Tiny question

[Kyrios]

Hi,

There's something OPs which is still bothering me.
1. What's the difference between Pushad and Pushfd?
2. What eip stands for?
3. I wanna copy some string to another location. Original loc is [ebp-8] which is holding string like wedfreertety3453465dgf==
What i want is copy it to another loc like [00500000] be4 the string is erased. And for RVA 00500000h i write 00500010 for instance. So the new loc for string is now at RVA 00500010.
So what's code injection can i have? Can we use repz stosb command?
Any variant of code injection are welcome.


TIA,
kyrios

1. Pushad Push all registers on the stack (general registers)
Pushfd Push flags on the stack (EFLAGS Register)
2. EIP is the Instruction Pointer, look at the Intel Reference Manual's

http://developer.intel.com/design/pentium4/manuals/index_new.htm

3. I don"t know

For No (3) I would have done something like that..
.
push ecx
mov ecx, (number of bytes in string)
cld
rep movsb dest_Address,source_Address
pop ecx
..

Just an idea

[Kyrios]

Thx u belisarious,

Anyway what cld mean?
Others: any other variant is still welcome.

kyrios

Hi,

CLD clears the direction flag (CLear Direction). That flag controls the behaviour of REP. You can set it to increase or decrease cx after each operation.

kp

According to my favorite "Intel Opcodes and mnemonics" cld stands for:
CLD - Clear Direction Flag
Usage: CLD
Modifies flags: DF
Clears the Direction Flag causing string instructions to increment
the SI and DI index registers.
I think you will find it usefull so I 'm attaching it.

[Kyrios]

Thx 4 the opcodes. I realize it's a must have one.

kyrios