x86 JMP opcode structure

3
votes

I'm just looking at the .text section of a simple exe I wrote in C, and I'm just trying to work out how some x86 opcodes are structured.

From what I've been reading, it seems that 0xe9 is a single byte opcode for a relative jump (JMP), however I'm unsure how the rest of the bytes actually form the jump address.

I'm using the super online disassembler ODA to disassemble my program, and this is what is displayed:

.text:0x00411005    e936210000  jmp    0x00413140

So 0xe9 is the JMP instruction, and as this is a 32-bit executable, I'm assuming the next four bytes are going to be the address for the jump, however I'm a little unsure as to how they are actually structured.

If anyone could help shine some light on his, I'd appreciate it.

Thanks

1
cassemblyx86intel
Isn't this an almost verbatim copy-paste of the question you just deleted? The same advice (read the manual) applies to this question.Kerrek SB
Related: stackoverflow.com/questions/14921735/…nrz

1 Answers

14
votes

This is a relative jump, meaning that the destination is given as relative to the next instruction.

This instruction is at address 0x411005 and takes 5 bytes, so the next instruction is at address 0x41100a. The relative amount to jump (encoded as little-endian, i.e. the bytes are stored from least significant to most significant) is 0x2136. So the destination of the jump is 0x41100a + 0x2136 = 0x413140.