1.9 Expressions

The expressions are mathematical representations of a 64 bit numeric value which can be displayed in different formats, compared or used at any command as a numeric argument. They support multiple basic arithmetic operations and some binary and boolean ones. The command used to evaluate these math expressions is the '?'. Here there are some examples:

[0xB7F9D810]> ? 0x8048000
0x8048000 ; 134512640d ; 1001100000o ; 0000 0000  
[0xB7F9D810]> ? 0x8048000+34
0x8048022 ; 134512674d ; 1001100042o ; 0010 0010  
[0xB7F9D810]> ? 0x8048000+0x34
0x8048034 ; 134512692d ; 1001100064o ; 0011 0100  
[0xB7F9D810]> ? 1+2+3-4*3
0x6 ; 6d ; 6o ; 0000 0110 
[0xB7F9D810]> ? [0x8048000]
0x464C457F ; 1179403647d ; 10623042577o ; 0111 1111  

The supported arithmetic expressions supported are:

+ : addition
- : substraction
* : multiply
/ : division
% : modulus
> : shift right
< : shift left

The binary expressions should be scapped:

\| : logical OR
\& : logical AND

The values can be numbers in many formats:

0x033   : hexadecimal
3334    : decimal
sym.fo  : resolve flag offset
10K     : KBytes  10*1024
10M     : MBytes  10*1024*1024

There are other special syntaxes for the expressions. Here's for example some of them:

$$            ; current seek
$$$           ; size of opcode at current seek
$${file.size} ; file.size (taken from eval variable)
$$j           ; jump address (branch of instruction)
$$f           ; false address (continuation after branch)
$$r           ; data reference from opcode

For example:

[0x4A13B8C0]> :pd 2
0x4A13B8C0,  mov eax, esp        
0x4A13B8C2   call 0x4a13c000     

[0x4A13B8C0]> :? $$+$$$
0x4a13b8c2

[0x4A13B8C0]> :pd 1 @ +$$$
0x4A13B8C2   call 0x4a13c000