Offset Operator

• Offset represents the distance of a data label from beginning of data segment
• Let’s say we have this data definitions.

.data
bVal BYTE 10h
wVal WORD 2030h
dVal DWORD 40506070h
dVal2 BYTE ABH

• The 4 variables above will be layed out in memory in this manner. bVal offset is 0 meaning it starts directly from data segment. On the other hand, wVal offset is 1 because it needed to allocate 1 byte of storage for the previous data (which is bVal; a BYTE) first before it can be positioned in memory. The from there it will be allocated 2 bytes since its a WORD. Same true for dVal2 but in this case it needs to allocate 4 bytes of space first because the previous data is a DWORD.

• Offset also represents the memory location where the data resides. So if we would convert the above diagram into arbitrary memory addresses, it can look like this. That means that bVal is located at exactly address 00404000h while wVal is at address 00404001h.

• Given the above statements, offset operator can be used to determine the location of data or the memory address.

.data
myVal BYTE 10h

.code
mov eax,offset myVal

Varying destination operand sizes

• If we have this data definition,

myBytes  BYTE 10h,20h,30h,40h

• If we get the offset of first element of array, put it in a byte-size register then it seems very straightforward.

mov esi,offset myBytes
mov al,[esi]            ; al = 10h

• But if we change the destination operand into a word-size register, the behavior changes.

mov ax,[esi]        ; ax = 2010h

• That happened because the mov operation tries to fill up the remaining 1-byte space on destination operand by getting the additional 1-byte data after the first element on the offset which in this case it is the second element 20h.