From 2ebaeef7e5c50e0974b959d9a92896646eb8c826 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Thu, 28 May 2015 14:00:32 +0200
Subject: [PATCH] Fix #1249 - Handle x86 jmp [ref] autonaming trampolines

---
 libr/anal/p/anal_x86_cs.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/libr/anal/p/anal_x86_cs.c b/libr/anal/p/anal_x86_cs.c
index d5e32f6c64..d1b38fa637 100644
--- a/libr/anal/p/anal_x86_cs.c
+++ b/libr/anal/p/anal_x86_cs.c
@@ -796,15 +796,33 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 				free (src);
 			}
 			// TODO: what if UJMP?
-			if (INSOP(0).type == X86_OP_IMM) {
+			switch (INSOP(0).type) {
+			case X86_OP_IMM:
 				op->jump = INSOP(0).imm;
 				op->type = R_ANAL_OP_TYPE_JMP;
 				if (a->decode) {
 					ut64 dst = INSOP(0).imm;
 					esilprintf (op, "0x%"PFMT64x",%s,=", dst, pc);
 				}
-			} else {
+				break;
+			case X86_OP_MEM:
+				{
+					cs_x86_op in = INSOP(0);
+					op->type = R_ANAL_OP_TYPE_UJMP;
+					if (in.mem.index == 0 && in.mem.base == 0 && in.mem.scale == 1) {
+						op->type = R_ANAL_OP_TYPE_UJMP;
+						op->ptr= in.mem.disp;
+						if (a->decode) {
+							esilprintf (op, "0x%"PFMT64x",[],%s,=", op->ptr, pc);
+						}
+					}
+				}
+				break;
+			case X86_OP_REG:
+			case X86_OP_FP:
+			default: // other?
 				op->type = R_ANAL_OP_TYPE_UJMP;
+				break;
 			}
 			break;
 		case X86_INS_IN: