Asterisk Pointer in Assembly (I32 / x86) [duplicate]

Question

The offending line:

 8048f70:   ff 24 85 00 a4 04 08    jmp    *0x804a400(,%eax,4)

There is no instruction in the disassembled code at location 804a400 (my list ends at 804a247)

When I check to see what's at that memory location I get:

(gdb) x/c 0x804a40c
0x804a40c:  -103 '\231'

(gdb) x/t 0x804a40c
0x804a40c:  10011001

(gdb) x/s 0x804a40c
0x804a40c:   "\231\217\004\b\222\217\004\b\211\217\004\b\202\217\004\bw\217\004\b\002"

(gdb) x/3x 0x804a40c
0x804a40c:  0x99    0x8f        0x04

What exactly is this jmp statement trying to do?

Answer 1

That instruction is an indirect jump. This means that the memory address specified is not the jump target, but a pointer to the jump target.

First, the instruction loads the value at the memory address:

*0x804a400(,%eax,4)

which is more sensibly written as:

0x804a400 + %eax * 4  // %eax can be negative

And then set the %eip to that value.

The best way to decipher these is to use the Intel Programmer's Reference manual. Table 2-2 in Volume 2A provides a break down the ModR/M byte and in this case the SIB byte also.