Re: A couple of questions regarding registers etc...
- From: Bjarni Juliusson <spamtrap@xxxxxxxxxx>
- Date: Sun, 03 Sep 2006 16:11:40 +0200
Rod Pemberton wrote:
If 'PUSH mycode.00490344' is pushing only eight bytes total, then ESP+8 is
the pushed ECX and ESP+12 is the pushed EAX. So, ESP+10 is the two bytes of
the high word of ECX and the two bytes of low word of EAX not in a useable
byte order...(this doesn't make sense to me from the posted snippet).
You forget the numbers were in hexadecimal.
Bjarni
--
INFORMATION WANTS TO BE FREE
.
- Follow-Ups:
- Re: A couple of questions regarding registers etc...
- From: Rod Pemberton
- Re: A couple of questions regarding registers etc...
- References:
- A couple of questions regarding registers etc...
- From: spamtrap
- Re: A couple of questions regarding registers etc...
- From: Rod Pemberton
- A couple of questions regarding registers etc...
- Prev by Date: Creating a Disassembler...
- Next by Date: Write on a hard disk
- Previous by thread: Re: A couple of questions regarding registers etc...
- Next by thread: Re: A couple of questions regarding registers etc...
- Index(es):
