问题
I have an issue in the mind and that is since the jump instruction changes EIP register by adding signed offsets to it(if I'm not making a mistake here), on IA-32 architecture how would going upward in memory from location 0x7FFFFFFF(biggest positive number in signed logic) to 0x80000000(least negative number in signed logic) be possible? or maybe there shouldn't be such jump due to the nature of signed logic?
回答1:
Signed and unsigned are just two ways of interpreting the same bit pattern. This interpretation doesn't change how addition is performed. 7FFFFFFF + 1 is always 80000000, but this could be interpreted either as signed (a negative number) or unsigned (a positive number).
The instruction pointer is always interpreted as unsigned (obviously negative addresses have no meaning), so that answers your question.
回答2:
Relative jumps are not in fact signed. Number from jump instruction is simply added to EIP. So you can jump anywhere in 32 bit address space.
Example: If EIP is 20 and you want to jump to 4, you use jmp 0FFFFFFF0h. This large number is added to EIP, which is effectively the same as subtracting 16.
To jump from 7FFFFFFFh to 80000000h, you would use jump 1. :-) But your addresses do overlap, so it is useless in praxis.
Also note that all addition and subtraction logic works regardless of signs. The operations are always the same, including relative jumps.
回答3:
Addresses are unsigned under x86, due to a 'flat' addressing mode. The addressing mode sections of intels developer manuals should cover this, and the sections on all the un/conditional relative jumps might mention something too, but they would work regardless due to integer overflow.
来源:https://stackoverflow.com/questions/4715521/would-there-be-such-case-of-jumping-if-yes-how