Understanding the LEA Instruction: A Powerful Tool for Address Calculation in x86 Assembly

Assembly Programming

What Is the LEA Instruction?

In x86 assembly, the LEA (Load Effective Address) instruction is used to **compute the address** of a memory operand and store it in a register — **without accessing memory**.

It is commonly used for pointer arithmetic and offset calculations.

Basic Syntax

LEA destination, source

• destination: Must be a register (e.g., eax, ebx, etc.)
• source: A valid memory address expression, like [ebx + ecx*4 + 8]

Practical Example

lea eax, [ebx + ecx*4 + 8]

Assume:

• ebx = 1000
• ecx = 3

Then the instruction does:

eax = 1000 + 3 * 4 + 8 = 1020

Note: **Memory at address 1020 is not accessed** — only the address value is computed and stored in eax.

Common Use Cases of LEA

1. Pointer Arithmetic

       mov esi, [ebp+8]     ; load a pointer from the stack  
       lea eax, [esi+4]     ; move the pointer to next int (4 bytes)  
       

2. Efficient Multiplication and Addition

       lea eax, [eax + eax*2]   ; eax = eax * 3  
       

3. Array Indexing

       lea eax, [array + edi*4] ; compute address of array[edi]  
       

LEA vs MOV

Conclusion

The LEA instruction is one of the most powerful tools in assembly language. Despite its name, it does not “load” memory but rather acts as an “address calculator”.

Whenever you’re dealing with address arithmetic, offsets, or pointer manipulation — think of LEA.

LEA Example from C Compiler Output

Here is a simple C function:

1
2
3

int foo(int* arr, int i) {
    return arr[i + 2];
}

int foo(int* arr, int i) {
    return arr[i + 2];
}

When compiled with GCC and optimization enabled (e.g., gcc -O2 -S foo.c -o foo.s), the assembly output might look like this (simplified):

foo:
    lea     eax, [rsi+2]
    mov     eax, DWORD PTR [rdi+rax*4]
    ret

Explanation:

• rdi holds the address of the array arr
• rsi is the index i
• lea eax, [rsi + 2] computes i + 2 and stores it into eax (without memory access)
• Then [rdi + rax*4] is used to fetch the value at arr[i+2] (each element is 4 bytes)

LEA in 64-bit Mode

In x86-64 (64-bit mode), LEA is just as powerful and supports full 64-bit registers like rax, rbx, rsi, rdi, etc.

lea rax, [rbx + rcx*8 + 16]

This computes:

rax = rbx + rcx * 8 + 16

It is often used for structure field access, array indexing, stack frame addressing, and so on.

64-bit Example: Structure Field Addressing

C code:

1
2
3
4
5
6
7
8

struct Point {
    int x;
    int y;
};
 
int* get_y(struct Point* p) {
    return &p->y;
}

struct Point {
    int x;
    int y;
};

int* get_y(struct Point* p) {
    return &p->y;
}

With optimization, the compiler might produce:

get_y:
    lea     rax, [rdi+4]
    ret

Assuming int is 4 bytes, the y field follows x in memory. So &p->y = p + 4. The address is calculated directly using LEA without accessing memory.

Summary (Extended)

Mastering LEA is a key step toward understanding low-level and systems programming.

• Compilers frequently use LEA for constant addition and scaled index arithmetic instead of separate ADD or MUL instructions
• In 64-bit mode, LEA works with large address spaces and is common in systems programming
• It provides an efficient, memory-free way of computing addresses, making it great for performance

Assembly Programming

• Understanding the LEA Instruction: A Powerful Tool for Address Calculation in x86 Assembly

–EOF (The Ultimate Computing & Technology Blog) —