Index
> Main > Confused by the size of near jumps in Intel 64-bit mode |
| Author |
|
|
MazeGen 29 Jan 2007, 08:25
In 32-bit protected mode, default operand size for short or near jumps is 32 bits, because they uses 32-bit EIP:
Code: 00401000 E9 FBFFFFFF jmp 00401000 ; JMP rel32 Operand-size prefix truncates the target address to 16 bits (truncates new EIP to 16 bits and zero-extends the result): Code: 00401000 66:E9 FCFF jmp 00001000 ; JMP rel16 Note that address-size prefix has no effect because there is no memory operand and is therefore ignored by the processor: Code: 00401000 67:E9 FAFFFFFF jmp 00401000 ; JMP rel32 (These can be easily tested, for instance, in OllyDbg) I expected similar behavior also in 64-bit mode and some testings on my Turion (AMD brand) confirmed the effect of the operand-size prefix: (note that short and near jumps default to 64 bits in 64-bit mode) Code: 0000000000401000 E9 FBFFFFFF jmp 0000000000401000 ; JMP rel32 Code: 0000000000401000 66:E9 FCFF jmp 0000000000001000 ; JMP rel16 This behavior is also documented in AMD manuals. As for address-size prefix, it is not important for now, but it surely doesn't work same way like operand-size prefix. What a surprise came with the Intel manual. As for opcode 0xE9 cw (jmp rel16), it says "N.S." in 64-bit mode. "N.S." means: N.S. wrote: Indicates an instruction syntax that requires an address override prefix in In other words, Intel says that address-size prefix (67h) is needed to truncate the address to 16 bits, while AMD says (and works) this way using operand-size prefix (66h) :S There are two explanations (I don't have an Intel 64 bit processor to test it): 1. Intel manual is wrong. I found pretty many misleading informations regarding 64-bit mode in its manuals. However, this doesn't seem to be such a case and it is not a typo, so 2. Intel really implemented it in different way than AMD. This is possible probably because no one needs to override the jump address to 16 bits so it won't cause any incompatibilities. To confuse it even more, I found the following here. It was posted by someone using e-mail at intel.com: jun.nakajima () intel ! com wrote:
Anyone knows something about it? Can anyone test it on Intel 64 bit processor? (BTW, FDBG disassembles those jmps wrong, but they can be run to get new RIP. Feryno, if you read this, please fix it.) |
|||
29 Jan 2007, 08:25 |
|
lol. Buy me a 64-bit Intel PC and I will gladly test for you 
|
MazeGen 29 Jan 2007, 11:29
I have found some new informations in the meantime:
http://www.sandpile.org/aa64/opc_1.htm Quote:
http://en.wikipedia.org/wiki/AMD64 Quote:
(AMD64 clears the top 48 bits, as I wrote in my first post) It really seems that operand-size prefix (66h) should be the one which is implementation-specific rather than address-size prefix on Intel. The best still would be native test on EM64T architecture though. |
|||
|
29 Jan 2007, 11:29 |
|
< Last Thread | Next Thread > |
Forum Rules:
|