Two Click disassembly/reassembly
in [ASM]
|
Prev: Check out POASM
Next: Bad habits
From: Betov on 27 Jan 2006 15:52 "randyhyde(a)earthlink.net" <randyhyde(a)earthlink.net> ?crivait news:1138391488.032385.117910(a)g44g2000cwa.googlegroups.com: >> It can be replaced by 'jmp someCodePtr+4' >> >> -- Chuck > > No, "jmp someCodePtr+4" would transfer control to the address held in > the dword immediately following someCodePtr. The above code transfers > control to the code address at the location specified by the *sum* of > the dword at someCodePtr and four. :]]]]] Oh, _yes_!... We have one another MASM victim, here. :]]]]] Betov. < http://rosasm.org >
From: randyhyde@earthlink.net on 27 Jan 2006 16:25 Betov wrote: > > No, "jmp someCodePtr+4" would transfer control to the address held in > > the dword immediately following someCodePtr. The above code transfers > > control to the code address at the location specified by the *sum* of > > the dword at someCodePtr and four. > > :]]]]] > > Oh, _yes_!... We have one another MASM victim, here. > Perhaps you should "learn some assembly" Rene. I realize that you prefer to work with a tiny subset of the x86 instruction set, and that the code example being presented here is probably a new concept to you, but rest assured that *real* assembly language programmers understand what's going on here and don't try to pass off their ignorance on the subject by trying to deflect attention by insulting other products and people. Cheers, Randy Hyde
From: Frank Kotler on 27 Jan 2006 17:23 randyhyde(a)earthlink.net wrote: > mov eax, someCodePtr > add eax, 4 > jmp eax Just a "syntax observation" (I would not be so arrogant as to "explain Betov"!)... In Nasm's "improved, slightly Intel-like syntax", what (I think) is intended here would be expressed as "mov eax, [someCodePointer]". "mov eax, someCodePointer", in Nasmese, is equivalent to Masm's "mov eax, offset someCodePointer". Thus, a "Nasm victim" may interpret the above code differently than was intended... Best, Frank
From: Charles A. Crayne on 27 Jan 2006 20:15 On 27 Jan 2006 01:55:29 -0800 "Alex McDonald" <alex_mcd(a)btopenworld.com> wrote: :It's inelegance isn't at issue Then we are in agreement, as my comment about changing the code referred to the original human programmer, and was not meant to suggest that the tool could be allowed to make such a change. -- Chuck
From: Charles A. Crayne on 27 Jan 2006 21:16
On 27 Jan 2006 11:38:47 -0800 "randyhyde(a)earthlink.net" <randyhyde(a)earthlink.net> wrote: :I am obviously a bit more aware of the problems than either you or Rene :with respect to this conversion process. What seems obvious to you is not necessarily obvious to others. For example, from my point of view, I consider it obvious that you are, as the old saying goes, "trying to teach your grandmother how to suck eggs". However, the important thing to keep in mind is that our audience deserves more than just a "because I say so response". |