How to programmatically get the exact address in the memory space according to the assembly statement

0
votes

Hummm,hope i will express my question clearly.

Now i have an assembly statement string like:

movss ****,xmm0; (intel style)

After this assembly statement being executed, a piece of the process's memory changed. So **** must be the memory address, it could be something like:

DWORD PTR [eax],
DWORD PTR [eax + 0x4],
DWORD PTR [ebp - 0x4]
...Some style i have not seen, if you know that, please do tell me.

My problem is how to programmatically get the memory address through analyzing the assembly statement string.

For example: if **** to be :

DWORD PTR [eax]

Perhaps I could search the string, and find EAX register, then get the data from EAX register, maybe it is the memory address, maybe not, it depends on the Addressing System, am i right? Finally,how could i get the exact address?

1
linuxassemblyx86
I don't understand what you're trying to achieve. Why can't you just stick in there your DWORD PTR [eax], what prevents you from doing just that?Alexey Frunze
@Alex Actually,the assembly statement not belong to my process, i read the machine instruction from other running process's memory space,then translate it to assembly statement. I want to know that where this machine instruction writes to in the running process's memory space.timestee
Then you need to have the register state of that process and disassemble its instructions. You most likely need to use some debugging and/or virtualizing tools in order to be able not only to disassemble but also know all operands at run time.Alexey Frunze
Now i could programmaticall yget the register state and could disassemble its instructions, actually i write a small debugger refer to gdb source code. But after i get the assembly statement, i don't know how to do next step =_=.timestee
You read the CPU manual to see how different instructions access memory and get actual addresses from the instruction (most instructions use the MOD R/M byte optionally followed by SIB byte optionally followed by a displacement) and registers. Every [eax], [ebx+4], [ecx*4+edi+3], [bp+si] has a special encoding. You need to know if an instruction accesses memory and how. The manual has all the info about it.Alexey Frunze

1 Answers

1
votes

Is it possible for you to use the LEA "Load Effective Address" instruction ? I'm sorry, I'm not too familiar with Intel assembly, but that's what I would try.

This may help: http://en.wikibooks.org/wiki/X86_Assembly/Data_Transfer#Load_Effective_Address

Hope this helps!