Home/ Questions/Q 8134167
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T09:55:15+00:00

From the disassembly code below can I assume that the location 43E010 is a

  • 0

From the disassembly code below can I assume that the location 43E010 is a location of the variable that holds the string (as in the comment in the assembly code):

Disassembly:

...
push    offset loc_43E010
...
push    offset aAllYourBaseAre ; "all your base are belong to us"
...
.rdata:00446074 aAllYourBaseAre db 'all your base are belong to us',0

This is a disassembly code from a Win32 application that looks like this: 

class Foo {
public: 
    string mystring;    
    __declspec(dllexport) void foo();
};

void Foo::foo(){

    printf("foo called");

}

int _tmain(int argc, _TCHAR* argv[])
{
    Foo foo;
    foo.mystring =  "all your base are belong to us";

    return 0;
}

Does this instruction: push offset loc_43E010 shows that address 43E010 is a offset from the base image of the win32 executable and that its a variable location?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ll invoke my psychic powers (hi Raymond!) and will make a wild guess that you’re seeing something like this:

    push    ebp
mov     ebp, esp
push    0FFFFFFFFh
push    offset loc_43E010
mov     eax, large fs:0
push    eax
...
mov     large fs:0, eax

    This is a typical prolog of a function that uses exception handling. In your case, even though there are no try/catch statements, there is a local variable with a non-trivial destructor, which needs to be called in case there is an exception being propagated. The loc_43E010 is a label for the exception handler for the function.

    So, the answer is: no, it’s not a “variable location”.

    To learn more about exceptions in Win32 (SEH and C++), check my OpenRCE article.

    • 0