计算JMP操作码
[英]Calculate the JMP opcodes
问题描述
I'm trying to calculate the correct op codes for a jump, I've looked at this in other threads and I still don't understand: 
我正在尝试计算跳转的正确操作码,我在其他线程中看过这个,但我仍然不明白:
I thought the formula was desination - (from+5) but its just not working, it's way off, here's the addresses that I want to jump to/from: 我认为公式是desination - (from+5)但它只是不起作用,它离开了,这里是我想要跳转的地址:
FROM: 6259326B
TO: 02980000
CORRECT OPCODE: E9 90CD3EA0
FORMULA OPCODE: E9 5FC13266
So I'm having problems with this, any help appreciated. 所以我有这个问题,任何帮助赞赏。
3 个解决方案
解决方案1
5 已采纳 2011-11-19 20:36:51
You are calculating negative jmp! 你正在计算负jmp! So correct formula is: 所以正确的公式是:
0 - (from - desination) - 5
0 - ($6259326B - $02980000) - 5
what is equal $A03ECD90 (or $90CD3EA0 in little endian). 等于$ A03ECD90 (或小端的$ 90CD3EA0)。
解决方案2
1 2011-11-19 20:19:51
The formula is fine (though it seems the provided assembly and addresses dont exactly match: 02980000 - 6259326b - 5 = c726cd90 , reverse the byte order and it almost matches your correct assembly, Id assume its off due image relocation etc.). 公式很好(虽然似乎提供的程序集和地址不完全匹配: 02980000 - 6259326b - 5 = c726cd90 ,反转字节顺序,它几乎匹配您正确的程序集,Id假定其关闭到期图像重定位等)。 Are you sure you did the math correctly and reversed the byte order to match the required encoding (little endian) for a relative 32bit jump? 你确定你正确地进行了数学运算并颠倒了字节顺序以匹配相对32位跳转所需的编码(小端)吗?
解决方案3
1 2011-11-19 22:19:35
The formula is correct, assuming the jump instruction has exactly 5 bytes and FROM is the address of this jump instruction. 该公式是正确的,假设跳转指令恰好有5个字节, FROM是该跳转指令的地址。 If the length isn't 5 or FROM isn't where jmp is, it's incorrect. 如果长度不是5或FROM不是jmp所在的位置,则不正确。
With that you get in modulo 2 32 arithmetic: 有了这个你得到modulo 2 32算术:
2980000H-(6259326BH+5)=0A03ECD90H.
If you don't understand how 2980000H - 62593270H equals 0A03ECD90H in 32 bits, imagine for a moment that you're subtracting from 102980000H instead of 2980000H, that is, you have the 33rd bit set. 如果你不理解2980000H - 62593270H如何等于32位的0A03ECD90H,想象一下你从102980000H而不是2980000H减去,也就是说,你设置了第33位。 Then you have 102980000H - 62593270H = 0A03ECD90H. 然后你有102980000H - 62593270H = 0A03ECD90H。 And you can verify that 102980000H = 62593270H + 0A03ECD90H. 并且您可以验证102980000H = 62593270H + 0A03ECD90H。 But since you only have 32 bits for the calculation, that 33rd bit, whatever it is, is not going to affect the sum and difference. 但由于你只有32位用于计算,所以33位,无论它是什么,都不会影响总和和差异。 So you just subtract the two numbers as 32-bit numbers and take the least significant 32-bits of the result, ignoring any outstanding borrows from bits beyond the 32nd. 因此,您只需将这两个数字减去32位数字,并取结果的最低32位,忽略超出32位的任何未完成的借位。
And 0A03ECD90H has to be encoded in the jmp instruction from the least significant byte to the most significant byte, so you get this sequence of bytes encoding the instruction: 并且0A03ECD90H必须在从最低有效字节到最高有效字节的jmp指令中进行编码,因此您可以获得编码指令的这个字节序列:
E9, 90, CD, 3E, A0.
A similar question has been asked before. 之前已经提出过类似的问题 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.