CHAPTER 13. SWITCH()/CASE/DEFAULT CHAPTER 13. SWITCH()/CASE/DEFAULT
Here we see a jumptable:
Figure 13.11:OllyDbg: calculating destination address using jumptableHere we’ve clicked “Follow in Dump”→“Address constant”, so now we see thejumptablein the data window. These are 5
32-bit values^4 .ECXis now 2, so the second element (counting from zero) of the table is to be used. It’s also possible to
click “Follow in Dump”→“Memory address” and OllyDbg will show the element addressed by theJMPinstruction. That’s
0x010B103A.
(^4) They are underlined by OllyDbg because these are also FIXUPs:68.2.6 on page 673, we are going to come back to them later