如何手动解释操作码?
77f4bcbc 8945fc mov dword ptr [ebp-4],eax
规则如下:
88 /r MOV r/m8,r8 2/2 Move byte register to r/m byte
89 /r MOV r/m16,r16 2/2 Move word register to r/m word
89 /r MOV r/m32,r32 2/2 Move dword register to r/m dword
如何将 8945fc 解释为 mov dword ptr [ebp-4],eax?
77f4bcbc 8945fc mov dword ptr [ebp-4],eax
And here's the rule:
88 /r MOV r/m8,r8 2/2 Move byte register to r/m byte
89 /r MOV r/m16,r16 2/2 Move word register to r/m word
89 /r MOV r/m32,r32 2/2 Move dword register to r/m dword
How to interpret 8945fc to mov dword ptr [ebp-4],eax?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我们这里有一个三字节指令:89 45 fc。第一个字节是操作码字节。查表,我们可以看到这是一条 MOV 指令,并且需要一个 Mod R/M 字节。 Mod R/M 字节具有以下布局:
让我们看一下指令的第二个字节。 0x45 是二进制的 01.000.101。因此,Mod 为 01,Reg 为 000,R/M 为 101。
在参考文献中查找,例如 这里,我们可以看到Mod=01和R/M=101的组合对应的是[EBP+sbyte]操作数。 “sbyte”是一个 8 位有符号位移,编码在第三个字节:0xFC。由于位移是带符号的,因此必须将其解释为这样的数字,即-4。
指令旁边的“/r”注释告诉我们寄存器(第二个)操作数由指令的 Reg 字段指定。 Reg=000 是 al/ax/eax。假设默认情况下是 32 位模式,这意味着 eax。
组装以上所有内容,我们得到
We have here a three-byte instruction: 89 45 fc. The first byte is the opcode byte. Looking it up in the table, we can see that it's a MOV instruction and it takes a Mod R/M byte. The Mod R/M byte has the following layout:
Let's look at the second byte of the instruction. 0x45 is 01.000.101 in binary. Thus, Mod is 01, Reg is 000 and R/M is 101.
Looking up in the reference, e.g. here, we can see that the combination of Mod=01 and R/M=101 corresponds to the [EBP+sbyte] operand. The "sbyte" is an 8-bit signed displacement which is encoded in the third byte: 0xFC. Since the displacement is signed, it has to be interpreted as such number, i.e. -4.
The "/r" note next to the instruction tells us that the register (second) operand is specified by the Reg field of the instruction. Reg=000 is al/ax/eax. Assuming a 32-bit mode by default, this will mean eax.
Assembling all of the above, we get
89是操作码45对源和目标进行编码fc是偏移量 (-4)89is the opcode45encodes the source and destinationfcis the offset (-4)如果您想编写自己的反汇编程序,这里就是您所需要的。
如需快速摘要,请查看此处
If you want to write your own disassembler, here is what you need.
For a quick summary, look here
查找mov dword ptr [ebp-4],eax你有8位代码。你可以轻松得到它
这是程序
前六位是给定的,或者应该为 mov 命令记住,然后在 LSB 上添加目标位 (D),其中当目标中有寄存器时 d=1,或者当寄存器在源中时 d=0。这里是寄存器 eax位于源端,因此应添加 0,然后将称为字位(W 位)的最后一位添加到目标位之后的 LSB 端,其中
当有 16/32 位寄存器时,W 位= 1;当有 8 位寄存器时,W 位= 0,所以现在根据命令“mov dword ptr [ebp-4],eax”
d位=0且w位=1
现在你得到了 8 位操作码
那么你必须找出 MOD(R/M) 字段。
为此你必须找出三件事。
1) 模值
2)寄存器值
3)R/M值
这是格式
+-----+---------+---------+
|模组 |注册 | R/M |
+-----+---------+---------+
正如上面的答案中提到的
然后检查命令mov dword ptr [ebp-4],eax
根据-4有8位位移然后mod值=01
模组值:
00 表示无位移
01 表示 8 位位移
10 表示 16 位位移
11 为注册到注册转移
所以在这里
模=01
然后
对于 reg eax,值为 000
对于 (R/M),该值为 101
,因此 R/M 字段 8 位为
01000101
希望这个描述有帮助
look for mov dword ptr [ebp-4],eax you have 8 bits of code.you can get it easily
here is the procedure
first six bits are given or should be memorized for mov command and then add on LSB the destination bit(D) where d=1 when there is a register in the destination or d=0 when the register is in source.Here the register eax is in source side so should add 0 and then the last bit which is called word bit(W bit) is add in the LSB side after destination bit where
W bit= 1 when there is 16/32 bit register or 0 when there is 8 bit register so now according to the command "mov dword ptr [ebp-4],eax"
the d bit=0 and w bit =1
now you get the 8 bits of opcode
then you have to findout the MOD(R/M) field.
for this you have to find out the 3 things.
1) mod value
2) register value
3) R/M value
here is the format
+-----+---------+---------+
| Mod | Reg | R/M |
+-----+---------+---------+
as mentioned in above answer
then check in the command mov dword ptr [ebp-4],eax
there is 8 bit displacement according to -4 then mod value =01
MOD VALUES:
00 for no displacement
01 for 8 bit displacement
10 for 16 bit displacment
11 for register to register transfer
so here
mod=01
then
for reg eax the value is 000
and for (R/M) the value is 101
so the R/M field 8 bits are
01000101
hope this description will help