Hello,
i have an address 00400030 which have an array of bytes. I want to copy that array of bytes to another address (4 Bytes).
Without using ReadProcessMemory , i used:
LOCAL ex:DWORD
mov [00400030h],eax
mov ex,[eax]
But i always get this error:
HelloWorldx.asm(73) : error A2001: immediate operand not allowed
HelloWorldx.asm(74) : error A2070: invalid instruction operands
I use RadAsm Editor.
Thanks in advance.
why are you trying to write to a fixed address ?
if it's in one of the program sections, put a label on it
The (74) error can be corrected by:
mov DWORD PTR ex,eax
Dave.
What you are after is easy enough to do, I would be interested in why you want to read data from 30h after the DOS header.
IF 0 ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Build this template with "CONSOLE ASSEMBLE AND LINK"
ENDIF ; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
include \masm32\include\masm32rt.inc
.code
start:
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
call main
inkey
exit
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
main proc
LOCAL var:DWORD
mov eax, 00400030h ; load the address into EAX
mov eax, [eax] ; dereference it to get the data at that address
mov var, eax ; copy 4 bytes into local variable
print hex$(var),13,10 ; display it at the console
ret
main endp
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
end start
Quote from: hesho28 on October 05, 2013, 09:41:58 AMHelloWorldx.asm(73) : error A2001: immediate operand not allowed
Addressing through immediate values requires to specify the segment:
mov DS:[00400030h],eax
Like this ?
mov eax, DS:00400030h
mov var, eax ; copy 4 bytes into local variable
It's all the same:
nop
mov ds:[403000h], eax
mov ds:403000h, eax
mov eax, ds:00400030h
mov eax, ds:[00400030h]
nop
mov eax, 00400030h ; no ds:
nop
00401009 ³. 90 nop
0040100A ³. A3 00304000 mov [403000], eax
0040100F ³. A3 00304000 mov [403000], eax
00401014 ³. A1 30004000 mov eax, [400030]
00401019 ³. A1 30004000 mov eax, [400030]
0040101E ³. 90 nop
0040101F ³. B8 30004000 mov eax, offset 00400030
00401024 ³. 90 nop
Poor hesho28 has officially 5 posts, but four of them have been mercilessly deleted :eusa_naughty:
:biggrin:
The real problem is he will not tell us what he is doing wanting to read from the DOS/PE header. Since I will willingly turn in anyone who thinks I will cover them for illegal postings to the NSA, Mossad, KGB or whoever wants the data, perhaps our friend could come clean as to what he is doing, otherwise he may hit 5 out of 5 and the chance to find a venue better suited to his requirement.
i was told not to help someone until they explain themselves
i guess that doesn't apply to everyone :redface:
the first thing i noticed was that he had made 4 previous posts, all of which went to the garbage bin