flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > [SOLVED] Jump/Call to absolute address
Author
Thread Post new topic Reply to topic
Appels



Joined: 25 Feb 2016
Posts: 4
Appels 25 Feb 2016, 10:37
How do I jump or call to an absolute address?

e.g:
jz 00031279h
call 000313A0h

Also, preferably I do it directly, just like the code I am disassembling (I hooked the function, and I am rewriting it so I can modify it more easily)


Last edited by Appels on 27 Feb 2016, 15:50; edited 1 time in total
Post 25 Feb 2016, 10:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20517
Location: In your JS exploiting you and your system
revolution 25 Feb 2016, 12:50
Code:
mov eax,your_target_address
jmp eax
Post 25 Feb 2016, 12:50
View user's profile Send private message Visit poster's website Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 414
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 25 Feb 2016, 13:57
Code:
push your_target_address
ret

_________________
smaller is better
Post 25 Feb 2016, 13:57
View user's profile Send private message Reply with quote
Appels



Joined: 25 Feb 2016
Posts: 4
Appels 25 Feb 2016, 16:39
So there's no way to do it directly just like compilers do??!
Post 25 Feb 2016, 16:39
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 25 Feb 2016, 16:48
Appels wrote:
So there's no way to do it directly just like compilers do??!

I am not very sure what you are asking for, but did you tried to compile the instructions from your first post? They are valid and compiles without errors.

_________________
Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9
Post 25 Feb 2016, 16:48
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Appels



Joined: 25 Feb 2016
Posts: 4
Appels 25 Feb 2016, 16:55
JohnFound wrote:
Appels wrote:
So there's no way to do it directly just like compilers do??!

I am not very sure what you are asking for, but did you tried to compile the instructions from your first post? They are valid and compiles without errors.


Yes, I ended up with "Error: invalid use of symbol".

I am running Windows 7 with fasm 1.71.39
Post 25 Feb 2016, 16:55
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 25 Feb 2016, 17:11
It is not possible to get "invalid use of symbol". Post some minimal code that to raise this error. Everything compiles fine for me.
Post 25 Feb 2016, 17:11
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Trinitek



Joined: 06 Nov 2011
Posts: 257
Trinitek 25 Feb 2016, 17:28
Disassemblers and debuggers will typically simplify a direct jump or call into a single instruction like you've shown in your top post. x86 does not support direct jumps to immediate absolute addresses with conditional jumps or calls. It is not a limitation of FASM.

This is what the Intel manual says:
Quote:
The Jcc instruction does not support far jumps (jumps to other code segments). When the target for the conditional
jump is in a different segment, use the opposite condition from the condition being tested for the Jcc instruction,
and then access the target with an unconditional far jump (JMP instruction) to the other segment. For example, the
following conditional far jump is illegal:
Code:
JZ FARLABEL;
To accomplish this far jump, use the following two instructions:
Code:
JNZ BEYOND;
JMP FARLABEL;
BEYOND:
Post 25 Feb 2016, 17:28
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20517
Location: In your JS exploiting you and your system
revolution 25 Feb 2016, 17:44
The error "error: invalid use of symbol" is probably because you are using fixups
Code:
include 'win32ax.inc'

.code

my_target_address = 0

start:
        call    my_target_address ;<---error: invalid use of symbol
        invoke  ExitProcess,0

data fixups
end data

.end start
When the target address is non-relocatable it is not possible to make an immediate direct call to it from relocatable code. The X86 instruction set does not support immediate direct calls or jumps, they are always relative. So you have to use some other method, perhaps as suggested above.
Post 25 Feb 2016, 17:44
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 25 Feb 2016, 19:49
Hm. I never though in deep about fixups, but isn't it possible to fix the offsets the same way as all other addresses? The needed constant seems to be the same.
Post 25 Feb 2016, 19:49
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 25 Feb 2016, 23:17
JohnFound
Quote:
isn't it possible to fix the offsets the same way as all other addresses?

Here's a little explanation, why it's not.

_________________
Faith is a superposition of knowledge and fallacy
Post 25 Feb 2016, 23:17
View user's profile Send private message Reply with quote
Appels



Joined: 25 Feb 2016
Posts: 4
Appels 27 Feb 2016, 15:51
Allright thank you all, I'll put [SOLVED] in the thread title.
Post 27 Feb 2016, 15:51
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.