X86 encode near call relative offset

后端未结

关注

 2  1271

Let\'s say I\'ve the following set of instructions:

00E79E00  | E8 AE580000   CALL    someprocess.00E7F6B3
00E79E05  | 85C0          TEST    EAX, EAX
(output tak


                      
              相关标签:


      
      
        
          2条回答        

        
                         				            
            
           
            
                              
                
              
              
                
                  面向向阳花        
                
              
                            
                2021-01-21 08:50
              
            
            
                                                                       
It's fairly trivial, really:

Origin = E79E00
Target = E7F6B3
Offset =   58AE

Target = Origin + Offset + 5 (5 being the size of the call instruction)

                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
            
           
            
                              
                
              
              
                
                  隐瞒了意图╮        
                
              
                            
                2021-01-21 09:09
              
            
            
                                                                       
You just take the address of the next instruction (00E79E05) and add the 32-bit signed offset from the instruction (58AE, little endian, remember?)

00E79E05
+   58AE
--------
00E7F6B3

                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
                             
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复