I was experimenting with intel opcodes and i have the folowing question.
If we assume that we have some asm code that we are no sure were in memory it will be loaded and we want to implement the folowing code
mov eax,offset name
push eax
call function
.
.
.
db name "my name",0
It seems(from intel opcodes manuals) that MOV or LEA second
parameter is always an absolute address.
How can i load the absolute address of name if i only know the relative?
(The only way i can find out are some nusty tricks)
If we assume that we have some asm code that we are no sure were in memory it will be loaded and we want to implement the folowing code
mov eax,offset name
push eax
call function
.
.
.
db name "my name",0
It seems(from intel opcodes manuals) that MOV or LEA second
parameter is always an absolute address.
How can i load the absolute address of name if i only know the relative?
(The only way i can find out are some nusty tricks)
In most instances relative addresses do the job but if for example you have a set of labels which are absolute addresses loaded into an array, normally you would load the address from the array into a register and jump to that address.
There is an opcode to jump to an absolute address but from memory it is not suitable for win32 where addresses are set by the operating system so that each running applcation has the same address starting point.
If you have an absolute address you want to jump to, either put in in a register and jump to it or you can push the address and call RET which works but messes up the CALL/RET pairing in later processors.
Regards,
hutch@movsd.com
There is an opcode to jump to an absolute address but from memory it is not suitable for win32 where addresses are set by the operating system so that each running applcation has the same address starting point.
If you have an absolute address you want to jump to, either put in in a register and jump to it or you can push the address and call RET which works but messes up the CALL/RET pairing in later processors.
Regards,
hutch@movsd.com
Thanks but i didn't understand very well.
When i do
mov eax,offset name
if we assume that the absolute address of name is 402010
the opcode is a110204000.
If i know that my code is loaded at 401000 then i know the absolute address of name.
401000 *******
.
.
.
401f10 mov eax,offset name
.
.
.
402010 db name "my name",0
But if i only know that the name variable is after 100bytes from
"mov eax,offset name" instruction but i dont know where in memory my code is loaded so i dont know the absolute address of name variable but only the relative how can i load on eax the absolute address of name?
When i do
mov eax,offset name
if we assume that the absolute address of name is 402010
the opcode is a110204000.
If i know that my code is loaded at 401000 then i know the absolute address of name.
401000 *******
.
.
.
401f10 mov eax,offset name
.
.
.
402010 db name "my name",0
But if i only know that the name variable is after 100bytes from
"mov eax,offset name" instruction but i dont know where in memory my code is loaded so i dont know the absolute address of name variable but only the relative how can i load on eax the absolute address of name?
The details for each OS is different, but they all basically use the same strategy -- a relocation table.
In Win32, each code section in the PE file has a relocation table -- the tables tell the loader where all the relative addresses are located. After loading the code sections, the loader can go through the tables to adjust relative addresses to their absolute addresses -- before any code is executed.
In Win32, each code section in the PE file has a relocation table -- the tables tell the loader where all the relative addresses are located. After loading the code sections, the loader can go through the tables to adjust relative addresses to their absolute addresses -- before any code is executed.
To a known address, I know of 2 ways to jump to it,
Either will jump to the hard coded address. If the address is within you executable code address, it will execute the following instruction, if not you will get an access violation.
Regards,
hutch@movsd.com
mov eax, 12345678
jmp eax
or
push 12345678
ret
Either will jump to the hard coded address. If the address is within you executable code address, it will execute the following instruction, if not you will get an access violation.
Regards,
hutch@movsd.com
You could do:
call next
next:
pop eax ;eax contains absolute address of the 'next' label
add eax, relative_address
push eax
call function
The address should be relative to the 'next' label, if it's not you can just add an offset to 'relative_address'.
call next
next:
pop eax ;eax contains absolute address of the 'next' label
add eax, relative_address
push eax
call function
The address should be relative to the 'next' label, if it's not you can just add an offset to 'relative_address'.
call @f
db "my name",0
@@:
call function
This does what you want, I think :)
Well thanks,the call trick is very nice !!! :) :) :)