Hi All
Is it possible to move the address of the next into a variable ie
mov eax,"next instruction address"
mov [spotToJumpBackToo],eax
Cheer Adam
Maybe you could do something like?
mov eax, OFFSET @F
@@:
call @F
@@:
pop eax ;eax = address of next instruction - 1
;next instruction
call @F
@@:
pop eax
add eax, offset NextInstruction - offset @B
NextInstruction:
Petroizki's way is simplest, quickest and smallest though.
isnt there a register with the current instruction pointer?
Adam.
Should "mov [istrPointer], eip + 4" work?
Adam
You can't use eip register directly. You have to do some tricks to get it.
JUst thought of another idea:
int 3
jmp @F
dd 0
@@:
Then, make another app which debugs the first one and when it gets the int3, it uses GetThreadContext to get the eip, then stores it in the spare dd.
Quote
Should "mov [istrPointer], eip + 4" work?
The programmer does not have direct access to the instruction pointer, so EIP is not a valid symbol.
These should work:
mov [istrPointer], $ + 10
mov eax, $ + 5
Where the number at the end is the length of the assembled instruction in bytes.
This may be a dumb question... but there's no EIP macro?
GetEIP proc
pop eax
push eax
ret
GetEip endp
Take care because this code:
mov eax, OFFSET @F
@@:
Is calculated at compile time not at runtime.
Mark, what do you mean by "EPI macro"?
Bogdan, the offset is not relocated at run-time?
EXEs generally do not have a relocation table, so they have to be loaded at the correct base otherwise they are screwed.
Quote from: AeroASM on May 17, 2005, 09:51:50 AM
EXEs generally do not have a relocation table, so they have to be loaded at the correct base otherwise they are screwed.
Sure they do! It's possible to strip the relocation entries (the .reloc section) from an EXE file, in which case what you claim would be true, but standard EXEs are certain relocatable.
Cheers,
Randy Hyde
I never found one when I was messing around with exes. When I changed the image base of my own exe to 500000 it screwed up because the data offsets were from 400000