指令中操作码的数量
还有其他(更快)的方法来获取它吗? x86架构 这是我到目前为止所写的。
#include <cstdio>
#include <cstdlib>
typedef unsigned int UINT;
typedef unsigned char BYTE;
BYTE getInstructionLength(BYTE * data);
int main()
{
//get mod
//hex:bin 0x00:00 0xC0:11 0x40:01 0x80:10
//printf("opcode 0x%X mod: 0x%X\n", opcode, opcode&0xC0);
//get r
//hex:bin 0x28:101 0x30:110 0x8:001
//printf("opcode 0x%X reg: 0x%X\n", opcode, opcode&0x38);
//get m
//hex:bin 0x07:111 0x2:010 0x1:001 0x6:110 0x0:000 0x3:011 0x4:100 0x5 101
//printf("opcode 0x%X R/M: 0x%X\n", opcode, opcode&0x07);
for(BYTE opcode=0x0; opcode < 255; opcode++)
{
printf("opcode 0x%X mod: 0x%X reg:0x%X M:0x%X\n", opcode, opcode&0xC0, opcode&0x38, opcode&0x07);
}
return 0;
}
BYTE getInstructionLength(BYTE * data)
{
if(data[0] >= 0x3F && data[0] <= 0x61) return 1; //one opcode instructions
switch(data[0])
{
case 0x00:
switch(data[1])
{
case 0x00: return 2; //ADD BYTE PTR DS:[EAX],AL
case 0x01: return 2; //ADD BYTE PTR DS:[ECX],AL
case 0x02: return 2; //ADD BYTE PTR DS:[EDX],AL
case 0x03: return 2; //ADD BYTE PTR DS:[EBX],AL
case 0x04: if(data[2]&0x07 == 0x5) return 7; else return 3; //always 7 if R/M = 101
case 0x05: return 6;
case 0x06: return 2;
case 0x07: return 2;
case 0x08: return 2;
case 0x09: return 2;
case 0x0A: return 2;
case 0x0B: return 2;
case 0x0C: if(data[2]&0x07 == 0x5) return 7; else return 3;
}
case 0x06: return 1; //push es
case 0x07: return 1; //pop es
case 0x16: return 1; //push ss
case 0x17: return 1; //pop ss
case 0x90: return 1; //nop
}
}
Is there any other (faster) way to get it? x86 architecture
Here is what i wrote so far.
#include <cstdio>
#include <cstdlib>
typedef unsigned int UINT;
typedef unsigned char BYTE;
BYTE getInstructionLength(BYTE * data);
int main()
{
//get mod
//hex:bin 0x00:00 0xC0:11 0x40:01 0x80:10
//printf("opcode 0x%X mod: 0x%X\n", opcode, opcode&0xC0);
//get r
//hex:bin 0x28:101 0x30:110 0x8:001
//printf("opcode 0x%X reg: 0x%X\n", opcode, opcode&0x38);
//get m
//hex:bin 0x07:111 0x2:010 0x1:001 0x6:110 0x0:000 0x3:011 0x4:100 0x5 101
//printf("opcode 0x%X R/M: 0x%X\n", opcode, opcode&0x07);
for(BYTE opcode=0x0; opcode < 255; opcode++)
{
printf("opcode 0x%X mod: 0x%X reg:0x%X M:0x%X\n", opcode, opcode&0xC0, opcode&0x38, opcode&0x07);
}
return 0;
}
BYTE getInstructionLength(BYTE * data)
{
if(data[0] >= 0x3F && data[0] <= 0x61) return 1; //one opcode instructions
switch(data[0])
{
case 0x00:
switch(data[1])
{
case 0x00: return 2; //ADD BYTE PTR DS:[EAX],AL
case 0x01: return 2; //ADD BYTE PTR DS:[ECX],AL
case 0x02: return 2; //ADD BYTE PTR DS:[EDX],AL
case 0x03: return 2; //ADD BYTE PTR DS:[EBX],AL
case 0x04: if(data[2]&0x07 == 0x5) return 7; else return 3; //always 7 if R/M = 101
case 0x05: return 6;
case 0x06: return 2;
case 0x07: return 2;
case 0x08: return 2;
case 0x09: return 2;
case 0x0A: return 2;
case 0x0B: return 2;
case 0x0C: if(data[2]&0x07 == 0x5) return 7; else return 3;
}
case 0x06: return 1; //push es
case 0x07: return 1; //pop es
case 0x16: return 1; //push ss
case 0x17: return 1; //pop ss
case 0x90: return 1; //nop
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您需要能够计算 x86 的指令长度(以字节为单位),那么您可以查找
Z0mbie 页面上的长度反汇编器:http://z0mbie.daemonlab.org/
If you need to be able to compute the instruction length in bytes for x86, then you could look for
length-disassembler on Z0mbie's page: http://z0mbie.daemonlab.org/