What does the AMD64 machine code “48 ff 25” mean? [closed]

Question

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 9 years ago.

Could anyone tell me what does "0x48ff25" means in the following disassamble code?

00000000`7745b0ac 48ff2525801000  jmp     qword ptr [ntdll!NlsAnsiCodePage+0xe3e (00000000`775630d8)]

I have checked the AMD64 architecture programmer's manual, but it's really hard to find answer by myself...

Answer 1

48 is a REX.W prefix
FF is the opcode byte
25 is the ModR/M byte, the extended opcode field is /4 and the rest means the operand is a memory operand at [RIP+sdword] (which the rex.w makes a qword)

Which means the instruction is JMP qword ptr [RIP+0x00108025] (but you already knew that part) where RIP refers to the address just after the instruction.