abhijit mohanta Posted August 30, 2009 Posted August 30, 2009 I found in IDA Disassembly an instruction CALL $+5Can anybody tell me the meaning of this.
Killboy Posted August 30, 2009 Posted August 30, 2009 (edited) I suppose it calls the instruction 5 bytes after the call instruction.($ being the address of the next instruction after the CALL)e.g.0x400000: CALL $+5 ; = CALL 40000A (address of CALL + size of CALL instruction[=5] + 5 = 10 [A in hex])0x400005:0x40000A:CALL $+0 would call 400005 Edited August 30, 2009 by Killboy no maths skills :x
ghandi Posted August 30, 2009 Posted August 30, 2009 (edited) I don't know with IDA, but in MASM if you use the '$' operator, it is the offset of the instruction that you use it with, not the following instruction.call $+5assembles to:00401000 $ E8 00000000 CALL 00401005Which could be used with stuff such as code-flow obfuscation or gaining a delta value to offset references with (GetDelta offset independant code), just two examples.HR,Ghandi Edited September 1, 2009 by ghandi
Ressa Posted March 18, 2010 Posted March 18, 2010 (edited) In IDA, $ is beginning of same instruction (which is not the EIP which would point to the next instruction).CALL $+5 is probably call to next instructionx86 assembly(based off of EIP, not IDA's $ for beginning of same instruction).CALL near (rel32) E8 xxxxxxxx (5 bytes)For details, read the intel or amd manuals. Edited March 24, 2010 by Ressa
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now