flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > Operand sizes in USE16/USE32 + Jmp far ?
Author
Thread Post new topic Reply to topic
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji 29 Mar 2009, 10:53
hi all, Wink

Code:
format       PE native 4.0 at 10000h
entry        DriverEntry
....
code 32 bits
....
(in this driver, i switch to real mode from protected mode)
USE16
...
JMP FAR AAAA:BBBB (2 words) <----- my question !!!


Jmp far 16 bits :
Opcode : 66 EA BBBB AAAA ( 2 words)

I don't find the correct syntax for to get "66 EA BBBB AAAA" Embarassed

I have to manually encode : db 66h , 0EAh , dw n°1, dw n°2 Rolling Eyes


thank you all

EDIT by DOS386 : enhanced subject
Post 29 Mar 2009, 10:53
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19869
Location: In your JS exploiting you and your system
revolution 29 Mar 2009, 12:00
Code:
use32
JMP FAR DWORD AAAA:BBBB ;66 EA BBBB AAAA
use16
JMP FAR AAAA:BBBB ;EA BBBB AAAA


Last edited by revolution on 29 Mar 2009, 12:06; edited 1 time in total
Post 29 Mar 2009, 12:00
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4324
Location: Now
edfed 29 Mar 2009, 12:02
66 is a size prefix.
your code is first encoded for 32 bits instrctions, then , the processor needs to see the instruction as a 16bit instruction, then, the size prefix is there.

if you encode 32bits instructions in 16 bits code, you have the same result.
Post 29 Mar 2009, 12:02
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8263
Location: Kraków, Poland
Tomasz Grysztar 29 Mar 2009, 12:05
revolution wrote:
Code:
use32
JMP FAR AAAA:BBBB ;66 EA BBBB AAAA
use16
JMP FAR AAAA:BBBB ;EA BBBB AAAA

I'd rather put it this way:
Code:
use32
jmp far 0xAAAA:0xBBBB        ; EA BB BB 00 00 AA AA
jmp far dword 0xAAAA:0xBBBB  ; 66 EA BB BB AA AA

use16
jmp far 0xAAAA:0xBBBB        ; EA BB BB AA AA
jmp far pword 0xAAAA:0xBBBB  ; 66 EA BB BB 00 00 AA AA


ouadji: you're not supposed to put "use16" code into PE drivers (well, unless you really know what you're doing). You only have to put the right size operator into the instruction to generate the 16-bit variant.
Post 29 Mar 2009, 12:05
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19869
Location: In your JS exploiting you and your system
revolution 29 Mar 2009, 12:07
Wow, I just fixed my post and already two replies in between. Hehe, that will teach me to post before testing.
Post 29 Mar 2009, 12:07
View user's profile Send private message Visit poster's website Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji 29 Mar 2009, 16:17

ok, I understand, thank you very much

PS : to Tomasz Grysztar
"You only have to put the right size operator into the instruction to generate the 16-bit variant" ...
yes indeed, this is the right solution. thank you for your advice.

Wink
Post 29 Mar 2009, 16:17
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.