问题描述
我目前正在尝试编写反汇编程序。我发现以下操作码及其含义列表,因此我决定在运行时对其进行解析:
I'm currently trying to write a disassembler. I found the following list of opcodes and their meanings, so i decided to parse it at runtime:http://web.archive.org/web/20150810224114/http://mprolab.teipir.gr/vivlio80X86/pentium.txt
但是我在操作码0x00处停留:
,其后是reg / modbyte。解析它对我来说不是什么大问题。
But i am stuck at the opcode 0x00:It is followed by a reg/modbyte. Parsing it was not much of a problem for me.
但是我在Scale-Index-Base字节上遇到了麻烦:
实际上将esp指定为索引寄存器,实际上意味着没有索引寄存器。
But I'm having trouble with the Scale-Index-Base byte:
If you actually specify esp as index register, it actually means that there is no index register.
具有ebp的基址寄存器也是如此。但是我已经使用C ++内联汇编器进行了尝试:可以编译:
add [ebp * 2 + ebp],cl
The same applies for the base register with ebp. But I've tried it with C++ inline assembler: It is possible to compile:add [ebp*2+ebp],cl
那么当将ebp用作基址寄存器时,怎么能将ebp用作基址寄存器呢?
So how can ebp be used as base register when using ebp as base register actually means using no base register at all!?
推荐答案
缺少EBP情况仅在ModR / M.Mod字段具有二进制值00的情况下适用。如果需要EBP作为基础,则汇编器将Mod更改为01二进制文件,并添加值为零的8位位移:
The "missing EBP" case apply only in case ModR/M.Mod field has value 00 binary. If you need EBP as a base, the assembler changes the Mod to 01 binary and adds 8-bit displacement with value of zero:
004C6D00 add [ebp + ebp * 2 ],cl
004C6D00 add [ebp+ebp*2], cl
这篇关于x86操作码编码:sib字节的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!