JMP instruction - Hex code

Question

Have a doubt regarding the hex code conversion of JMP machine instruction. I have the absolute address I want to jump to, say \"JMP 0x400835\". First of all, is this allowe

Answer 1

There is no jump of the form JMP absaddr to an absolute address in 64 bit mode. The operand of a jump is always a 32 bit relative displacement to rip, which gets sign extended to 64 bit.

The reason you see no consistency is possibly that the offset depends on the the current instruction pointer and you didn't recognize that.

jmp eax isn't allowed either, as addresses are of course always 64 bit wide on a 64 bit architecture. A sequence mov rax, addr + jmp rax is possible, it would look like

48 c7 c0 35 08 40 00            mov rax, 0x00400835
ff e0                           jmp rax

or

48 b8 35 08 40 00 00 00 00 00   mov rax, 0x0000000000400835
ff e0                           jmp rax

How did I know these hex codes? Well, I did ask my compiler. I compiled with gcc -c and disassembled with objdump. I didn't bother to use Intel syntax, because I don't need it. So this is in AT&T syntax.

echo 'asm("mov $400835, %rax\n jmp *%rax\n");' > test.c
gcc -c test.c
objdump -d test.o

Answer 2

If you don't want to use a register for whatever reason, it's also possible to encode a 64 bit absolute immediate jump as

ff 25 00 00 00 00           jmp qword ptr [rip]      jmp *(%rip)
yo ur ad dr re ss he re     some random assembly

rip refers to the instruction pointer AFTER the jmp instruction itself, so it's a pointer to your address.