Preserving Knowledge about Jump Tables

Hello everyone,

I wish to preserve information about jump-tables as they are “fixed-up” with their actual address at link time and after dissembling the executable, it is impossible to know that there is a jump table in the code.

Additionally, I also want to pin-point indirect jumps to these jump-table entries in the final disassembly.

To get a clearer idea about my requirement, consider the following example.

/* Some code /
The below line is associated with a jump table /
leaq LJTI0_0(%rip), %rax ## encoding: [0x48,0x8d,0x05,A,A,A,A]
## fixup A - offset: 3, value: LJTI0_0-4, kind: reloc_riprel_4byte
movq -32(%rbp), %rcx ## encoding: [0x48,0x8b,0x4d,0xe0]
movslq (%rax,%rcx,4), %rdx ## encoding: [0x48,0x63,0x14,0x88]
addq %rax, %rdx ## encoding: [0x48,0x01,0xc2]
The below line is an indirect jump to a jump table entry */_
jmpq *%rdx ## encoding: [0xff,0xe2]

Corresponding disassembly of the executable:

/* Some code /
Somehow, I want to find the starting address of the jump table from the below line */

100000dd9: 48 8d 05 0c 01 00 00 leaq 268(%rip), %rax
100000de0: 48 8b 4d e0 movq -32(%rbp), %rcx
100000de4: 48 63 14 88 movslq (%rax,%rcx,4), %rdx
100000de8: 48 01 c2 addq %rax, %rdx
/* Somehow, I want to know if a jump statement is an indirect jump to a jump table entry from the below line */
100000deb: ff e2 jmpq *%rdx

Any leads on how to achieve the task would be highly appreciated.

Thank you.

Malhar Thakkar