Can a JMP instruction be used to jump to the start address of a function, and why would one do so?
In Prinziple you can mix jmp and calls as long as you follow the rules. call pushes the return address on the stack automatically.
call x
mov eax, 0 <- returns here
x:
do something
ret
This could be done as well by the fowlloing code:
jmp x
:retAdr
mov eax, 0 <- returns here
x:
do something
push retAdr <- Basically it would be similar to a jmp, but of course the target can be calculated as well.
ret
And of course you can do it the other way around as well.
call x
mov eax, 0
x:
pop eax <- ret adress
do something
jmp eax
While these pseudocode samples may not look usefull, simetimes it may be usefull to use them this way in special cases. The target of a jmp can be any address, so it can also be a function or procedure. There is no difference here.
I have seen this used in ant-debugging techniques to obscure the return path and make reversing harder. It can also be used for jmp tables or other stuff. I used a jmp to a function, when I redericted an existing function somewhere else, and then forward the code to the originall function afterwards (injecting code).