Expressions

The following operators are supported, and have the same semantics and priority as in C:

&, |, ^, <<, >>, +, -, *, /, %, ~, !, <, <=, >, >=, ==, !=, &&, ||

parenthesis are supported as well. Register names are available as read-only variables. Dereferencing is also allowed with the use of the [] operator similar to Intel's ASM syntax. It is therefore legal to enter the following in the address input box:

[ebx] + (5 * (eax + ecx * 3) & 0xff) << 16

Or you can simply just put in ebx if you want to goto the address contained in ebx.

Note: the dereference operator results in a DWORD on i386 machines and a QWORD on x86-64 machines. You may not use byte ptr, word ptr, dword ptr, or qword ptr like you can in Intel ASM syntax, it is always treated as a pointer to default width for the architecture. If you need to only use part of the result of the dereference, then you use use bitmasking with the AND and SHIFT operators (&, <<, >>).

Also Note: Because numerical constants in expressions work like they do in C, unlike some other tools, things such asbf0213f3 will not be treated as hex and will in fact be an error. Just like in C, you must prefix your hex numbers with 0x (ex: 0xbf0213f3).

Also Note: It is perfectly legal to nest dereferences as you could nest parens, so expressions like this are fine: [[ebx]] assuming that ebx is a pointer to a pointer to data :).

Final Note: because of the lack of any writable variables, operators like ++ and -- do not exist, this has an interesting side effect of statements like:

----5

being entirely valid (that would result in 5 since it is an even number of negations). Normally in C, you would need to write

-(-(-(-(5))))

or

- - - - 5

Since this is a very rarely if ever useful construct, I don't feel this will make any difference. The same applies for all unary operators.