What does the /4 mean in FF /4?

About

Asked 18/6, 2014 at 21:42 Answered 18/6, 2014 at 21:47

One site that I commonly refer to for x86 documentation has a few instruction codes with a slash and a number. For instance, jmp near absolute indirect gives FF /4, whereas jmp far absolute indirect gives FF /5.

What do the /4 and /5 mean?

To run a quick little test, I attached to a 32-bit process, allocated a bit of memory and had the assembler insert jmp dword ptr[0x12345678]; the generated bytecode was FF 25 78563412. I understand the address endianess, but how does the 25 relate to /4 or /5?

My guess is that I generated a jmp far, and that the /5 meant there were five bytes as parameters (4 bytes for the address + 1 byte for 25). I'm still confused as to where the 25 is coming from.

Kaslik answered 18/6, 2014 at 21:42 Comment(4)

4 or 5 are values for 3-bit field in the second byte (modrm) of the instruction. – Japonica 18/6, 2014 at 21:45

You should refer to the official intel documentation instead. As Igor quoted that even has explanations, and it is, well, official too ;) – Unique 18/6, 2014 at 22:24

duplicates: How to read the Intel Opcode notation, x64 instruction encoding and the ModRM byte – Lyly 10/8, 2020 at 17:24

@Unique I don't think there is a quick answer on the official intel doc, it may lie in the big chunk of explanation, but no worth that much time to look up. Thus it is what stack overflow is good for. For beginners or people who only wants a particular answer it makes not much sense to look up all the documentation. Sometimes people also need a little bit of instruction/help, you cannot give people a 500 page doc and tell them to search all over for just one single question, if it takes much less time to just ask other people – Watson 7/11, 2020 at 15:0

From the Intel Reference Manual, section "3.1.1.1 Opcode Column in the Instruction Summary Table":

/digit — A digit between 0 and 7 indicates that the ModR/M byte of the instruction uses only the r/m (register or memory) operand. The reg field contains the digit that provides an extension to the instruction's opcode.

/r — Indicates that the ModR/M byte of the instruction contains a register operand and an r/m operand.

This notation is also usually mentioned in the various descriptions of the ModR/M byte, e.g.

Enfeeble answered 18/6, 2014 at 21:47 Comment(4)

To note: that 25 in the example is the ModR/M byte. – Carl 18/6, 2014 at 21:49

Oh wow! That link is golden! So it definitely is a near jump. – Kaslik 18/6, 2014 at 21:52

The only thing I'm having issues understanding is if PM64 and adsize=32, then effective address = [EIP+sdword] - what is PM64? A quick google search gives bleak answers. – Kaslik 18/6, 2014 at 21:54

Years later, finally dug in: PM64 refers to "processor mode 64", or "long mode". Should be enough of a jumping off point. – Kaslik 18/6, 2020 at 17:5

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags