call/jmp 不同opcode
Opcode CALL
CPU: 8086+
Type of Instruction: User
Instruction: CALL procadr
Physical form:
| Near call - withing the same segment
| Far call - call to another segment
E8 cw CALL rel16 ; Near call, operand specifies relative displacement to next instruction
E8 cd CALL rel32 ; Near call, operand specifies relative displacement to next instruction
FF /2 CALL r/m16 ; Near call, absolute address
FF /2 CALL r/m32 ; Near call, absolute address
9A cd CALL ptr16:16 ; Far call, absolute addres
9A cp CALL ptr16:32 ; Far call, absolute address
FF /3 CALL m16:16 ; Far call, absolute address
FF /3 CALL m16:32 ; Far call, absolute address
----------------------------------------------------------------
Opcode JMP
CPU: i8086+
Type Of Instruction: User
Instruction: JMP address
Physical Forms:
0EBh op8 JMP SHORT op8 - short jump. Allows jumping 128 bytes forward or backwards from next instruction. (Limited to same segment)
0E9h op16 JMP NEAR op16 - near jump. Relative jump from next instruction. (Limited to same segment)
0E9h op32 JMP NEAR op32
0FFh mem32 - near jump with address specified in memory.
[Incomplete]
Affected Flags: None, unless taskswitching.
+++++++++++++++++++++++
Clocks:
JMP short: 2
JMP near: 3
JMP far: 5
在 opcode 为 1001 1010 情况下(也就是:9A)
call 指令的操作数是 unsigned 的 offset 和 selector
注意,此时它是 unsigned 的,也就是直接的 offset 和 selector,而不是 singed 的
1、有 singed 的 offset 和 selector 值吗? 没有
但是,有 signed 的 offset 值
2、什么情况下是 signed 的 offset?
当 call 的 opcode 等于 E8(1110 1000)时,它的 offset 是 signed 的
或者:
当 jmp 的 opcode 为 E9(1110 1001)以及 EB(1110 1011)时,它的 offset 是 signed 的
也就是说:它是依赖于当前 eip 的 偏移量
http://asm.inightmare.org/opcodelst/index.php?op=CALL
