Quote:
Originally Posted by KaMeR1337
now i dont know how to read address from this call:
|
Calls (& Jumps) use indirect addressing. This means the value stored in the instruction-bytes is not using an absolute address, but a relative instead.
E8 B1 FA 0E 00 are your instruction bytes. E8 means CALL.
B1 FA 0E 00 are the bytes of the relative address. We flip them around (endianess) and get 0x000EFAB1 as a "usable" number. To get to the address 0xB4316E0, we need to add the address of the next instruction to it.
We can calculate it. 0xB341C2A is the address where the call is. The instruction bytes are 5 bytes long. So you the next address is 0xB341C2A+5 = 0xB341C2F.
0xB341C2F + 0x000EFAB1 = 0xB4316E0
You can also inline it with the current instruction address, instead of the next:
0xB341C2A + 5 + 0x000EFAB1
Or as a more generic form
Code:
call_absolute_address = next_instruction_address + call_indirect_address
// - or -
call_absolute_address = current_instruction_address + instruction_byte_count + call_indirect_address
Keep in mind that the indirect address can also be negative. This means the call destination comes "before" the address the call happens.
PS: According to the definition of the call instruction, the indirect address might also be 16 instead of 32 bit; only half the size. Eventho it's allowed, I've never seen it actually happen.
