blob: 13ac41d9411c583ee09316749682d6582f5cd598 (
plain) (
tree)
|
|
//:: call
:(scenario call_imm32)
% Reg[ESP].u = 0x64;
# op ModR/M SIB displacement immediate
e8 a0 00 00 00 # call function offset at 0x000000a0
# next EIP is 6
+run: call imm32 0x000000a0
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000006
+run: jumping to 0x000000a6
:(before "End Single-Byte Opcodes")
case 0xe8: { // call imm32 relative to next EIP
int32_t offset = imm32();
trace(2, "run") << "call imm32 0x" << HEXWORD << offset << end();
push(EIP);
EIP += offset;
trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end();
break;
}
//:
:(scenario call_r32)
% Reg[ESP].u = 0x64;
% Reg[EBX].u = 0x000000a0;
# op ModR/M SIB displacement immediate
ff d3 # call function offset at EBX
# next EIP is 3
+run: call to r/m32
+run: r/m32 is EBX
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000003
+run: jumping to 0x000000a3
:(before "End Op ff Subops")
case 2: { // call function pointer at r/m32
trace(2, "run") << "call to r/m32" << end();
int32_t* offset = effective_address(modrm);
push(EIP);
EIP += *offset;
trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end();
break;
}
:(scenario call_mem_at_r32)
% Reg[ESP].u = 0x64;
% Reg[EBX].u = 0x10;
% write_mem_i32(0x10, 0x000000a0);
# op ModR/M SIB displacement immediate
ff 13 # call function offset at *EBX
# next EIP is 3
+run: call to r/m32
+run: effective address is 0x10 (EBX)
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000003
+run: jumping to 0x000000a3
//:: ret
:(scenario ret)
% Reg[ESP].u = 0x60;
% write_mem_i32(0x60, 0x00000010);
# op ModR/M SIB displacement immediate
c3
+run: return
+run: popping value 0x00000010
+run: jumping to 0x00000010
:(before "End Single-Byte Opcodes")
case 0xc3: { // return from a call
trace(2, "run") << "return" << end();
EIP = pop();
trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end();
break;
}
|