问题
What are some alternatives to the x86 call instruction? Maybe something like a push of the return address then a jump?
Also is their a command for obtaining the current position in memory?
回答1:
CALL actually does this for you for example
CALL my_func
would do something like
push ret_address
jmp my_func
and a subsequent RET call would just use the address you just pushed to JMP back in a sense. Is there a specific reason that you don't want to use CALL or is it not available for you? For current position in memory you can try to read EIP register (can't write to it).
回答2:
You can just push a dword value and jmp to the procedure. The push would be the return address :
push return_address (push eax if address in eax)
jmp call_address
Remember to also push arguments if they exist for that particular call.
What do you mean by current position in memory ? I suppose that you mean the current instruction pointer. You cannot get that directly, but you can use a seh handler(structured exception handler) to get that value upon causing a handled exception.
回答3:
If I don't get something mixed up I would say it depends. As you can see here there are near and far calls, but let's just consider the near call. There are again two possibilities
E8 <offset> # relative
FF <address> # absolute
whereas FF means an absolute "jump" and E8 indeed means relative to current eip.
So if you have e.g.
E8 32 45 ab 6f
which means
call 0x3245ab6f
This would translate to
push %eip
add $0x3245ab6f, %eip
and not
push %eip
jmp $0x3245ab6f
来源:https://stackoverflow.com/questions/7060970/substitutes-for-x86-assembly-call-instruction