IDA- how to find value/offset of variable?

Question

I try to understand code reversed using IDA. Some parts below:

.text:00401510 Destination= byte ptr -0Fh
.text:00401510 argc= dword ptr  8
.text:00401510 argv= dword ptr  0Ch
.text:00401510 envp= dword ptr  10h
...
.text:0040151E mov     dword ptr [esp+2Bh], 35706635h
.text:00401526 mov     word ptr [esp+2Fh], 73h ; 's'
.text:0040152D mov     dword ptr [esp+1Fh], 6866234Ah
.text:00401535 mov     dword ptr [esp+23h], 7667236Fh
.text:0040153D mov     dword ptr [esp+27h], 776C21h
.text:00401545 mov     dword ptr [esp+1Ah], 37333331h

My problem is:

what is "h" in the end of the offset (eg 0Ch)? Variable argc is assigned to offset 8, argv to 0C and envp to 10, am I wrong?
how its possible to set negative offset in variable "Destination"?
how can I get values of that variables?
in mov functions is "h" used for something? I assume that some ascii is assigned to offset. 73(h) is "s"

‘Destination’ is likely an offset added to an address or register value. — 500 - Internal Server Error, Oct 22 '22 at 10:37
@500-InternalServerError: Those will be offsets relative to the frame pointer (or where EBP would point if you were using it as a frame pointer). That's the usual convention for MSVC asm output, or it seems from IDA disassembly. `[ebp+8]` is the first stack arg, right above the return address. So that's correct for `argc`, assuming this is disassembly of `main`. And yeah, local vars go below the frame pointer, so negative offsets. [IDA disassembly produces completely different code to ASM file for exe compiled in Visual Studio 2017](//stackoverflow.com/a/53350002) shows some IDA output — Peter Cordes, Oct 22 '22 at 10:42
Yes, this code looks like it's initializing a local `char string[] = "..."` array. Remember x86 is little-endian, or just run it and single-step those instructions then examine memory with a debugger. — Peter Cordes, Oct 22 '22 at 10:57

IDA- how to find value/offset of variable?

0 Answers0