0

The instruction

mov al, byte ptr [rbx + rsi*2 + 0x100]

is encoded to

8a 84 73 00 01 00 00

meaning that ModR/M is 0x84 or 10.000.100

I understand the mod (10) and the reg (000) fields, but don't know why rm is 100. Could anyone explain the rule used here?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Leandro Caniglia
  • 14,495
  • 4
  • 29
  • 51

1 Answers1

3

The rm field is 100 to indicate a SIB (scale index base) operand. This operand is elaborated in the SIB byte, which if present, immediately follows the modr/m byte. In this case, the SIB byte is 0x73 or 01.110.011, indicating a scale (01) of 2, rsi (110) as the index register and rbx (011) as the base register.

Refer to the Intel manuals for details.

fuz
  • 88,405
  • 25
  • 200
  • 352
  • Thanks. But isn't 100 an indication that the displacement length is 8? In this case the displacement is 32 bits long and therefore I would have used 101 instead. – Leandro Caniglia Dec 16 '17 at 15:21
  • @LeandroCaniglia The displacement length is indicated byte the mod field. mod 10 indicates a 32 bit (or 16 bit) displacement. – fuz Dec 16 '17 at 15:23