Asterisk pointer in assembly (I32 / x86)

Question

Asterisk pointer in assembly (I32 / x86)

Line of violation:

8048f70: ff 24 85 00 a4 04 08 jmp *0x804a400(,%eax,4)

In the disassembled code, there is no instruction at location 804a400 (my list ends with 804a247)

When I check that in this memory cell I get:

 (gdb) x/c 0x804a40c 0x804a40c: -103 '\231' (gdb) x/t 0x804a40c 0x804a40c: 10011001 (gdb) x/s 0x804a40c 0x804a40c: "\231\217\004\b\222\217\004\b\211\217\004\b\202\217\004\bw\217\004\b\002" (gdb) x/3x 0x804a40c 0x804a40c: 0x99 0x8f 0x04

What exactly is this jmp statement trying to do?

+4

assembly pointers x86 att gdb jmp

user1175133 Oct 11 '12 at 20:15

source share

1 answer

srking · Answer 1 · 2012-10-11T20:31:27+0000

This instruction is an indirect leap. This means that the indicated memory address is not the destination of the transition, but a pointer to the destination of the transition.

First, the instruction loads the value at the memory address:

 *0x804a400(,%eax,4)

which is more clearly written as:

 0x804a400 + %eax * 4 // %eax can be negative

And then set% eip to this value.

The best way to decrypt them is to use the Intel Programmer Reference. Table 2-2 in Volume 2A provides the splitting of the ModR / M byte, and in this case also the SIB byte.

Asterisk pointer in assembly (I32 / x86)

More articles: