How to find the jmp address during a x86 function call?

The assembler does not break down call into two instructions. Call is a separate instruction that has its own machine-language opcodes.

Up vote -1 down vote favorite share g+ share fb share tw.

Suppose we have a call foo statement. So when the assembler encounters a call statement it breaks it down into - push ip + 6 jmp I have the return address in a register ebx. Now I want to find out the "addr of foo".

How do I do it? I want to confirm that the push statement is present before the jmp. Will the memory map look something like this?

------- push (what will be the value stored in this byte? Opcode? ) ------- jmp (what will be the value stored in this byte?

Opcode? ) ------- jmp byte 1 ------- jmp byte 2 ------- jmp byte 3 ------- jmp byte 4 ------- return address stored in ebx ------- What are the opcodes for push and jmp? Assembly x86 link|improve this question asked Dec 31 '10 at 9:21Bruce2,036940 87% accept rate.

1 call is an instruction that is executed by the processor. The assembler doesn't transform it. You can think of it as being equivalent to a push and a jmp, but they're not the same thing.

– wj32 Dec 31 '10 at 9:32 @wj32: ok if call is executed by processor. How do I get the address of the place where it jumps to? – Bruce Dec 31 '10 at 9:39 @wj32: What is the memory map of call statement?

– Bruce Dec 31 '10 at 9:41.

The assembler does not break down call into two instructions. Call is a separate instruction that has its own machine-language opcodes. There are different opcodes for call, depending on the type of call (near or far, address given as relative value or indirectly in memory contents, etc.) For the normal type of call in 32-bit mode (relative near call), you would have the opcode E8 followed by a 4-byte value that specifies the target address, relative to the next instruction after the call.

For more information, see the entry for call in the Intel Manual, volume 2.

Can you please point me to the reference where you got the opcode for call. – Bruce Dec 31 '10 at 9:42 @Bruce: I added a link to the standard reference. – interjay Dec 31 '10 at 9:48.

As @wj32 says in the comment above, CALL is a single instruction - it doesn't get "broken down" into a PUSH and a JMP. The opcode for CALL can be E8, 9A or FF depending on how the destination address is specified. See Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 2A: Instruction Set Reference, A-M in section 3.2, under "CALL", for full details of the various different opcodes.

It depends on the type of call. You can get all the information you need from the Intel manuals. This includes instruction encoding, etc. I'll quote the relevant bit below (for near calls): The target operand specifies either an absolute offset in the code segment (an offset from the base of the code segment) or a relative offset (a signed displacement relative to the current value of the instruction pointer in the EIP register; this value points to the instruction following the CALL instruction).

The CS register is not changed on near calls.

Use a dissembler and I think you might end up with the absolute address of foo! Cause the linker does that and the compiled code doesn't has the names. Same for global variables eg if you assemble you get j foo but compile then dissamble nd ull get j 0X45335.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.