I am trying to learn asm, and while trying around I thought I wanted to read the instruction pointer (mov eax, eip) , but masm don't know about eip. I don't see it as a big problem, but I am just curious if there is an easy way to read the eip.
Is this something specific to masm?
No, its just the hardware, on a 64 bit box you will be able to directly modify RIP which is the 64 bit version.
Hi Superhai,
Try the following:-
Call ReadEip ; This puts eip onto the stack
next instrution
. . . .
ReadEip:
pop eax ; Recover eip from stack
jmp eax ; Can't use return because return address no longer on stack
This leaves the address of the next instruction in eax.
The dificulty is not in MASM or ary other asembler. but in the limitations of the op-codes which are built into the CPU.
Quote from: hutch-- on April 27, 2006, 03:14:15 AM
on a 64 bit box you will be able to directly modify RIP which is the 64 bit version.
Will this instruction be called " JMP " as it is in 4,8,16 and 32 bit boxes ::)
Regards Roger
... or you could simply do this
hellothere: mov eax,hellothere
right?
Or perhaps if that doesnt work then it might need a offset or something, but I'm too lazy to check. :P
EDIT: Sorry, I was wrong there. That only gives the offset in the program, not in memory, so Roger's version is the correct one.
> Will this instruction be called " JMP " as it is in 4,8,16 and 32 bit boxes
There is a simple solution to this question, look it up on the manufacturers site.
hm, thanks guys, i looked at the call routine you gave and come to the conclusion that it also could be done like this, this should be ok?:
call eip
...
eip: mov eax, [esp]
ret
What is difference between offset in program and memory?
I don't see the point in all those ret's and jmp's:
call $+5
pop eax
not to mention you don't have to worry about a label :)
Regards,
Bryant Keller