The above question is: Why does JMP 12345678 of the same assembly command correspond to different machine codes? First, the machine code E9 indicates that this is a near jump (near JMP). Here we need to add the relevant knowledge: JMP is divided into three types: ① short jump (short JMP, only jump to the range of 256 bytes), corresponding machine code: EB ② near jump (near JMP, can jump to the address within the same range), corresponding machine code: e9 ③ remote jump (far JMP, which can jump to any address), corresponding machine code: the operands included in the short jump and near jump commands of EA are offset relative to the IP address of (e. The remote jump command contains the absolute address of the target. Therefore, the machine code of the commands that jump to the same target may be different in short/near jump. The remote jump contains an absolute address. Therefore, the machine code of the commands transferred to the same address is the same. So far, we know how the machine code corresponding to the jump command is calculated based on E (IP? For example, in the First Command 01007568-E9 0be13311 JMP 12345678, The EIP = 0100756812345678-01007568 =
1133e110It only points to the EIP of the current command. The actual calculation jump address must remove the length of the current command. The current jump command needs 5 bytes,
1133e110-5 =
1133e10bNote that the order is reversed.Original Article, Reprint please indicate the source: http://blog.csdn.net/php_fly
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
