x86_64 relative jmp operand

Question

I can't understand how the operand FE FC FF FF results to 0x9e7080.

I tried some math sub/add to the current address, because it should be relative jump, but the result still not equal to 0x9e7080.

instruction address | bytes | text form

L_009E737D | E9 FE FC FF FF | jmp 0x9e7080

Answer 1

There are three things to consider:

1. FEFCFFFF is given as little endian and represents a hex value of 0xFFFFFCFE.
2. This hex value is sign extended and is thus negative with a decimal value of -770.
3. You also have to add the number of bytes the instruction takes.

This leads to 0x009E737D + 0xFFFFFCFE + 5 = 0x009e7080, which equals 0x009E737D - 0x00000302 + 5 = 0x009e7080.