Geek Answers Handbook

What does the jmpq command do in this example?

We use the gdb debugger to read build functions.

In the assembly, we have the following instructions: mov 0xc(%rsp),%eax jmpq *0x402390(,%rax,8)

In memory location *0x402390 we have the value 0x8e . In the rax register, we have a second integer input for this particular function (you can use the y variable).

From our analysis, we came to the conclusion that this function takes three variables (x, y, z) and that they can be found in the memory cell (rsp) , (rsp + 8) , (rsp + 12) respectively.

We would like to know what happens in jmpq *0x402390(,%rax,8) . Do we go to the instructions in (0x8e + rax*8) ? If so, how can we find out what is called this instruction?

This is a complete dump of the assembler code for the phase_3 function:

Full assembly function

+7
assembly terminal att gdb
source share
2 answers

From the GAS-manual :

Intel Form Syntax Indirect Memory Link

  section:[base + index*scale + disp]

converted to AT & T syntax

  section:disp(base, index, scale)

where base and index are optional 32-bit base and index registers, disp is an optional offset and scale, taking values ​​1, 2, 4, and 8 multiplies the index to calculate the operand address.

( https://sourceware.org/binutils/docs/as/i386_002dMemory.html#i386_002dMemory )

So, you can translate jmpq *0x402390(,%rax,8) into the INTEL syntax: jmp [RAX * 8 + 0x402390]. This is an "indirect" jump. At the address [RAX * 8 + 0x402390] - the address that will become the target of jmp . The next step is to determine how many addresses can be found on 0x402390 + x, in which case they are used.

+4
source share

It jumps to a code table with 8 bytes per record, sort of like optimizing the case statement. This is a bit confusing because next to jmpq there is a series of 7 byte sequences, and the code that the jmpq branch (starting with 402390) does not appear on the image.

+1
source share

More articles:


All Articles