about summary refs log tree commit diff stats
path: root/subx/019functions.cc
blob: 18887d27870dc258b62234209642f7d852caaf98 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
//:: call

:(before "End Initialize Op Names(name)")
put(name, "e8", "call disp32");

:(scenario call_disp32)
% Reg[ESP].u = 0x64;
== 0x1
# op  ModR/M  SIB   displacement  immediate
  e8                              a0 00 00 00  # call function offset at 0x000000a0
  # next EIP is 6
+run: call imm32 0x000000a0
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000006
+run: jumping to 0x000000a6

:(before "End Single-Byte Opcodes")
case 0xe8: {  // call disp32 relative to next EIP
  int32_t offset = next32();
  trace(90, "run") << "call imm32 0x" << HEXWORD << offset << end();
//?   cerr << "push: EIP: " << EIP << " => " << Reg[ESP].u << '\n';
  push(EIP);
  EIP += offset;
  trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
  break;
}

//:

:(scenario call_r32)
% Reg[ESP].u = 0x64;
% Reg[EBX].u = 0x000000a0;
== 0x1
# op  ModR/M  SIB   displacement  immediate
  ff  d3                                       # call function offset at EBX
  # next EIP is 3
+run: call to r/m32
+run: r/m32 is EBX
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000003
+run: jumping to 0x000000a3

:(before "End Op ff Subops")
case 2: {  // call function pointer at r/m32
  trace(90, "run") << "call to r/m32" << end();
  int32_t* offset = effective_address(modrm);
  push(EIP);
  EIP += *offset;
  trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
  break;
}

:(scenario call_mem_at_r32)
% Reg[ESP].u = 0x64;
% Reg[EBX].u = 0x2000;
== 0x1  # code segment
# op  ModR/M  SIB   displacement  immediate
  ff  13                                       # call function offset at *EBX
  # next EIP is 3
== 0x2000  # data segment
a0 00 00 00  # 0xa0
+run: call to r/m32
+run: effective address is 0x2000 (EBX)
+run: decrementing ESP to 0x00000060
+run: pushing value 0x00000003
+run: jumping to 0x000000a3

//:: ret

:(before "End Initialize Op Names(name)")
put(name, "c3", "return from most recent unfinished call");

:(scenario ret)
% Reg[ESP].u = 0x2000;
== 0x1  # code segment
# op  ModR/M  SIB   displacement  immediate
  c3
== 0x2000  # data segment
10 00 00 00  # 0x10
+run: return
+run: popping value 0x00000010
+run: jumping to 0x00000010

:(before "End Single-Byte Opcodes")
case 0xc3: {  // return from a call
  trace(90, "run") << "return" << end();
  EIP = pop();
  trace(90, "run") << "jumping to 0x" << HEXWORD << EIP << end();
  break;
}