hi all, i need to save on stack or on a variable CS:EIP. I've seen that pushing EIP is not permitted. How can i do this ? ThX
Posted on 2001-05-29 04:38:00 by angelo
you could do it like this:

mylabel:
mov eax, offset mylabel
that'll give you eip in eax, unless you're going to insert your code in a different address other than the one the linker intended to, in which case you could use:

call mylabel
mylabel:
pop eax ; eax now has the address of mylabel
since call pushes the offset of the return address to the stack, pop eax will give you that offset in eax. hope i didn't fuck up anywhere, it's been a long time since i've done this :D
Posted on 2001-05-29 05:59:00 by fresh
Fresh is right. That technique, often called the 'delta offset' is heavily used by Virii coders to get the EIP.
Posted on 2001-05-29 11:32:00 by latigo
THX for precious help.
Posted on 2001-05-29 16:28:00 by angelo