Re: x86 VM
On Sat, 11 Nov 2000 08:29:28 -0500, Darth Maul, aka Matt
<uglyfish87 at HOTMAIL.COM> wrote:
>Hold it!
>If you go into DEBUG and use the 'A' command(rest assured, debug is NOT my
>assembler), type 'JMP NEAR 100' and press enter twice, then use the 'U'
>command, you get something like this:
>
>20B4:0100 E9FDFF JMP 0100
>If JMP NEAR executes like you did, this would jumo ti 20B4:FDFF instead of
>20B4:100.
Matt:
I think you are being confused by debug.
First the opcode EB means jump short rel 8
The opcode E9 means jump near rel 16
The opcode FF means jump near indirect
etc.
When you use debug use A0:0 to assemble at 0000:0000 address
this eliminates the confusion of the offsets.
Also if you do a jump 100 that is greater than 8 bits and
debug generate a E9 rel 16. Try assembling jump 7F and
it will generate a EB rel 8 then look at that output
and you see a different type of jump.
The difference is that you are not looking at the way
an instruction is formed only at the way you think it should
jump. I think that you will have to look at how the complete
instruction is decoded before you will understand what you
are looking at.
Bernie
|
Not Categorized, Please Help
|
|
