about summary refs log tree commit diff stats
path: root/subx/016functions.cc
blob: 7837f0806542ec787cff053f166d0a376663de34 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
//:: call

:(scenario call_imm32)
% Reg[ESP].u = 0x64;
# op  ModRM   SIB   displacement  immediate
  e8                              a0 00 00 00  # call function offset at 0x000000a0
  # next EIP is 6
+run: call imm32 0x000000a0
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000006
+run: jumping to 0x000000a6

:(before "End Single-Byte Opcodes")
case 0xe8: {  // call imm32 relative to next EIP
  int32_t offset = imm32();
  trace(2, "run") << "call imm32 0x" << HEXWORD << offset << end();
  push(EIP);
  EIP += offset;
  trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end();
  break;
}

//:

:(scenario call_r32)
% Reg[ESP].u = 0x64;
% Reg[EBX].u = 0x000000a0;
# op  ModRM   SIB   displacement  immediate
  ff  d3                                       # call function offset at EBX (reg 3)
  # next EIP is 3
+run: call to effective address
+run: effective address is reg 3
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000003
+run: jumping to 0x000000a3

:(before "End Op ff Subops")
case 2: {  // call function pointer at r/m32
  trace(2, "run") << "call to effective address" << end();
  int32_t* offset = effective_address(modrm);
  push(EIP);
  EIP += *offset;
  trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end();
  break;
}

:(scenario call_mem_at_r32)
% Reg[ESP].u = 0x64;
% Reg[EBX].u = 0x10;
% SET_WORD_IN_MEM(0x10, 0x000000a0);
# op  ModRM   SIB   displacement  immediate
  ff  13                                       # call function offset at *EBX (reg 3)
  # next EIP is 3
+run: call to effective address
+run: effective address is mem at address 0x10 (reg 3)
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000003
+run: jumping to 0x000000a3

//:: ret

:(scenario ret)
% Reg[ESP].u = 0x60;
% SET_WORD_IN_MEM(0x60, 0x00000010);
# op  ModRM   SIB   displacement  immediate
  c3
+run: return
+run: popping value 0x00000010
+run: jumping to 0x00000010

:(before "End Single-Byte Opcodes")
case 0xc3: {  // return from a call
  trace(2, "run") << "return" << end();
  EIP = pop();
  trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end();
  break;
}