Hello, I am writing my Computer Engineering Thesis and I came across a doubt I couldn't figure out. I am trying to statically instrument x86 (both 32 and 64) software to trace memory accesses. I wrote a byte-per- byte parser which identifies what instructions will write into memory. Then, the software groups contiguous instructions to reach a size in byte >= 5, then replaces them with a call to a particular monitoring function and a bunch of nops, and copies the original instruction in a table for future execution. Everything's working fine except for one scenario: mov $i, %eax incl (%eax) jmp .FancyFunction The incl (%eax) is a 2 byte instruction, the instrumented code would result in: mov $i, %eax call MyFunction nopw If somewhere else in the code there is a jmp to the third line of this example (jmp .FancyFunction), eip will point in the middle of the address of the call, in the best case arising a SIGILL signal, in the worst case producing undefined behaviour. For static jump I can (mostly easily) hijack the jmp to the point where the original instruction has been moved. If gcc produces such code: jmp *%eax or jmp *(%eax) there would be a complete mess: I should make a syntactic analysis of the code to understand what is going to be stored in registers, which is an unapplicable approch in my point of view. So, the final question is: when does gcc produces that kind of jumps? Is it possible to tell gcc to avoid generation of such code? Thanks a lot! Alessandro Pellegrini
