1

Hello I would like to understand this code below, If u can explain to me I would be grateful:

jmp ds:off_100011A4[edi*4]

Why the use of this "ds" and this off_100011A4? and what means this code below:

off_100011A4 dd offset loc_10001125
         dd offset loc_10001125
         dd offset loc_1000113A
         dd offset loc_1000112C
         dd offset loc_10001133
         dd offset loc_1000113A
Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Melo
  • 13
  • 3
  • 3
    It is a jump table. The `ds:off_100011A4[edi*4]` references an entry in the jump table and the JMP jumps to the location stored at that address. EDI is an entry number in the table, the *4 is because each entry is 4 bytes long (offset). As an example if EDI is 2 then the JMP would go to loc_1000113A – Michael Petch Jan 09 '19 at 17:20

1 Answers1

1

The instruction is an unconditional jump to an address. The address is calculated by taking the content of the EDI register and multiplied by 4. The multiplication is to due to 4 is the size of pointers on x86 platforms.

DS indicates that the offset refers to the data section. Specifying the data segment, means that the computed offset mentioned earlier, is summed with the base offset of the data segment. The data segment represents where user variables are stored.

Yennefer
  • 5,704
  • 7
  • 31
  • 44
  • No, the multiply by 4 is not about alignment.It is the size of a pointer (4 bytes). – Michael Petch Jan 09 '19 at 20:42
  • Given the missing context, I assumed it was for alignment. However what you say is perfectly acceptable too. I amend the answer. Thank you for pointing out. – Yennefer Jan 09 '19 at 20:44