AT&T jmpq指令

(gdb) disassemble

Dump of assembler code for function _Znam@plt:

=> 0x0000000000400738 <+0>:     jmpq   *0x2006ba(%rip)        # 0x600df8(==rip+0x2006ba) <_Znam@got.plt>

   0x000000000040073e <+6>:     pushq  $0x3

   0x0000000000400743 <+11>:    jmpq   0x4006f8

End of assembler dump.

(gdb) x/2hg 0x600df8

0x600df8 <_Znam@got.plt>:       0x000000000040073e      0x000000000040074e

(gdb) si

0x000000000040073e in operator new[] ()

(gdb) disassemble 

Dump of assembler code for function _Znam@plt:

   0x0000000000400738 <+0>:     jmpq   *0x2006ba(%rip)        # 0x600df8 <_Znam@got.plt>

=> 0x000000000040073e <+6>:     pushq  $0x3

   0x0000000000400743 <+11>:    jmpq   0x4006f8

End of assembler dump.

所以，jmpq *0x2006ba(%rip)这条指令是首先计算rip+0x2006ba的值，假设和为a，然后取a地址处保存的内容(8字节)作为jmp的目的地址，所以这里的*可以理解为c语言中的取地址符.

第二种情况：

jmpq *$r11指令：以r11里的值作为地址，取其中保存的8字节内容作为目的地址jump过去

(gdb) p $r11

$8 = 236397654544

(gdb) p /x $r11

$9 = 0x370a65f210

(gdb) x/1hg $r11

0x370a65f210 <operator new[](unsigned long)>:   0xffa6ffe808ec8348

(gdb) si

operator new[] (sz=<optimized out>) at ../../.././libstdc++-v3/libsupc++/new_opv.cc:31

(gdb) disassemble

Dump of assembler code for function operator new[](unsigned long):

=> 0x000000370a65f210 <+0>:     sub    $0x8,%rsp

   0x000000370a65f214 <+4>:     callq  0x370a659918 <_Znwm@plt>

   0x000000370a65f219 <+9>:     add    $0x8,%rsp

   0x000000370a65f21d <+13>:    retq

   0x000000370a65f21e <+14>:    add    $0x1,%rdx

   0x000000370a65f222 <+18>:    mov    %rax,%rdi

   0x000000370a65f225 <+21>:    je     0x370a65f22c <operator new[](unsigned long)+28>

   0x000000370a65f227 <+23>:    callq  0x370a65ba08 <_Unwind_Resume@plt>

   0x000000370a65f22c <+28>:    callq  0x370a65a168 <__cxa_call_unexpected@plt>

End of assembler dump.

(gdb)