flat assembler
Message board for the users of flat assembler.

Index > Windows > When I see a call 0xDE.... in a deubgger what does it mean?

Author
Thread Post new topic Reply to topic
halivingston



Joined: 04 Aug 2015
Posts: 2
halivingston 04 Aug 2015, 20:31
I just found out that the E8 opcode for x86 near call is pc-relative. Yes, I'm new to assembly.

So now my world is thoroughly shaken. If the instruction is pc-relative, how is it that in Visual Studio's disassembly window, I see call 0xDEADBEEF ... that to me is a memory address.

In fact, if I had to generate some code, like a call instruction, I'm almost positive I've previously done it by putting near call's opcode and then a memory location. How does that work?
Post 04 Aug 2015, 20:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20363
Location: In your JS exploiting you and your system
revolution 05 Aug 2015, 01:23
The debugger just needs to add the IP of the next instruction to the offset encoded in the instruction and that will give the absolute address.
Code:
org 0x12345678
call @f ;e8 00 00 00 00  <--- IP of next instruction = 0x1234567D, offset = 0x00000000
@@: ;<--- address 0x1234567D    
Post 05 Aug 2015, 01:23
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.