从地址获取上一条指令的开始 [英] Get the start of the previous instruction from an address

问题描述

我们在缓冲区中，查看 x86 操作码.|标记当前指针.

We're in a buffer, looking at x86 opcodes. | marks the current pointer.

68 0F 00 6A 90 | 00

找到下一条指令的开始很容易，因为当前的大小是可以确定的.但是你怎么能有点准确地猜测上一个的开始呢?

Finding the start of the next instruction is easy, since the size of the current is determinable. But how would you guess somewhat accurately the start of the previous?

68 0F 00 6A 90 - 总共 5 个字节，结束于 |

68 0F 00 6A 90 - 5 bytes total, ends at |

0F 00 6A 90 - 总共 4 个字节，结束于 |

0F 00 6A 90 - 4 bytes total, ends at |

00 6A 90 - 总共 3 个字节，结束于 |

00 6A 90 - 3 bytes total, ends at |

6A 90 - 总共 2 个字节，结束于 |

6A 90 - 2 bytes total, ends at |

90 - 总共 1 个字节，结束于 |

90 - 1 byte total, ends at |

显然这不是一个实际的例子，但它显示了问题.这与其说是问题，不如说是好奇，但现代反汇编者如何准确猜测?他们是否存储带有调用/跳转引用的点，并找到距离以当前指令结尾的最近标签最近的地址?

Obviously this isn't a practical example, but it shows the issue. This is more a curiosity than a problem, but how do modern disassemblers accurately guess? Do they store points with call/jump references and find the nearest address to the nearest label that ends at the current instruction?

推荐答案

使用这样的可变长度指令集，您无法准确地线性反汇编.你必须从一个入口点开始并遵循所有你可以的代码路径，当然，如果它就是这样的话，很容易绊倒反汇编器(强制一个条件然后使用条件分支，它只会走一条路径，并将数据留在未使用的路径中，该路径会触发以下指令解码).如果您只是尝试从入口点线性地执行它而不检查数据(例如，当编译器在无条件分支之后放置轮询数据或返回您的反汇编器视为指令数据的数据时)，情况会更糟.

with a variable length instruction set like this you cannot accurately linearly disassemble. you have to start at an entry point and follow all the code paths you can, of course it is pretty easy to trip up a disassembler if that is all it does (force a condition then use a conditional branch, which will only take one path, and leave data in the unused path that trips up the following instruction decoding). It is worse though if you just try to do it linearly from the entry point and not examine the data (for example when the compiler places poll data after an unconditional branch or return that your disassembler sees as instruction data).

你不能真正准确地向后退，除非你跟随代码路径，并带有一个分支，让你到达那里或在它前面的某个地方执行.

You cant really accurately go backwards, unless you follow the code path with a branch that gets you there or somewhere in front of it that executes to it.

这篇关于从地址获取上一条指令的开始的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！