1

I'm reading https://www.felixcloutier.com/x86/jmp and I'm a little confused about the usage of the last row, Jump far, absolute indirect, address given in m16:64. and how it compares to the rest.

I want to test using each one in Intel-style x64 asm, and this is what I think is happening in order:

0:  eb 03                   jmp    5                #JMP rel8
2:  e9 fa ff 0f 00          jmp    100001           #JMP rel32
7:  ff e0                   jmp    rax              #JMP r64
9:  ff 20                   jmp    QWORD PTR [rax]  #JMP m64
b:  64 ff 24 25 0f 00 00    jmp    QWORD PTR fs:0xf
12: 00                                              #JMP m16:16?
13: 64 67 ff 20             jmp    QWORD PTR fs:[eax] #JMP ??
17: 64 ff 60 17             jmp    QWORD PTR fs:[rax+0x17] #JMP ??

This is objdump disassembly into GAS's .intel_syntax noprefix.

I'm not sure how the last 3 instructions should be read/interpreted, according to the reference. Do they fit the JMP m16:64 family? Also, the last row in the reference shows a REX.W, however all I see is 0x64. Is that like a segment override or something?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Arush Agarampur
  • 1,340
  • 7
  • 20
  • 1
    None of those are far jumps. Yes, `64` is the `fs` override prefix. – Jester Aug 03 '22 at 19:08
  • How would a far jump be encoded then? It would be like `jmp fs:0xFFFFF`? Is the `fs:0xFFFFF` the `m16:64` part of the syntax? I don't this is absolute indirect because the address is in the operand. – Arush Agarampur Aug 03 '22 at 19:16
  • 1
    `fs` is a red herring. That is just a segment override for the address itself. Has no effect on near vs far. Syntax depends on assembler, but using _nasm_ you would write `jmp dword far [rax]` to get the `ff 28` for the `m16:32` case and `jmp qword far [rax]` to get the `rex.w` prefix for the `m16:64` case. – Jester Aug 03 '22 at 19:29
  • For gnu assembler you'd write `jmp fword ptr [rax]` for the `m16:32` and you'd have to add the `rex.W` manually if you wanted the `m16:64`. At least I could not find a better way. Note that in 64 bit mode you rarely, if ever, use far jumps. One reason would be to jump between 64 and 32 bit code sections but you don't normally have both. – Jester Aug 03 '22 at 19:37
  • Near duplicate of [Encoding JMP FAR and CALL FAR in x86-64](https://stackoverflow.com/q/51832437) which shows syntax for NASM, AT&T, and GAS `.intel_noprefix`. But since there are or were GAS bugs with it, it's not the clearest example of correct syntax. `llvm-objdump` and `clang` were fine. – Peter Cordes Aug 03 '22 at 20:34
  • Also [Intel Assembly ljmp syntax from AT&T syntax](https://stackoverflow.com/q/65347376) re: `jmp ptr16:32` syntax for GAS Intel or AT&T mode. (And clang.) – Peter Cordes Aug 03 '22 at 20:41

0 Answers0