1
2
3 :(before "End Initialize Op Names(name)")
4 put(name, "e8", "call disp32");
5
6 :(scenario call_disp32)
7 % Reg[ESP].u = 0x64;
8 == 0x1
9
10 e8 a0 00 00 00
11
12 +run: call imm32 0x000000a0
13 +run: decrementing ESP to 0x00000060
14 +run: pushing value 0x00000006
15 +run: jumping to 0x000000a6
16
17 :(before "End Single-Byte Opcodes")
18 case 0xe8: {
19 int32_t offset = next32();
20 trace(90, "run") << "call imm32 0x" << HEXWORD << offset << end();
21
22 push(EIP);
23 EIP += offset;
24 trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
25 break;
26 }
27
28
29
30 :(scenario call_r32)
31 % Reg[ESP].u = 0x64;
32 % Reg[EBX].u = 0x000000a0;
33 == 0x1
34
35 ff d3
36
37 +run: call to r/m32
38 +run: r/m32 is EBX
39 +run: decrementing ESP to 0x00000060
40 +run: pushing value 0x00000003
41 +run: jumping to 0x000000a3
42
43 :(before "End Op ff Subops")
44 case 2: {
45 trace(90, "run") << "call to r/m32" << end();
46 int32_t* offset = effective_address(modrm);
47 push(EIP);
48 EIP += *offset;
49 trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
50 break;
51 }
52
53 :(scenario call_mem_at_r32)
54 % Reg[ESP].u = 0x64;
55 % Reg[EBX].u = 0x2000;
56 == 0x1
57
58 ff 13
59
60 == 0x2000
61 a0 00 00 00
62 +run: call to r/m32
63 +run: effective address is 0x2000 (EBX)
64 +run: decrementing ESP to 0x00000060
65 +run: pushing value 0x00000003
66 +run: jumping to 0x000000a3
67
68
69
70 :(before "End Initialize Op Names(name)")
71 put(name, "c3", "return from most recent unfinished call");
72
73 :(scenario ret)
74 % Reg[ESP].u = 0x2000;
75 == 0x1
76
77 c3
78 == 0x2000
79 10 00 00 00
80 +run: return
81 +run: popping value 0x00000010
82 +run: jumping to 0x00000010
83
84 :(before "End Single-Byte Opcodes")
85 case 0xc3: {
86 trace(90, "run") << "return" << end();
87 EIP = pop();
88 trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
89 break;
90 }