near jump changed to Short jump automatically

Question

I need near jump(E9 XX XX) and specify that in code, but TASM (and MASM) changed that to Short(EB XX NOP) after assemble.

MAIN SEGMENT BYTE

ASSUME CS:MAIN,DS:MAIN,SS:NOTHING

ORG 100H


HOST:

jmp NEAR PTR VIRUS_START 

db ’VI’

mov ah,4CH

mov al,0

int 21H ;terminate normally with DOS

COMFILE DB ’*.COM’,0 ;search string for a com file
VIRUS_START:

Why does it matter? And are you trying to get *us* to help you make your virus work?? — Bo Persson, Oct 08 '17 at 12:44
I need this for educational purpose, please help if you know, thanks — Masoud Fard, Oct 08 '17 at 12:55
I have always been happy when the assembler fixed my jumps and have never tried to make it not do that. — Bo Persson, Oct 08 '17 at 13:00
thank you for reply, but in this sample i don't need assembler optimization, i need a way to disable that — Masoud Fard, Oct 08 '17 at 13:05

score 3 · Answer 1 · answered Oct 08 '17 at 13:25

An easy way to enforce the use of the near jump instead of the short jump is having enough bytes to jump over!

Either use some padding like:

COMFILE DB ’*.COM’,0 ;search string for a com file
padding db 127 dup (0)
VIRUS_START:

or else add some useful subroutine(s) before the label VIRUS_START

A further possibility is to encode the jump manually.
Just write db 0E9h, 14, 0

score 3 · Answer 2 · edited Oct 15 '19 at 17:54

3

You can work around your assembler by manually encoding a jmp near rel16:

db  0E9h                    ;  JMP NEAR opcode
dw  VIRUS_START-$-2         ;  relative address

$ is the absolute address of current instruction (dw).
($+2) address of next instruction (after our jmp).

(VIRUS_START - ($+2)) - difference between target address (VIRUS_START) and next instruction. It will be added to IP register during execution JMP instruction.

edited Oct 15 '19 at 17:54

Peter Cordes

328,167
45
605
847

answered Oct 15 '19 at 09:59

rprokop

31
6

1

While this code may solve the question, [including an explanation](https://meta.stackexchange.com/questions/114762/explaining-entirely-code-based-answers) of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please [edit] your answer to add explanation, and give an indication of what limitations and assumptions apply. – Dave Oct 15 '19 at 16:12

score 1 · Answer 3 · answered Oct 08 '17 at 20:09

I don't know the answer for MASM or TASM, but perhaps this will be useful to someone:

In NASM, jmp near VIRUS_START does enforce the long encoding. You can also use stuff like add dx, strict word 1 to force the imm16 encoding instead of the imm8. See http://www.nasm.us/doc/nasmdoc3.html#section-3.7

; ASSUME: I think there's a way to port that to NASM, but IDK how.
ORG 100H

HOST:
jmp NEAR VIRUS_START   ; with override
jmp VIRUS_START        ; without
... ; your code unmodified
VIRUS_START:

assemble with nasm -fbin foo.asm. Then see what we got with ndisasm -o 0x100 foo (which only knows about flat binaries):

00000100  E91000            jmp 0x113
00000103  EB0E              jmp short 0x113

near jump changed to Short jump automatically

3 Answers3

Linked