Kris wrote:
> I just wanted to know if there was something horribly obvious that
> I was doing wrong.
:
> JMP 0x02 # Should add 0x02 to eip, but instead, it sets eip to 0x02.
Yes - the assembler syntax *always* accepts the absolute address, not the
relative address. As a programmer, you wouldn't want to have to dig out the
docs to count the size of your instructions just to enter a jump, would you?
You use absolute addresses and labels and let the assembler sort out all of
that for you.
I didn't answer earlier because I don't know enough about GCC's asm syntax
to tell you how to do what you want. In MASM you'd do something like
label_here:
jmp label_here+2
or perhaps you'd have to throw in "offset" and a few square brackets - I
can't remember.
But I suspect you're trying to do some make-it-hard-to-disassemble trick.
i.e. something like
00000 xx 03 jmp 00003
00002 yy aa bb cc dd mov eax, 0xddccbbaa
when it's really
00000 xx 03 jmp 00003
00002 yy garbage
00003 aa bb cc dd call _printf
- that's the only circumstance I can think of where you'd want to enter your
own relative jump - in which case you'd always want to add the garbage byte
afterwards too. So you probably want to enter the bytes in the assembly
block as data, i.e. using "db xx 03 yy" or similar if you can.
Of course the real place to generate such a trick is when you convert the
RTL to output assembler so you can pick you garbage byte to maximise the
time before the accidental disassembly comes good again :-)
Rup.
