Assembly rmmovl动态位数_Assembly_Y86

Assembly rmmovl动态位数

assembly

Assembly rmmovl动态位数,assembly,y86,Assembly,Y86,我知道rmmovl可以通过以下方式使用： rmmovl %ecx, 4(%edx) 但是，在这种情况下，如何动态设置向下移动堆栈4的位数？我试着用我想转换的值设置一个变量，比如rmmovl%ecx，%edi%edx，但这不起作用您必须手动设置%edx以包含偏移量。我们可以将%edx的值保存在堆栈上，然后再还原，这样它的原始值就不会受到影响 pushl %edx # save current value of %edx addl %edi, %edx #

我知道rmmovl可以通过以下方式使用：

rmmovl %ecx, 4(%edx)

但是，在这种情况下，如何动态设置向下移动堆栈4的位数？我试着用我想转换的值设置一个变量，比如rmmovl%ecx，%edi%edx，但这不起作用

您必须手动设置%edx以包含偏移量。我们可以将%edx的值保存在堆栈上，然后再还原，这样它的原始值就不会受到影响

pushl %edx             # save current value of %edx
addl %edi, %edx        # add %edi to %edx
rmmovl %ecx, (%edx)    # store value of %ecx into %edx with offset %edi
popl %edx              # restore old %edx

我不确定我是否完全理解这个问题。Analytica的答案是非常正确的，如果您只是在寻找一种执行可变偏移量的方法，顺便说一句，原则上，您可以动态地（不推荐）破解Y86代码，在进行过程中构建偏移量，因为Y86没有覆盖保护，并且不区分数据和程序

但是，在这种情况下，您写入…设置要向下移动堆栈4的位数？除非这只是一个打字错误，否则您会问一个更广泛的问题。顺便说一句，不建议手动操作堆栈。为了完整起见，我提供两个程序来解决您的问题

第一个程序，程序1，演示了可变偏移量。第二个程序，程序2，演示了通过可变偏移量进行堆栈操作。这应该是不言自明的

.pos 0x0100
stack:

.pos 0x00a0
rangestart: .long 0xAAAAAAAA
            .long 0xBBBBBBBB
            .long 0xCCCCCCCC   # Target for substitution in Program 1
            .long 0xDDDDDDDD
rangeend:   

.pos 0x0000
#
# Program 1
#
# Simple program showing how we can "improvise" variable offset in rmmovl
# Our goal is to replace 0xCCCCCCCC with 0xFFFFFFFF in the range from 
# .. rangestart to rangeend and preserving whatever temporary register 
# .... we use for the offset
#
Program1: irmovl stack, %esp # Set stack pointer
irmovl 0xFFFFFFFF, %ecx      # Stuff we can easily recognize
irmovl rangeend, %edx        # Target area that we will negatively offset from

irmovl $-8, %edi             # Set offset value -8

pushl %edx                   # Save current value of %edx
addl %edi, %edx              # Add offset to %edx
rmmovl %ecx, (%edx)          # Store value of %ecx into %edx with offset 
popl %edx                    # Restore old %edx
jmp Program2

#
# Program 2
#
# Simple program showing how we can manipulate the stack using offsets
# Manipulating the stack is NOT recommended.
# Our goal is to push some easily recognizable stuff on the stack
# ... and change it afterwards 
#
Program2:
pushl %edx                # Save current value of %edx
pushl %edx                # .. and %eax
irmovl 0xFFFFFFFF, %edx   # Stuff we can easily recognize
pushl %edx                # Push it
irmovl 0xEEEEEEEE, %edx   # Stuff we can easily recognize
pushl %edx                # Push it
irmovl 0xDDDDDDDD, %edx   # Stuff we can easily recognize
pushl %edx                # Push it

irmovl 0xAAAAAAAA, %eax   # Stuff we can easily recognize
irmovl $4, %edi           # Set offset value 4 (replace 0xEEEEEEEE)

rrmovl %esp, %edx         # Get stack 
addl %edi,%edx            # .. and offset

rmmovl %eax, (%edx) # Store stuff we recognize into offset to stack 

popl  %edx                # Bypass 
popl  %edx                # .. junk
popl  %edx                # .... on stack
popl  %edx                # ....... and restore old %edx
popl  %edx                # ......... and %eax 

halt                      # Finito!

首先使用单独的指令将%edi添加到%edx。