Hey guys,
When having the following:
0131CA98 E8 238313FF CALL 00454DC0
Is it possible to use the opcodes to generate the address 00454DC0 manually?
Same goes for jmp:
0131CC22 ^E9 36FDFFFF JMP 0131C95D
The compiler generates the appropriate distances for jumps and calls etc.. I am wondering if it is possible
to use the opcodes to generate the addresses manually.
use
..............
jmp MyPoint
..............
MyPoint:
...............
call MyProc
..............
MyProc proc
.............
than you assembly using Debug only manualy. without Debug you must use codes of operation instead of CALL JMP
the answer is yes :bg
these are known as "relative" addresses
that means that the operand that is encoded into the instruction is relative to the current instruction pointer
for jumps and calls, it is actually relative to the address of the following instruction
the operand is treated as a signed value and is stored in little-endian form
if the operand is positive, it is a forward branch
if the operand is negative, it is a backward branch
0131CA98 E8 238313FF CALL 00454DC0
in this case, the address of the next instruction is 0131CA9D
the encoded operand is FF138323, a negative value
0131CA9D + FF138323 = 00454DC0
Great reply dedndave ,
Exactly what I was looking for, thanks!!
You'll find a lot of this in the Kernel.dll of windoze, and other dlls
DAVE !!!
That is interesting as hell. How did you figure it out ???
this forum may need some irony-tags?
:bg