0

In the below example I expect that the value of rax should be equal to 0x555555555ffd. But after I execute the instruction the rax shows the address of 0x555555556004. How lea instruction calculates the loaded address?

(gdb) disassemble main
...
...
...
0x000055555555515c <+19>:    jmp    0x555555555171 <main+40>
=> 0x000055555555515e <+21>:    lea    rax,[rip+0xe9f]        # 0x555555556004
0x0000555555555165 <+28>:    mov    rdi,rax
...
...
...

(gdb) x/4bx $rip+0xe9f
**0x555555555ffd**: 0x00    0x00    0x00    0x01

(gdb) nexti

(gdb) i r $rax
rax            **0x555555556004**      93824992239620

The result of $rip+0xe9f makes me confused. I thought this result should be loaded in the rax register.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
lambdavary
  • 1
  • 1
  • 2
    `rip` *during* execution of an instruction is the end of that instruction, start of the next. Same as how encoding for relative `jmp` / `call` works. – Peter Cordes Mar 14 '23 at 20:16
  • Further duplicates: [what does "mov offset(%rip), %rax" do?](https://stackoverflow.com/q/29421766) / [Understanding %rip register in intel assembly](https://stackoverflow.com/q/42215105) . (I forgot to dup-hammer before re-tagging replaced all the tags I had a gold badge in. RIP-relative addressing is specific to [x86-64] so I removed [x86].) – Peter Cordes Mar 14 '23 at 20:25
  • @PeterCordes thanks for your answer. 0x0000555555555165 + 0xe9f gives me the correct address. – lambdavary Mar 15 '23 at 15:26

0 Answers0