是否有用于解析,分解和解释x86字节码的网站或工具 [英] Is there a website or tool for parsing, breaking down, and explaining x86 bytecode
问题描述
当您在 https://explainshell.com/中键入shell命令时,您将获得每个命令的解释命令的一部分以及命令的作用.
When you type a shell command in https://explainshell.com/ , you get an explanation of each part of the command and what the command does.
有没有地方我可以输入一堆x86字节码,并逐字节解析(对于某些字节可能一点一点地解析)并进行类似的解释?
Is there a place where I could type in a bunch of x86 bytecode, and have it paresed byte by byte (and perhaps bit by bit for certain bytes) and explained similarly?
推荐答案
反汇编程序会将整个指令解码回asm.有些人会将字节分组为前缀,操作码和以后的内容.例如在寻址模式下,一个4字节立即数或移位数可能没有空格,但与操作码之间用空格隔开.
Disassemblers will decode whole instructions back into asm. Some will group the bytes into prefixes, opcode, and later stuff. e.g. a 4-byte immediate or displacement in an addressing mode might be grouped without spaces, but separated from the opcode by a space.
Agner Fog的objconv反汇编程序可以做到这一点. https://www.agner.org/optimize/#objconv
Agner Fog's objconv disassembler does that. https://www.agner.org/optimize/#objconv
例如在一个随机的 .o 文件中,我最近遇到了关于x87标志的SO问题.请注意,这是一个 .o ,因此每个部分的地址都基于 0 .
e.g. on a random .o file I had lying around from a recent SO question about x87 flags. Note that it's a .o so the addresses are based at 0 in each section.
更重要的是,不是 fld dword [value1] 的机器代码如何显示为 D9 (操作码), 05 (编码寻址模式的ModRM字节,在这种情况下表示存在4字节位移), 00000000 带有(d)注释,显示4字节 disp32
More importantly, not how fld dword [value1]'s machine code is show as D9 (the opcode), 05 (the ModRM byte that encodes the addressing mode and in this case signals that there's a 4-byte displacement), and the 00000000 with a (d) note showing the 4-byte disp32.
;; Produced with
;; objconv -fnasm fcomtest.o /dev/stdout
global _start
SECTION .text align=1 execute ; section number 1, code
_start: ; Function begin
fld dword [value1] ; 0000 _ D9. 05, 00000000(d)
fcom dword [value2] ; 0006 _ D8. 15, 00000004(d)
fwait ; 000C _ 9B
fnstsw ax ; 000D _ DF. E0
pushfd ; 000F _ 9C
sahf ; 0010 _ 9E
pushfd ; 0011 _ 9C
ja greater ; 0012 _ 77, 0E
jc lessthan ; 0014 _ 72, 18
mov eax, 1 ; 0016 _ B8, 00000001
mov ebx, 0 ; 001B _ BB, 00000000
int -128 ; 0020 _ CD, 80
greater:mov eax, 1 ; 0022 _ B8, 00000001
mov ebx, 2 ; 0027 _ BB, 00000002
int -128 ; 002C _ CD, 80
lessthan:
mov eax, 1 ; 002E _ B8, 00000001
mov ebx, 1 ; 0033 _ BB, 00000001
; Note: Function does not end with ret or jmp
int -128 ; 0038 _ CD, 80
; _start End of function
SECTION .data align=1 noexecute ; section number 2, data
value1: ; dword
dd 412EC49CH ; 0000 _ 10.923
value2: dd 4091B3D0H ; 0004 _ 4.5531998
可能有一种方法可以对大量原始字节(而不是 .o )运行 objconv ,或者如果没有的话,也可以将其放入其中.
There's probably a way to run objconv on a chunk of raw bytes, not in a .o, or if not you could put it in one.
x86机器代码的整体结构是相当固定的:
[prefixes ...] opcode [modrm [sib] [disp0/8/32]] [imm8/16/32]
某些操作码没有modrm(例如 add r32,r/m32 ),有些则两者都有(例如添加r/m32,imm8 ),有些则没有(例如 lodsb 或 cdq ).
Some opcodes have no modrm (e.g. mov reg, imm32), many have no immediate (e.g. add r32, r/m32), some have both (e.g. add r/m32, imm8), some have neither (e.g. lodsb, or cdq).
有关操作码,请参见 http://ref.x86asm.net/coder64.html 地图.当然还有Intel的手册(按助记符索引,而不是操作码索引),例如HTML提取 https://www.felixcloutier.com/x86/
see http://ref.x86asm.net/coder64.html for an opcode map. And of course Intel's manuals (which are indexed by mnemonic, not opcode), e.g. HTML extract https://www.felixcloutier.com/x86/
如果有人构建了您正在绘制的在线工具,或者执行了objconv的其他反汇编程序,则为IDK.
IDK if anyone's built an online tool like you're picturing, or other disassemblers that do what objconv does.
这篇关于是否有用于解析,分解和解释x86字节码的网站或工具的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
