DiStorm library, disassemble the CALL instruction
diStorm library ( http://www.ragestorm.net/distorm/ ) disassembles instruction 0x86
e813000000
and
call 0x20
while it should be
call 0x13
Is this a bug or am I misunderstanding something?
Additional Information
Binary data (opcodes) passed to diStorm distorm_decode
are
const unsigned char bin[] = { 0x55, 0x8b, 0xec, 0xE8, 0x92, 0xF8, 0xFF, 0xFF, 0xE8, 0x13, 00,00,00 };
Screenshot.
+3
source to share
2 answers
Since you provided the original instruction bytes, do a rough manual disassembly:
Offset 0: 55 8b ec // not interested in these 3 bytes
Offset 3: E8 92 F8 FF FF // a relative call instruction
Offset 8: E8 13 00 00 00 // another relative call instruction
Offset 13: ...
Adding 00 00 00 13
the following command ( Offset 13
) to the address gives the destination address, which is 0x20
.
+3
source to share