flat assembler
Message board for the users of flat assembler.

 Index > Windows > LEA Assembled
Author
Hicel

Joined: 09 Sep 2004
Posts: 55
Hicel 01 Sep 2005, 03:49
Hey, this question may sound stupid but I assembled a LEA instruction and need to know what I've done. But I don't know the arguments anymore. I just got the HEX Values:
\$8D; \$85; \$0; \$0; \$0; \$0

8D is LEA and the \$0's are the DWORD
I tried every combination like

value dd ?
LEA eax,[value+eax*4]

is \$8D; \$4; \$85; \$0; \$0; \$0; \$0

But I don't get the rid of the \$4..

01 Sep 2005, 03:49
revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20247
revolution 01 Sep 2005, 04:18
Code:
`lea eax,[ss:ebp]    `
But the funny part is you can't assemble that with FASM, because FASM will optimise it to 8dH,45H,0H.

However if you meant ANY dword constant when you put 4 0's then the instruction is:
Code:
`lea eax,[ss:ebp+012345678h]    `
01 Sep 2005, 04:18
Hicel

Joined: 09 Sep 2004
Posts: 55
Hicel 01 Sep 2005, 04:59
Thanks for your quick reply.. looks like I got the wrong hex values.. I don't even understand what ss:ebp+2000 means. So it is impossible that I wrote it. But can you explain what lea eax,[ss:ebp+...] does? or any link which explains that instruction? i know ss is the stack segment but ebp+...???
01 Sep 2005, 04:59
revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20247
revolution 01 Sep 2005, 05:54
ebp is a general purpose register that can be used for addressing and arithmetic. I don't have any links but try searching for x86 assembly tutorials. Also you might want to search the Intel and AMD sites for the documentation that explains all the instructions in infinite detail.
01 Sep 2005, 05:54
shoorick

Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 01 Sep 2005, 06:10
ss:ebp+2000 means offset in stack segment, calculated by adding ebp value and 2000. ss even can be omited since ebp uses with it by default.
mov eax,[ss:ebp+2000] will calculate offset and load value from it into eax
lea eax,[ss:ebp+2000] will calculate offset and load it into eax (eg. you got a pointer in eax) lea - load effective adress
01 Sep 2005, 06:10

Joined: 25 Sep 2003
Posts: 2139
Location: Estonia
db 8Dh,85h, 0 , 0 , 0 , 0
is actually LEA EAX,[EBP+00000000h] because there is no way it can assemble to lea with one register and no immediate.
db 8Dh,45h, 0
defines LEA EAX,[EBP+00h] with one byte immediate
01 Sep 2005, 09:14
MazeGen

Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 01 Sep 2005, 11:51
Not quite right, only [EBP] can't be assembled with no immediate:

Code:
`8D03 lea eax,[ebx] ; no immediate    `
01 Sep 2005, 11:51

Joined: 25 Sep 2003
Posts: 2139
Location: Estonia
yes - only for EAX,ECX,EDX,EBX,ESI,EDI with 8D00,8D01,8D02,8D03,8D06,8D07 respectively
8D04 is eax+eax and 8D05 is immediate only
01 Sep 2005, 12:07
Hicel

Joined: 09 Sep 2004
Posts: 55
Hicel 01 Sep 2005, 19:31
Thanks to you all.. you really helped me! Just wondering how fast you find out what these hex values are? Anyway big thanks.
01 Sep 2005, 19:31

Joined: 25 Sep 2003
Posts: 2139
Location: Estonia
You can use hexeditor, too bad this link I'm looking for is down:
you can see only Google's cache
but I think you will find good hexeditors for yourself

The other thing is OllyDbg, where you can find an empty space and start inserting your code, or just try different hex strings and see what OllyDbg makes of it.
02 Sep 2005, 18:11
UCM

Joined: 25 Feb 2005
Posts: 285
UCM 03 Sep 2005, 01:15
i retrieved Icy Hexplorer's exe installer from archive.org's cache altho they didn't have a web cache for the zip.
Posted it here. (446 KiB, packed using 7-zip cause its smaller by like 40KiB and the forum doesn't allow executables)

EDIT: attachment removed since it is on SourceForge

_________________
This calls for... Ultra CRUNCHY Man!
Ta da!! *crunch*
03 Sep 2005, 01:15
 Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

 Jump to: Select a forum Official----------------AssemblyPeripheria General----------------MainTutorials and ExamplesDOSWindowsLinuxUnixMenuetOS Specific----------------MacroinstructionsOS ConstructionIDE DevelopmentProjects and IdeasNon-x86 architecturesHigh Level LanguagesProgramming Language DesignCompiler Internals Other----------------FeedbackHeapTest Area

Forum Rules:
 You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum