<!DOCTYPE html> <html> <head> <title>edb - Expressions</title> <link rel=stylesheet type="text/css" href="css/style.css"> </head> <body> <h1>Expressions</h1> <p>the following operators are supported, and have the same semantics and priority as in C:</p> <pre><code class="language-c">&, |, ^, <<, >>, +, -, *, /, %, ~, !, <, <=, >, >=, ==, !=, &&, ||</code></pre> <p>parenthesis are supported as well. Register names are available as read-only varables. Dereferencing is also allowed with the use of the [] operator similar to Intel's ASM syntax. It is therfore legal to enter the following in the address input box:</p> <pre><code class="language-c">[ebx] + (5 * (eax + ecx * 3) & 0xff) << 16</code></pre> <p>Or you can simply just put in <code class="language-c">ebx</code> if you want to goto the address contained in <code class="language-c">ebx</code>.</p> <p><strong>Note:</strong> the dereference operator results in a DWORD on i386 machines and a QWORD on x86-64 machines. You may not use byte ptr, word ptr, dword ptr, or qword ptr like you can in Intel ASM syntax, it is always treated as a pointer to default width for the architecture. If you need to only use part of the result of the dereference, then you use use bitmasking with the AND and SHIFT operators (<code class="language-c">&</code>, <code class="language-c"><<</code>, <code class="language-c">>>></code>).</p> <p><strong>Also Note:</strong> because numerical constants in expressions work like they do in C things like <code class="language-c">bf0213f3</code> will no longer default to hex and will in fact be an error. Just like in C, you must prefix your hex numbers with 0x (ex: <code class="language-c">0xbf0213f3)</code>.</p> <p><strong>Also Note:</strong> It is perfectly legal to nest dereferences as you could nest parens, so expressions like this are fine: <code class="language-c">[[ebx]]</code> assuming that ebx is a pointer to a pointer to data :).</p> <p><strong>Final Note:</strong> because of the lack of any writable variables, operators like <code class="language-c">++</code> and <code class="language-c">--</code> do not exist, this has an interesting side effect of statements like:</p> <pre><code class="language-c">----5</code></pre> <p>being entirely valid (that would result in 5 since it is an even number of negations). Normally in C, you would need to write</p> <pre><code class="language-c">-(-(-(-(5))))</code></pre> <p>or</p> <pre><code class="language-c">- - - - 5</code></pre> <p>Since this is a very rarely if ever useful construct, I don't feel this will make any difference. The same applies for all unary operators.</p> </body> </html>
