1
2
3 :(before "End Initialize Op Names(name)")
4 put(name, "e8", "call disp32");
5
6 :(scenario call_disp32)
7 % Reg[ESP].u = 0x64;
8 == 0x1
9
10 e8 a0 00 00 00
11
12 +run: call imm32 0x000000a0
13 +run: decrementing ESP to 0x00000060
14 +run: pushing value 0x00000006
15 +run: jumping to 0x000000a6
16
17 :(before "End Single-Byte Opcodes")
18 case 0xe8: {
19 int32_t offset = imm32();
20 trace(90, "run") << "call imm32 0x" << HEXWORD << offset << end();
21 push(EIP);
22 EIP += offset;
23 trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
24 break;
25 }
26
27
28
29 :(scenario call_r32)
30 % Reg[ESP].u = 0x64;
31 % Reg[EBX].u = 0x000000a0;
32 == 0x1
33
34 ff d3
35
36 +run: call to r/m32
37 +run: r/m32 is EBX
38 +run: decrementing ESP to 0x00000060
39 +run: pushing value 0x00000003
40 +run: jumping to 0x000000a3
41
42 :(before "End Op ff Subops")
43 case 2: {
44 trace(90, "run") << "call to r/m32" << end();
45 int32_t* offset = effective_address(modrm);
46 push(EIP);
47 EIP += *offset;
48 trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
49 break;
50 }
51
52 :(scenario call_mem_at_r32)
53 % Reg[ESP].u = 0x64;
54 % Reg[EBX].u = 0x10;
55 == 0x1
56
57 ff 13
58
59 == 0x10
60 a0 00 00 00
61 +run: call to r/m32
62 +run: effective address is 0x10 (EBX)
63 +run: decrementing ESP to 0x00000060
64 +run: pushing value 0x00000003
65 +run: jumping to 0x000000a3
66
67
68
69 :(before "End Initialize Op Names(name)")
70 put(name, "c3", "return from most recent unfinished call");
71
72 :(scenario ret)
73 % Reg[ESP].u = 0x60;
74 == 0x1
75
76 c3
77 == 0x60
78 10 00 00 00
79 +run: return
80 +run: popping value 0x00000010
81 +run: jumping to 0x00000010
82
83 :(before "End Single-Byte Opcodes")
84 case 0xc3: {
85 trace(90, "run") << "return" << end();
86 EIP = pop();
87 trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
88 break;
89 }