OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: January 31, 2008 13:26 CST by bodzcount .

Hi,

I want to convert something like "call 401010" to "push eip+x; jmp 401010". How can I do that? (push eip is not possible)

I have to do that, because otherwise i can not assemble some code snippeds. The assembler wants that every call destination is declared as PROC. Or is it possible to force the assemble to do a call to an ordinary label?
(In obfuscated code its hard to create PROC sections, because sometimes one don't know where to put the ENDP)...

regards,
Bodz

bodzcount		January 31, 2008 13:37.57 CST
I found the solution at http://doc.ddart.net/asm/Microsoft_MASM_Programmers_Guide_v6.1/Chap_07.htm You can define procedures without PROC and ENDP, but if you do, you must make sure that the size of the CALL matches the size of the RET. You can specify the RET instruction as RETN (Return Near) or RETF (Return Far) to override the default size regards, bodz

Nevar		February 1, 2008 01:36.27 CST
`call $+5 pop reg ;; reg == eip push retva jmp jmpva` issuing a CALL causes the next EIP to be pushed and that is how one obtains EIP. -nevar

bodzcount		February 1, 2008 03:07.47 CST
wicked! thanks, bodz

sa7ori		February 4, 2008 17:21.03 CST
call 0; pop ecx

sa7ori		February 4, 2008 17:28.04 CST
> sa7ori: call 0; > pop ecx specifically (and more correctly): call someLabel someLabel: pop ecx

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit