关于反汇编：x86调用机器码

x86 call machine code

本问题已经有最佳答案，请猛点这里访问。

我查了英特尔的文件，上面写着
enter 我想知道关于"call proc"机器代码的完整列表，例如：

1
2
3

1: e8 xx xx xx xx --> near call relative
2: ff 15 xx xx xx xx --> near call absolute
3: ff 50 xx --> near call by reg

最好的问候！非常感谢！

相关讨论

我使用distorm来显示结果，编写一个循环来创建机器代码，如：ff 01 xx xx xx xx - ff ff xx xx xx xx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

ff1012344500 (0L, 2L, 'CALL DWORD [EAX]', 'ff10')
ff1112344500 (0L, 2L, 'CALL DWORD [ECX]', 'ff11')
ff1212344500 (0L, 2L, 'CALL DWORD [EDX]', 'ff12')
ff1312344500 (0L, 2L, 'CALL DWORD [EBX]', 'ff13')
ff1412344500 (0L, 3L, 'CALL DWORD [EDX+EDX]', 'ff1412')
ff1512344500 (0L, 6L, 'CALL DWORD [0x453412]', 'ff1512344500')
ff1612344500 (0L, 2L, 'CALL DWORD [ESI]', 'ff16')
ff1712344500 (0L, 2L, 'CALL DWORD [EDI]', 'ff17')

ff5012344500 (0L, 3L, 'CALL DWORD [EAX+0x12]', 'ff5012')
ff5112344500 (0L, 3L, 'CALL DWORD [ECX+0x12]', 'ff5112')
ff5212344500 (0L, 3L, 'CALL DWORD [EDX+0x12]', 'ff5212')
ff5312344500 (0L, 3L, 'CALL DWORD [EBX+0x12]', 'ff5312')
ff5412344500 (0L, 4L, 'CALL DWORD [EDX+EDX+0x34]', 'ff541234')
ff5512344500 (0L, 3L, 'CALL DWORD [EBP+0x12]', 'ff5512')
ff5612344500 (0L, 3L, 'CALL DWORD [ESI+0x12]', 'ff5612')
ff5712344500 (0L, 3L, 'CALL DWORD [EDI+0x12]', 'ff5712')

ff9012344500 (0L, 6L, 'CALL DWORD [EAX+0x453412]', 'ff9012344500')
ff9112344500 (0L, 6L, 'CALL DWORD [ECX+0x453412]', 'ff9112344500')
ff9212344500 (0L, 6L, 'CALL DWORD [EDX+0x453412]', 'ff9212344500')
ff9312344500 (0L, 6L, 'CALL DWORD [EBX+0x453412]', 'ff9312344500')
ff9412344500 (0L, 1L, 'DB 0xff', 'ff')
ff9512344500 (0L, 6L, 'CALL DWORD [EBP+0x453412]', 'ff9512344500')
ff9612344500 (0L, 6L, 'CALL DWORD [ESI+0x453412]', 'ff9612344500')
ff9712344500 (0L, 6L, 'CALL DWORD [EDI+0x453412]', 'ff9712344500')

ffd012344500 (0L, 2L, 'CALL EAX', 'ffd0')
ffd112344500 (0L, 2L, 'CALL ECX', 'ffd1')
ffd212344500 (0L, 2L, 'CALL EDX', 'ffd2')
ffd312344500 (0L, 2L, 'CALL EBX', 'ffd3')
ffd412344500 (0L, 2L, 'CALL ESP', 'ffd4')
ffd512344500 (0L, 2L, 'CALL EBP', 'ffd5')
ffd612344500 (0L, 2L, 'CALL ESI', 'ffd6')
ffd712344500 (0L, 2L, 'CALL EDI', 'ffd7')

上面的结果列表是绝对近调用，相对近调用是e8 xx xx xx xx，在win32我不关心远调用