News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

how to read eip

Started by Superhai, April 27, 2006, 02:54:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Superhai

April 27, 2006, 02:54:37 AM
I am trying to learn asm, and while trying around I thought I wanted to read the instruction pointer (mov eax, eip) , but masm don't know about eip. I don't see it as a big problem, but I am just curious if there is an easy way to read the eip.
Is this something specific to masm?

hutch--

#1
April 27, 2006, 03:14:15 AM
No, its just the hardware, on a 64 bit box you will be able to directly modify RIP which is the 64 bit version.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

Roger

#2
April 27, 2006, 08:52:05 AM
Hi Superhai,

Try the following:-

        Call    ReadEip                       ; This puts eip onto the stack
        next instrution
             . . . .

ReadEip:   
        pop eax                               ; Recover eip from stack
        jmp eax                               ; Can't use return because return address no longer on stack


This leaves the address of the  next instruction in eax.

The dificulty is not in MASM or ary other asembler. but in the limitations of the op-codes which are built into the CPU.

Quote from: hutch-- on April 27, 2006, 03:14:15 AM
on a 64 bit box you will be able to directly modify RIP which is the 64 bit version.
Will this instruction be called " JMP " as it is in 4,8,16 and 32 bit boxes ::)

Regards Roger

AlchoholicSnake

#3
April 27, 2006, 08:57:44 AM Last Edit: April 27, 2006, 06:42:53 PM by AlchoholicSnake
... or you could simply do this
Code Select

hellothere: mov eax,hellothere
right?
Or perhaps if that doesnt work then it might need a offset or something, but I'm too lazy to check. :P

EDIT: Sorry, I was wrong there. That only gives the offset in the program, not in memory, so Roger's version is the correct one.

hutch--

#4
April 27, 2006, 11:24:35 AM
> Will this instruction be called " JMP " as it is in 4,8,16 and 32 bit boxes

There is a simple solution to this question, look it up on the manufacturers site.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

Superhai

#5
April 28, 2006, 03:05:08 AM
hm, thanks guys, i looked at the call routine you gave and come to the conclusion that it also could be done like this, this should be ok?:

call eip

...

eip: mov eax, [esp]
ret

What is difference between offset in program and memory?

Synfire

#6
April 28, 2006, 05:52:44 AM
I don't see the point in all those ret's and jmp's:

Code Select

call $+5
pop eax


not to mention you don't have to worry about a label :)

Regards,
Bryant Keller
Print
Go Up Pages1
User actions