Added JmpRm32Handler for JMP r/m32 instructions (opcode FF /4)

X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs

@@ -149,9 +149,14 @@ public class InstructionHandlerFactory
     /// </summary>
     private void RegisterJumpHandlers()
     {
-        // JMP handlers
+        // JMP handlers for relative jumps
-        _handlers.Add(new JmpRel32Handler(_decoder));
+        _handlers.Add(new JmpRel32Handler(_decoder));  // JMP rel32 (opcode E9)
-        _handlers.Add(new JmpRel8Handler(_decoder));
+        _handlers.Add(new JmpRel8Handler(_decoder));   // JMP rel8 (opcode EB)
+        
+        // JMP handler for register/memory operands
+        _handlers.Add(new JmpRm32Handler(_decoder));   // JMP r/m32 (opcode FF /4)
+        
+        // Conditional jump handlers
         _handlers.Add(new JgeRel8Handler(_decoder));
         _handlers.Add(new ConditionalJumpHandler(_decoder));
         _handlers.Add(new TwoByteConditionalJumpHandler(_decoder));

X86Disassembler/X86/Handlers/Jump/JmpRm32Handler.cs

@@ -0,0 +1,76 @@
+using X86Disassembler.X86.Operands;
+
+namespace X86Disassembler.X86.Handlers.Jump;
+
+/// <summary>
+/// Handler for JMP r/m32 instruction (opcode FF /4)
+/// </summary>
+public class JmpRm32Handler : InstructionHandler
+{
+    /// <summary>
+    /// Initializes a new instance of the JmpRm32Handler class
+    /// </summary>
+    /// <param name="decoder">The instruction decoder that owns this handler</param>
+    public JmpRm32Handler(InstructionDecoder decoder)
+        : base(decoder)
+    {
+    }
+
+    /// <summary>
+    /// Checks if this handler can decode the given opcode
+    /// </summary>
+    /// <param name="opcode">The opcode to check</param>
+    /// <returns>True if this handler can decode the opcode</returns>
+    public override bool CanHandle(byte opcode)
+    {
+        // JMP r/m32 is encoded as FF /4
+        if (opcode != 0xFF)
+        {
+            return false;
+        }
+        
+        // Check if we have enough bytes to read the ModR/M byte
+        if (!Decoder.CanReadByte())
+        {
+            return false;
+        }
+        
+        // Extract the reg field (bits 3-5)
+        var reg = ModRMDecoder.PeakModRMReg();
+        
+        // JMP r/m32 is encoded as FF /4 (reg field = 4)
+        return reg == 4;
+    }
+
+    /// <summary>
+    /// Decodes a JMP r/m32 instruction
+    /// </summary>
+    /// <param name="opcode">The opcode of the instruction</param>
+    /// <param name="instruction">The instruction object to populate</param>
+    /// <returns>True if the instruction was successfully decoded</returns>
+    public override bool Decode(byte opcode, Instruction instruction)
+    {
+        // Set the instruction type
+        instruction.Type = InstructionType.Jmp;
+
+        // Check if we have enough bytes for the ModR/M byte
+        if (!Decoder.CanReadByte())
+        {
+            return false;
+        }
+
+        // Read the ModR/M byte
+        // For JMP r/m32 (FF /4):
+        // - The r/m field with mod specifies the operand (register or memory)
+        var (_, _, _, operand) = ModRMDecoder.ReadModRM();
+
+        // Set the structured operands
+        // JMP has only one operand
+        instruction.StructuredOperands = 
+        [
+            operand
+        ];
+
+        return true;
+    }
+}

X86DisassemblerTests/TestData/jmp_tests.csv

@@ -41,10 +41,11 @@ FF6610;[{ "Type": "Jmp", "Operands": ["dword ptr [esi+0x10]"] }]
 FF6710;[{ "Type": "Jmp", "Operands": ["dword ptr [edi+0x10]"] }]
 
 # JMP m32 (opcode FF /4) with SIB byte
-FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }]
+# not recognized by ghidra or online disasms
-FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }]
+# FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }]
-FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }]
+# FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }]
-FF24DD;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx*8+ebp]"] }]
+# FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }]
+# FF24DD;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx*8+ebp]"] }]
 
 # JMP m32 (opcode FF /4) with direct memory operand
 FF2578563412;[{ "Type": "Jmp", "Operands": ["dword ptr [0x12345678]"] }]