Call absolute address in x64
Question
I could not figure this out, I can make an instruction like this and it works no problem
call ffffdd80d60e4000
But how would I go about converting this into bytes? I looked at the instruction in memory and shows weird stuff like
0xe8 0x00 0x40 0x0e 0xd6
The only thing I can identify is the e8 which is the call opcode. Can someone explain what the other 4 bytes are and how would I go about converting an instruction like this into a byte array if the address I need to call is a DWORD64 value? I tried and I can't simply copy the bytes of the address and add an 0xe8 at the start. Sorry if it might be a dumb question, but I searched through books and websites and couldn't find anything about it.
1 answers
solution1
2 ACCPTED 2018-07-12 18:43:47
As Jester said, normally a call uses a relative address. If you want to use an absolute address, you can put the destination in a register like this:
48 b8 00 40 0e d6 mov rax, 0xffffdd80d60e4000
80 dd ff ff
ff d0 call rax
You can also call an address that is in memory. For example if the destination address is in memory at [rsp+8], then
ff 54 24 08 call [rsp+8]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.