Home > Mobile >  What does "=>address" mean in Ghidra's disassembly, at the end of an instruction?
What does "=>address" mean in Ghidra's disassembly, at the end of an instruction?

Time:06-19

I am new to assembly & Ghidra and I am seeing a => on some lines for PUSH in a binary I am looking at and I cant seem to find what Ghidra is doing for instructions like this:

0040298b 56  PUSH   ESI=>DAT_004046c8

CodePudding user response:

This is Ghidra annotating the assembly because it could statically infer that the value of ESI is OFFSET DAT_004046c8 (from the previous instruction). This is a typical feature for Reverse Engineering tools, so you don't have to mentally keep track of all known values and the meaning of a certain offset yourself. This becomes especially if you rename the location DAT_004046c8 to something more meaningful like custom_variable_name(once you found out what the "real" variable name could have been), the disassembly will show

0040298b 56  PUSH   ESI=>custom_variable_name

Page link:https//www.codepudding.com/Mobile/446645.html

Prev:google Apps Script Export Issues
Next:How to copy to clipboard a selected text with styling ang images by using javascript?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding