find specific instructions
- <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->
I would like to search for specific instructions in the assembly code so that i can add code myself
The instructions are:
push ebp
pop edp
how can i check that the instruction read in an iterate loop is the instruction show above?
I know you can check common instructions like NOP by using (Phx.Common.Opcode .Nop ) to compare but can you also check for push and pop (with arguments)
Answers
- You can look for Phoenix.Targets.Architectures.X86.push and Phoenix.Targets.Architectures.X86.pop in the same way you look for nops. If you need to specifically look for 'push ebp' then once you match on the opcode, look at the first explicit source operand and see if it is a variable operand with register = Phx.Targets.Architectures.X86.Register.EBP.
Architect - Microsoft Phoenix Project- Marked As Answer byketnet Monday, November 09, 2009 10:14 AM
All Replies
- You can look for Phoenix.Targets.Architectures.X86.push and Phoenix.Targets.Architectures.X86.pop in the same way you look for nops. If you need to specifically look for 'push ebp' then once you match on the opcode, look at the first explicit source operand and see if it is a variable operand with register = Phx.Targets.Architectures.X86.Register.EBP.
Architect - Microsoft Phoenix Project- Marked As Answer byketnet Monday, November 09, 2009 10:14 AM
