i occasional user of assembly. need more expert decode small piece of code have deal with.
0000: 48 ff 25 61 57 07 00 rex.w jmp qword ptr [rip+0x75761] # 0x75768 0007: cc int3 this memory-indirect jump 8-byte/64-bit address held @ rip+0x75761, absolute address jump target loaded 0007 + 0x75761 = 0x75768, right?
this standard tail-call sequence on x86-64, generated microsoft compiler.
yes, said, indirect jump 64-bit memory address, 0x75768. @ point code executed, rip equal 7, rip + 0x75761 == 0x7 + 0x75761 == 0x75768. code unconditionally transfer control instructions @ address 0x75768.
the subsequent int 3 padding, serves brick wall. execution should never reach point because of unconditional branch in previous instruction. if did, cpu trap, since "break" interrupt.
as rex.w prefix, harold technically correct unnecessary, not reason might think. surprisingly, when indirect jump through register used on x86-64, windows requires rex.w prefix in order ensure stack unwinding successful. stack unwinding code uses signal internally. ross ridge has written an excellent answer purpose of rex-prefixed jmp instructions in windows x64.
it not strictly necessary in case because indirect jump ip-relative operand, compiler apparently emitting anyway. logic handling not complex, , perhaps generates code consistency. or maybe official documentation not comprehensive on how stack unwinding code implemented. better safe sorry, since there's no real disadvantage in rex.w prefix.
Comments
Post a Comment