Packet on assembly

Forum closed. All further discussion to be discussed at https://github.com/OpenKore/

Moderator: Moderators

Message
Author
ROX_Leopardo
Developers
Developers
Posts: 37
Joined: 19 Nov 2011, 14:06
Noob?: No
Location: Brazil
Contact:

Packet on assembly

#1 Post by ROX_Leopardo »

I'm trying to understand this way for make a packet...

Code: Select all

MOV EAX,3                                     => EAX = 3
MOV ECX,EAX                                 => ECX = 3
LEA EDX,DWORD PTR SS:[ESP+C]       => Paste the EDX memory location address to DWORD PTR SS:[ESP+C]?
MOV DWORD PTR SS:[ESP+10],EAX    => Length = 3
PUSH EDX                                      => I don't know what's happen here
LEA EAX,DWORD PTR SS:[ESP+8]       => Paste the EAX memory location address to DWORD PTR SS:[ESP+8]?
MOV DWORD PTR SS:[ESP+18],ECX    => MinLength = 3
PUSH EAX                                      => I don't know what's happen here
MOV ECX,ESI                                  => ESI is a result of LEA instruction?
MOV DWORD PTR SS:[ESP+14],81      => PacketID = 0081
Where's ReplayFactor on this packet?
Can anyone help me on this interpretation?

User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: Packet on assembly

#2 Post by kLabMouse »

ROX_Leopardo wrote:I'm trying to understand this way for make a packet...

Code: Select all

MOV EAX,3                                     => EAX = 3
MOV ECX,EAX                                 => ECX = 3
LEA EDX,DWORD PTR SS:[ESP+C]       => Paste the EDX memory location address to DWORD PTR SS:[ESP+C]?
MOV DWORD PTR SS:[ESP+10],EAX    => Length = 3
PUSH EDX                                      => I don't know what's happen here
LEA EAX,DWORD PTR SS:[ESP+8]       => Paste the EAX memory location address to DWORD PTR SS:[ESP+8]?
MOV DWORD PTR SS:[ESP+18],ECX    => MinLength = 3
PUSH EAX                                      => I don't know what's happen here
MOV ECX,ESI                                  => ESI is a result of LEA instruction?
MOV DWORD PTR SS:[ESP+14],81      => PacketID = 0081
Where's ReplayFactor on this packet?
Can anyone help me on this interpretation?
You Should Look at "[ESP+C]" as a structure in stack.

ever_boy_
Developers
Developers
Posts: 308
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: Packet on assembly

#3 Post by ever_boy_ »

kLabMouse wrote:You Should Look at "[ESP+C]" as a structure in stack.
Well, that's just what I thought when I look at it, but I can't figure what's the repaly factor for these:

some packets have this:
lea edx, [esp+18h+var_C]
(hexa: 8D 54 24 0C)

other packets have this:
lea edx, [esp+1Ch+var_14]
(hexa: 8D 54 24 08)

and a few packets have no "lea edx," at all.

I just couldn't figure out what's 0 and what's 1

User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: Packet on assembly

#4 Post by kLabMouse »

ever_boy_ wrote:
kLabMouse wrote:You Should Look at "[ESP+C]" as a structure in stack.
Well, that's just what I thought when I look at it, but I can't figure what's the repaly factor for these:

some packets have this:
lea edx, [esp+18h+var_C]
(hexa: 8D 54 24 0C)

other packets have this:
lea edx, [esp+1Ch+var_14]
(hexa: 8D 54 24 08)

and a few packets have no "lea edx," at all.

I just couldn't figure out what's 0 and what's 1
In this Situation. You have the Second Version. Where there was no "ReplayFactor" yet.

ever_boy_
Developers
Developers
Posts: 308
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: Packet on assembly

#5 Post by ever_boy_ »

kLabMouse wrote:
ever_boy_ wrote:
kLabMouse wrote:You Should Look at "[ESP+C]" as a structure in stack.
Well, that's just what I thought when I look at it, but I can't figure what's the repaly factor for these:

some packets have this:
lea edx, [esp+18h+var_C]
(hexa: 8D 54 24 0C)

other packets have this:
lea edx, [esp+1Ch+var_14]
(hexa: 8D 54 24 08)

and a few packets have no "lea edx," at all.

I just couldn't figure out what's 0 and what's 1
In this Situation. You have the Second Version. Where there was no "ReplayFactor" yet.
Oh, I see.

So, I was just struggling with wind. Thanks for saving me the trouble of looking for what is not there :D

Locked