JMP instruction - Hex code

assembly hex x86-64 machine-code
35,301

Solution 1

There is no jump of the form JMP absaddr to an absolute address in 64 bit mode. The operand of a jump is always a 32 bit relative displacement to rip, which gets sign extended to 64 bit.

The reason you see no consistency is possibly that the offset depends on the the current instruction pointer and you didn't recognize that.

jmp eax isn't allowed either, as addresses are of course always 64 bit wide on a 64 bit architecture. A sequence mov rax, addr + jmp rax is possible, it would look like

48 c7 c0 35 08 40 00            mov rax, 0x00400835
ff e0                           jmp rax

or

48 b8 35 08 40 00 00 00 00 00   mov rax, 0x0000000000400835
ff e0                           jmp rax

How did I know these hex codes? Well, I did ask my compiler. I compiled with gcc -c and disassembled with objdump. I didn't bother to use Intel syntax, because I don't need it. So this is in AT&T syntax.

echo 'asm("mov $400835, %rax\n jmp *%rax\n");' > test.c
gcc -c test.c
objdump -d test.o

Solution 2

If you don't want to use a register for whatever reason, it's also possible to encode a 64 bit absolute immediate jump as

ff 25 00 00 00 00           jmp qword ptr [rip]      jmp *(%rip)
yo ur ad dr re ss he re     some random assembly

rip refers to the instruction pointer AFTER the jmp instruction itself, so it's a pointer to your address.

Share:
35,301
Deepanjan Mazumdar
Author by

Deepanjan Mazumdar

Updated on July 09, 2022

Comments

  • Deepanjan Mazumdar
    Deepanjan Mazumdar almost 2 years

    Have a doubt regarding the hex code conversion of JMP machine instruction. I have the absolute address I want to jump to, say "JMP 0x400835". First of all, is this allowed? If yes, what would be the corresponding hex code? If not, can I first store the address in some register, say EAX and then put "JMP EAX"? I am working on x86(64b) architecture.

    I have tried to print out the hex code from the diassem output in gdb, but there is no consistency, ie, I do not see the destination address in the hex code.

    I am new to hex code and machine instructions, so pardon my ignorance.

  • Deepanjan Mazumdar
    Deepanjan Mazumdar about 12 years
    Thank you for the answer. This really helped me. objdump is seriously a good tool!
  • Deepanjan Mazumdar
    Deepanjan Mazumdar about 12 years
    Hey.. I have marked your post as "useful".. that's what is needed I guess, right?
  • Man of One Way
    Man of One Way almost 10 years
    Do you mean "jmp absaddr" will be "jmp %rip + absaddr" (where absaddr has to be equal or less than 32bit)?
  • Gunther Piez
    Gunther Piez almost 10 years
    @ManofOneWay Nor sure what you are trying to ask, as there is no jmp absaddr and jmp %rip+absaddr isn't absolute. If you tell the assembler to translate some code in the kind of jmp someaddr it will calculate the relative distance from the current address (which will later on execution time be in %rip) to someaddr and emit e9 xx xx xx xx, where the four xx bytes correspond to the calculated address difference.
  • Kibernetik
    Kibernetik over 9 years
    Here you write "jmp *%rax". Can you please tell where I can find description of this syntax? Because everywhere AT&T syntax is explained, this JMP syntax is not listed.
  • Peter Cordes
    Peter Cordes over 5 years
    mov eax, 0x00400835 / mov $0x00400835, %eax is only 5 bytes. There's zero benefit to sign-extending that immediate with a 64-bit mov instead of relying on implicit zero-extension from writing EAX. Why do x86-64 instructions on 32-bit registers zero the upper part of the full 64-bit register?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is x86-64 machine language big endian?
What does "rep; nop;" mean in x86 assembly? Is it the same as the "pause" instruction?
How to copy the value at a certain address in memory to a register in gcc AT&T style
Division and modulus using single divl instruction (i386, amd64)
Using scanf with x86-64 GAS assembly
What is the difference between "mov (%rax),%eax" and "mov %rax,%eax"?
Passing Parameters in 64 bit Assembly Function from C language. Which Register Receive These Parameter?
Assembly Syscalls in 64-bit Windows
Assembly/Linking problem with nasm and ld
Assembly 64bit - movl, movq. Interchanging is okay?