Offsets [x86]

iago · February 19, 2003, 11:24 AM

Could somebody please tell me the difference between these two lines:

mov     ecx, dword_19034EEC
mov     ecx, offset dword_19034EEC

Yoni · February 19, 2003, 11:36 AM

It kind of depends on the assembler/disassembler that you used to get that, but I am guessing that the former copies the contents of dword_19034EEC into ecx, and the latter copies the address of dword_19034EEC into ecx (this address is probably 19034EEC).

If you provided the opcodes as well it would be more obvious.

Noodlez · February 19, 2003, 11:41 AM

damnit yoni

i was about to answer that but i went to the bathroom and comeback and your answers here~!

but yea, the first one puts the contents of dword_19034EEC and the second one the address

iago · February 19, 2003, 11:43 AM

hmm.. IDA doesn't display the opcodes.. *opens w32dasm

:190142A5 mov ecx, dword ptr [19034EEC]
:190142AB mov ecx, 19034EEC

hmm, guess that just answered my question ;-)

KaSiaL · February 19, 2003, 01:47 PM

Which version w32dasm u got? I got 8.93. How to make it to switch to another thread in the code window while debugging an app? I need it for WC3 debugging.

Is IDA better than w32dasm?

Banana fanna fo fanna · February 19, 2003, 03:23 PM

I never used w32dasm for debugging...but here's my 2 cents.

IDA is way slower than w32dasm...but it has more power. Like, it will try to figure out the C arguments for CALLs, and make a program map and all of that. W32dasm suits my needs better, it's a basic disassembler that meets my needs nicely. Search the net for W32dism++, it adds some nice functionality to W32dasm.

KaSiaL · February 19, 2003, 04:00 PM

QuoteI never used w32dasm for debugging...but here's my 2 cents.

Thank you

QuoteIDA is way slower than w32dasm...but it has more power. Like, it will try to figure out the C arguments for CALLs, and make a program map and all of that..

Actually my copy o w32dasm tries to figure 'em out, too.

QuoteSearch the net for W32dism++, it adds some nice functionality to W32dasm.

LOL, google returned ony 2 URLs and both are links to some boards.

iago · February 19, 2003, 05:13 PM

IDA is WAAY nicer, it lets you name variables, give functions parameters (that show up as comments before the push's in from the the function), add comments, etc.

For reversing, IDA is much nicer, and it's only slow if you don't save data. w32dasm is nice because it's so simple, though.

http://www.valhallalegends.com/files/IDA430/ida.zip

Zorm · February 19, 2003, 05:52 PM

that link requires username/pass iago, mind moving it someplace else so I can grab it?

Noodlez · February 19, 2003, 07:38 PM

yea, please iago

iago · February 19, 2003, 10:02 PM

It does? Hmm, I tried it earlier and it didn't, guess somebody didn't want it shared?

Anyway, it will eventually be here:
http://Guest:[email protected]:665/ida.zip

Arta · February 20, 2003, 06:46 PM

People who know about IDA still use w32dasm?!

IDA is totally superior

iago · February 20, 2003, 09:24 PM

Like everything else, w32dasm has it's place in the world! I find it cleaner and easier to work with, if I need to look up something, I just open w32dasm and wait the ~30 seconds to disassemble the file instead of opening IDA's saved file and having it done pretty much instantly

Noodlez · February 20, 2003, 10:33 PM

/me pokes iago
gogo put it on your ftp

Etheran · February 21, 2003, 12:10 AM

I know!! I tried that thin like 5 times now... my ida is shareware..

Code Select

C:\Documents and Settings\Daniel Spence>ftp
ftp> o iago.no-ip.com:665
Unknown host iago.no-ip.com:665.
ftp> o iago.no-ip.com 665
Connected to iago.no-ip.com.
220 BulletProof FTP Server ready ...
User (iago.no-ip.com: )none)): Guest
331 Password required for Guest.
Password:
230 User Guest logged in.
ftp> dir
200 Port command successful.
150 Opening data connection for directory list.

it froze after that.. and:

Code Select

ftp> get ida.zip
200 Port command successful.
550 'ida.zip' : No Such File.
ftp>

Offsets [x86]

KaSiaL

KaSiaL