Maths and Assembly

FlySky · July 03, 2011, 12:40:03 PM

Hey guys,

When having the following:

0131CA98 E8 238313FF CALL 00454DC0

Is it possible to use the opcodes to generate the address 00454DC0 manually?

Same goes for jmp:

0131CC22 ^E9 36FDFFFF JMP 0131C95D

The compiler generates the appropriate distances for jumps and calls etc.. I am wondering if it is possible
to use the opcodes to generate the addresses manually.

bomz · July 03, 2011, 01:19:31 PM

use

Code Select

..............
jmp MyPoint
..............
MyPoint:
...............
call MyProc
..............
MyProc proc
.............

than you assembly using Debug only manualy. without Debug you must use codes of operation instead of CALL JMP

dedndave · July 03, 2011, 03:00:30 PM

the answer is yes :bg

these are known as "relative" addresses
that means that the operand that is encoded into the instruction is relative to the current instruction pointer
for jumps and calls, it is actually relative to the address of the following instruction
the operand is treated as a signed value and is stored in little-endian form
if the operand is positive, it is a forward branch
if the operand is negative, it is a backward branch

Code Select

0131CA98 E8 238313FF CALL 00454DC0
in this case, the address of the next instruction is 0131CA9D
the encoded operand is FF138323, a negative value
0131CA9D + FF138323 = 00454DC0

FlySky · July 03, 2011, 04:21:27 PM

Great reply dedndave ,

Exactly what I was looking for, thanks!!

vanjast · July 05, 2011, 09:40:47 PM

You'll find a lot of this in the Kernel.dll of windoze, and other dlls

baltoro · July 05, 2011, 09:57:07 PM

DAVE !!!
That is interesting as hell. How did you figure it out ???

qWord · July 05, 2011, 10:10:49 PM

this forum may need some irony-tags?

baltoro · July 06, 2011, 11:44:47 PM

:bg

News:

Maths and Assembly