JMP to hex memory index, how segments influence that.
Posted: Mon May 23, 2011 3:27 pm
Ok, I'm sorry if it can sound newby, but, given this situation:
I'm ready to execute the line 161, wich is located at 0x7d15:
If I step the istruction I get:
Wich is exactly the result I wanted, because my stage2 starts at 0xa400, but I don't understant how I got it working.
My question is: how my 0x2800 is interpreted? It seems there is something adding 0x7c00 to the index, but I changed segments before jumping! How is this possible?
Thank you.
Thank you
Code: Select all
eax 0xa40 2624
ecx 0x1 1
edx 0x100 256
ebx 0x404 1028
esp 0x400 0x400
ebp 0x0 0x0
esi 0x165 357
edi 0x280a 10250
eip 0x7d15 0x7d15
eflags 0x2 [ ]
cs 0x0 0
ss 0xa40 2624
ds 0xa40 2624
es 0xa40 2624
fs 0x0 0
gs 0x0 0
Code: Select all
(copied from my listing file)
155 ; So, we are going to run the second stage...
156 00000109 B8400A mov ax, 0x0a40 ; set up segments
157 0000010C 8ED8 mov ds, ax
158 0000010E 8EC0 mov es, ax
159 00000110 8ED0 mov ss, ax
160 00000112 BC0004 mov sp, 0x0400
161 00000115 E9(0028) jmp 0x2800 ; I changed segments but it works, why?
Code: Select all
eax 0xa40 2624
ecx 0x1 1
edx 0x100 256
ebx 0x404 1028
esp 0x400 0x400
ebp 0x0 0x0
esi 0x165 357
edi 0x280a 10250
eip 0xa400 0xa400
eflags 0x2 [ ]
cs 0x0 0
ss 0xa40 2624
ds 0xa40 2624
es 0xa40 2624
fs 0x0 0
gs 0x0 0
My question is: how my 0x2800 is interpreted? It seems there is something adding 0x7c00 to the index, but I changed segments before jumping! How is this possible?
Thank you.
Thank you