Part 11 - Pointers

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

x64 utilizes the flat memory model to which we have one large array of addresses that exist within the processor. 

A pointer is nothing more than the address of a specific value in memory. Let’s take an example:

mov rax, 0x10

In this example we are moving 10 hex into the rax register.

To get the value inside rax at 0x10, you would use the following syntax:

mov rbx, word ptr [rax] 

Let’s assume the value inside memory 0x10 was 0x20 therefore rax points to the value inside 0x10 which when you dereference by [rax] contains 0x20. 0x20 is the value inside of the register rax.

We are moving a word value pointed inside of rax  into rbx.

If we do:

mov word ptr [rax], 0x66

This will put the value of 0x66 into the memory location at 0x10. We know that the value inside 0x10 memory location was 0x20 so therefore the new value inside the memory at 0x10 will be 0x66.

This can get confusing however when we get into code over the coming months this will become more apparent. 

Next week we will dive into load effective address! Stay tuned!