Assembly (intel): How does 'call address' relate to the resulting bytes in memory?

Asked May 23 '20 at 14:21

Active May 23 '20 at 16:45

Viewed 28 times

Let's say I want to call 5A31E0 and the address of the next instruction would be 0CFF0016.

When observing this inside the process memory it relates to E8 CA315BF3. (little-endian)

How can I calculate this value (CA315BF3) by myself? Is there anything else I am missing besides the address I want to call and the address of the next instruction?

edit:
with "relating" I am refering to the resulting machine code of an asm instruction.
For example: mov ecx, 1B43000C relates to B9 0C00431B, where B9 is the opcode for mov ecx and 0C00431B equals the value in little-endian.
However, call or jmp followed by a value does not look like that in machine code. (see example above).

edited May 23 '20 at 16:45

Peter Cordes

328,167
45
605
847

asked May 23 '20 at 14:21

Saiqe

"relates to", can you describe exactly what you mean here? – Lasse V. Karlsen May 23 '20 at 14:23
`call` is encoded as `call rel32`, relative to the *end* of the call instruction. The rel32 is little-endian. Read Intel's manuals. – Peter Cordes May 23 '20 at 16:46
2

`5A31E0 - 0CFF0016 = -ca4ce36 = f35b31ca` in two's complement, and the value you're seeing is precisely that in little-endian. – Nate Eldredge May 23 '20 at 17:02

Assembly (intel): How does 'call address' relate to the resulting bytes in memory?

0 Answers0