|
SOLVED: Asm question - Call instruction - Signed # |
Post Reply 
|
Page 12> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
||
GamingMasteR 
Senior Member 
Joined: 10 August 2008 Online Status: Offline Posts: 210 |
 Post Options
 Quote Reply
 Topic: SOLVED: Asm question - Call instruction - Signed #Posted: 20 July 2009 at 11:33pm |
||
|
upgraded
|
|||
 |
|||
|
Matts_User_Name
Senior Member
Joined: 10 August 2006 Location: USA Online Status: Offline Posts: 675 |
Post Options
Quote Reply
Posted: 20 July 2009 at 10:15pm |
||
|
What happened to the Avatar GM? |
|||
|
|||
|
BanMe
Groupie 
Joined: 18 August 2006 Location: United States Online Status: Offline Posts: 58 |
Post Options
Quote Reply
Posted: 19 July 2009 at 7:28pm |
||
|
lol nice to hear from you GM ;) for what its worth I dont hold grudges( I think its pointless and I'm just easy going) and I will help anyone, even those that don't agree with me ;) I stayed up to late last night.. and was not in my usual happy go lucky mood :)
"Peace & Code" as Cli3nt once said to me :)
regards BanMe
|
|||
|
|||
|
GamingMasteR
Senior Member
Joined: 10 August 2008 Online Status: Offline Posts: 210 |
Post Options
Quote Reply
Posted: 19 July 2009 at 3:41pm |
||
|
Hey guys i know both of you (wj here and banme from woodmann) are nice and have good knowledge ... Please don't let trivial things stir up discord among us Good luck everyone, --GM |
|||
|
|||
|
BanMe
Groupie
Joined: 18 August 2006 Location: United States Online Status: Offline Posts: 58 |
Post Options
Quote Reply
Posted: 19 July 2009 at 7:41am |
||
|
ah yes i did get a little heated..sorry for the remark..well it does not apply to the "context of the question" but does apply to fuller understanding of how the call instruction behaves and how to manipulate its behavior.I never use spell checker..sorry :p 1fy0uc4nr34dth1s1mf1n3... ;) regards BanMe
|
|||
|
|||
|
wj32
Senior Member
Joined: 16 January 2009 Location: Australia Online Status: Offline Posts: 704 |
Post Options
Quote Reply
Posted: 19 July 2009 at 7:01am |
||
Please refrain from using personal attacks on this forum. If you don't have manners, don't post here.
I understand what your code is about, I just don't see what relevance it has in this topic. Or rather, I was asking you about how we could apply your code in this context (question about assembly call instruction encoding). Now I will address your other concern...
Great. Who made a claim otherwise? I appreciate the effort you have put into your "server", but posting it in topics without any relevance is a bit pointless, don't you think? PS: Please use a spellchecker when you post. It makes them easier to read :). |
|||
|
MCTS: Windows Internals
Process Hacker, a free and open source process viewer. |
|||
|
|||
|
BanMe
Groupie
Joined: 18 August 2006 Location: United States Online Status: Offline Posts: 58 |
Post Options
Quote Reply
Posted: 19 July 2009 at 6:31am |
||
|
you obviously dont read things before you post do you...
yes code like this would definitly serve as a "CSR" Replacement..
maybe if you had read about the code you would understand what its actually about..
so I will lay it out for you...
it is about using the "calling conventions" specificly __stdcall.. in a dynamic and reusable fashion, the fact it "Native" code does not mean you can't reuse the concept's in win32..just use the win32 equivelents..and intrinsics or inline like me. th only api without a obvious equivelent is Native_GetHandleTableHandle but that just returns a handle to a suspended thread created previously.so CreateThread suffices in this respect ;)
the fact you didn't read it before posting shows a feature most common..lazyiness ;}
also 2byte jmps are used in hotpatching and funner hooking techniques..
.
I thought a little injection of "call instruction behavior" would be nice addition to this threads overall value.. maybe I was wrong?
BanMe Edited by BanMe - 19 July 2009 at 6:47am |
|||
|
|||
|
wj32
Senior Member
Joined: 16 January 2009 Location: Australia Online Status: Offline Posts: 704 |
Post Options
Quote Reply
Posted: 19 July 2009 at 2:55am |
||
What does this have to do with the topic?  Matts_User_Name was asking about call instructions, not CSR replacements... |
|||
|
MCTS: Windows Internals
Process Hacker, a free and open source process viewer. |
|||
|
|||
|
BanMe
Groupie
Joined: 18 August 2006 Location: United States Online Status: Offline Posts: 58 |
Post Options
Quote Reply
Posted: 19 July 2009 at 2:43am |
||
|
Indirect calling can go here to ;)
ive modified it since then but hey I just use push instead of pop and I user the Context Registers to pass stuff..newer sources are included in my server.. if you can find it and understand it props to you :D
regards BanMe
|
|||
|
|||
|
wj32
Senior Member
Joined: 16 January 2009 Location: Australia Online Status: Offline Posts: 704 |
Post Options
Quote Reply
Posted: 18 July 2009 at 8:53am |
||
|
Well, that's just how the call/jmp instructions are coded. If you want to do an absolute jump, you can do this:
mov eax, 0x12345678 jmp eax See http://www.geocities.com/thestarman3/asm/2bytejumps.htm |
|||
|
MCTS: Windows Internals
Process Hacker, a free and open source process viewer. |
|||
|
|||
|
Post Reply
|
Page 12> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
