x64 指令编码和 ModRM 字节 [英] x64 instruction encoding and the ModRM byte

问题描述

编码

call qword ptr [rax]
call qword ptr [rcx]

是

FF 10
FF 11

我可以看到最后一位数字 (0/1) 的来源(注册号)，但我想弄清楚倒数第二位数字 (1) 的来源.根据AMD64 架构程序员手册第 3 卷:通用和系统说明第 56 页，

I can see where the last digit (0/1) comes from (the register number), but I'm trying to figure out where the second last digit (1) comes from. According to AMD64 Architecture Programmer’s Manual Volume 3: General-Purpose and System Instructions page 56,

"/digit - 表示 ModRM 字节仅指定一个寄存器或内存 (r/m) 操作数.该数字由 ModRM reg 字段指定并用作指令操作码扩展.有效数字值范围从 0到 7."

"/digit - Indicates that the ModRM byte specifies only one register or memory (r/m) operand. The digit is specified by the ModRM reg field and is used as an instruction-opcode extension. Valid digit values range from 0 to 7."

等效的 Intel 文档说了类似的话，并且通过寄存器的 call 被指定为编码为

The equivalent Intel document says something similar, and call via a register is specified to be encoded as

FF /2

而且...我不知道这意味着什么，或者规范中的 2 如何连接到最终结果中的高 1 位.任何地方都有不同措辞的解释吗?

and... I have no idea what that means, or how the 2 in the specification connects to the high 1 digit in the end result. Is there a differently worded explanation available anywhere?

推荐答案

ModR/M 字节有 3 个字段:

The ModR/M byte has 3 fields:

bit 7 & bit 6 = mod
bit 5 through bit 3 = reg = /digit
bit 2 through bit 0 = r/m

这在 图 2-1 中进行了描述.英特尔 64 位和 IA-32 体系结构指令格式 of Vol.英特尔® 64 位和 IA-32 架构软件开发人员手册的 2A.

This is depicted in Figure 2-1. Intel 64 and IA-32 Architectures Instruction Format of Vol. 2A of Intel® 64 and IA-32 Architectures Software Developer’s Manual.

所以，有:

  0x10 = 00.010.000 (mod=0, reg/digit=2, r/m=0)

  0x10 = 00.010.000 (mod=0, reg/digit=2, r/m=0)

和

  0x11 = 00.010.001 (mod=0, reg/digit=2, r/m=1).

  0x11 = 00.010.001 (mod=0, reg/digit=2, r/m=1).

这篇关于x64 指令编码和 ModRM 字节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！