X86 Jmp Opcode 【100% Quick】

The /4 means the reg field (bits 3-5) is 100 binary. So the ModR/M byte is built as:

Near jumps are the workhorse of function calls (when not using CALL ), switch statement jump tables, and trampolines.

In the sprawling landscape of computer architecture, the processor is often viewed as a calculating engine—a device that crunches numbers, adds integers, and moves data. While accurate, this view overlooks the processor's true nature: it is a machine of flow control. Without the ability to change course, a CPU would be nothing more than a glorified calculator, executing a linear list of instructions from boot to shutdown. x86 jmp opcode

Real-mode, protected-mode (with segment selectors), and 64-bit compatibility mode still support far jumps—transfers that change both the instruction pointer and the code segment (CS).

instruction isn't just one operation; it's a family of opcodes tailored for speed and distance. Here are the most common variants you'll run into: 1. The "Short Jump" ( signed 8-bit displacement Since it's an 8-bit signed integer, you can jump roughly -128 to +127 bytes from the current instruction pointer. Why it exists: It’s the most compact way to handle local loops or 2. The "Near Jump" ( 5 bytes (on 32-bit/64-bit systems). signed 32-bit displacement This allows you to reach any address within a of the next instruction. This displacement is added to the address of the The /4 means the reg field (bits 3-5) is 100 binary

If you have ever opened a disassembler, looked at a hex dump, or debugged a stripped binary, you have seen the JMP instruction. On the surface, it is simple: "go to another address." However, the x86 architecture provides a surprising variety of encodings for this single mnemonic. Understanding the raw opcodes behind JMP is crucial for manual shellcode writing, binary patching, anti-disassembly tricks, and exploit development.

The CPU loads the destination from a register or memory; it does not add the address to RIP/EIP. While accurate, this view overlooks the processor's true

jmp next db 0xE8 ; fake CALL opcode to confuse disassemblers next: ...

EB 0B means "jump 11 bytes forward from the end of this instruction." EB F2 (where F2 = -14 decimal) means "jump 14 bytes backward."

Any ModR/M byte that encodes a memory address will read the target address from memory.

Let’s break down exactly what bytes tell the CPU to jump, and how they differ.

Please Log In to Super Teacher Worksheets
Username:
Password:
Can't remember your password?
Not a member yet? Join Today!
Become a Member
My Account
Site Information
Useful Links
Social Media
Follow Us
facebook
Twitter
Pinterest
Instagram
Super Teacher Worksheets Logo
Not a Member?
For complete access to thousands of printable lessons click the button or the link below.
© 2026 Super Teacher Worksheets