英文:
machine code FF 25 should have 64-bit operand but actually only 32-bit is available
问题
I have some machine codes as follow:
FF 25 CA 21 00 00
I know it's a JMP's opcode with Op/En set to M, which means there's a ModR/M byte after it.
0x25 => 0x00100101, so the reg is 0b100, and the opcode is actually FF /4. However, the only matching one in JMP opcode summary table is:
FF /4 ---- JMP r/m64 ---- Jump near, absolute indirect, RIP = 64-Bit offset from register or memory
This means what follows the ModR/M byte should be a 64-bit operand. But I only have a 32-bit operand, CA 21 00 00.
Did I miss something? Give me some hints on this.
英文:
I have some machine codes as follow:
FF 25 CA 21 00 00
I know it's a JMP's opcode with Op/En set to M, which means there's a ModR/M byte after it.
0x25 => 0x00100101, so the reg is 0b100, and the opcode is actually FF /4. However, the only matching one in JMP opcode summary table is:
> FF /4 ---- JMP r/m64 ---- Jump near, absolute indirect, RIP = 64-Bit offset from register or memory
This means what follows the ModR/M byte should be a 64-bit operand. But I only have a 32-bit operand, CA 21 00 00.
Did I miss something? Give me some hints on this.
答案1
得分: 3
以下是翻译好的内容:
这是一次间接跳转。 r/m64是指针加载为数据到RIP的操作数大小,而不是用于编码要加载的地址的字节数,也不是新的RIP本身。
25 是一个编码RIP相对寻址模式的ModRM,因此这4个字节是rel32,用于[rip+rel32] 寻址模式。
请查看 https://defuse.ca/online-x86-assembler.htm#disassembly2 或任何其他方便的方式将这些字节输入反汇编器:
ff 25 ca 21 00 00 jmp QWORD PTR [rip+0x21ca]
另请参阅
英文:
It's an indirect jump. r/m64 is the operand-size for the pointer to load as data into RIP, not the number of bytes used to encode the address to load from, or the new RIP itself.
25 is a ModRM that encodes a RIP-relative addressing mode, so the 4 bytes are a rel32 for the [rip+rel32] addressing mode.
Check https://defuse.ca/online-x86-assembler.htm#disassembly2 or any other convenient way to feed those bytes to a disassembler:
ff 25 ca 21 00 00 jmp QWORD PTR [rip+0x21ca]
See also
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论