Jmp FWORD PTR [eax-0x67]?

Question

Jmp FWORD PTR [eax-0x67]?

The FWORD data type is defined as 6 bytes, and how it is converted to a 32-bit virtual address in the jmp instruction:

jmp FWORD PTR [eax-0x67]

? ...

+4

assembly x86

Bhubhu hbuhdbus Sep 14 '12 at 21:01

source share

2 answers

The long jump uses the full base of segments: the offset value is an absolute address, so it is composed of a 16-bit segment and a 32-bit address. It moves to an instruction located in a different segment than the current code segment, but must have the same privilege level.

+2

Gj. Sep 14 '12 at 21:22

source share

cHao · Accepted Answer · 2012-09-14T21:17:49+0000

When you switch to FWORD PTR, what you do is jump forward, that is, a pointer memory containing a 16-bit “selector” (which refers to writing a segment to GDT or LDT) and a 32-bit offset from the beginning segment to which the selector belongs. A segment descriptor contains data about a segment, of course ... including where in memory it starts.

During the transition, the CPU performs some privilege checks to make sure that the selector is valid and allowed (there are privilege levels, segment types, etc.), then it efficiently loads the first 16 bits into CS, and the rest into EIP, From now on, code Addresses effectively add the base address of the CS segment to them to turn them into virtual addresses.

Jmp FWORD PTR [eax-0x67]?

More articles: