Malhar Thakkar via llvm-dev
2017-Nov-02 02:23 UTC
[llvm-dev] Preserving Knowledge about Jump Tables
Hello everyone, I wish to preserve information about jump-tables as they are "fixed-up" with their actual address at link time and after dissembling the executable, it is impossible to know that there is a jump table in the code. Additionally, I also want to pin-point indirect jumps to these jump-table entries in the final disassembly. To get a clearer idea about my requirement, consider the following example. /* Some code */ /* The below line is associated with a jump table */ *leaq LJTI0_0(%rip), %rax ## encoding: [0x48,0x8d,0x05,A,A,A,A]* * ## fixup A - offset: 3, value: LJTI0_0-4, kind: reloc_riprel_4byte* movq -32(%rbp), %rcx ## encoding: [0x48,0x8b,0x4d,0xe0] movslq (%rax,%rcx,4), %rdx ## encoding: [0x48,0x63,0x14,0x88] addq %rax, %rdx ## encoding: [0x48,0x01,0xc2] */* The below line is an indirect jump to a jump table entry */* *jmpq *%rdx ## encoding: [0xff,0xe2]* Corresponding disassembly of the executable: /* Some code */ /* Somehow, I want to find the starting address of the jump table from the below line */ *100000dd9: 48 8d 05 0c 01 00 00 leaq 268(%rip), %rax* 100000de0: 48 8b 4d e0 movq -32(%rbp), %rcx 100000de4: 48 63 14 88 movslq (%rax,%rcx,4), %rdx 100000de8: 48 01 c2 addq %rax, %rdx /* Somehow, I want to know if a jump statement is an indirect jump to a jump table entry from the below line */ *100000deb: ff e2 jmpq *%rdx* Any leads on how to achieve the task would be highly appreciated. Thank you. Regards, Malhar Thakkar ᐧ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20171101/9cdf0045/attachment.html>