Moodyk9

Moodyk9 01 May 2014, 19:04
There are also some special symbols that can be used inside the numerical expression. First is \$, which is always equal to the value of current offset,

i dont understand this, i tried too look at it in ollydb but when i try to pin point it using message box it give me address of something dont exist can somebody explain please?
\$=current offset

jmp \$
is the same as (loop forever)
x: jmp x
revolution
When all else fails, read the source

revolution 02 May 2014, 02:25
You can think of \$ as always equalling {E|R}IP.
Bargest

Bargest 02 May 2014, 14:58
revolution wrote:
You can think of \$ as always equalling {E|R}IP.

Not EIP, but EIP minus size of current command. Because
`jmp \$    `

is equal to
`label: jmp label    `

But at this point EIP is equal to address of the next command. And this code will compile as 0xEB 0xFE, which means "jump -2".

jmp \$ ; Happy end!
revolution
When all else fails, read the source

revolution 02 May 2014, 15:35
Sure. But that is merely an implementation issue of the x86. Other CPUs can do different things. At the assembly level \$ is the same as IP in the logical sense of being the address of the current instruction.
shutdownall

shutdownall 03 May 2014, 17:00
revolution wrote:
You can think of \$ as always equalling {E|R}IP.

Well - depends on type of segment.
If you create a data segment (no execute) it wouldn't be suitable to compare it with the actual position of IP. Or when using segmented addresses in real mode.
\$=current offset
\$\$=offset from the begin of you code

```org 0x7c00
boot: jmp boot ; loop
times 512-(\$-\$\$) db 0 ; times 512-((0x7c00+2)-0x7c00)
```
