bsprhost
asked on
Address Range Confusion???
Hi everyone. I am a High-level programmer trying to learn assembly language.
I wrote a simple High-level language program. It contains a sub-routine.
I compiled it and debugged its assembly language code.
I discoverd that the equivalent line in Assembler responsible of calling the subroutine is:
CALL DWORD PTR DS:[EAX+704]
Therefore, I put a breakpoint on the line, ran the program and it halts at that line.
The EAX register reads: 004032E8
This is the value that confuses me because it is well outside the typical 00401... address
range of my program.
When I step into it, I end up on the line:
00401AD8 JMP 00401F30
When I step again, it then jumps into my sub-routine at the address: 00401F30. (This second
part is understood.)
I cannot seem to relate the address: 004032E8 in the EAX register pointing to 00401AD8,
which executes the jump to my sub-routine.
Any help would be greatly appreciated. Thanks.
I wrote a simple High-level language program. It contains a sub-routine.
I compiled it and debugged its assembly language code.
I discoverd that the equivalent line in Assembler responsible of calling the subroutine is:
CALL DWORD PTR DS:[EAX+704]
Therefore, I put a breakpoint on the line, ran the program and it halts at that line.
The EAX register reads: 004032E8
This is the value that confuses me because it is well outside the typical 00401... address
range of my program.
When I step into it, I end up on the line:
00401AD8 JMP 00401F30
When I step again, it then jumps into my sub-routine at the address: 00401F30. (This second
part is understood.)
I cannot seem to relate the address: 004032E8 in the EAX register pointing to 00401AD8,
which executes the jump to my sub-routine.
Any help would be greatly appreciated. Thanks.
ASKER
Thank you for your response, mccarl.
Yes I did try that before, but I just cannot seem to find such an address.
In one debugger, the furthest I can get to is: 00403013.
On another debugger, the furthest I can get to is: 000402FFF.
On yet another debugger, the furthest I can get to is: 000402FFA.
This is also very confusing. All 3 are inconsistent in their address limit. Why is this?
However, I looked at the Hex window on one of the debuggers and I can read 2 address lines
that start at 004039E8 and 004039F0. It reads as follows:
004039E8 C6 1A 40 00 | D3 1A 40 00
004039F0 00 00 00 00 | 00 00 00 00
I hope this information is of any use.
Yes I did try that before, but I just cannot seem to find such an address.
In one debugger, the furthest I can get to is: 00403013.
On another debugger, the furthest I can get to is: 000402FFF.
On yet another debugger, the furthest I can get to is: 000402FFA.
This is also very confusing. All 3 are inconsistent in their address limit. Why is this?
However, I looked at the Hex window on one of the debuggers and I can read 2 address lines
that start at 004039E8 and 004039F0. It reads as follows:
004039E8 C6 1A 40 00 | D3 1A 40 00
004039F0 00 00 00 00 | 00 00 00 00
I hope this information is of any use.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks mccarl. Although your answers do not fully solve the problem. They have pointed me in the right direction. Things are more clearer to me now that I know that the addresses in the .data section are being read back to front. I think the problem is alot narrowed down now.
I am still struggling to find a tool that can clearly read the .data section. I have verified that my .code section has a 1000h offset and my .data section has a .3000h offset. Do you know of any tool that can read the .data section in a clearer manner?
I am still struggling to find a tool that can clearly read the .data section. I have verified that my .code section has a 1000h offset and my .data section has a .3000h offset. Do you know of any tool that can read the .data section in a clearer manner?
I think what it is saying is to add 704 to EAX (=004039EC), and then look up 004039EC address up in memory and get the contents (=00401AD8), and then jump to THAT address. There is one more level of indirection happening here, than you think.