x86找出仅给出十六进制机器码的指令的操作数大小? [英] x86 find out operand size of instruction given only the hex machine code?
问题描述
例如,给定一个十六进制: 83 E4 F0
For example, given a hex: 83 E4 F0
通过查看intel开发人员手册,我可以确定 83 表示,和 FO 表示 -16 。查看 E4 ,我可以解码出源/目标寄存器是SP还是ESP。
By looking at the intel developer's manual, I can figure out that 83 means and and FO means the -16. Looking at E4, I can decode that the source/destination register is either SP or ESP.
因此,我可以得出结论,十六进制表示和$ -16,%ESP 或和$ -16,%SP 。但是,在手册中,这两个都列为 83/4 ib 。
Therefore, I can conclude that the hex means either and $-16, %ESP or and $-16, %SP. However, in the manual, both of those are listed as 83 /4 ib.
如何区分这两个?
推荐答案
正如harold所说,默认操作数的大小未在指令中编码,而是取决于当前的处理器模式。
As harold says, the default operand size is not encoded in the instruction but depends on the current processor mode.
在实模式和16位保护模式下,默认操作数大小为16位,因此 83 E4 F0 解码为和$ -16,%sp 。
In real mode and 16-bit protected mode, the default operand size is 16-bit, so 83 E4 F0 decodes to and $-16, %sp.
在32位模式下,操作数大小默认为32-位,所以它是和$ -16,%esp 。
In 32-bit mode operand size defaults to 32-bit, so it's and $-16, %esp.
在x64模式下,大多数指令再次默认为32位操作数大小(分支和间接使用堆栈的分支除外,例如推,弹出,调用和返回),因此它再次解码为和$ -16,%esp 。
In x64 mode, most instructions again default to 32-bit operand size (except branches and those that indirectly use the stack, such as pushes, pops, calls and returns), so it again decodes to and $-16, %esp.
可以使用前缀覆盖默认操作数大小。例如,前缀66h在32位和16位操作数大小之间切换,因此 66 83 E4 F0 解码为和$ -16,%esp 在16位模式下为和$ -16,%sp 在32位或64位模式下。要获得64位操作数大小,您需要使用带有W位的 REX前缀设置,因此 48 83 E4 F0 解码为和$ -16,%rsp (但仅在64位模式下!)。
It is possible to override the default operand size using prefixes. For example, prefix 66h switches between 32-bit and 16-bit operand size, so 66 83 E4 F0 decodes to and $-16, %esp in 16-bit mode and to and $-16, %sp in 32-bit or 64-bit mode. To get 64-bit operand size, you need to use the REX prefix with the W bit set, so 48 83 E4 F0 decodes to and $-16, %rsp (but only in 64-bit mode!).
这篇关于x86找出仅给出十六进制机器码的指令的操作数大小?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
