Home/ Questions/Q 8438373
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T07:41:48+00:00

Background: I’m reversing an Obj-C instance method belonging to a certain class. Here is

  • 0

Background: I’m reversing an Obj-C instance method belonging to a certain class. Here is the interface of the class

@interface myClass : NSObject
    { 
            // aStructure contains a lot of function pointers

         struct aStructure **_myStruct;     // ivar offset: 0x14  
         int                             _integer;             // ivar offset: 0x20
    }

   - (void)aMethod;

@end

Problem:

Here is a snippet of aMethod disassembly

[0x0]      mov   edi,    [ebp+arg_0]     ## put self into edi
[0x2]      mov   edx,   [edi+20h]        ## put  self._integer into edi
[0x3]      cmp   edx,   1
[0x4]      jl       end_of_method       ## if (self._integer < 1) return;
[0x5]      lea     eax,   [edx-0Ch]       ## put &self._myStruct into eax
[0x6]      cmp   eax,   3
[0x7]      ja      end_of_method       ## if (&self._myStruct > 3) return;
// other stuff

The 6th line shows a comparaison between a memory address (&self._myStruct) with 3.

Question: why would you compare a memory address with an int ? It doesn’t make much sense for me, since a memory address will be always > 3, and thus the method will always exit in this case.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    lea eax, [edx-0Ch] simply means eax = edx - 12. That the instruction is called “load effective address” doesn’t mean it’s the only thing it can be used for – compilers often output lea instead of add/sub/mul when that instruction is the shorter/faster way of doing a calculation.

    The whole snippet checks if _integer is between 1 and 15. It stores _integer - 12 in eax, presumably because it will be used later in the method.

    • 0