mirror of
https://github.com/sampletext32/ParkanPlayground.git
synced 2025-05-19 03:41:18 +03:00
3.9 KiB
3.9 KiB
| 1 | # JMP instruction tests |
|---|---|
| 2 | # Format: RawBytes;Instructions |
| 3 | RawBytes;Instructions |
| 4 | # JMP rel8 (opcode EB) |
| 5 | # JMP rel32 (opcode E9) |
| 6 | # JMP r/m32 (opcode FF /4) with register operands |
| 7 | # JMP m32 (opcode FF /4) with memory operands |
| 8 | # SPECIAL CASE: When Mod=00 and R/M=101 (EBP), this doesn't actually refer to [EBP]. |
| 9 | # Instead, it's a special case that indicates a 32-bit displacement-only addressing mode. |
| 10 | # JMP m32 (opcode FF /4) with displacement |
| 11 | # SPECIAL CASE: When Mod=01 and R/M=100 (ESP), a SIB byte is required. |
| 12 | # The SIB byte 10 in FF6410 decodes as: |
| 13 | # - Scale = 00 (bits 7-6 = 00) - Scale factor of 1 |
| 14 | # - Index = 010 (bits 5-3 = 010) - This corresponds to EDX |
| 15 | # - Base = 000 (bits 2-0 = 000) - This corresponds to EAX |
| 16 | # The correct encoding for [esp+0x10] would use a SIB byte with ESP as base and no index (0x24): FF642410 |
| 17 | # JMP m32 (opcode FF /4) with SIB byte |
| 18 | # SPECIAL CASE: These SIB encodings with EBP as base register have special rules. |
| 19 | # When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used. |
| 20 | # Instead, a 32-bit displacement follows the SIB byte (similar to the Mod=00, R/M=101 special case). |
| 21 | # These instructions are commented out because they're not correctly recognized by many disassemblers, |
| 22 | # including Ghidra and online disassemblers, due to their unusual encoding. |
| 23 | # JMP m32 (opcode FF /4) with direct memory operand |
| 24 | # JMP m32 (opcode FF /4) with segment override prefixes |