Valhalla Legends Forums Archive | Assembly Language (any cpu) | CALL ABSOLUTEADDR?

AuthorMessageTime
TheMinistered
Could someone provide the opcode for CALL with the operand being an absolute address?

i.e. psuedo code:
[code]
...
DWORD* ptrFunction = (DWORD*)&add;
...

void add(int* value, int amount) {
// code to add amount to value
}
[/code]

now, what i'm wanting to do is patch a program to call my add function basically. I have the function pointer, but I need the right opcode. Additionally, I'm also willing to accept solutions that generate the relative offset.
December 29, 2003, 6:09 AM
Kp
For a relative call, use e8 and then the 32bit displacement. For an absolute call, you can't (directly) call to an absolute address. Your options are to either call by pointer and have the correct address in the pointer or place the address in a register and do call-by-register. Call by pointer is ff15 iirc. The opcode for call-by-register will vary depending on which register you use. If you just need to transfer control and don't need to come back, you could also try putting the destination on the stack and then executing 'ret' to pop it into eip.

Call by pointer example:
At 00401000, have &add. For the code, put ff1500104000. (call dword ptr 00401000).
December 29, 2003, 6:15 AM
TheMinistered
taking your advice, i guess i could do the following:
[code]
...
DWORD *ptrFunction = &add;
...

// Patch in the following
FF15 + [&ptrFunction]
[/code]

These opcodes look useful too:
9A cd CALL ptr16:16 Call far, absolute, address given in operand
9A cp CALL ptr16:32 Call far, absolute, address given in operand
December 29, 2003, 6:19 AM
Kp
[quote author=TheMinistered link=board=7;threadid=4483;start=0#msg37426 date=1072678779]
taking your advice, i guess i could do the following:
[code]
...
DWORD *ptrFunction = &add;
...

// Patch in the following
FF15 + [&ptrFunction]
[/code]

These opcodes look useful too:
9A cd CALL ptr16:16 Call far, absolute, address given in operand
9A cp CALL ptr16:32 Call far, absolute, address given in operand[/quote]

Interesting. I've never actually seen those opcodes in use, so didn't know about them. Also, in your code, there's no need to declare ptrFunction as a DWORD* -- if you don't care about 64bit, you could just call it a DWORD. If you do, you probably ought to call it a void*.
December 29, 2003, 4:48 PM
Adron
If there's a relative call that I'm patching, I'd typically patch it with another relative call so I don't have to make more space for my replacement instruction.

What you do then is:

[code]
char *calltoreplace = 0x12345678; // some offset that holds a relative jmp/call instruction
*(unsigned*)(calltoreplace + 1) = (char*)add - (calltoreplace + 1 + 4);
[/code]

+1 for the opcode byte size
+4 for the operand size (the offset)

December 29, 2003, 4:56 PM
iago
If that's the problem, I'll post the code to my memory patcher. It takes care of all that stuff. I don't have it handy right now, but I should tonight.
December 29, 2003, 9:11 PM
iago
Here we go, take a look at this:

http://www.valhallalegends.com/iago/MemoryPatcher.rar

It's extremely useful, I've found.
December 29, 2003, 10:11 PM

Search