Solved

Address Range Confusion???

Posted on 2012-03-28
4
381 Views
Last Modified: 2012-06-27
Hi everyone. I am a High-level programmer trying to learn assembly language.

I wrote a simple High-level language program. It contains a sub-routine.

I compiled it and debugged its assembly language code.

I discoverd that the equivalent line in Assembler responsible of calling the subroutine is:

CALL DWORD PTR DS:[EAX+704]

Therefore, I put a breakpoint on the line, ran the program and it halts at that line.

The EAX register reads: 004032E8

This is the value that confuses me because it is well outside the typical 00401... address

range of my program.

When I step into it, I end up on the line:

00401AD8       JMP 00401F30

When I step again, it then jumps into my sub-routine at the address: 00401F30. (This second

part is understood.)


I cannot seem to relate the address: 004032E8 in the EAX register pointing to 00401AD8,

which executes the jump to my sub-routine.

Any help would be greatly appreciated. Thanks.
0
Comment
Question by:bsprhost
  • 2
  • 2
4 Comments
 
LVL 35

Expert Comment

by:mccarl
ID: 37779607
What is the contents at memory location 004039EC (which is contents of EAX, 004032E8, plus 704) ?

I think what it is saying is to add 704 to EAX (=004039EC), and then look up 004039EC address up in memory and get the contents (=00401AD8), and then jump to THAT address. There is one more level of indirection happening here, than you think.
0
 

Author Comment

by:bsprhost
ID: 37781179
Thank you for your response, mccarl.

Yes I did try that before, but I just cannot seem to find such an address.

In one debugger, the furthest I can get to is: 00403013.
On another debugger, the furthest I can get to is: 000402FFF.
On yet another debugger, the furthest I can get to is: 000402FFA.

This is also very confusing. All 3 are inconsistent in their address limit. Why is this?

However, I looked at the Hex window on one of the debuggers and I can read 2 address lines

that start at 004039E8 and 004039F0. It reads as follows:

004039E8              C6 1A 40 00 | D3 1A 40 00
004039F0       00 00 00 00 | 00 00 00 00

I hope this information is of any use.
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 37785088
That looks like it could make sense, you can see there that the contents of location 004039EC is the value 00401AD3. Now the descrepancy between that and 00401AD8 might just be due to how the debugger displays the assembly code. Perhaps that instruction (JMP 00401F30) takes up 6 bytes and so it might start at location 00401AD3 and finish on 00401AD8, and the debugger has to display it somehow and is choosing to use the end address?
0
 

Author Comment

by:bsprhost
ID: 37789418
Thanks mccarl. Although your answers do not fully solve the problem. They have pointed me in the right direction. Things are more clearer to me now that I know that the addresses in the .data section are being read back to front. I think the problem is alot narrowed down now.

I am still struggling to find a tool that can clearly read the .data section. I have verified that my .code section has a 1000h offset and my .data section has a .3000h offset. Do you know of any tool that can read the .data section in a clearer manner?
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Convert dialog units to pixels 5 114
Resolve Dependency Issues 4 87
Test the speeds on my PC Drives 12 71
Windows Server 2012 R2 - connect to computer 13 69
Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The goal of this video is to provide viewers with basic examples to understand and use conditional statements in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question