Hi, I'm looking at the following piece of code running under QEMU
0x38000: 66 bd 90 f8 27 3f mov $0x3f27f890,%ebp ; target address for jmp 0x38006: 66 2e 2b 2e f8 fe sub %cs:0xfef8,%ebp ; subtract SMBASE 0x3800c: 66 ff e5 jmpl *%ebp The code is run in system management mode and should eventually jump to 0x3f27f890. However, that jump fails and QEMU continues code execution at 0x3800f. I suspect this is due to some missing SMM special case in translate.c:disas_insn() in the jmp Ev path, but I'm not sure yet where to go from there. Can anyone toss me in the right direction? Any help appreciated, Stefan
