如何跨$ P $ 86 PT运code地图？ [英] How to interpret x86 opcode map?

问题描述

在以86运code地图寻找像这样的：

In looking at an x86 opcode map such as this:

http://www.mlsite.net/8086/#tbl_map1

它定义的映射，例如：

00: ADD Eb,Gb
01: ADD Ev,Gv
...

这环节都有什么样的字母的意思是基本的描述，如：

That link has basic descriptions of what the letters mean, such as:

  
• 电子：一个MODR / M字节后面的运算code和指定操作数。操作数是一个通用寄存器或存储器地址。如果它是一个存储器地址，该地址是从段寄存器计算和任何下列值：一基址寄存器，一个变址寄存器，一个位移

  
• 乙：字节参数

  

• E: A ModR/M byte follows the opcode and specifies the operand. The operand is either a general-purpose register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a displacement.
• b: Byte argument.

但它是一个有点太含糊。你怎么居然翻译成完全运code（全指令+ ARGS在OP $ C $三）？一直无法从<一个数字出来href=\"http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf\"相对=nofollow>英特尔手册但无论是的，也许我期待在错误的地方（这是一个有点势不可挡）？眼看显示输出运算code为输入指令的片段（你是怎么做的）将是超级有帮助的。

But it's a bit too vague. How do you actually translate that into "complete opcode" (the whole instruction + args in opcode)? Haven't been able to figure it out from the Intel manuals yet either, maybe I'm looking in the wrong place (and it's a bit overwhelming)? Seeing a snippet showing the output opcode for an input instruction (and how you did that) would be super helpful.

推荐答案

通过一切手段，使用intel的手册。对于每一个指令它使机器code和第2章对指令的格式非常详细的说明。

By all means, use the intel manuals. For each instruction it gives the machine code and chapter 2 has a very detailed description on the instruction format.

但给你一个演练，让我们来看看 ADD EDX，[EBX + ECX * 4 + 15H] 。
首先，我们通过章节读 2指令格式和 3.1 INTER preTING指令参考页来得到一个想法正是我们将要看到的。我们在中列出的缩写在OP code汇总表3.1.1.3指令列。

But to give you a walkthrough, let's see ADD EDX, [EBX+ECX*4+15h]. First we read through the chapters 2 INSTRUCTION FORMAT and 3.1 INTERPRETING THE INSTRUCTION REFERENCE PAGES to get an idea of what we will see. We are especially interested in the abbreviations listed at 3.1.1.3 Instruction Column in the Opcode Summary Table.

有了这些信息，我们转向描述<​​code>添加指令的页面，并尝试找出一个合适的版本，我们希望一个EN code。我们的第一个操作数是32位寄存器，第二个是一个32位内存位置，所以让我们来看看匹配。这将是倒数第二行： 03 / R R32 ADD，R / M32 。我们回到章指令汇总表3.1.1.1欧普code柱（没有VEX preFIX指令）来看看那个神奇的 / R 为：指示指令的MODR / M字节包含寄存器操作数和R / M操作数

Armed with that information, we turn to the page describing the ADD instruction and try to identify an appropriate version for the one we want to encode. Our first operand is a 32 bit register and the second is a 32 bit memory location, so let's see what matches that. It's going to be the penultimate line: 03 /r ADD r32, r/m32. We go back to chapter 3.1.1.1 Opcode Column in the Instruction Summary Table (Instructions without VEX prefix) to see what that magical /r is: Indicates that the ModR/M byte of the instruction contains a register operand and an r/m operand.

好吧，那么图2-1。英特尔64和IA-32架构指令格式向我们展示了指令外观。到目前为止，我们知道，我们不会有任何prefixes和运code将 03 ，我们会使用至少一个MODR / M字节。因此，让我们看看如何找出答案。看看表2-2。 32位寻址形式与MODR / M字节。列重新present寄存器操作数，行的内存操作数。由于我们的寄存器是 EDX 我们使用的第3列。内存操作数是 [EBX + ECX * 4 + 15H] 它可以连接使用8或32位的位移codeD。为了获得更短的code，我们将使用8位版本，因此该行 [ - ] [ - ] + disp8 适用。这意味着我们的MODR / M字节将是 54 。

Okay, so Figure 2-1. Intel 64 and IA-32 Architectures Instruction Format showed us how the instruction will look. So far we know that we won't have any prefixes and the opcode will be 03 and we will use at least a modr/m byte. So let's go see how to figure that out. Look at Table 2-2. 32-Bit Addressing Forms with the ModR/M Byte. The columns represent the register operand, the rows the memory operand. Since our register is EDX we use the 3rd column. The memory operand is [EBX+ECX*4+15h] which can be encoded using a 8 or a 32 bit displacement. To get shorter code we will use the 8 bit version, so the line [--][--]+disp8 applies. This means our modr/m byte is going to be 54.

我们需要一个SIB字节了。那些列在表2-3。 32位寻址的字节SIB 表格。由于我们的基础是 EBX 我们使用4列和行的 [ECX * 4] 这就是我们的目标SIB字节 8B 。

We will need a SIB byte too. Those are listed in Table 2-3. 32-Bit Addressing Forms with the SIB Byte. Since our base is EBX we use column 4, and the row for [ECX*4] which gives us our SIB byte of 8B.

最后，我们添加我们的8位位移字节，也就是 15 。完整的指令是这样 03 54 15 8B 。我们可以用汇编验证这一点：

Finally we add our 8 bit displacement byte, which is 15. The complete instruction is thus 03 54 8B 15. We can verify this with an assembler:

2 00000000 03548B15                add edx, [ebx+ecx*4+15h]

这篇关于如何跨$ P $ 86 PT运code地图？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！