3

I'm just looking at the .text section of a simple exe I wrote in C, and I'm just trying to work out how some x86 opcodes are structured.

From what I've been reading, it seems that 0xe9 is a single byte opcode for a relative jump (JMP), however I'm unsure how the rest of the bytes actually form the jump address.

I'm using the super online disassembler ODA to disassemble my program, and this is what is displayed:

.text:0x00411005    e936210000  jmp    0x00413140

So 0xe9 is the JMP instruction, and as this is a 32-bit executable, I'm assuming the next four bytes are going to be the address for the jump, however I'm a little unsure as to how they are actually structured.

If anyone could help shine some light on his, I'd appreciate it.

Thanks

Tony
  • 3,587
  • 8
  • 44
  • 77
  • Isn't this an almost verbatim copy-paste of the question you just deleted? The same advice (read the manual) applies to this question. – Kerrek SB Sep 12 '13 at 12:39
  • Related: http://stackoverflow.com/questions/14921735/asm-write-a-jump-command-to-a-x86-64-binary-file/14922390#14922390 – nrz Sep 12 '13 at 14:22

1 Answers1

14

This is a relative jump, meaning that the destination is given as relative to the next instruction.

This instruction is at address 0x411005 and takes 5 bytes, so the next instruction is at address 0x41100a. The relative amount to jump (encoded as little-endian, i.e. the bytes are stored from least significant to most significant) is 0x2136. So the destination of the jump is 0x41100a + 0x2136 = 0x413140.

interjay
  • 107,303
  • 21
  • 270
  • 254
  • Where could I find the part you said about little endian? (I believe and confirmed it myself right after having read this, but I needed to know about JNZ, which I found and I'm following the little endian again, but I'd like to know where you read that so I could know about the other instructions) – Edw590 May 18 '20 at 22:27
  • 1
    @DADi590 All instructions and their encodings are described in the [Intel architecture manual](https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html) volume 2. – interjay May 19 '20 at 10:35