JMP SHORT $+2

最新推荐文章于 2024-04-03 18:18:40 发布
最新推荐文章于 2024-04-03 18:18:40 发布
阅读量3.4k 收藏 4
点赞数 1
分类专栏: 汇编 文章标签: JMP
本文介绍了汇编语言中的基础指令及其用途,如跳转、比较、数据移动等,并通过实例说明了如何利用这些指令进行简单的端口操作及实现延时效果。

参考一

$:代表当前指令的地址。   一条语句一般就是2个字节。 所以$+2代表下一条指令。

jmp short $+2: 跳转到下一条语句,延时用。主要是延时几微秒给端口一个反应时间。


jb: jump if below      低于跳转
jnb:jump if not below  不低于跳转

xor: 异或

//-----------------------------------------------------------------------------------

cmp a,b 比较a与b
mov a,b 把b的值送给a
ret 返回主程序
nop 无作用,英文“no operation”的简写,意思是“do nothing”(机器码90)***机器码的含义参看上面
(解释:ultraedit打开编辑exe文件时你看到90,等同于汇编语句nop)
call 调用子程序
je 或jz 若相等则跳(机器码74 或0F84)
jne或jnz 若不相等则跳(机器码75或0F85)
jmp 无条件跳(机器码EB)
jb 若小于则跳
ja 若大于则跳
jg 若大于则跳
jge 若大于等于则跳
jl 若小于则跳
jle 若小于等于则跳
pop 出栈
push 压栈



参考二

JMP SHORT $+2 这条指令是啥意思?



PUSH AX 
MOV DX, 3CEH 
MOV AL, 5 
OUT DX, AL 

JMP SHORT $ + 2 

MOV DX, 3CFH 
POP AX 
OUT DX, AL  

就是跳到下一条指令 
$在指令中使用时,就指该指令的首字节,所以是JMP的首地址加上2,又因为JMP的段内直跳转是2个字节,所以是下一条指令,在此是MOV DX, 3CFH

作用。。。端口操作中的这类指令的作用应该就是延时。主要是延时几个微秒给端口一点反应时间


汇编学习笔记(10)-IO端口与指令
weixin_30802273的博客
05-19 1484
一、什么是IO端口   计算机上有很多输入输出设备,比如显示器,打印机,鼠标,键盘。这些设备通过接口和CPU相连接,并提供了一组寄存器给CPU用于控制对应的硬件,为了方便管理这些寄存器,CPU给这个寄存器统一分配地址,如管理内存一样使用这些寄存器,这就称之为IO端口。 二、IO端口输入输出指令   80x86的IO端口编址和内存编址是分开的,使用一组特殊的命令访问IO端口,注意的输入输...
汇编语言指令 jmpjmp shortjmp near ptr、jmp far ptr
天道酬勤
08-13 4117
jmp short 是段内短转移指令,只修改IP的值,其机器码有2个字节,低8位是用于表示jmp的段内短转移指令的指令编码,高8位是用补码形式表示的位移信息,转移的范围:-128 ~ 127。jmp near ptr 是段内近转移指令,只修改IP的值,其机器码有3个字节,低8位是用于表示jmp的段内近转移指令的指令编码,高16位是用补码形式表示的位移信息,转移的范围:-32768~ 32767。jmp far ptr 是根据目的地址进行转移的段间转移指令(又称为远转移指令),可以同时修改CS和IP。
汇编中的jmp转移指令:jmp shortjmp near ptr、jmp far ptr
热门推荐
yeanhoo的博客
08-14 3万+
汇编中的jmp转移指令:jmp shortjmp near prt、jmp far ptr 从8086CPU的定义上来讲,只要是可以修改IP(指令指针寄存器),或同时修改CS(代码段寄存器)和IPIP(指令指针寄存器)的指令统称为转移指令。也就是说,转移指令是用来控制CPU指令内存中某处代码的指令。 那么通过转移区间的不同进行分类则有以下情况: 段内转移:只修改IP的值。也就是说,CS的值不变化...
关于汇编语言中的转移指令原理——jmp short
myprogramc的博客
04-11 1303
jmp jmp为无条件转移指令 功能 修改CS/IP的值 元素 目的地址 距离 形式 段内短转移 jmp short 标号 段内近转移 jmp near 标号 例题: assume cs:code code segment start: mov ax, 12H mov bx, 21H jmp short start ;这里就是转移到start处 code ends end st...
jmp short 理解
weixin_39849839的博客
10-20 1781
jmp short s 这里编译器在处理这条语句的时候,会把jmp short翻译成机器码EB,把后面的标号s翻译成一个数字,这个数字有多大呢?前面的short给出了说明,是2个字节,这里的short限制了这个数字范围,也就是-128~+127之间. 这里开始解释这个数字的值,一般有点汇编知识的人都会认为这个数字是目的地址,实际上不是这样的(自己写个例子调试一下就知道了,机器码EB后面跟的并非是目的地址),这里放的数字实际上是目的地址和当前jmp之间的距离: 例如: 当前jmp short s 的偏移地址是
详细注释每一行汇编 0000000140888290 ; __int64 __fastcall NtCreateDebugObject(PHANDLE DebugHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG Flags) 0000000140888290 NtCreateDebugObject proc near ; DATA XREF: .pdata:000000014011CF74↑o 0000000140888290 ; PAGE:000000014098C2E8↓o 0000000140888290 var_68 = qword ptr -68h 0000000140888290 ObjectBodySize = dword ptr -60h 0000000140888290 var_58 = qword ptr -58h 0000000140888290 var_50 = dword ptr -50h 0000000140888290 Object = qword ptr -48h 0000000140888290 var_40 = qword ptr -40h 0000000140888290 DebugObject = qword ptr -30h 0000000140888290 Handle = qword ptr -28h 0000000140888290 var_8 = byte ptr -8 0000000140888290 mov rax, rsp 0000000140888293 mov [rax+8], rbx 0000000140888297 mov [rax+10h], rsi 000000014088829B mov [rax+18h], rdi 000000014088829F push r14 00000001408882A1 sub rsp, 80h ; Integer Subtraction 00000001408882A8 mov esi, r9d 00000001408882AB mov r14d, edx 00000001408882AE mov rdi, rcx 00000001408882B1 and qword ptr [rax-28h], 0 ; Logical AND 00000001408882B6 and qword ptr [rax-30h], 0 ; Logical AND 00000001408882BB mov rax, gs:188h 00000001408882C4 mov r10b, [rax+232h] 00000001408882CB loc_1408882CB: ; DATA XREF: .rdata:00000001400B5514↑o 00000001408882CB test r10b, r10b ; Logical Compare 00000001408882CE jz short loc_1408882E7 ; Jump if Zero (ZF=1) 00000001408882D0 mov rcx, 7FFFFFFF0000h 00000001408882DA cmp rdi, rcx ; Compare Two Operands 00000001408882DD cmovb rcx, rdi ; Move if Below (CF=1) 00000001408882E1 mov rax, [rcx] 00000001408882E4 mov [rcx], rax 00000001408882E7 loc_1408882E7: ; CODE XREF: NtCreateDebugObject+3E↑j 00000001408882E7 and qword ptr [rdi], 0 ; Logical AND 00000001408882EB loc_1408882EB: ; DATA XREF: .rdata:00000001400B5514↑o 00000001408882EB test esi, 0FFFFFFFEh ; Logical Compare 00000001408882F1 jz short loc_1408882FD ; Jump if Zero (ZF=1) 00000001408882F3 mov eax, 0C000000Dh 00000001408882F8 jmp loc_1408883FE ; Jump 00000001408882FD ; --------------------------------------------------------------------------- 00000001408882FD loc_1408882FD: ; CODE XREF: NtCreateDebugObject+61↑j 00000001408882FD mov rdx, cs:DbgkDebugObjectType ; ObjectType 0000000140888304 and [rsp+88h+var_40], 0 ; Logical AND 000000014088830A lea rax, [rsp+88h+DebugObject] ; Load Effective Address 000000014088830F mov [rsp+88h+Object], rax ; Object 0000000140888314 and [rsp+88h+var_50], 0 ; Logical AND 0000000140888319 and dword ptr [rsp+88h+var_58], 0 ; Logical AND 000000014088831E mov [rsp+88h+ObjectBodySize], 68h ; 'h' ; ObjectBodySize 0000000140888326 mov r9b, r10b ; OwnershipMode 0000000140888329 mov cl, r10b ; ProbeMode 000000014088832C call ObCreateObjectEx ; Call Procedure 0000000140888331 test eax, eax ; Logical Compare 0000000140888333 js loc_1408883FE ; Jump if Sign (SF=1) 0000000140888339 mov rbx, [rsp+88h+DebugObject] 000000014088833E mov dword ptr [rbx+18h], 1 0000000140888345 and qword ptr [rbx+20h], 0 ; Logical AND 000000014088834A and dword ptr [rbx+28h], 0 ; Logical AND 000000014088834E lea rcx, [rbx+30h] ; Event 0000000140888352 xor r8d, r8d ; State 0000000140888355 lea edx, [r8+1] ; Type 0000000140888359 call KeInitializeEvent ; Call Procedure 000000014088835E lea rax, [rbx+50h] ; Load Effective Address 0000000140888362 mov [rax+8], rax 0000000140888366 mov [rax], rax 0000000140888369 xor r8d, r8d ; State 000000014088836C xor edx, edx ; Type 000000014088836E mov rcx, rbx ; Event 0000000140888371 call KeInitializeEvent ; Call Procedure 0000000140888376 test sil, 1 ; Logical Compare 000000014088837A jz short loc_140888385 ; Jump if Zero (ZF=1) 000000014088837C mov dword ptr [rbx+60h], 2 0000000140888383 jmp short loc_140888389 ; Jump 0000000140888385 ; --------------------------------------------------------------------------- 0000000140888385 loc_140888385: ; CODE XREF: NtCreateDebugObject+EA↑j 0000000140888385 and dword ptr [rbx+60h], 0 ; Logical AND 0000000140888389 loc_140888389: ; CODE XREF: NtCreateDebugObject+F3↑j 0000000140888389 mov rax, gs:188h 0000000140888392 mov rcx, [rax+0B8h] 0000000140888399 mov rax, [rcx+580h] 00000001408883A0 test rax, rax ; Logical Compare 00000001408883A3 jz short loc_1408883C1 ; Jump if Zero (ZF=1) 00000001408883A5 movzx eax, word ptr [rax+8] ; Move with Zero-Extend 00000001408883A9 mov ecx, 14Ch 00000001408883AE cmp ax, cx ; Compare Two Operands 00000001408883B1 jz short loc_1408883BD ; Jump if Zero (ZF=1) 00000001408883B3 mov ecx, 1C4h 00000001408883B8 cmp ax, cx ; Compare Two Operands 00000001408883BB jnz short loc_1408883C1 ; Jump if Not Zero (ZF=0) 00000001408883BD loc_1408883BD: ; CODE XREF: NtCreateDebugObject+121↑j 00000001408883BD or dword ptr [rbx+60h], 4 ; Logical Inclusive OR 00000001408883C1 loc_1408883C1: ; CODE XREF: NtCreateDebugObject+113↑j 00000001408883C1 ; NtCreateDebugObject+12B↑j 00000001408883C1 lea rax, [rsp+88h+Handle] ; Load Effective Address 00000001408883C6 mov [rsp+88h+var_58], rax 00000001408883CB and qword ptr [rsp+88h+ObjectBodySize], 0 ; Logical AND 00000001408883D1 and dword ptr [rsp+88h+var_68], 0 ; Logical AND 00000001408883D6 xor r9d, r9d ; Logical Exclusive OR 00000001408883D9 mov r8d, r14d 00000001408883DC xor edx, edx ; Logical Exclusive OR 00000001408883DE mov rcx, [rsp+88h+DebugObject] 00000001408883E3 call ObInsertObjectEx ; Call Procedure 00000001408883E8 mov ecx, eax 00000001408883EA test eax, eax ; Logical Compare 00000001408883EC js short loc_1408883FE ; Jump if Sign (SF=1) 00000001408883EE loc_1408883EE: ; DATA XREF: .rdata:00000001400B5524↑o 00000001408883EE mov rax, [rsp+88h+Handle] 00000001408883F3 mov [rdi], rax 00000001408883F6 jmp short loc_1408883FA ; Jump 00000001408883F8 ; --------------------------------------------------------------------------- 00000001408883F8 loc_1408883F8: ; DATA XREF: .rdata:00000001400B5524↑o 00000001408883F8 mov ecx, eax 00000001408883FA loc_1408883FA: ; CODE XREF: NtCreateDebugObject+166↑j 00000001408883FA mov eax, ecx 00000001408883FC jmp short $+2 ; Jump 00000001408883FE ; --------------------------------------------------------------------------- 00000001408883FE loc_1408883FE: ; CODE XREF: NtCreateDebugObject+68↑j 00000001408883FE ; NtCreateDebugObject+A3↑j ... 00000001408883FE lea r11, [rsp+88h+var_8] ; Load Effective Address 0000000140888406 mov rbx, [r11+10h] 000000014088840A mov rsi, [r11+18h] 000000014088840E mov rdi, [r11+20h] 0000000140888412 mov rsp, r11 0000000140888415 pop r14 0000000140888417 retn ; Return Near from Procedure 0000000140888417 ; --------------------------------------------------------------------------- 0000000140888418 db 0CCh 0000000140888419 ; --------------------------------------------------------------------------- 0000000140888419 NtCreateDebugObject$filt$1_0: ; DATA XREF: .rdata:00000001400B5514↑o 0000000140888419 ; .pdata:000000014011CF74↑o ... 0000000140888419 push rbp 000000014088841B sub rsp, 50h ; Integer Subtraction 000000014088841F mov rbp, rdx 0000000140888422 mov rax, gs:188h 000000014088842B mov [rbp+70h], rax 000000014088842F mov rax, [rbp+70h] 0000000140888433 mov cl, [rax+232h] 0000000140888439 mov [rbp+51h], cl 000000014088843C mov cl, [rbp+51h] 000000014088843F xor eax, eax ; Logical Exclusive OR 0000000140888441 test cl, cl ; Logical Compare 0000000140888443 setnz al ; Set Byte if Not Zero (ZF=0) 0000000140888446 add rsp, 50h ; Add 000000014088844A pop rbp 000000014088844B retn ; Return Near from Procedure 000000014088844B ; --------------------------------------------------------------------------- 000000014088844C db 0CCh 000000014088844D ; --------------------------------------------------------------------------- 000000014088844D NtCreateDebugObject$filt$0: ; DATA XREF: .rdata:00000001400B5524↑o 000000014088844D ; .pdata:000000014011CF80↑o ... 000000014088844D push rbp 000000014088844F sub rsp, 50h ; Integer Subtraction 0000000140888453 mov rbp, rdx 0000000140888456 mov rax, gs:188h 000000014088845F mov [rbp+68h], rax 0000000140888463 mov rax, [rbp+68h] 0000000140888467 mov cl, [rax+232h] 000000014088846D mov [rbp+50h], cl 0000000140888470 mov cl, [rbp+50h] 0000000140888473 xor eax, eax ; Logical Exclusive OR 0000000140888475 test cl, cl ; Logical Compare 0000000140888477 setnz al ; Set Byte if Not Zero (ZF=0) 000000014088847A add rsp, 50h ; Add 000000014088847E pop rbp 000000014088847F retn ; Return Near from Procedure 000000014088847F ; --------------------------------------------------------------------------- 0000000140888480 db 0CCh 0000000140888480 NtCreateDebugObject endp
08-12
0000000140888383 jmp short loc_140888389 ; 跳转 0000000140888385 loc_140888385: 0000000140888385 and dword ptr [rbx+60h], 0 ; DebugObject.Flags = 0 ; 检查 WoW64 标志 0000000140888389 loc_140888389: ...
NTSTATUS __fastcall DbgkpPostModuleMessages(PEPROCESS TargetProcess, PETHREAD thread, PDEBUG_OBJECT debug_Object) 00000001408879B0 DbgkpPostModuleMessages proc near ; CODE XREF: DbgkCreateThread_0+1B5B59↑p 00000001408879B0 ; DbgkpPostFakeProcessCreateMessages+77↑p 00000001408879B0 ; DATA XREF: ... 00000001408879B0 var_78 = dword ptr -78h 00000001408879B0 var_70 = qword ptr -70h 00000001408879B0 var_68 = dword ptr -68h 00000001408879B0 var_60 = qword ptr -60h 00000001408879B0 var_58 = qword ptr -58h 00000001408879B0 var_50 = qword ptr -50h 00000001408879B0 var_48 = qword ptr -48h 00000001408879B0 P = qword ptr -40h 00000001408879B0 var_38 = qword ptr -38h 00000001408879B0 arg_TargetProcess= qword ptr 8 00000001408879B0 arg_thread = qword ptr 10h 00000001408879B0 arg_debug_Object= qword ptr 18h 00000001408879B0 arg_18 = dword ptr 20h 00000001408879B0 ; __unwind { // __C_specific_handler 00000001408879B0 mov rax, rsp ; 保存寄存器,分配栈空间 00000001408879B3 mov [rax+18h], r8 ; 保存r8 第三个参数,可能是debug_Object 00000001408879B7 mov [rax+10h], rdx ; 保存rdx(第二个参数)到栈上 00000001408879BB mov [rax+8], rcx ; 保存rcx(第一个参数,PPROCESS_OBJECT)到栈上 00000001408879BF push rbx 00000001408879C0 push rsi 00000001408879C1 push rdi 00000001408879C2 push r14 00000001408879C4 push r15 00000001408879C6 sub rsp, 70h ; 分配栈空间(0x70字节) 00000001408879CA mov rdi, r8 ; 将参数保存到非易失寄存器 00000001408879CD mov rsi, rdx 00000001408879D0 mov rbx, rcx 00000001408879D3 and qword ptr [rax-40h], 0 ; Logical AND 00000001408879D8 and dword ptr [rax+20h], 0 ; Logical AND 00000001408879DC test byte ptr [rcx+3E0h], 1 ; Logical Compare 00000001408879E3 jz short loc_1408879EF ; Jump if Zero (ZF=1) 00000001408879E5 call VslSendDebugAttachNotifications ; Call Procedure 00000001408879EA jmp loc_140887C14 ; Jump 00000001408879EF ; --------------------------------------------------------------------------- 00000001408879EF loc_1408879EF: ; CODE XREF: DbgkpPostModuleMessages+33↑j 00000001408879EF mov rax, [rcx+550h] 00000001408879F6 loc_1408879F6: ; DATA XREF: .rdata:00000001400B53F0↑o 00000001408879F6 ; __try { // __except at loc_140887AC5 00000001408879F6 mov rax, [rax+18h] 00000001408879FA add rax, 10h ; Add 00000001408879FE mov [rsp+98h+var_48], rax 0000000140887A03 mov r14, 7FFFFFFF0000h 0000000140887A0D cmp rax, r14 ; Compare Two Operands 0000000140887A10 cmovnb rax, r14 ; Move if Not Below (CF=0) 0000000140887A14 mov al, [rax] 0000000140887A16 mov rdx, [rsp+98h+var_48] 0000000140887A1B mov rax, [rdx] 0000000140887A1E xor ecx, ecx ; Logical Exclusive OR 0000000140887A20 mov [rsp+98h+var_68], ecx 0000000140887A24 loc_140887A24: ; CODE XREF: DbgkpPostModuleMessages+10E↓j 0000000140887A24 mov [rsp+98h+var_58], rax 0000000140887A29 cmp rax, rdx ; Compare Two Operands 0000000140887A2C jz loc_140887AC3 ; Jump if Zero (ZF=1) 0000000140887A32 cmp ecx, cs:DbgkpMaxModuleMsgs ; Compare Two Operands 0000000140887A38 jnb loc_140887AC3 ; Jump if Not Below (CF=0) 0000000140887A3E cmp ecx, 1 ; Compare Two Operands 0000000140887A41 jbe short loc_140887A9E ; Jump if Below or Equal (CF=1 | ZF=1) 0000000140887A43 cmp rax, r14 ; Compare Two Operands 0000000140887A46 cmovnb rax, r14 ; Move if Not Below (CF=0) 0000000140887A4A mov al, [rax] 0000000140887A4C mov rax, [rsp+98h+var_58] 0000000140887A51 mov rcx, [rax+30h] 0000000140887A55 mov [rsp+98h+var_60], rcx 0000000140887A5A cmp rcx, r14 ; Compare Two Operands 0000000140887A5D cmovnb rcx, r14 ; Move if Not Below (CF=0) 0000000140887A61 mov al, [rcx] 0000000140887A63 mov rcx, [rsp+98h+var_60] 0000000140887A68 call RtlImageNtHeader ; Call Procedure 0000000140887A6D test rax, rax ; Logical Compare 0000000140887A70 jz short loc_140887A7B ; Jump if Zero (ZF=1) 0000000140887A72 mov r9d, [rax+0Ch] 0000000140887A76 mov eax, [rax+10h] 0000000140887A79 jmp short loc_140887A80 ; Jump 0000000140887A7B ; --------------------------------------------------------------------------- 0000000140887A7B loc_140887A7B: ; CODE XREF: DbgkpPostModuleMessages+C0↑j 0000000140887A7B xor r9d, r9d ; Logical Exclusive OR 0000000140887A7E xor eax, eax ; Logical Exclusive OR 0000000140887A80 loc_140887A80: ; CODE XREF: DbgkpPostModuleMessages+C9↑j 0000000140887A80 mov [rsp+98h+var_70], rdi ; PRKEVENT 0000000140887A85 mov [rsp+98h+var_78], eax ; int 0000000140887A89 mov r8, [rsp+98h+var_60] 0000000140887A8E mov rdx, rsi ; PVOID 0000000140887A91 mov rcx, rbx ; Object 0000000140887A94 call DbgkPostModuleMessage ; Call Procedure 0000000140887A99 mov rax, [rsp+98h+var_58] 0000000140887A9E loc_140887A9E: ; CODE XREF: DbgkpPostModuleMessages+91↑j 0000000140887A9E cmp rax, r14 ; Compare Two Operands 0000000140887AA1 cmovnb rax, r14 ; Move if Not Below (CF=0) 0000000140887AA5 mov al, [rax] 0000000140887AA7 mov rax, [rsp+98h+var_58] 0000000140887AAC mov rax, [rax] 0000000140887AAF mov ecx, [rsp+98h+var_68] 0000000140887AB3 inc ecx ; Increment by 1 0000000140887AB5 mov [rsp+98h+var_68], ecx 0000000140887AB9 mov rdx, [rsp+98h+var_48] 0000000140887ABE jmp loc_140887A24 ; Jump 0000000140887AC3 ; --------------------------------------------------------------------------- 0000000140887AC3 loc_140887AC3: ; CODE XREF: DbgkpPostModuleMessages+7C↑j 0000000140887AC3 ; DbgkpPostModuleMessages+88↑j 0000000140887AC3 jmp short loc_140887ADD ; Jump 0000000140887AC3 ; } // starts at 1408879F6 0000000140887AC5 ; --------------------------------------------------------------------------- 0000000140887AC5 loc_140887AC5: ; DATA XREF: .rdata:00000001400B53F0↑o 0000000140887AC5 ; __except(1) // owned by 1408879F6 0000000140887AC5 mov rdi, [rsp+98h+arg_debug_Object] 0000000140887ACD mov rsi, [rsp+98h+arg_thread] 0000000140887AD5 mov rbx, [rsp+98h+arg_TargetProcess] 0000000140887ADD loc_140887ADD: ; CODE XREF: DbgkpPostModuleMessages:loc_140887AC3↑j 0000000140887ADD lea r8, [rsp+98h+arg_18] ; Load Effective Address 0000000140887AE5 lea rdx, [rsp+98h+P] ; Load Effective Address 0000000140887AEA mov rcx, rbx 0000000140887AED call PsGetProcessEnclaveModuleInfo_0 ; Call Procedure 0000000140887AF2 test eax, eax ; Logical Compare 0000000140887AF4 js short loc_140887B3D ; Jump if Sign (SF=1) 0000000140887AF6 xor r14d, r14d ; Logical Exclusive OR 0000000140887AF9 mov r15, [rsp+98h+P] 0000000140887AFE loc_140887AFE: ; CODE XREF: DbgkpPostModuleMessages+17C↓j 0000000140887AFE cmp r14d, [rsp+98h+arg_18] ; Compare Two Operands 0000000140887B06 jnb short loc_140887B2E ; Jump if Not Below (CF=0) 0000000140887B08 mov r9d, r14d 0000000140887B0B add r9, r9 ; Add 0000000140887B0E mov eax, [r15+r9*8+8] 0000000140887B13 mov [rsp+98h+var_78], eax 0000000140887B17 mov r9, [r15+r9*8] 0000000140887B1B mov r8, rdi 0000000140887B1E mov rdx, rsi 0000000140887B21 mov rcx, rbx 0000000140887B24 call DbgkPostEnclaveModuleMessages ; Call Procedure 0000000140887B29 inc r14d ; Increment by 1 0000000140887B2C jmp short loc_140887AFE ; Jump 0000000140887B2E ; --------------------------------------------------------------------------- 0000000140887B2E loc_140887B2E: ; CODE XREF: DbgkpPostModuleMessages+156↑j 0000000140887B2E mov edx, [rsp+98h+arg_18] 0000000140887B35 mov rcx, r15 ; P 0000000140887B38 call PsFreeEnclaveModuleInfo ; Call Procedure 0000000140887B3D loc_140887B3D: ; CODE XREF: DbgkpPostModuleMessages+144↑j 0000000140887B3D mov r8, rdi 0000000140887B40 DbgkUserReportWorkRoutine_0: 0000000140887B40 mov rdx, rsi 0000000140887B43 mov rcx, rbx 0000000140887B46 call MmPostHotPatchDbgModuleMessages ; Call Procedure 0000000140887B4B mov rax, [rbx+580h] 0000000140887B52 test rax, rax ; Logical Compare 0000000140887B55 jz loc_140887C14 ; Jump if Zero (ZF=1) 0000000140887B5B movzx ecx, word ptr [rax+8] ; Move with Zero-Extend 0000000140887B5F mov edx, 14Ch 0000000140887B64 cmp cx, dx ; Compare Two Operands 0000000140887B67 jz short loc_140887B77 ; Jump if Zero (ZF=1) 0000000140887B69 mov edx, 1C4h 0000000140887B6E cmp cx, dx ; Compare Two Operands 0000000140887B71 jnz loc_140887C14 ; Jump if Not Zero (ZF=0) 0000000140887B77 loc_140887B77: ; CODE XREF: DbgkpPostModuleMessages+1B7↑j 0000000140887B77 mov rcx, [rax] 0000000140887B7A loc_140887B7A: ; DATA XREF: .rdata:00000001400B5400↑o 0000000140887B7A ; __try { // __except at loc_140887C14 0000000140887B7A mov eax, [rcx+0Ch] 0000000140887B7D add rax, 0Ch ; Add 0000000140887B81 mov [rsp+98h+var_38], rax 0000000140887B86 mov al, [rax] 0000000140887B88 mov rdx, [rsp+98h+var_38] 0000000140887B8D mov ecx, [rdx] 0000000140887B8F xor eax, eax ; Logical Exclusive OR 0000000140887B91 mov [rsp+98h+var_68], eax 0000000140887B95 loc_140887B95: ; CODE XREF: DbgkpPostModuleMessages+260↓j 0000000140887B95 mov [rsp+98h+var_50], rcx 0000000140887B9A cmp rcx, rdx ; Compare Two Operands 0000000140887B9D jz short loc_140887C12 ; Jump if Zero (ZF=1) 0000000140887B9F cmp eax, cs:DbgkpMaxModuleMsgs ; Compare Two Operands 0000000140887BA5 jnb short loc_140887C12 ; Jump if Not Below (CF=0) 0000000140887BA7 cmp eax, 1 ; Compare Two Operands 0000000140887BAA jbe short loc_140887BF8 ; Jump if Below or Equal (CF=1 | ZF=1) 0000000140887BAC mov al, [rcx] 0000000140887BAE mov rax, [rsp+98h+var_50] 0000000140887BB3 mov ecx, [rax+18h] 0000000140887BB6 mov [rsp+98h+var_60], rcx 0000000140887BBB mov al, [rcx] 0000000140887BBD mov rcx, [rsp+98h+var_60] 0000000140887BC2 call RtlImageNtHeader ; Call Procedure 0000000140887BC7 test rax, rax ; Logical Compare 0000000140887BCA jz short loc_140887BD5 ; Jump if Zero (ZF=1) 0000000140887BCC mov r9d, [rax+0Ch] 0000000140887BD0 mov ecx, [rax+10h] 0000000140887BD3 jmp short loc_140887BDA ; Jump 0000000140887BD5 ; --------------------------------------------------------------------------- 0000000140887BD5 loc_140887BD5: ; CODE XREF: DbgkpPostModuleMessages+21A↑j 0000000140887BD5 xor r9d, r9d ; Logical Exclusive OR 0000000140887BD8 xor ecx, ecx ; Logical Exclusive OR 0000000140887BDA loc_140887BDA: ; CODE XREF: DbgkpPostModuleMessages+223↑j 0000000140887BDA mov [rsp+98h+var_70], rdi ; PRKEVENT 0000000140887BDF mov [rsp+98h+var_78], ecx ; int 0000000140887BE3 mov r8, [rsp+98h+var_60] 0000000140887BE8 mov rdx, rsi ; PVOID 0000000140887BEB mov rcx, rbx ; Object 0000000140887BEE call DbgkPostModuleMessage ; Call Procedure 0000000140887BF3 mov rcx, [rsp+98h+var_50] 0000000140887BF8 loc_140887BF8: ; CODE XREF: DbgkpPostModuleMessages+1FA↑j 0000000140887BF8 mov al, [rcx] 0000000140887BFA mov rax, [rsp+98h+var_50] 0000000140887BFF mov ecx, [rax] 0000000140887C01 mov eax, [rsp+98h+var_68] 0000000140887C05 inc eax ; Increment by 1 0000000140887C07 mov [rsp+98h+var_68], eax 0000000140887C0B mov rdx, [rsp+98h+var_38] 0000000140887C10 jmp short loc_140887B95 ; Jump 0000000140887C12 ; --------------------------------------------------------------------------- 0000000140887C12 loc_140887C12: ; CODE XREF: DbgkpPostModuleMessages+1ED↑j 0000000140887C12 ; DbgkpPostModuleMessages+1F5↑j 0000000140887C12 jmp short $+2 ; Jump 0000000140887C12 ; } // starts at 140887B7A 0000000140887C14 ; --------------------------------------------------------------------------- 0000000140887C14 loc_140887C14: ; CODE XREF: DbgkpPostModuleMessages+3A↑j 0000000140887C14 ; DbgkpPostModuleMessages+1A5↑j ... 0000000140887C14 ; __except(1) // owned by 140887B7A 0000000140887C14 add rsp, 70h ; Add 0000000140887C18 pop r15 0000000140887C1A pop r14 0000000140887C1C pop rdi 0000000140887C1D pop rsi 0000000140887C1E pop rbx 0000000140887C1F retn ; Return Near from Procedure 0000000140887C1F ; --------------------------------------------------------------------------- 0000000140887C20 db 0CCh 0000000140887C20 ; } // starts at 1408879B0 0000000140887C20 DbgkpPostModuleMessages endp 注释每一行汇编函数
08-17
0000000140887A79 jmp short loc_140887A80 ; --------------------------------------------------------------------------- 0000000140887A7B loc_140887A7B: ; PE头无效处理 0000000140887A7B xor r9d, r9d ; ...
; 18 : case 3: ; 19 : printf("3"); 000b0 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:??_C@_01EKENIIDA@3@ 000b7 e8 00 00 00 00 call printf ; 20 : break; 000bc eb 0c jmp SHORT $LN2@main $LN8@main: ; 21 : default: ; 22 : printf(">3"); 000be 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:??_C@_02NKCAILEH@?$DO3@ 000c5 e8 00 00 00 00 call printf $LN2@main: 根据该switch case代码的cod文件,分析代码的运行结构
07-09
根据你提供的代码段,这段代码是一个简单的 switch case 结构。在该代码段中,首先通过 `lea` 指令将字符串的地址加载到 `rcx` 寄存器中,然后通过 `call` 指令调用 `printf` 函数来打印字符串。...
jmp short exit在汇编语言内是什么意思
最新发布
10-21
- 因此,`jmp short exit` 的意思是:无条件跳转到标号 `exit` 所指的指令处执行,且这个跳转是短距离的(范围不超过 128 字节)[^1][^2]。 #### 2. **工作原理(基于引用描述)** - 当 CPU 执行 `jmp short exit...
jmp short loc_542164
06-11
在这个指令中,short表示跳转的目标地址是相对于当前指令的偏移量,占用一个字节的空间。loc_542164是一个标识符,表示程序中的一个标签,通常用于标记程序中的某个位置。跳转到loc_542164处,程序将会从该标签所在...
4.6 offset指令,jmp short指令,far,dword ptr各种跳转指令
2203_75300307的博客
04-03 1214
可以修改IP,或同时修改CS和IP的指令统称为转移指令。概括的讲,转移指令就是可以控制CPU执行内存中某处代码的指令。
jmp指令
qq_41683305的博客
02-06 1702
功能: 无条件转移指令 jmp指令要给出两种信息: 转移的目标地址 转移的距离(段间转移、段内短转移、段内近转移) 段内短转移: jmp short 标号) assume cs:code code segment start:mov ax,0 jmp short s add ax,1 s: inc ax code ends end start 上面的程序执行后ax为1,a...
;分析一个奇怪的程序 jmp short s
我多么希望明天有太阳,来灼烧我腐烂的梦想
11-03 943
;分析一个奇怪的程序 assume cs:codesg codesg segment mov ax,4c00h int 21h start: mov ax,0 s: nop nop mov di,offset s mov si,offset s2 mov ax,cs:[si] mov cs:[di],ax s0: jmp short s s1: mov ax,0
jmp $
a923304245的博客
10-13 571
in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop. https://defuse.ca/online-x86-assembler.htm#disassembly the instruction is "0xf...
汇编语言中短转移指令jmp short指令偏移地址计算
CaiYuxingzzz的博客
08-02 7166
汇编语言中,jmp short指令是8位转移指令,可以修改ip寄存器的范围为-128~127 (8位补码的表示范围,因为偏移地址计算使用的是补码) 短转移指令的机器码格式为EB??,其中??表示8位偏移地址,接下来研究??的计算方法。 一、公式介绍 要计算jmp short的偏移地址,我们要记住公式: 偏移地址=标记处的偏移地址-CPU读完该jmp指令后的ip寄存器值 二、方法步骤 1.后跳转 我们引入MASM中的代码片段 DATAS SEGMENT DATAS ENDS CODES SEGMENT
汇编指令---(二)
weixin_34194317的博客
04-05 141
算数指令 算数指令用来执行算数运算,它们中有双操作数指令,也有单操作数指令。 1.加、减法指令 ADD ADD指令将同尺寸的源操作数和目的操作数相加,加法不改变源操作数,相加的结果放在目的操作数中。格式:ADD 目的操作数,源操作数 ADC ADC指令带进位的加法,进位保存在CF中,格式与ADD相...
第十篇 jmp $
ON THE WAY TO GEEK
01-06 4633
在汇编中 $ 的作用是取 $ 所在处的地址。所以jmp $就是一个死循环了。除非有 中断,会转去执行中断服务程序。但要注意的是:返回的地址还是jmp  $,而不是其 下一条语句。        因为,在jmp $执行是会把jmp $语句所在的地址装到程序计数器PC中。中断来临 后PC被压栈。中断服务程序返回后,从栈中取回PC的值并开始执行。此时,PC的值 是jmp $的地址!
【汇编】汇编中$符号的含义
JeredYe的博客
10-24 2590
$”是汇编语言中的一个预定义符号,等价于当前正汇编到的段的当前偏移值。“$”可用于表达式,并且可以用于表达式的任意位置。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值