• Welcome to Valhalla Legends Archive.
 

Offsets [x86]

Started by iago, February 19, 2003, 11:24 AM

Previous topic - Next topic

iago

Could somebody please tell me the difference between these two lines:
mov     ecx, dword_19034EEC
mov     ecx, offset dword_19034EEC
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Yoni

#1
It kind of depends on the assembler/disassembler that you used to get that, but I am guessing that the former copies the contents of dword_19034EEC into ecx, and the latter copies the address of dword_19034EEC into ecx (this address is probably 19034EEC).

If you provided the opcodes as well it would be more obvious.

Noodlez

#2
damnit yoni :( i was about to answer that but i went to the bathroom and comeback and your answers here~!

but yea, the first one puts the contents of dword_19034EEC and the second one the address

iago

#3
hmm.. IDA doesn't display the opcodes.. *opens w32dasm

:190142A5      mov ecx, dword ptr [19034EEC]
:190142AB      mov ecx, 19034EEC

hmm, guess that just answered my question ;-)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


KaSiaL

#4
Which version w32dasm u got? I got 8.93. How to make it to switch to another thread in the code window while debugging an app? I need it for WC3 debugging. :( Is IDA better than w32dasm?

Banana fanna fo fanna

#5
I never used w32dasm for debugging...but here's my 2 cents.

IDA is way slower than w32dasm...but it has more power. Like, it will try to figure out the C arguments for CALLs, and make a program map and all of that. W32dasm suits my needs better, it's a basic disassembler that meets my needs nicely. Search the net for W32dism++, it adds some nice functionality to W32dasm.

KaSiaL

#6
QuoteI never used w32dasm for debugging...but here's my 2 cents.
Thank you ;D
QuoteIDA is way slower than w32dasm...but it has more power. Like, it will try to figure out the C arguments for CALLs, and make a program map and all of that..
Actually my copy o w32dasm tries to figure 'em out, too. 8)
QuoteSearch the net for W32dism++, it adds some nice functionality to W32dasm.
LOL, google returned ony 2 URLs and both are links to some boards. :o

iago

#7
IDA is WAAY nicer, it lets you name variables, give functions parameters (that show up as comments before the push's in from the the function), add comments, etc.

For reversing, IDA is much nicer, and it's only slow if you don't save data.  w32dasm is nice because it's so simple, though.

http://www.valhallalegends.com/files/IDA430/ida.zip
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Zorm

#8
that link requires username/pass iago, mind moving it someplace else so I can grab it?
"Now, gentlemen, let us do something today which the world make talk of hereafter."
- Admiral Lord Collingwood

Noodlez

#9
yea, please iago :)

iago

#10
It does?  Hmm, I tried it earlier and it didn't, guess somebody didn't want it shared?

Anyway, it will eventually be here:
http://Guest:[email protected]:665/ida.zip
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Arta

#11
People who know about IDA still use w32dasm?!

IDA is totally superior :)

iago

#12
Like everything else, w32dasm has it's place in the world!  I find it cleaner and easier to work with, if I need to look up something, I just open w32dasm and wait the ~30 seconds to disassemble the file instead of opening IDA's saved file and having it done pretty much instantly :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Noodlez

#13
/me pokes iago
gogo put it on your ftp

Etheran

I know!! I tried that thin like 5 times now... my ida is shareware..  :'(
C:\Documents and Settings\Daniel Spence>ftp
ftp> o iago.no-ip.com:665
Unknown host iago.no-ip.com:665.
ftp> o iago.no-ip.com 665
Connected to iago.no-ip.com.
220 BulletProof FTP Server ready ...
User (iago.no-ip.com: )none)): Guest
331 Password required for Guest.
Password:
230 User Guest logged in.
ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
it froze after that.. and:
ftp> get ida.zip
200 Port command successful.
550 'ida.zip' : No Such File.
ftp>