flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > [SOLVED|different segment regs] Why expression not resolved?
Author
Thread Post new topic Reply to topic
ProMiNick



Joined: 24 Mar 2012
Posts: 770
Location: Russian Federation, Sochi
ProMiNick 19 Apr 2022, 05:15
Why expression [ebp+eax] not resolved into [eax+ebp]?
for example in mov instruction
Code:
mov     eax,dword[ebp+eax] ; 4 bytes: $8B,$44,$05,$00

not resolved into
Code:
mov     eax,dword[eax+ebp] ; 3 bytes: $8B,$04,$28

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.


Last edited by ProMiNick on 20 Apr 2022, 03:54; edited 1 time in total
Post 19 Apr 2022, 05:15
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19871
Location: In your JS exploiting you and your system
revolution 19 Apr 2022, 05:37
The first register is taken as the base, and the second register as the index.

EBP can only be encoded as a base register with an offset.

fasm doesn't reorder the registers, even when the offset is zero.
Post 19 Apr 2022, 05:37
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19871
Location: In your JS exploiting you and your system
revolution 19 Apr 2022, 07:33
I forgot to add that the reason for not swapping the register order is because of the different segment register used. EBP uses SS, EAX uses DS.

For Win32 this makes no difference normally, but fasm isn't only for Win32.
Post 19 Apr 2022, 07:33
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 819
Location: Russia
macomics 19 Apr 2022, 16:08
ProMiNick wrote:
not resolved into
Code:
mov     eax,dword[eax+ebp] ; 3 bytes: $8B,$04,$28

Code:
mov     eax,dword[eax+ebp] ; 4 bytes: $17,$8B,$04,$28
Post 19 Apr 2022, 16:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19871
Location: In your JS exploiting you and your system
revolution 20 Apr 2022, 03:45
If you define the segment register then you get this:
Code:
use32
mov eax,[ds:ebp+eax]    ; 0x8b, 0x04, 0x28
mov eax,[ds:eax+ebp]    ; 0x8b, 0x04, 0x28

mov eax,[ss:ebp+eax]    ; 0x8b, 0x44, 0x05, 0x00
mov eax,[ss:eax+ebp]    ; 0x8b, 0x44, 0x05, 0x00
Post 20 Apr 2022, 03:45
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.