X86 go to address

Question

X86 go to address

As an assignment for a security class, I am trying to use __asm__("jmp 0xbffff994"); in my code, but when I parse things in gdb, the instruction changes to jmp 0xc8047e2a . Any idea why and how I can go to a specific address?

+7

assembly x86 gdb jmp

Martin Apr 21 '09 at 23:26

source share

5 answers

Daniel Explains why your jump is not the one you programmed. It is associated with object files and linking.

if you want to go to a specific address, it is best to fix the jump using a debugger or disassembler.

0

toto Apr 21 '09 at 23:34

source share

On my system (gcc version 4.2.4, Ubuntu) this looks great on hassle-free (insight):

  int main ()
 {
 asm ("jmp 0xbffff994"); 
 return 0;
 };

exposure results (insights):

  0x8048344: lea 0x4 (% esp),% ecx
 - 0x8048348: and $ 0xfffffff0,% esp
 - 0x804834b: pushl -0x4 (% ecx)
 - 0x804834e: push% ebp
 - 0x804834f: mov% esp,% ebp
 - 0x8048351: push% ecx
 - 0x8048352: jmp 0xbffff994
 - 0x8048357: mov $ 0x0,% eax
 - 0x804835c: pop% ecx
 - 0x804835d: pop% ebp
 - 0x804835e: lea -0x4 (% ecx),% esp
 - 0x8048361: ret

0

Liran orevi Apr 21 '09 at 23:35

source share

It is difficult to determine the exact address at compile time, have you tried using labels? Use them more often with jmp.

Example:

 start: jmp exit exit: ret

0

John t Apr 21 '09 at 23:36

source share

I would recommend using a hex editor and just changing the value if it is just one time.

0

samoz Apr 21 '09 at 23:42

source share

Mark · Accepted Answer · 2009-04-21T23:34:28+0000

Probably because it jumps to a relative address, and the linker or loader moves your code. Try putting the address in a variable, and then do:

 jmp dword [var]

or alternatively:

 push 0xbffff994 ret

X86 go to address

More articles: