From: siddharth vora <sjv@usc.edu>
To: sandeep <sandeep@codito.com>
Cc: A M <alim1993@yahoo.com>,
linux-c-programming@vger.kernel.org,
linux-assembly@vger.kernel.org
Subject: Re: Access to Program Counter in C
Date: Thu, 18 Nov 2004 23:58:40 -0800 [thread overview]
Message-ID: <9230369867a2.419d3730@usc.edu> (raw)
Yep,
This z standard technique for the viruse encryption.
Sid.
----- Original Message -----
From: sandeep <sandeep@codito.com>
Date: Friday, November 19, 2004 0:04 am
Subject: Re: Access to Program Counter in C
> siddharth vora wrote:
> > Here CALL instruction is 4 bytes instruction so call $+5 will
> call the
> > 5th byte which is the next instruction. And based upon the "call"
> > behavior, it pushes the next instruction on the stack first and then
> > JUMP to the instruction. So, in this case, on the stack you will
> have> the exact instruction which you are executing !
> am i right in taking it as, you meant to say - execution of call
> instruction
> pushes the return address, which is the address of instruction
> following call
> instruction. in the example you mentioned it would be the address
> of instruction
> "pop ebp". since you are jumping to this instuction (via call), at
> the end of
> it's execution ebp will have the address of "pop ebp" instruction.
>
> --
> regards
> sandeep
> --------------------------------------------------------------------
> ------
> It is said that the lonely eagle flies to the mountain peaks while the
> lowly ant crawls the ground, but cannot the soul of the ant soar as
> high as the eagle?
> --------------------------------------------------------------------
> ------
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-c-
> programming" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next reply other threads:[~2004-11-19 7:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-19 7:58 siddharth vora [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-11-19 7:31 Access to Program Counter in C siddharth vora
2004-11-19 8:03 ` Justinas
2004-11-19 8:04 ` sandeep
2004-11-16 16:38 A M
2004-11-19 6:32 ` sandeep
2004-11-19 11:30 ` Brian Raiter
2004-11-19 16:03 ` Glynn Clements
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9230369867a2.419d3730@usc.edu \
--to=sjv@usc.edu \
--cc=alim1993@yahoo.com \
--cc=linux-assembly@vger.kernel.org \
--cc=linux-c-programming@vger.kernel.org \
--cc=sandeep@codito.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.