Opcode and ModRM for the 'call dword ptr [mem32]' question?

Question

Opcode and ModRM for the 'call dword ptr [mem32]' question?

Why can't you call the pointer address from the EBP register? What I mean by this is shown in the following code template.

OpCode: '0xFF 0x10' → CALL DWORD PTR DS: [EAX]
OpCode: '0xFF 0x11' → CALL DWORD PTR DS: [ECX]
OpCode: '0xFF 0x12' → CALL DWORD PTR DS: [EDX]
OpCode: '0xFF 0x13' → CALL DWORD PTR DS: [EBX]
OpCode: '0xFF 0x14' → CALL DWORD PTR SS: [ESP + EDI]
OpCode: '0xFF 0x15 0x012345678' → CALL DWORD PTR DS: [0x012345678]
OpCode: '0xFF 0x16' → CALL DWORD PTR DS: [ESI]
OpCode: '0xFF 0x16' → CALL DWORD PTR DS: [EDI]

'5' is noted in the Intel Instruct Guide, but '6' is never mentioned directly, and it never explicitly states that you cannot call it from the EBP register. I know that this is not a useless function, but I was wondering why Intel chooses these two registers to use, was it just a design choice or is there something I miss? (I have an assumption, but I'm curious what the real reason is.)

+3

assembly opcode

Connor Jan 6 '11 at 2:55

source share

1 answer

Chris Dodd · Accepted Answer · 2011-01-06T03:28:53+0000

You can call via EBP, it is easy to code it in different ways. You will need a sequence

0xff 0x55 0x00

, EBP ( EBP 0), , EBP (0x15), 32 - .

0xff 0x14 - ( SIB), , . ESP + EDI, , 0x3c - , 0x24, ESP

, EBP ESP , , , ESP - ( push/pop), EBP - , . , , 80386.

Opcode and ModRM for the 'call dword ptr [mem32]' question?

More articles: