While Intel Software Developer's Manual itself is definitely not very convenient to search through, the opcode tables in this manual could help. Take a look at the Appendix A "Opcode Map" in the volume 2A, 2B, 2C, and 2D of the manual, it might be useful:
There is also asmjit/asmdb project, which provides public domain X86/X64 database in a JSON-like format (it's a node module actually, just require() it from node or include in browser). It's designed for additional processing (for example to write validators, assemblers, disassemblers), but it's also very easy to just open the database file and explore it.
AsmDB comes with a tool called x86util.js, which can index the x86 database into much more friendly representation that can be used to actually do something with it. Let's write a simple tool in node.js that prints all instructions that have the same opcode byte as you provide:
const asmdb = require("asmdb");
const x86isa = new asmdb.x86.ISA();
function printByOpCode(opcode) {
x86isa.instructions.forEach(function(inst) {
if (inst.opcodeHex === opcode) {
const ops = inst.operands.map(function(op) { return op.data; });
console.log(`INSTRUCTION '${inst.name} ${ops.join(", ")}' -> '${inst.opcodeString}'`);
}
});
}
if (process.argv.length < 3)
console.log("USAGE: node x86search.js XX (opcode)")
else
printByOpCode(process.argv[2]);
Additionally, there are command line tools that can be used for quick and dirty disassembling, but these require the whole instruction (in contrast of having just the opcode byte), here are some tips:
There is also an AsmGrid project from the same author as AsmDB. It a work-in-progress online AsmDB explorer that uses colors to visualize various properties of each instruction.
Sandpile is probably what you're looking for. Still, the best way to look at the x86 encoding is not in hex but rather in octal. Suddenly x86 doesn't look so ugly and it makes some sense.
The classic explanation of this was available at Usenet alt.lang.asm circa 1992, however, today is available in github
Another way, using a debugger (gdb, windbg, ollydbg, ...) or disassembler (IDA), and then, set byte sequences in writable memory region. Finally, disassembly at the starting address of that byte sequences.
It's seam complicated, but useful in some situations when you cracking/reversing.
发布评论
评论(7)
检查x86asm.net 上这个非常完整的 x86 操作码表。
只需
CTRL+F即可完成!请务必阅读正确的行,因为例如C8可能会出现在多个位置。Check this very complete table of x86 opcodes on x86asm.net.
Just
CTRL+Fand you're done! Be sure to read the correct line tho, asC8for example may appear in several locations.这是一个非常漂亮的视觉效果。不涉及太多细节,但如果您只需要快速查找十六进制值,这应该可以做到 -
来源:http://pnx.tf/files/x86_opcode_struct_and_instruction_overview.pdf
Here is a pretty nice visual. Doesn't go into much detail, but if you just need to look up a hex value really quick, this should do it-
Source: http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf
虽然英特尔软件开发人员手册本身搜索起来肯定不是很方便,但本手册中的操作码表可能会有所帮助。请查看 手册第 2A、2B、2C 和 2D 卷,可能有用:
While Intel Software Developer's Manual itself is definitely not very convenient to search through, the opcode tables in this manual could help. Take a look at the Appendix A "Opcode Map" in the volume 2A, 2B, 2C, and 2D of the manual, it might be useful:
还有 asmjit/asmdb 项目,它提供公共域X86/X64 数据库 采用类似 JSON 的格式(它实际上是一个节点模块,只需 require() 它来自节点或包含在浏览器中)。它是为附加处理而设计的(例如编写验证器、汇编器、反汇编器),但打开数据库文件并探索它也非常容易。
AsmDB 附带了一个名为 x86util.js 的工具,它可以将 x86 数据库索引为更友好的表示形式,可用于实际执行某些操作。让我们在 node.js 中编写一个简单的工具,打印与您提供的操作码字节相同的所有指令:
尝试一下:
此外,还有一些命令行工具可用于快速而肮脏的反汇编,但这些工具需要整个指令(与只有操作码字节相比),这里有一些提示:
使用 LLVM 中的 llvm-mc项目:
使用 ndisasm来自 nasm 项目:
还有一个 AsmGrid 项目与 AsmDB 属于同一作者。它是一个正在开发的在线 AsmDB 浏览器,它使用颜色来可视化每条指令的各种属性。
There is also asmjit/asmdb project, which provides public domain X86/X64 database in a JSON-like format (it's a node module actually, just require() it from node or include in browser). It's designed for additional processing (for example to write validators, assemblers, disassemblers), but it's also very easy to just open the database file and explore it.
AsmDB comes with a tool called x86util.js, which can index the x86 database into much more friendly representation that can be used to actually do something with it. Let's write a simple tool in node.js that prints all instructions that have the same opcode byte as you provide:
Try it:
Additionally, there are command line tools that can be used for quick and dirty disassembling, but these require the whole instruction (in contrast of having just the opcode byte), here are some tips:
Using llvm-mc from LLVM project:
Using ndisasm from nasm project:
There is also an AsmGrid project from the same author as AsmDB. It a work-in-progress online AsmDB explorer that uses colors to visualize various properties of each instruction.
查找操作码的快速参考是sandpile。我需要点击两次才能找出 0xc8 的作用(顺便说一句,它是
enter)。A fast reference for looking up opcodes is sandpile. I need two clicks to find out what 0xc8 does (it's
enter, btw).Sandpile 可能就是您正在寻找的。不过,查看 x86 编码的最佳方式不是十六进制,而是八进制。突然之间,x86 看起来不再那么丑陋,而且也有意义了。
对此的经典解释可在大约 1992 年的 Usenet alt.lang.asm 中找到,但是,今天可以在 github 中找到
Sandpile is probably what you're looking for. Still, the best way to look at the x86 encoding is not in hex but rather in octal. Suddenly x86 doesn't look so ugly and it makes some sense.
The classic explanation of this was available at Usenet alt.lang.asm circa 1992, however, today is available in github
另一种方法是,使用调试器(gdb、windbg、ollydbg...)或反汇编器(IDA),然后在可写内存区域中设置字节序列。最后,在该字节序列的起始地址处反汇编。
它的接缝很复杂,但在某些情况下当你破解/反转时很有用。
Another way, using a debugger (gdb, windbg, ollydbg, ...) or disassembler (IDA), and then, set byte sequences in writable memory region. Finally, disassembly at the starting address of that byte sequences.
It's seam complicated, but useful in some situations when you cracking/reversing.