Discussion:
opcode calculator??
(too old to reply)
Vinnie
2004-05-28 17:52:46 UTC
Permalink
Hi,

I need the hex value for: jmp short loc_0040149D
or in OllyDbg: jmp short Wpp.0040149D

Is there anyone that knows how to calculate those values, or has any url's
with info on opcodes and how to calculate to hex??


Thanks!!
Tim Roberts
2004-05-30 00:19:49 UTC
Permalink
Post by Vinnie
I need the hex value for: jmp short loc_0040149D
or in OllyDbg: jmp short Wpp.0040149D
Is there anyone that knows how to calculate those values, or has any url's
with info on opcodes and how to calculate to hex??
The short jmp instruction is E9, but it is a relative instruction: the
operand is the offset to the destination. Thus, the actual instruction
will depend on the instruction's location.
--
- Tim Roberts, ***@probo.com
Providenza & Boekelheide, Inc.
René Kjellerup
2004-05-30 17:37:33 UTC
Permalink
Post by Tim Roberts
Post by Vinnie
I need the hex value for: jmp short loc_0040149D
or in OllyDbg: jmp short Wpp.0040149D
Is there anyone that knows how to calculate those values, or has any url's
with info on opcodes and how to calculate to hex??
The short jmp instruction is E9, but it is a relative instruction: the
operand is the offset to the destination. Thus, the actual instruction
will depend on the instruction's location.
I think you err about the opcode,

she asked about the 'jmp short' instruction and let me qoute both
the Intel Reference Manual and the nasm Documentation:

Intel>>>>>
"EB cb JMP rel8 Jump short, relative"(cut to fit on 1 line)
"E9 cw JMP rel16 Jump near, relative"(cut to fit on 1 line)
"E9 cd JMP rel32 Jump near, relative"(cut to fit on 1 line)
<<<<<

NASM>>>>>
"B.4.130 JMP: Jump
JMP imm ; E9 rw/rd [8086]
JMP SHORT imm ; EB rb [8086]"
<<<<<

which leads me to the conclusion that the answer to the question would
be:

'jmp short' opcode is EB, but its distination is a relative offset just
1 byte large which means it ranges from -128 to 127 bytes.

the nasm documentation can be found here:
http://nasm.sourceforge.net/

and the Intel reference manual can be found here:
http://www.intel.com/design/PentiumIII/documentation.htm

R. Kj.
--- as life grows older, I gain Experience.
Markus Humm
2004-05-30 11:24:25 UTC
Permalink
Under DOS opcodes in hex can be determinated by DEBUG.EXE I think...
Afaik it's even there on WIndows 9x/2000 but nt tested, maybe in some
dusty corner of the installation CD...

Greetings

Markus
Ahmed Hossam
2022-03-24 22:21:37 UTC
Permalink
Post by Markus Humm
Under DOS opcodes in hex can be determinated by DEBUG.EXE I think...
Afaik it's even there on WIndows 9x/2000 but nt tested, maybe in some
dusty corner of the installation CD...
Greetings
Markus
i am sorry mr humm i have made a severe and continious laps of my judgement
Frank Kotler
2022-03-25 03:11:53 UTC
Permalink
Post by Ahmed Hossam
Post by Markus Humm
Under DOS opcodes in hex can be determinated by DEBUG.EXE I think...
Afaik it's even there on WIndows 9x/2000 but nt tested, maybe in some
dusty corner of the installation CD...
Greetings
Markus
i am sorry mr humm i have made a severe and continious laps of my judgement
2004?
I think you will find that DOS. etc. does not run anymore. Perhaps I
don't understand the question.

Best,
Frank
wolfgang kern
2022-03-25 07:49:37 UTC
Permalink
Post by Frank Kotler
Post by Ahmed Hossam
Post by Markus Humm
Under DOS opcodes in hex can be determinated by DEBUG.EXE I think...
Afaik it's even there on WIndows 9x/2000 but nt tested, maybe in some
dusty corner of the installation CD...
Greetings
Markus
i am sorry mr humm i have made a severe and continious laps of my judgement
2004?
:) time travelers are always late!
Post by Frank Kotler
I think you will find that DOS. etc. does not run anymore. Perhaps I
don't understand the question.
perhaps we still can use DOS-box ? It works at least on my win10.
__
wolfgang

rjb
2004-05-31 06:05:42 UTC
Permalink
Post by Vinnie
Hi,
I need the hex value for: jmp short loc_0040149D
or in OllyDbg: jmp short Wpp.0040149D
Is there anyone that knows how to calculate those values, or has any url's
with info on opcodes and how to calculate to hex??
40149d=9CD5h - if that's what you're asking. On the other hand you might be
asking how the instruction's bytes are calculated. If so, look at the
address of the next instruction after the call. Subtract that address from
009CD5h. That's what you'll see in the disassembly. It's bound to come out
as <=7F or >= -80, or else the instruction would have been refused at
assembly time.

rjb
Warwick Barnes
2004-06-01 22:38:21 UTC
Permalink
A86 assembler manual has quite a good section on opcodes and addressing,
available as part of shareware package for 8086 version but you need to
register for version that assembles later 386 plus opcodes.
--
If you received this through the miracle of modern technology then all
is well; if not then situation normal.
Chris father of :-) ( also at ***@openlink.org )
www.users.zetnet.co.uk/barnes_firsnorton
Vinnie
2004-06-02 06:11:50 UTC
Permalink
This is some code I got from a program. It's a legacy program, but
some machines in our factory still use it.
the command on address 00401474 is: JNZ SHORT Wpp.0040149D
however i need it to jump to 0040149D no matter the condition.
how would i do this?

00401472 . 84C0 TEST AL,AL
00401474 . 75 27 JNZ SHORT Wpp.0040149D
00401476 . B8 01000000 MOV EAX,1
0040147B . 50 PUSH EAX
0040147C . 6A 02 PUSH 2
0040147E . 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-C]
00401481 . 52 PUSH EDX
00401482 . E8 1AA10800 CALL <JMP.&***@TModuleVersionInfo@$>
00401487 . 83C4 08 ADD ESP,8
0040148A . 58 POP EAX
0040148B . 8B95 18FFFFFF MOV EDX,DWORD PTR SS:[EBP-E8]
00401491 . 64:8915 000000>MOV DWORD PTR FS:[0],EDX
00401498 . E9 5F010000 JMP Wpp.004015FC
0040149D > 66:C785 28FFFF>MOV WORD PTR SS:[EBP-D8],20
004014A6 . 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-10]
Charles A. Crayne
2004-06-02 06:16:24 UTC
Permalink
On Wed, 2 Jun 2004 06:11:50 +0000 (UTC)
***@hotmail.com (Vinnie) wrote:

:00401474 . 75 27 JNZ SHORT Wpp.0040149D

Change the 75 to EB.
Vinnie
2004-06-02 06:11:53 UTC
Permalink
Thank you for all the replies. I thought it was a simple number, but I
guess I will then have to calculate it the way rjb describes. Hope I
don't crash anything though ;)

Thx again!
rjb
2004-06-02 19:07:33 UTC
Permalink
Your last message makes it clear that no calculation is needed. It's just an
unconditional jump to the same address as before, instead of a conditional
one. In that case, just do what Charles Crayne suggested. Change 75 into EB.
That changes the instruction from

jnz Address ;jump if zf not set
to
jmp short Address ;jump anyway

rjb
Post by Vinnie
Thank you for all the replies. I thought it was a simple number, but I
guess I will then have to calculate it the way rjb describes. Hope I
don't crash anything though ;)
Thx again!
Loading...