Menu
I'm using a disassembler (SmartDec: http://decompilation.info/) and the many of the instructions in the generated disassembly look similar to this:
mov rax, [rip + 0x32b5]:64
I'm unfamiliar with the :64 part of this instruction. What does it mean?
Other examples:
cmp [rcx + r8 * 0x8]:64, 0x0
mov eax, [rip + 0x592a]:32
jmp [rip + 0x6bad]:64
This disassembler doesn't show the corresponding machine code, so I used a hex editor and looked up the address that it said this instruction was at:
1665: mov rax, [rip + 0x19a4]:64
This is what was there, 16 bytes worth, in Little Endian:
54 00 00 49 89 E8 FF 15 DC 5F 00 00 E9 57 FF FF
648
It's the size of the memory operand, printed for whatever reason. I have deduced it from an example on the SmartDec home page which reads as movzx edx, [ecx]:16 As such this is just the equivalent to what would be movzx edx, word [ecx] in other assemblers (or word ptr). It is only useful if the size can not be deduced from the other operand, as in this movzx case. SmartDec seems to be showing it every time though, e.g. for your example in the question, mov rax, [rip + 0x32b5]:64 it's clear that the size is 64 bits so it's not helping much.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
