Click to See Complete Forum and Search --> : Another Assembly Question
kolkoo
September 23rd, 2006, 12:34 PM
Ok this is it. I have a function. At a point it gets to this
8A83 1C010000 MOV AL,BYTE PTR DS:[EBX+11C]
But i know that in DWORD PTR DS:[ESI+8] there is the data i seek.
So i edit this to call my function and add a nop after the call instruction
BUT by debugging the application in my new function DWORD PTR DS:[ESI+8] points to another stack address. So my question is how to declare the function in c++ so that it keeps the pointers pointing to the same stack or any work around for it.
kumaresh_ana
September 24th, 2006, 04:59 AM
Is this one not connected with the previous thread. Please do not create multiple thread for the same problem.
kumaresh_ana
September 24th, 2006, 05:05 AM
So my question is how to declare the function in c++ so that it keeps the pointers pointing to the same stack or any work around for it.DS segment register points to a data segment not stack. But most of the OS uses the same segment for both stack and data sections. Pass the ds as an arguement to your function and use it there. But remember you will need to overwrite more istructions to do push and then stack cleanup after function call. (looks nasty!!). I dont know about any C++ way of doing this, I doubt there is no other way to acheive this.
kolkoo
September 25th, 2006, 01:07 AM
Actually it is not the DS register that's different. It is the esi. Strange thing is if i dont use pushfd and pushad register stays the same but i want to not change any registers from the parent function like EAX but in order to copy i have to change some right?
kumaresh_ana
September 25th, 2006, 03:03 AM
The problem is mov eax is in between the push and the pop. Fire the debugger and see where actually the variable you are seeking for is after the two pushes.
PUSHFD;
PUSHAD;
;Set a breakpoint here and see the address of the variable you are seeking relative to ESI (call it X)
mov EAX,DWORD PTR DS:[ESI+8];
mov ho,EAX;
POPFD;
POPAD;
Now modify the [ESI + 8] to [ESI + X]. Also the check the intel document for "how many bytes are pushed onto the stack by both these instructions". Cross verify your findings with the documented value.
kolkoo
September 25th, 2006, 03:16 AM
Actually i solved my problems but just not using PUSHAD,PUSHFD. Thank you for your help though u helped me a lot :) So u get rated ^^
kumaresh_ana
September 25th, 2006, 03:45 AM
Anytime!! ;)
codeguru.com
Copyright WebMediaBrands Inc., All Rights Reserved.