0

The page at http://ref.x86asm.net/coder64.html#xF0 gives various hexadecimal opcodes.

In my Visual studio dissambly, i have

FF E0 jmp rax

I just found pasting 'jmp rax' and assembling in https://defuse.ca/online-x86-assembler.htm#disassembly gives the corresponding hex opcode ( FF E0 in this case).

But is there any manual or documentation showing how can we find out the hex equavalent of jump instructions.( eg. i want to find out equivalent of jmp rbx ) Thanks

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
habi
  • 125
  • 8
  • Refer to the [Intel Software Development Manuals](https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html) or [this resource](http://ref.x86asm.net) or [this one](https://c9x.me/x86/). Note that questions asking for off-site documentation are off topic here, so your question is going to be closed soon. – fuz Aug 10 '20 at 08:24
  • You could read documentation, yes, or you can just feed the assembly to an assembler to get bytes. – Botje Aug 10 '20 at 08:25

1 Answers1

4

Yes, the Intel SDM, volume 2, has complete information on encoding instructions.

Felix Cloutier’s site contains the same information in a web-friendly format.

This page of that site covers the jmp instruction. It shows that jmp rm32 is encoded as ff /4. The /4 represents three bits of the rmmod byte (bits 5:3) that serve as an extension to the instruction. The other bits encode the source. Bits 7:6 are 11 to indicate a register. Bits 2:0 identify which register. In ff e0, bits 2:0 are 000 indicating rax. To use rbx, bits 2:0 would be 011, giving ff e3.

prl
  • 11,716
  • 2
  • 13
  • 31
  • 1
    Re: the `/4` part: [How to read the Intel Opcode notation](https://stackoverflow.com/a/53976236), [x64 instruction encoding and the ModRM byte](https://stackoverflow.com/q/15511482), [What does the /4 mean in FF /4?](https://stackoverflow.com/q/24295464) – Peter Cordes Aug 10 '20 at 17:23