All geek questions in one place

Calculate JMP opcodes

I am trying to calculate the correct codes for the jump, I looked at this in other threads, and I still don't understand:

I thought the formula was desination - (from+5) , but it just doesn't work, it's far away, here are the addresses that I want to jump to / from:

 FROM: 6259326B TO: 02980000 CORRECT OPCODE: E9 90CD3EA0 FORMULA OPCODE: E9 5FC13266

So I have problems with this, any help was appreciated.

+4
source share
3 answers

You are calculating negative jmp! Therefore, the correct formula:

0 - (from - desination) - 5

0 - ($ 6259326B - $ 02980000) - 5

which is equal to $ A03ECD90 (or $ 90CD3EA0 at the small end).

+5
source

The formula is fine (although it seems that the assembly provided and the addresses do not match exactly: 02980000 - 6259326b - 5 = c726cd90 , reverse the byte order, and it almost matches your correct assembly, Id accept its image off, etc.) Are you sure you did the math correctly and reversed the byte order to match the required encoding (small end) for a relative 32-bit jump?

+1
source

The formula is correct if the jump instruction has exactly 5 bytes, and FROM is the address of this jump instruction. If the length is not 5 or the FROM not where jmp is, this is not true.

With this, you get modulo 2 32 arithmetic:

2980000H- (6259326BH + 5) = 0A03ECD90H.

If you do not understand how 2980000H - 62593270H equals 0A03ECD90H in 32 bits, imagine for a moment that you subtract from 102980000H instead of 2980000H, that is, you set the 33rd bit. Then you have 102980000H - 62593270H = 0A03ECD90H. And you can check that 102980000H = 62593270H + 0A03ECD90H. But since you only have 32 bits to calculate, this 33rd bit, no matter what it is, will not affect the amount and difference. Thus, you simply subtract the two numbers as 32-bit numbers and accept the least significant 32 bits of the result, ignoring any outstanding roles from the bits outside the 32nd.

And 0A03ECD90H should be encoded in the jmp instruction from the least significant byte to the most significant byte, so you will get this sequence of bytes encoding the instruction:

E9, 90, CD, 3E, A0.

A similar question was asked before.

+1
source

Source: https://habr.com/ru/post/1382077/

More articles:


All Articles