tags:

views:

330

answers:

3
+3  Q: 

intel machine code to assembly code question.

hello,experts,i wonder the intel x86 machineCode/assemblyCode conversion is singleSide or bothSide?

means: assemblyCode ---> machineCode and machineCode ---> assemblyCode are both available.

since the x86 machineCode is vary in size (1-15 byte),and opcode vary in (1-3 byte),how to determine one opcode is 1byte or 2byte or 3byte ?

and i never found the example of prefix of x86 instructions,if here is 1byte prefix,how to determine it is prefix or opcode?

certainly, the assemblyCode ---> machineCode , the identity of mnemonics + oprand[w/b] can determine what the response machineCode is by maping certain MappingTable.

but,when the process is reversed:

{ bbbbbbbb,bbbbbbbb,bbbbbbbb, //instruction1 bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,//instruction2 bbbbbbbb,bbbbbbbb//instruction3 }

----> {bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb,bbbbbbbb}

i don't know which is the significant bits or byts to determined how long(what size) one instruction is.

would any one tells me how to determine that?(the size of opcode,the prefix example.) thanks for help.

+3  A: 

Not sure what you want to accomplish, but since the instructions have variable length the only way to be sure you get back the correctly disassembled code is to start from a known start address. Usually disassemblers start from the starting point of the program and then recursively disassemble all methods called.

However this leads to situations where some code chunks are not disassembled because they can be called from a function table or similar situations, so it needs help from a human usually to see if the remaining sections are code or data.

rslite  2010-03-09 14:25:22
... does this concernde by elf or other obj format?
Johnny  2010-03-09 14:40:14
yes , disassemble ---> i forgot use this words.i think ,if i can disassemble, then i can assemble.
Johnny  2010-03-09 14:41:46
This is can be applied to any object format, but of course the processing needs to take into account the actual format of the file.
rslite  2010-03-10 11:17:32
+1  A: 

since the x86 machineCode is vary in size (1-15 byte),and opcode vary in (1-3 byte),how to determine one opcode is 1byte or 2byte or 3byte?

The size of the instructed is implicitly defined by instruction and address mode, you will have to check the ISA one byte at a time what can and should follow said byte.

and i never found the example of prefix of x86 instructions,if here is 1byte prefix,how to determine it is prefix or opcode?

For example, the operand size override prefix (66h) is always a prefix.

Jens Björnhager  2010-03-09 14:25:24
thanks, could you write a full prefix+opcode+mode+r/m+oprands example?
Johnny  2010-03-09 14:44:17
how about the opcode size? (not the instruction),
Johnny  2010-03-09 14:47:26
The Intel Instreuction Set manual has extensive tables of the encoding of opcodes and the mod-reg-r/m byte. Check Chapter 2 of this document, for example:http://www.intel.com/design/intarch/manuals/243191.htm
Jens Björnhager  2010-03-09 15:52:19
But 066h can also be a MOD/RM byte or an immediate byte.
Nathan Fellman  2010-03-09 19:05:25
+2  A: 

The details you need are in Intel® 64 and IA-32 ArchitecturesSoftware Developer’s Manual Volume 2B: Instruction Set Reference, N-Z. Look at Appendix A, it includes everything you need.

torak  2010-03-09 14:29:17
thanks, i will lookup it.
Johnny  2010-03-09 14:47:52
thanks, i have readed:Table A-2. One-byte Opcode Map: (00H — F7H) 0F LOCK (Prefix)Table A-3. Two-byte Opcode Map: 00H — 77H (First Byte is 0FH)Table A-3. Two-byte Opcode Map: 08H — 7FH (First Byte is 0FH)Table A-3. Two-byte Opcode Map: 80H — F7H (First Byte is 0FH) Table A-3. Two-byte Opcode Map: 88H — FFH (First Byte is 0FH)
Johnny  2010-03-09 15:19:22
Table A-4. Three-byte Opcode Map: 00H — F7H (First Two Bytes are 0F 38H)Table A-4. Three-byte Opcode Map: 08H — FFH (First Two Bytes are 0F 38H)Table A-5. Three-byte Opcode Map: 00H — F7H (First two bytes are 0F 3AH)Table A-5. Three-byte Opcode Map: 08H — FFH (First Two Bytes are 0F 3AH)it is very useful ,thanks.
Johnny  2010-03-09 15:20:20

related questions

How do I render a partial of a different format in Rails?
Warnings using format strings with sprintf() in C++
C++ format macro / inline ostringstream
c# Treeview Node with formatted text e.g. tabs & new lines
Format integer to string with 5 digits
What's the best 3d model format for loading and displaying inanimate textured objects in an OpenGL program?
How can I change the format of a date from the command line?
cout Formatting
In Delphi 7, how do I escape a percent sign (%) in the Format function?
Quick & Dirty way to update "IDs" in a string formatted as XML (C#)
.Net Converting a number from one culture to another
What other languages have features and/or libraries similar to Perl's format?
Setting a DBGrid column format in Delphi
How do I set the formatting of tinyMCE?
Integer formatting, padding to a given length
Automatic image format detection in PHP
Which graphic file formats are supported by browsers?
How can I convert a number to its multiple form in Perl?
Which image format is cost effective in terms of network operation for iPhone?
How does the .doc format work?
Parse DICOM files in native Python
Best Way To Format An HTML Email?
C++: how to get fprintf results as a std::string w/o sprintf
How do you typeset code elements in normal text?
Format string to title case