I always get confused with the proper combination of lea's and movs I should use to access pointers that are referenced by another pointer, is there a trick to keeping track of them? Say I have like 4 calls to HeapAlloc and somewhere in each memory block would be a pointer to the next memory block, how would I say access a value in the last memory block?
you must dereference the pointer four times:
.data
pMem PVOID ?
.code
...
mov eax,pMem ; mov pointer of first block into eax
mov eax,[eax] ; load pointer of block 2
mov eax,[eax] ; ... block 3
mov eax,[eax] ; ... block 4
mov eax,[eax] ; obtain value
There is no limit to nesting, but you have to keep track, well, by commenting well your code. If it's nested deeply, it's probably bad design. Of course, ...
mov eax, pHeapTop
mov eax, [eax]
mov eax, [eax]
mov eax, [eax]
... may produce the right result, but what for?
By the way, a simple but complete example usually helps to get concrete answers ;-)
P.S.: Funny that qWord uses exactly the sequence I had just written...
:biggrin:
JJ,
Long ago a philosopher said, show me a man who had a vision in a dream and I will show you a man who dreamed he had a vision.
> P.S.: Funny that qWord uses exactly the sequence I had just written...
It may be the case that you used exactly the same sequence as qWord. :P
If you're creating a chain of blocks, something like the following...
memblock struct
nextblock dword ? ; pointer to next memblock
datablock dword 127 dup(?)
memblock ends
; store NULL in "nextblock" field in the last block
getlast:
mov eax,pStartChain
cmp eax,NULL
je endsearch ; EAX is NULL
findlast:
mov ecx,[eax].memblock.nextblock
cmp ecx,NULL
je endsearch ; EAX points to last block
mov eax,ecx
jmp findlast
endsearch:
ret