Hello,
I wanted to verify that the relative jump in my program is properly transalated into machine code. Consider following example: <code begins> extern char handler[], endhandler[]; /* C-code glue for the asm insert */ asm( ".data\n" ".code16\n" ".globl handler, endhandler\n" "\n" "handler:\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "jmp handler\n" "endhandler:\n" "\n" ".text\n" ".code32\n" );
int main(void) { return 0; } <code ends>
There are 64 NOPs, on the basis of these I want to locate my jmp instruction after compiling. I am interested about "jmp handler\n"-instruction.
I compile the example above, then start hexdump -vC compiled_example | less and look for 64 times of 0x90 (opcode for NOP). I find them: <snippet of hexdump starts> 00005740 00 00 00 00 00 00 00 00 84 e5 04 08 90 90 90 90 |................| 00005750 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| 00005760 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| 00005770 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| 00005780 90 90 90 90 90 90 90 90 90 90 90 90 e9 bd ff 00 |................| 00005790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| <snippet of hexdump end> Exactly 64 times 0x90, fine... The next code after the last 0x90 is 0xe9. Look at "Intel Architecture Software Developers Manual Vol2" tells: its jump instruction, the next two bytes (bd ff) specify the relative address to jump. bdff must be in second complement and represent minus 4201. But offset 4201 does not jumps to the start of the NOP sequence, it jumps to a very smaller address...
Do you have any hints?
Regards
Shadravan
--------------------------------- Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
* Shadravan Fontanov shadravan_f@yahoo.com [070629 19:03]:
Exactly 64 times 0x90, fine... The next code after the last 0x90 is 0xe9. Look at "Intel Architecture Software Developers Manual Vol2" tells: its jump instruction, the next two bytes (bd ff) specify the relative address to jump. bdff must be in second complement and represent minus 4201. But offset 4201 does not jumps to the start of the NOP sequence, it jumps to a very smaller address...
The number is little endian, so it is 0xffbd, which is 2 bytes short of 0xffc0, which is -64 in 16bit hex.
Stefan
Hi,
X86 is a little endian machine so e9 bd ff -> JMP relative 0xFFBD or JMP relative -0x43 (i might be of by one ...) = -67 decimal (64 for the nops and 3 for the e9 bd ff ) its is relative to the next instruction if i remember right ...
greetings, todthgie
----- Original Message ----- From: Shadravan Fontanov To: linuxbios@linuxbios.org Sent: Friday, June 29, 2007 19:03 Subject: [LinuxBIOS] General question abouts jumps in machine code
Hello,
I wanted to verify that the relative jump in my program is properly transalated into machine code. Consider following example: <code begins> extern char handler[], endhandler[]; /* C-code glue for the asm insert */ asm( ".data\n" ".code16\n" ".globl handler, endhandler\n" "\n" "handler:\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "nop\n" "jmp handler\n" "endhandler:\n" "\n" ".text\n" ".code32\n" );
int main(void) { return 0; } <code ends>
There are 64 NOPs, on the basis of these I want to locate my jmp instruction after compiling. I am interested about "jmp handler\n"-instruction.
I compile the example above, then start hexdump -vC compiled_example | less and look for 64 times of 0x90 (opcode for NOP). I find them: <snippet of hexdump starts> 00005740 00 00 00 00 00 00 00 00 84 e5 04 08 90 90 90 90 |................| 00005750 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| 00005760 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| 00005770 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 |................| 00005780 90 90 90 90 90 90 90 90 90 90 90 90 e9 bd ff 00 |................| 00005790 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| <snippet of hexdump end> Exactly 64 times 0x90, fine... The next code after the last 0x90 is 0xe9. Look at "Intel Architecture Software Developers Manual Vol2" tells: its jump instruction, the next two bytes (bd ff) specify the relative address to jump. bdff must be in second complement and represent minus 4201. But offset 4201 does not jumps to the start of the NOP sequence, it jumps to a very smaller address...
Do you have any hints?
Regards
Shadravan
------------------------------------------------------------------------------ Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
------------------------------------------------------------------------------
-- linuxbios mailing list linuxbios@linuxbios.org http://www.linuxbios.org/mailman/listinfo/linuxbios
-
Shadravan Fontanov -
Stefan Reinauer -
todthgie