Jump to content
Moopler
Sign in to follow this  
lapeiro

Help Again stuck, tried to find answers everywhere

Recommended Posts

sorry to bother yet again, but i can't find on anywhere else an explanation on the inline asm, as to why :

mov [esp + 0x10],0x09 // is doing mov byte ptr ( it writes C6 instead of C7 on the first bytes )

so it looks like:

C6 44 24 10 09

instead of :

C7 44 24 10 00 00 00 09 // since its moving only the 0x09 byte, and it has to mov the other 3

 

I tried doing the whole script byte by byte, but its so messy and clunky it doesn't seem right ( or maybe i'm in the wrong here )

 

Share this post


Link to post

ESP is not a "general" data register like eax, ebx, etc..

ESP is supposed to point to the stack (almost always) - some optimizers might (in rare cases) decide to use it anyways for optimization-reasons. However, since it's supposed to be the "only" way to access the stack-data, it's also supposed to allow mutation of stack-variables of all sizes and shapes.

This means that ESP-operations allows both byte, word and dword alignment operators.

  • If you wish to move a byte to the stack-member, you'd use:
    • mov [esp+0x10],0x0(like you did above)
    • mov byte ptr [esp+0x10],0x09.
  • If you wish to move a dword to the stack-member, you'd use:
    • mov [esp+0x10],0x00000009
    • mov dword ptr [esp+0x10],0x00000009.

Probably, the compiler tried to "optimize" your solution, by only editting the last byte (since, afterall, you're only setting one byte). The following could also work:

movzx [esp+0x10],0x09

Edited by NewSprux2.0?
  • Like 2

Share this post


Link to post

so basically whenever we try to use inline asm on c++, we have to try to be as simple or as descritive as possible so it knows how to compile, i thought about dword, but only executed the "mov [esp+0x10],0x00000009 " with no success, Thank you very much for the insight, this will help me alot for other scripts too

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×