'Deciphering an SIB encoding from Intel x86-64
Here's a simple hello world file
#include <stdio.h>
int main() {
printf("hello, world\n");
return 0;
}
Here is the instruction to load the address of a string from the .rodata section into a register
lea rax, str.hello__world ; hit0_0; 0x2004 ; "hello, world"
Because we are moving an address into a 64 bit register, we're using this form of LEA
REX.W + 8D /r | LEA r64,m | Store effective address for m in register r64
The hex dump of the instruction is:
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
0x00001151 488d 05ac 0e00 0048 89c7 e8f0 feff ffb8 H......H........
So, the instructions look like:
REX.W: 0x48 ; 0x40 + the W bit is toggled
8D : 0x8D ; 8D is the instruction itself
/r : 0x05 ; I would be unable to get this without looking at the disassembly
; I'm guessing the offset is of wiki os dev
Here's the string for hello, world
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF
0x00002004 6865 6c6c 6f2c 2077 6f72 6c64 0000 0000 hello, world....
How do I calculate 0x2004 as the offset. I'm fairly sure the address begins at 0xac and the 0x05 is part of the offset
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|