s*****w
发帖数: 1527 | 1 【 以下文字转载自 Working 讨论区 】
发信人: somehow (要像蟑螂一样的坚强), 信区: Working
标 题: Any one works in Intel for 64bit asm ?
发信站: BBS 未名空间站 (Tue Jul 13 18:31:16 2010, 美东)
Basically my asm code wants to jump
from address “ffff f800 02df 10dc”
to “ffff f8800 0452 c350” in 64-bit windows 7,
What’s the opcode for jmp look like ?
E9 …..
Ff25 …………….
thanks a lot ! | t****t
发帖数: 6806 | 2 e9 74 b2 73 01?
however the rel32 is counted from the address immediately following jmp
instruction. so maybe you want to adjust a little bit.
【在 s*****w 的大作中提到】
: 【 以下文字转载自 Working 讨论区 】
: 发信人: somehow (要像蟑螂一样的坚强), 信区: Working
: 标 题: Any one works in Intel for 64bit asm ?
: 发信站: BBS 未名空间站 (Tue Jul 13 18:31:16 2010, 美东)
: Basically my asm code wants to jump
: from address “ffff f800 02df 10dc”
: to “ffff f8800 0452 c350” in 64-bit windows 7,
: What’s the opcode for jmp look like ?
: E9 …..
: Ff25 …………….
| s*****w
发帖数: 1527 | 3 don't think so, if u look carefully,
the offset is more than 32 bits.
this issue is for 64 bit.
jmp
【在 t****t 的大作中提到】
: e9 74 b2 73 01?
: however the rel32 is counted from the address immediately following jmp
: instruction. so maybe you want to adjust a little bit.
| t****t
发帖数: 6806 | 4 well, if you look carefully, you can see your target address is 68 bits. so
i assume f8800 is the typo of f800.
but if you want me to look carefully, you have to type carefully.
【在 s*****w 的大作中提到】
: don't think so, if u look carefully,
: the offset is more than 32 bits.
: this issue is for 64 bit.
:
: jmp
| s*****w
发帖数: 1527 | 5 u r right, the other address is
ffff f880 0452 c350
any hints for offset > 32 bits ?
bits. so
【在 t****t 的大作中提到】
: well, if you look carefully, you can see your target address is 68 bits. so
: i assume f8800 is the typo of f800.
: but if you want me to look carefully, you have to type carefully.
| t****t
发帖数: 6806 | 6 for >32bit offset, you have to use indirect jmp, i.e. ff/4 r/m64.
【在 s*****w 的大作中提到】
: u r right, the other address is
: ffff f880 0452 c350
: any hints for offset > 32 bits ?
:
: bits. so
| s*****w
发帖数: 1527 | 7 this is the part i don't understand,
what's /4 ?
for this example, what's the exact opcode pls ?
【在 t****t 的大作中提到】
: for >32bit offset, you have to use indirect jmp, i.e. ff/4 r/m64.
| t****t
发帖数: 6806 | 8 it depends on your address mode, obviously -- for ff /4, it means
11111111 XX100XXX
where 5 bits of X have 32 possible values, corresponding to 8 possible
register (R) and 24 possible addressing modes (M).
I assume you have the Inten64/IA32 software developer's manual. Read Volume
2A, Chapter 2.
【在 s*****w 的大作中提到】
: this is the part i don't understand,
: what's /4 ?
: for this example, what's the exact opcode pls ?
| t****t
发帖数: 6806 | 9 wait, this encoding is for 32-bit mode. please ignore this. but you can
still read chapter 2, 64-bit mode encoding just follows.
Volume
【在 t****t 的大作中提到】
: it depends on your address mode, obviously -- for ff /4, it means
: 11111111 XX100XXX
: where 5 bits of X have 32 possible values, corresponding to 8 possible
: register (R) and 24 possible addressing modes (M).
: I assume you have the Inten64/IA32 software developer's manual. Read Volume
: 2A, Chapter 2.
| s*****w
发帖数: 1527 | 10 thanks, i'm a newbie on this,
asm is so complicated, wasting ppl's time
thx again !
possible
Volume
【在 t****t 的大作中提到】
: it depends on your address mode, obviously -- for ff /4, it means
: 11111111 XX100XXX
: where 5 bits of X have 32 possible values, corresponding to 8 possible
: register (R) and 24 possible addressing modes (M).
: I assume you have the Inten64/IA32 software developer's manual. Read Volume
: 2A, Chapter 2.
|
|
