|
Tiny question
Hi,
There's something OPs which is still bothering me. 1. What's the difference between Pushad and Pushfd? 2. What eip stands for? 3. I wanna copy some string to another location. Original loc is [ebp-8] which is holding string like wedfreertety3453465dgf== What i want is copy it to another loc like [00500000] be4 the string is erased. And for RVA 00500000h i write 00500010 for instance. So the new loc for string is now at RVA 00500010. So what's code injection can i have? Can we use repz stosb command? Any variant of code injection are welcome. TIA, kyrios |
1. Pushad Push all registers on the stack (general registers)
Pushfd Push flags on the stack (EFLAGS Register) 2. EIP is the Instruction Pointer, look at the Intel Reference Manual's http://developer.intel.com/design/pentium4/manuals/index_new.htm 3. I don"t know |
For No (3) I would have done something like that..
. push ecx mov ecx, (number of bytes in string) cld rep movsb dest_Address,source_Address pop ecx .. Just an idea :) |
Thx u belisarious,
Anyway what cld mean? Others: any other variant is still welcome. kyrios |
Hi,
CLD clears the direction flag (CLear Direction). That flag controls the behaviour of REP. You can set it to increase or decrease cx after each operation. kp |
1 Attachment(s)
According to my favorite "Intel Opcodes and mnemonics" cld stands for:
CLD - Clear Direction Flag Usage: CLD Modifies flags: DF Clears the Direction Flag causing string instructions to increment the SI and DI index registers. I think you will find it usefull so I 'm attaching it. |
Thx
Thx 4 the opcodes. I realize it's a must have one.
kyrios |
| All times are GMT +8. The time now is 19:39. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX