x64 disassembly instruction relative address calculation

In a 64-bit disassembly relative offsets are usually 4 bytes in length. Usually a disassembler does the calculation for you but if you want to learn on how to do it manually, this article is for you.

x64 LEA instruction relative address calculation:

653:58


In the picture above instruction address is 145E5B6DA


145E5B6DA lea r12, qword ptr [000000014CCC2B9Fh] 4C 8D 25 BE 74 E6 06


A disassembler calculates the displacement offset for you and that's how you calculate the final effective address. You have to convert the last four bytes "BE 74 E6 06" from op codes to a signed integer to get the offset in hex.

After conversion the offset is 0x6E674BE. The formula is as simple as:

0x145E5B6DA + 0x6E674BE + 7: The result 14CCC2B9Fh

Why you must add a 7 to the offset? In this case it is the length of the instruction. An offset is relative to the instruction address.


References:

http://ref.x86asm.net/coder64.html
https://overlayhack.com/x64-assembly-call-instruction

Post a comment

Registered users do not have to enter captcha. A line in the code tag is currently limited to maxium of 160 characters.
Posting guidelines: You may not post any personal information. If you report a crash or any other issue: Always mention which Overlay Hack version and operating system and briefly describe the issue. Any support request post that does not include this information will be removed as spam without a reply.
Title
Tags You may use the following tags: [QUOTE] [/QUOTE] [B] [/B] [URL] [/URL] [CODE] [/CODE]
Captcha Please enter the text you see (case insensitive). The listed characters must be entered clockwise starting from twelve o'clock.
Comments are moderated Y