Given the following x86 assembly instructions: mov esi, offset off_A cmp esi, offset off_B

Question

0

Asked: May 14, 20262026-05-14T21:23:42+00:00 2026-05-14T21:23:42+00:00

Given the following x86 assembly instructions: mov esi, offset off_A cmp esi, offset off_B

0

Given the following x86 assembly instructions:

mov     esi, offset off_A
cmp     esi, offset off_B

how would I get the offsets (the second operand) at runtime ? This is the scenario: A program (injected into the process at runtime) replaces the offsets with a few of its own, resulting in:

mov     esi, offset off_X
cmp     esi, offset off_Y

This program allows plugins to be written and loaded through it but doesn’t expose the replacement addresses. So, given the addresses at which the above instructions exist, how do I find offsets X and Y ?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T21:23:42+00:00

Editorial Team

2026-05-14T21:23:42+00:00Added an answer on May 14, 2026 at 9:23 pm

I don’t quite understand what this is for, but…

mov esi, ... is encoded as BE followed by the dword operand. If you’ve got the address of the mov instruction you can simply skip one byte ahead and see the address operand, off_A

cmp esi, ... is encoded as 81 FE followed by a dword operand, so here you can skip two bytes to see the operand.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Given the following x86 assembly instructions: mov esi, offset off_A cmp esi, offset off_B

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply