匹配英特尔代码以反汇编输出 [英] Matching the intel codes to disassembly output

问题描述

我开始使用英特尔参考页来查找和了解操作码(而不是询问SO的所有内容).我想确保我的理解是正确的，并询问基本的asm程序和intel指令代码之间的输出问题.

这是我必须将各种 mov 指令比较到 rax -ish寄存器中的程序(是否有更好的说法"rax"及其32位代码，16位和8位组件?):

  .globl _start_开始:movq $ 1，％rax#立即移入8字节rax(rax)movl $ 1，％eax#立即移入4字节rax(eax)movw $ 1，％ax#立即移入2字节rax(ax)movb $ 1，％al#立即移入1字节rax(al)mov $ 60，％eax系统调用 

它的拆卸过程如下:

  $ objdump -D文件文件:文件格式elf64-x86-64.text部分的反汇编:0000000000400078< _start> ;:400078:48 c7 c0 01 00 00 00 mov $ 0x1，％rax40007f:b8 01 00 00 00 mov $ 0x1，％eax400084:66 b8 01 00 mov $ 0x1，％ax400088:b0 01 mov $ 0x1，％al40008a:b8 3c 00 00 00 mov $ 0x3c，％eax40008f:0f 05系统调用 

现在，最多匹配

我能够调和以下四个说明:

1. mov $ 0x1，％al -> b0 01
   是，英特尔状态代码为 b0 [+1字节值]，表示立即移动1字节.
2. mov $ 0x1，％eax -> b8 01 00 00 00
   是，英特尔州代码为 b8 [+ 4个字节的值]，用于立即移动1个字节.
3. mov $ 0x1，％ax -> 66 b8 01 00
   否，英特尔代码为 b8 而不是 66 b8 .
4. mov $ 0x1，％rax48 -> c7 c0 01 00 00 00
   不适用，仅32位指令.未列出.

---

与此相关的我的问题是:

• 为什么 mov $ 0x1，％ax 不匹配?
• 是否存在用于 64 位代码的相同表，或者建议的查找方式是什么?
• 最后，当寄存器更改时，代码如何调整?例如，如果我想将值移动到％ebx 或％r11 .您如何计算代码调整"，就像在此查找表中一样，它只为(注册示例代码)提供 eax 注册.

解决方案

您缺少前缀"opcodes"(的概念)；改变了以下指令的含义.MOV, copied here:

I am able to reconcile the following of the four instructions:

1. mov $0x1,%al --> b0 01
   YES, intel states code is b0 [+ 1 byte for value] for 1-byte move immediate.
2. mov $0x1,%eax --> b8 01 00 00 00
   YES, intel states code is b8 [+ 4 bytes for value] for 1-byte move immediate.
3. mov $0x1,%ax --> 66 b8 01 00
   NO, intel states code is b8 not 66 b8.
4. mov $0x1,%rax48 --> c7 c0 01 00 00 00
   N/A, 32 bit instructions only. Not listed.

---

From this, my question related to this are:

• Why doesn't the mov $0x1,%ax match up?
• Is there the same table for 64-bit codes, or what's the suggested way to look that up?
• Finally, how do the codes adjust when the register changes? For example, if I want to move a value to %ebx or %r11 instead. How do you calculate the 'code-adjustment', as it looks like in this lookup table it only gives (I think?) the eax register for the 'register example codes'.

解决方案

You're missing the (concept of) prefix "opcodes" that change the meaning of the following instruction. Volume 2, sections 2.1.1 and 2.2.1 of the IA32 manual covers this. From 2.1.1 we get:

Operand-size override prefix is encoded using 66H (66H is also used as a mandatory prefix for some instructions).

so the 66 prefix changes the operand size from the default 32-bit to 16-bit. Thus, the mov $1,%ax (16-bit) is the same as mov $1,%eax (32-bit) with just the 66 prefix

The last case (mov $1, %rax) is actually using a different instruction

REX.W + C7 /0 io    MOV r/m64, imm32      Move imm32 sign extended to 64-bits tor/m64.

here we're moving a constant into any register instead of A -- the instruction is one byte larger but allows moving a 32-bit immed into a 64-bit register, so only needs a 4-byte constant instead of an 8-byte one (so ends up being 3 bytes smaller than the equivalent 48 b8 01 00 00 00 00 00 00 00)

这篇关于匹配英特尔代码以反汇编输出的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！