Need help understanding E8 asm call instruction x86

assembly x86 disassembly
14,685

Whatever you're using to obtain the disassembly is trying to be helpful, by giving the target of the call as an offset from some symbol that it knows about -- but given that the offset is so large, it's probably confused.

The actual target of the call can be calculated as follows:

  • E8 is a call with a relative offset.
  • In a 32-bit code segment, the offset is specified as a signed 32-bit value.
  • This value is in little-endian byte order.
  • The offset is measured from the address of the following instruction.

e.g.

<some address>       E8 32 F6 FF FF         call <somewhere>
<some address>+5     (next instruction)
  • The offset is 0xFFFFF632.
  • Interpreted as a signed 32-bit value, this is -0x9CE.
  • The call instruction is at <some address> and is 5 bytes long; the next instruction is at <some address> + 5.
  • So the target address of the call is <some address> + 5 - 0x9CE.
Share:
14,685

Related videos on Youtube

Michael
Author by

Michael

Updated on June 04, 2022

Comments

  • Michael
    Michael almost 2 years

    I need a helping hand in order to understand the following assembly instruction. It seems to me that I am calling a address at someUnknownValue += 20994A?

    E8 32F6FFFF - call std::_Init_locks::operator=+20994A
  • Michael
    Michael about 12 years
    Tank you so much. Your example is spot on!
  • Rafa
    Rafa about 9 years
    @Matthew could the call instruction be more than 5 bytes long? (In a x86 archi. can the next instric. be at <some address> + 6)? In what case?
  • Vladislav Ivanishin
    Vladislav Ivanishin over 8 years
    @Rafa, call relative offset instruction is 5 bytes, because max relative offset must fit in 4 bytes. If the target is farther than 2**31 bytes away, mov reg, imm64; call reg is used.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How might I convert Intel 80386 Machine Code to Assembly Language?
sub eax,0 - does it do anything?
Switch Case Assembly Language
SAR command in X86 assembly with one parameter
How to loop in assembly language
Using scanf with x86-64 GAS assembly
What does this assembly language code mean?
Bomb lab phase 5 - 6 char string, movzbl load, and $0xf, %ecx, and index an array with that?
What does this assembly code do? (TEST,XOR,JNZ)
how to get address of variable and dereference it in nasm x86 assembly?