flat assembler
Message board for the users of flat assembler.

Index > Main > Byte calculation problem

Author
Thread Post new topic Reply to topic
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 25 Nov 2017, 10:56
Sorry for my question but I have problem with this row of my code:

mov byte [.......],(00h - (.m1-.a1))

I really need to calculate SHORT JMP address .m1-.a1 is calculate correctly but if I set 00h - (.m1-.a1) result is NOT expected. Can you anybody tell me what is correct syntax for this in FASM?

Thank you!
Post 25 Nov 2017, 10:56
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 25 Nov 2017, 12:08
I quickly patched up an example of how to modify "jmp there" so that it becomes "jmp here":
Code:
        mov     byte [__jump+1], here - __after_jump

__jump:
        jmp     short there
__after_jump:    
Is this what you're looking for?
Post 25 Nov 2017, 12:08
View user's profile Send private message Visit poster's website Reply with quote
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 25 Nov 2017, 12:28
not exactly but is similar:

mov byte [_jump+1], (00h - (_jump - _jump_to))

_jump_to:
.....
....
_jmp_old:
....
...
_jump:

jne _jmp_old
Post 25 Nov 2017, 12:28
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 25 Nov 2017, 12:38
The jump offset is relative to the instruction pointer AFTER the jump instruction, not before. So this should be either:
Code:
        mov     byte [_jump+1], _jump_to - _after_jump    
or
Code:
        mov     byte [_jump+1], _jump_to - (_jump+2)    
And please be careful and ensure that the jump you modify is the SHORT jump. With NEAR one the offsets and sizes are different.
Post 25 Nov 2017, 12:38
View user's profile Send private message Visit poster's website Reply with quote
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 25 Nov 2017, 12:49
Thank you! But the result is absolutely the same. I do not understand what happens. Is this possible to be OllyDbg problem? When code execution comes to that line, it can not continue - it does not hang, but repeatedly stays in this row. The code segment is readable, writable and executable, the error state is SUCCESS but ....
Post 25 Nov 2017, 12:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 25 Nov 2017, 14:07
What are the bytes of the jmp? Is your jmp going back to itself with the distance encoded to 0xfe?
Post 25 Nov 2017, 14:07
View user's profile Send private message Visit poster's website Reply with quote
DarkLordTed



Joined: 25 Nov 2017
Posts: 14
DarkLordTed 26 Nov 2017, 18:14
Thank you, everybody! My mistake! The calculation is correct!
Post 26 Nov 2017, 18:14
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.