flat assembler
Message board for the users of flat assembler.
Index
> Windows > LEA Assembled |
Author |
|
revolution 01 Sep 2005, 04:18
Code: lea eax,[ss:ebp] However if you meant ANY dword constant when you put 4 0's then the instruction is: Code: lea eax,[ss:ebp+012345678h] |
|||
01 Sep 2005, 04:18 |
|
Hicel 01 Sep 2005, 04:59
Thanks for your quick reply.. looks like I got the wrong hex values.. I don't even understand what ss:ebp+2000 means. So it is impossible that I wrote it. But can you explain what lea eax,[ss:ebp+...] does? or any link which explains that instruction? i know ss is the stack segment but ebp+...???
|
|||
01 Sep 2005, 04:59 |
|
revolution 01 Sep 2005, 05:54
ebp is a general purpose register that can be used for addressing and arithmetic. I don't have any links but try searching for x86 assembly tutorials. Also you might want to search the Intel and AMD sites for the documentation that explains all the instructions in infinite detail.
|
|||
01 Sep 2005, 05:54 |
|
shoorick 01 Sep 2005, 06:10
to understand this you should read about addressing in 386.
ss:ebp+2000 means offset in stack segment, calculated by adding ebp value and 2000. ss even can be omited since ebp uses with it by default. mov eax,[ss:ebp+2000] will calculate offset and load value from it into eax lea eax,[ss:ebp+2000] will calculate offset and load it into eax (eg. you got a pointer in eax) lea - load effective adress |
|||
01 Sep 2005, 06:10 |
|
Madis731 01 Sep 2005, 09:14
db 8Dh,85h, 0 , 0 , 0 , 0
is actually LEA EAX,[EBP+00000000h] because there is no way it can assemble to lea with one register and no immediate. db 8Dh,45h, 0 defines LEA EAX,[EBP+00h] with one byte immediate |
|||
01 Sep 2005, 09:14 |
|
MazeGen 01 Sep 2005, 11:51
Not quite right, only [EBP] can't be assembled with no immediate:
Code: 8D03 lea eax,[ebx] ; no immediate |
|||
01 Sep 2005, 11:51 |
|
Madis731 01 Sep 2005, 12:07
yes - only for EAX,ECX,EDX,EBX,ESI,EDI with 8D00,8D01,8D02,8D03,8D06,8D07 respectively
8D04 is eax+eax and 8D05 is immediate only |
|||
01 Sep 2005, 12:07 |
|
Hicel 01 Sep 2005, 19:31
Thanks to you all.. you really helped me! Just wondering how fast you find out what these hex values are? Anyway big thanks.
|
|||
01 Sep 2005, 19:31 |
|
Madis731 02 Sep 2005, 18:11
You can use hexeditor, too bad this link I'm looking for is down:
http://www.google.com/search?hl=en&q=icy+hexplorer&btnG=Google+Search you can see only Google's cache but I think you will find good hexeditors for yourself The other thing is OllyDbg, where you can find an empty space and start inserting your code, or just try different hex strings and see what OllyDbg makes of it. |
|||
02 Sep 2005, 18:11 |
|
UCM 03 Sep 2005, 01:15
i retrieved Icy Hexplorer's exe installer from archive.org's cache altho they didn't have a web cache for the zip.
Posted it here. (446 KiB, packed using 7-zip cause its smaller by like 40KiB and the forum doesn't allow executables) EDIT: attachment removed since it is on SourceForge _________________ This calls for... Ultra CRUNCHY Man! Ta da!! *crunch* |
|||
03 Sep 2005, 01:15 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.