hi all, i need to save on stack or on a variable CS:EIP. I've seen that pushing EIP is not permitted. How can i do this ? ThX
you could do it like this:
that'll give you eip in eax, unless you're going to insert your code in a different address other than the one the linker intended to, in which case you could use:
mylabel: mov eax, offset mylabel
since call pushes the offset of the return address to the stack, pop eax will give you that offset in eax. hope i didn't fuck up anywhere, it's been a long time since i've done this :D
call mylabel mylabel: pop eax ; eax now has the address of mylabel
Fresh is right. That technique, often called the 'delta offset' is heavily used by Virii coders to get the EIP.
THX for precious help.