Access violation on `jmp` to appended segment

Question

So I've used CFF Explorer to add a code section to an .exe file. I've set the section characteristics to 0x60000020 (executable, readable, contains code) and created some dummy code there using IDA.

However, when I injected a jmp to that code from the original .text segment, all I got was an access violation. I used IDA to patch the binary, so it generated offsets for me, but it seems to be right:

jmp     far ptr 6:75D100h

The resulting opcode looks right too:

EA 00 D1 75 00 06 00

But as soon as I hit that jump - "The instruction referenced memory at 0xFFFFFFFF, memory can't be read". I've experimented a bit with offsets to no avail; The appended segment seems to be properly loaded in memory.

Would be grateful for any hint to what I am missing here:)

@Jester as the matter of fact, it's not - looks like the correct one is 5 - but the segfault persists. I have no idea why IDA puts 6 there, thank you — Ap31, Dec 02 '16 at 16:43
`5` looks very suspicious too. `7` could work if you allocated a new descriptor in the LDT. — Jester, Dec 02 '16 at 16:56
Better question is, why do you need a new selector? Why do you need a far jump? — Jester, Dec 02 '16 at 17:59
@Jester well I may indeed be having an XY problem here, far jump is what IDA generated from my "jmp 75D100h". Am I ok with a regular jump then? — Ap31, Dec 02 '16 at 18:05
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/129648/discussion-between-jester-and-ap31). — Jester, Dec 02 '16 at 18:06
Entering `jmp near ptr 75d100h` should get IDA to use the correct near jump. — Ross Ridge, Dec 02 '16 at 20:23

score 0 · Accepted Answer · answered Dec 02 '16 at 22:22

0

Just to mark this as answered - the solution, as proposed by @Jester and @RossRidge, was to drop the jmp far. Using

jmp     near ptr 75D100h

fixed everything. Have to say IDA's behavior can be somewhat wierd.

answered Dec 02 '16 at 22:22

Ap31

3,244
1
18
25

Access violation on `jmp` to appended segment

1 Answers1