ASM
......
.text:000000000062D153 lea rax, aaa ; "aaaaaaaaaaa"
.text:000000000062D15A lea rdx, bbb ; "bbbbbbbbbbbbbbbb"
......
.rodata:0000000000F63221 aaa db 'aaaaaaaaaaa',0
.rodata:0000000000F6322D bbb db 'bbbbbbbbbbbbbbbb',0
.rodata:0000000000F6323E align 20h
......
HEX
......
000000000062D153 48 8D 05 C7 60 93 00
000000000062D15A 48 8D 15 CC 60 93 00
......
I dont understand, where this address "aaa"(F63221) in hex 48 8D 05 C7 60 93 00 ? How to replace a to b in hex, and get ?
.text:000000000062D15A lea rdx, aaa ; "aaaaaaaaaaa"
000000000062D153 48 8D 05 C7 60 93 00
Is actually :
lea rax, [rip+0x9360c7]
This is a RIP relative address, and the offset is in the 4 last bytes of the instruction (C7 60 93 00 = 0x009360C7). This addressing mode refers to memory relative to the next instruction (not the current, because RIP points to the next instruction). If you do the math, you will see that 0x0062D15A + 0x009360C7 is 0x00F63221.
To refer to bbb, you need to calculate 0x00F6322D - (0x0062D15A + 7). This gives an offset value of 0x9360CC.