Home/ Questions/Q 8721983
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T07:18:46+00:00

I’ve got the following ASM code: USE32 Start: jmp Main struc st .stLong resd

  • 0

I’ve got the following ASM code:

USE32
Start:
jmp Main
    struc st
        .stLong resd 1
        .stWord resw 1
        .stBuffer   resb    32
    endstruc

    mystruc:
    istruc st
        at st.stLong, dd 1
        at st.stWord, dw 1
    iend
Main:
    mov eax, 1
    mov [mystruc+st.stLong], eax

I’ve compiled it using NASM and tried to execute (step by step) the binary generated in the debugging mode of Visual C++ with the code below:

unsigned char hexData[50] = {
    0xEB, 0x00, 0xB8, 0x01, 0x00, 0x00, 0x00, 0xA3,
    0x0C, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00 
};




__asm{
    lea eax, hexData
    call eax
}

The problem is: executing the first instruction (jmp Main) always results in an access violation exception. 🙁 I don’t know what’s really going on here. Would you please tell me what the problem is?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Memory can have different protections, it can be readable, writable or executable. By default data members that defined by you are not executable to avoid code injection or exploit attack in your code. You have 2 options here:

    // Remember this function at least allocate a page that is usually 4096 byte
// Use GetSystemInfo to get page size.
void* pvExecutableMem = VirtualAlloc(NULL, 50, MEM_RESERVE | MEM_COMMIT,
    PAGE_EXECUTE_READWRITE);
// Resulting page is executable
memcpy( pvExecutableMem, hexData, 50 );
// Now you can execute this page
__asm {
    mov eax, pvExecutableMem
    call eax
}

    Another approach is to change protection type of hexData:

    DWORD dwOldProt;
VirtualProtect( hexData, sizeof(hexData), PAGE_EXECUTE_READWRITE, &dwOldProt );

    But because VirtualXXX functions work on pages and can’t handle only 50 bytes of memory, this will change memory protection of other parts of your memory that can lead to security vulnerabilities.

    • 0