tags:

views:

30

answers:

2
Q: 

How to change value of EIP in ollydbg?

I double clicked on EIP in register window,but seems un-editable.

Why is EIP special?How can I change it?

alt text

A: 

EIP is the instruction pointer. IE: the CPU's pointer to what code to run next. It's not a normal register in that you normally can't just mov stuff into it; it's only directly affected by instructions like jmp, call, int, etc (any instruction that causes code not to continue at the next instruction), as well as being moved with each instruction that gets executed.

cHao  2010-09-30 08:06:59
+1  A: 

Find the location you want to set your EIP to, right click and select "New Origin Here". This will reset the EIP to the new address. You can confirm this by inspecting the registers at the top right.

In addition to the reply above, the EIP is basically the pointer to where the current line of execution is. It's used to keep a record of which instruction the program is executing in memory.

abnev  2010-09-30 08:14:06

related questions

How to understand the register window of ollydbg?
What does the quote mean in ollydbg?
What's the principle of ollydbg's memory breakpoint ?
How to open executable binary without running it in ollydbg?
How to set this kind of breakpoint in ollydbg?
What's the difference to set breakpoint in HexDump or Disassembly in ollydbg?
How can I watch the complete disassembly code when open PE binary in ollydbg?
About reverse with ollydbg
Disassemble a Dynamic Link Library with OllyDbg
Calling DLL from Assembly? Dis. Ollydbg
Patching Arm Executable?
Help deciphering a few lines of assembly
Explanation of the disassembly of the simplest program (x86)
Debugging and Analyzing a Trojan
Decompiling x86 PE binary to C?
Ollydbg condition
Is there a Perl module that can automate ollydbg?
Tips for debugging a made-for-linux application on windows?
Modifying a program to fake a button press
Will arguments to a function be passed on the stack or in a register?