Menu
One site that I commonly refer to for x86 documentation has a few instruction codes with a slash and a number. For instance, jmp near absolute indirect gives FF /4, whereas jmp far absolute indirect gives FF /5.
What do the /4 and /5 mean?
To run a quick little test, I attached to a 32-bit process, allocated a bit of memory and had the assembler insert jmp dword ptr[0x12345678]; the generated bytecode was FF 25 78563412. I understand the address endianess, but how does the 25 relate to /4 or /5?
My guess is that I generated a jmp far, and that the /5 meant there were five bytes as parameters (4 bytes for the address + 1 byte for 25). I'm still confused as to where the 25 is coming from.
670
From the Intel Reference Manual, section "3.1.1.1 Opcode Column in the Instruction Summary Table":
- /digit — A digit between 0 and 7 indicates that the ModR/M byte of the instruction uses only the r/m (register or memory) operand. The reg field contains the digit that provides an extension to the instruction's opcode.
- /r — Indicates that the ModR/M byte of the instruction contains a register operand and an r/m operand.
This notation is also usually mentioned in the various descriptions of the ModR/M byte, e.g.
63
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
