I have some assembly code that I want to assemble for injection into a running process, but it's not always going to be in the same location in memory. It contains references to addresses within the program that don't change, however. I tried using jmp far and call far, but it's giving me the error "value referenced by FAR is not relocatable". How can I set it up to use absolute addresses in the binary code, so it will jump to and call the correct addresses regardless of where exactly the code is in memory?
Asked
Active
Viewed 637 times
1
flarn2006
- 1,787
- 15
- 37
2 Answers
3
How about:
mov reg, <fixed_address>
call reg
Peter Cordes
- 328,167
- 45
- 605
- 847
Ira Baxter
- 93,541
- 22
- 172
- 341
-
Thanks, someone else told me the same thing. Accepted. – flarn2006 Dec 13 '12 at 16:18
0
"How can I set it up to use absolute addresses in the binary code," Construct command yourself: EA + 6 bytes for far jump or E9 + 4 for near. Or:
call 11111111h
m1:
----
mov [m1 - 4], eax
when setting up your shell.
Aleksey Ivchenko
- 299
- 1
- 8
-
This is only position-independent if `[m1 - 4]` is a RIP-relative addressing mode. 32-bit self-modifying code needs to find out its own address (which you could do with a `call`/`pop` or `call`/load/`ret`) to be position-independent. – Peter Cordes Apr 27 '18 at 05:52