What meaning, if any, does the Mod R/M byte carry for the unconditional jump instruction 0xFF?

Question

Consider the following code, compiled on a 32-bit Ubuntu 14.04.2 with gcc 4.8.2

#include 

int main(){
    _exit(0)         


        

Answer 1

The meaning of the MODRM byte is the same for opcode 0xFF as it is for any other instruction that uses the MODRM byte.

Your best reference for this are the online Intel Instruction set manuals. Section 2 and the page on the JMP instructions are the ones you need to interpret the MODRM bits properly for this opcode.

The interpretation of "0x25"is:

• (Bits 7-6) MOD = binary 00
• (Bits 5-3) Reg/Opcode = binary 100
• (Bits 2-0) R/M = binary 101

MOD=00 and R/M = binary 101 mean "use disp32" (a 32 bit address) following the MODRM byte. The 32 bit offset following the MODRM byte is the memory location. You can see it matches the value in the disassembled jmp instruction in your debug listing.

You might be confused about what opcode 0xFF means; it does not necessarily mean "JMP". The x86 often uses the MODRM Reg/Opcode bits to modify the meaning of the opcode byte, to pick out a particular instruction.

With opcode 0xFF, the Reg/Opcode bits are interpreted as more opcode bits:

• Reg/Opcode bits = binary 100 (written "/4" in the Intel manual) selects the instruction "jmp near absolute indirect". The x86 has so-called segment registers including CS; "jmp near" in this case means "don't load CS".
• Reg/Opcode == 101 ("/5") means "jmp far" (load the CS) and isn't used in modern practice.
• Reg/Opcode having other values specify instructions that are not JMPs.