Need help understanding E8 asm call instruction x86

assembly x86 disassembly
Michael picture Michael · Apr 30, 2012 · Viewed 13.2k times · Source

I need a helping hand in order to understand the following assembly instruction. It seems to me that I am calling a address at someUnknownValue += 20994A?

E8 32F6FFFF - call std::_Init_locks::operator=+20994A

Answer

Matthew Slattery picture Matthew Slattery · Apr 30, 2012

Whatever you're using to obtain the disassembly is trying to be helpful, by giving the target of the call as an offset from some symbol that it knows about -- but given that the offset is so large, it's probably confused.

The actual target of the call can be calculated as follows:

  • E8 is a call with a relative offset.
  • In a 32-bit code segment, the offset is specified as a signed 32-bit value.
  • This value is in little-endian byte order.
  • The offset is measured from the address of the following instruction.

e.g.

<some address>       E8 32 F6 FF FF         call <somewhere>
<some address>+5     (next instruction)
  • The offset is 0xFFFFF632.
  • Interpreted as a signed 32-bit value, this is -0x9CE.
  • The call instruction is at <some address> and is 5 bytes long; the next instruction is at <some address> + 5.
  • So the target address of the call is <some address> + 5 - 0x9CE.

Related questions

What does "short" jump mean in assembly language?

What does the "SHORT" mean in this code? JE SHORT 00013FB8

Read More
Switch Case Assembly Language

I am looking at the assembly language code of a switch statement. I understand how the code works and what the cases are. My question is how do I decide on the case names? Below is the assembly language code, …

Read More
SAR command in X86 assembly with one parameter

In a disassembled program I'm analyzing, I found the command sar %eax What does this do? I know that sar with two arguments performs a right shift, but I can't find what it means with only one parameter. This program …

Read More