000000   !_______!
Serge
  • 6,088
  • 17
  • 27