I found in IDA Disassembly an instruction

CALL $+5

Can anybody tell me the meaning of this.

I suppose it calls the instruction 5 bytes after the call instruction.

($ being the address of the next instruction after the CALL)

e.g.

0x400000: CALL $+5 ; = CALL 40000A (address of CALL + size of CALL instruction[=5] + 5 = 10 [A in hex])

0x400005:

0x40000A:

CALL $+0 would call 400005

Edited August 30, 200915 yr by Killboy
no maths skills :x

I don't know with IDA, but in MASM if you use the '$' operator, it is the offset of the instruction that you use it with, not the following instruction.

call $+5assembles to:00401000 $  E8 00000000       CALL 00401005

Which could be used with stuff such as code-flow obfuscation or gaining a delta value to offset references with (GetDelta offset independant code), just two examples.

HR,

Ghandi

Edited September 1, 200915 yr by ghandi

In IDA, $ is beginning of same instruction (which is not the EIP which would point to the next instruction).

CALL $+5 is probably call to next instruction

x86 assembly

(based off of EIP, not IDA's $ for beginning of same instruction).

CALL near (rel32)

E8 xxxxxxxx (5 bytes)

For details, read the intel or amd manuals.

Edited March 24, 201015 yr by Ressa