Search code examples
assemblyx86masmopcodemasm32

JMP instruction does not compile using MASM32

Here's the MASM code :

.386
.model flat, stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
include \masm32\include\msvcrt.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\msvcrt.lib

.code

start:
jmp Debut

Suite:
mov esi, 7706304eh
call esi
jmp 00000000h

Debut:
xor eax, eax
push eax
call Suite
db "C:\WINDOWS\system32\calc.exe"

end start

As you can see I need to use a special JMP instruction corresponding to the opcode 'E9'. However it seems that the syntax is not correct using MASM.

I have th e following error message :

A2076 : Jump destination must specify a label

I know that 'jmp _label' works but it's not what I'm looking for here. So I tried with another way like "jmp dword ptr ds: 00000000h ' or ' mov eax, 00000000h; jmp eax 'but the opcode generated does not match 'E9'. I'm really lost in front of that situation. Does anyone can help me, please ?

Thanks a lot in advance for your help.

Solution

  • OP says: Once this code will be compiled I will replace the 00000000h address by a valid one. The presence of the address in the ASM code is here to keep the same number of opcode once the code is compiled

    Then what you probably want to write is:

    my_jump: 
    jmp   near ptr $  ; produces a 4 byte long relative jump instruction that jmps-to-self

    and when you know the target address which you want it to jump, and have loaded that address in eax, you can code:

        mov    eax, ....      ; desired target address
    sub    eax, offset my_jump+4 ; compute relative offset for jmp to get to target
    mov    dword ptr my_jump+1, eax ; update the jump instructio

    This should work. It has the disadvantage of being self-modifying code, which may not be allowed under your OS, and if is allowed, is not accepted as good practice.

    An easier and better approach is to place the desired target location in a well-known data location, and modify your code to use that:

        .data
    target_location  dword   0   ; filled in later

    .code

     Suite:
     mov esi, 7706304eh     ; hardwiring this constant is bad practice, too, but you didn't ask about that
     call esi
     mov   esi, target_location
     jmp   esi

    This code is not self modifying, and this kind of trick in assembler is pretty common.