MOV Instruction help..

Index > Main > MOV Instruction help..

Author

Thread

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 12 Oct 2010, 13:46

Hello everyone. I have some little problem about mov instruction. Problem is that I cant move string to string I mean add string to string.. for example
I have defined strings..
str1 db 'ABC',0
str2 db 'DEF',0
and now I'm trying to do following:
mov [str1+4],str2
but I got error Invalid use of symbol.. whats problem here ?.. thank you.

12 Oct 2010, 13:46

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20526
Location: In your JS exploiting you and your system

revolution 12 Oct 2010, 13:52

str1 is defined as a byte pointer. So internally fasm does this:

Code:

mov byte[str1+4],str2

and since str2 is at least a word value (or bigger, you didn't show the rest of your code so we can't know for sure) and can't fit into a byte location.

However, you can't just add strings like that. Rather than copy a pointer, you have to copy the entire string and attach it to the end of the other string. str1 needs to have enough space to store the resultant string else you will overwrite whatever follows it. Read up on the rep movsb instruction to see how to copy strings.

12 Oct 2010, 13:52

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 12 Oct 2010, 14:02

Here's code and see what's missing please.. Smile

Code:

format PE GUI 4.0
include 'WIN32AX.INC'
entry main
section '.data' data readable writeable
buffer1 rb 100
buffer2 db '\TEST',0
section '.text' code readable executable
proc main
invoke GetCurrentDirectory,100,buffer1
mov [buffer1+21],buffer2
invoke MessageBox,0,buffer1,buffer1,MB_OK
invoke ExitProcess,0
endp
section '.idata' import data readable
library user32,'user32.dll',kernel32,'kernel32.dll'
include 'API\USER32.INC'
include 'API\KERNEL32.INC'
section '.reloc' fixups data discardable

12 Oct 2010, 14:02

DJ Mauretto

Joined: 14 Mar 2007
Posts: 464
Location: Rome,Italy

DJ Mauretto 12 Oct 2010, 16:16

Code:

format PE GUI 4.0

include 'WIN32AX.INC'
entry main
section '.data' data readable writeable

buffer1 rb 100
buffer2 db '\TEST',0

section '.text' code readable executable

proc main

invoke GetCurrentDirectory,0,NULL
push eax
invoke GetCurrentDirectory,eax,buffer1
pop eax
sub eax,1
mov esi,buffer2
lea edi,[eax + buffer1]
mov ecx,6
rep movsb
invoke MessageBox,0,buffer1,buffer1,MB_OK
invoke ExitProcess,0

endp

section '.idata' import data readable

library user32,'user32.dll',kernel32,'kernel32.dll'
include 'API\USER32.INC'
include 'API\KERNEL32.INC'
section '.reloc' fixups data discardable

_________________
Nil Volentibus Arduum Razz

12 Oct 2010, 16:16

rugxulo

Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)

rugxulo 12 Oct 2010, 22:19

Code:

offset equ ; for clarity

use16      ; by default
org 100h   ; DOS .COM, for simplicity

jmp Start
str1: db 'ABC',0 ; four bytes, plus this syntax below needs a colon
str2: db 'DEF',0 ; also four bytes, aka dword

; "and now I'm trying to do following:"

Start:
;mov dword [str1+4],offset str2 ; obviously wrong, offset != contents
push dword [str2]
pop dword [str1+3] ; overwrite initial NUL
int 20h ; exit

This is what you were literally trying to do. But I don't think that's what you really wanted. Sure, you can easily "concat" two dwords (four bytes) thanks to 32-bit regs being that size, but anything longer needs REP MOVSB (DS:ESI -> ES:EDI, count in ECX) or manual copying or using libc's strcpy(), etc.

12 Oct 2010, 22:19

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 13 Oct 2010, 06:25

ah thanks for info. both are epic. thanks. Smile

13 Oct 2010, 06:25

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 13 Oct 2010, 06:48

Hey, I haven't figure out why this instruction should sub eax,1 and then lea eax+buffer1 can you comment ur code please ? thank you. Smile

13 Oct 2010, 06:48

baldr

Joined: 19 Mar 2008
Posts: 1651

baldr 13 Oct 2010, 06:57

Overflowz,

Where does that eax come from? GetCurrentDirectory(0, NULL). What does it mean? MSDN can help. Why eax is decremented then? To account for NUL terminator. What value lea edi, [eax+buffer1] puts in edi? Naturally, eax+buffer1.

13 Oct 2010, 06:57

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 13 Oct 2010, 11:37

I understand that but why it copies both value buffer1-1 and buffer1 to each other ? I dont understand the logic how that code works.

13 Oct 2010, 11:37

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 13 Oct 2010, 21:23

figured out. this works bit fine for me.

Code:

format PE GUI 4.0
include 'WIN32AX.INC'
entry main
section '.data' data readable writeable
itdb db ?
buffer1 rb 100
sizeof.buffer1 = $ - buffer1
buffer2 db '\TEST',0
sizeof.buffer2 = $ - buffer2
section '.text' code readable executable
proc main
invoke GetCurrentDirectory,100,buffer1
invoke lstrlen,buffer1
mov esi,buffer2
lea edi,[buffer1+eax]
mov ecx,eax
rep movsb
invoke MessageBox,0,buffer1,buffer1,MB_OK
invoke ExitProcess,0
endp
section '.idata' import data readable
library user32,'user32.dll',kernel32,'kernel32.dll'
include 'API\USER32.INC'
include 'API\KERNEL32.INC'
section '.reloc' fixups data discardable

13 Oct 2010, 21:23

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20526
Location: In your JS exploiting you and your system

revolution 14 Oct 2010, 00:26

I think you mean:

Code:

;...
mov ecx,sizeof.buffer2
;...

14 Oct 2010, 00:26

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 14 Oct 2010, 08:54

lol yes.. I forgot sizeof struct.. thanks. I'll learn more about movs movsb movsw scas and etc.. thanks for replies.

14 Oct 2010, 08:54

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum