无条件跳转指令0xFF的Mod R/M字节(如果有)是什么意思? [英] What meaning, if any, does the Mod R/M byte carry for the unconditional jump instruction 0xFF?

问题描述

请考虑以下代码，这些代码是在具有gcc 4.8.2

Consider the following code, compiled on a 32-bit Ubuntu 14.04.2 with gcc 4.8.2

#include <unistd.h>

int main(){
    _exit(0);
}

如果我在gdb中打开此代码并运行disas /r _exit，则会得到以下信息.

If I open this code in gdb and run disas /r _exit, I get the following.

(gdb) disas /r _exit
Dump of assembler code for function _exit@plt:
   0x080482f0 <+0>:     ff 25 0c a0 04 08       jmp    *0x804a00c
   0x080482f6 <+6>:     68 00 00 00 00  push   $0x0
   0x080482fb <+11>:    e9 e0 ff ff ff  jmp    0x80482e0
End of assembler dump.
(gdb)

Intel手册告诉我们ff是JMP的操作码，而最后四个字节显然是目标地址.在对Intel指令的结构进行了一些研究之后，25似乎是一个Mod R/M字节，但是我找不到相对于JMP指令应如何解释Mod R/M字节.

The Intel manual tells us that ff is the opcode for JMP, while the last four bytes are clearly the target address. After some research into the structure of Intel instructions, the 25 appears to be a Mod R/M byte, but I could not find how the Mod R/M byte should be interpreted with respect to the JMP instruction.

我已经阅读了对Mod R/的一般解释M个字节，但我不明白字节0x25在上面的disas输出中所代表的具体含义.

I have already read up on the general interpretation of the Mod R/M byte, but I do not understand what specific meaning the byte 0x25 carries in the disas output above.

0x25在这里的具体含义是什么?相对于JMP，Mod R/M字节的一般解释是什么?

What is the specific meaning of 0x25 here, and what is the general interpretation of the Mod R/M byte with respect to JMP?

推荐答案

操作码0xFF的MODRM字节的含义与使用MODRM字节的任何其他指令的含义相同.

The meaning of the MODRM byte is the same for opcode 0xFF as it is for any other instruction that uses the MODRM byte.

关于此的最佳参考是在线的英特尔指令集手册.您需要使用第2节和JMP指令上的页面正确解释此操作码的MODRM位.

Your best reference for this are the online Intel Instruction set manuals. Section 2 and the page on the JMP instructions are the ones you need to interpret the MODRM bits properly for this opcode.

"0x25"的解释是:

The interpretation of "0x25"is:

• (第7-6位)MOD =二进制00
• (位5-3)Reg/Opcode =二进制100
• (位2-0)R/M =二进制101

MOD = 00并且R/M =二进制101表示MODRM字节后的使用disp32"(32位地址). MODRM字节后的32位偏移量是存储位置.您可以在调试清单的反汇编jmp指令中看到它的值.

MOD=00 and R/M = binary 101 mean "use disp32" (a 32 bit address) following the MODRM byte. The 32 bit offset following the MODRM byte is the memory location. You can see it matches the value in the disassembled jmp instruction in your debug listing.

您可能对操作码0xFF的含义感到困惑；它不一定表示"JMP". x86经常使用MODRM Reg/Opcode位修改操作码字节的含义，以选择特定的指令.

You might be confused about what opcode 0xFF means; it does not necessarily mean "JMP". The x86 often uses the MODRM Reg/Opcode bits to modify the meaning of the opcode byte, to pick out a particular instruction.

使用操作码0xFF ，Reg/Opcode位被解释为更多操作码位:

With opcode 0xFF, the Reg/Opcode bits are interpreted as more opcode bits:

• Reg/Opcode位=二进制100(在Intel手册中写为"/4")选择指令绝对间接附近的jmp". x86具有包括CS在内的所谓段寄存器.在这种情况下，"jmp near"表示不加载CS".
• Reg/Opcode == 101("/5")表示"jmp far"(加载CS)，在现代实践中未使用.
• 具有其他值的Reg/Opcode指定不是JMP的指令.

这篇关于无条件跳转指令0xFF的Mod R/M字节(如果有)是什么意思?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！