flat assembler
Message board for the users of flat assembler.

Index > Main > 64 bit JMP question

Author
Thread Post new topic Reply to topic
Fred



Joined: 22 Oct 2010
Posts: 39
Fred
In my code, I have a lot of labels i want to jump to. To do this, I have a list of the labels in my data section, something like
Code:
table dq target1,target2,target3,etc...

;jumping to a label
mov   rcx,[table+rax*8]
jmp   rcx    

where the targetXs are labels in my code and rax*8 is an offset. This works as one hopes it would, but I noticed that defining the table as dwords (and adjusting the mov of course; mov ecx,[table+rax*4]) also works.

Can someone explain how this works? I'm guessing that defining a label in the data section makes it an address, so how does a 32 bit value work? Can I expect it to always work?
Post 15 Sep 2013, 22:02
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Fred wrote:
I'm guessing that defining a label in the data section makes it an address, so how does a 32 bit value work? Can I expect it to always work?
If you have 4GB or less of memory then all your addresses will have the upper 32 bits as zero.

If you have more than 4GB of memory then problems can start. Also the OS can assign virtual addresses higher than 4GB even with less than 4GB of memory so this is not guaranteed to work.
Post 15 Sep 2013, 22:55
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2940
Location: vpcmipstrm
bitRAKE
Just being silly...
Code:
lea rax,[table] ; RIP relative
movzx ecx,byte[rax+rcx] ; byte/word/dword
lea rcx,[rcx*8+rax+table.size]
jmp rcx

struc TAB [A] { common  .:
                forward db (A-(.+.size))/8
                common  align 8
                        .size = $ - . }

table TAB .A,.B,.C

        align 8
  .A:   retn

        align 8
  .B:   add rbx,rdx
        retn

        align 8
  .C:   sub rbx,rdx
        retn    
Post 16 Sep 2013, 08:11
View user's profile Send private message Visit poster's website Reply with quote
Fred



Joined: 22 Oct 2010
Posts: 39
Fred
revolution: Ok - that makes sense. Thanks for the explanation.

bitRAKE: That one went past me, haha! Something about aligning labels and using that for jumping... I didn't quite get past the struc part.
Post 16 Sep 2013, 11:07
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2940
Location: vpcmipstrm
bitRAKE
I took the absurd route of trying to minimize the table size, while at the same time getting the most from the table. Of course, this requires all the destination labels to be known a priori. RIP-relative and table relative offsets means the code/data can be located any where in address space; but the table does need to proceed the target addresses.

The STRUC just simplifies table generation. First a common name is created using the "." dot syntax. Next each argument is used to calculate a byte offset (which should be a multiple of eight : including a sanity check here wouldn't be too difficult).

If the targets are beyond 8*255 then 16-bit word values could be used by changing the STRUC and MOVZX. It will error at assemble-time if that is the case.
Post 16 Sep 2013, 15:43
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.