Janus Troelsen
Janus Troelsen

Reputation: 21290

Why does 0xE1 0x4F disassemble to different instructions in LLVM and NDISASM?

In a Bash shell:

$ echo "0xe1 0x4f" | llvm-mc-3.2 -disassemble -triple i386 
    .section    __TEXT,__text,regular,pure_instructions
    loope   79
$ echo -n "\xe1\x4f" | ndisasm -b 32 -                    
00000000  E14F              loope 0x51

But 0x51 is 81 in decimal.

Upvotes: 2

Views: 161

Answers (1)

Chris Dodd
Chris Dodd

Reputation: 126203

It should really disassemble as

loope *+79

That is, loop branch relative forward 79 bytes. Now in the ndisasm case, the instruction is at address 0 (so the next instruction, which is what the relative branch is computed off, is address 2), so it computes the target (absolute) address for you: 2+79 = 81 (0x51)

Upvotes: 4

Related Questions