Could anyone tell me what does "0x48ff25" means in the following disassamble code?
00000000`7745b0ac 48ff2525801000 jmp qword ptr [ntdll!NlsAnsiCodePage+0xe3e (00000000`775630d8)]
I have checked the AMD64 architecture programmer's manual, but it's really hard to find answer by myself...
48 is a REX.W prefix
FF is the opcode byte
25 is the ModR/M byte, the extended opcode field is /4 and the rest means the operand is a memory operand at [RIP+sdword] (which the rex.w makes a qword)
Which means the instruction is JMP qword ptr [RIP+0x00108025] (but you already knew that part) where RIP refers to the address just after the instruction.
精彩评论