Assembly Language-Instruction format

I remember the question mentioned above, and I mentioned it in a few words. Why do I have to talk about it again?

Well, this is the case. When I read an assembly, I suspect that the above statement is wrong. Want to know if it is his assembly commandCodeContains "printing error ". I think if it is a printing error, it is very likely that his binary code is not correct with the instructions that I can understand. So how can I convert the binary code into an assembly script?

 

Statement: 00401046 51Push ECx;Make roomLocal

Q: How can I know 51 is push ECx?

Students study the details and sometimes share the same mental illness. They know that this is a zombie, alas. If the level is high, this should not be a question worth writing on the blog. :)

By searching, we know a concept called opcode. The opcode of push is 50. So 1 represents ECx? CheckIntel architecture software developer's Manual Volume 2: Instruction Set Reference. confirm this.

 

Extracting some information here is a road sign and a convenience for other friends who are studying and compiling.

The following content is excerpted and translated from Intel architecture software developer's Manual Volume 2: instruction set reference.

The instruction codes of all Intel architectures are a subset of the formats listed in the following table. Commands are composed of the following elements: prefix in any order, one or two bytes of opcode. The addressing mode indicates the part (including one byte consisting of modr/M (Register/memory mode, it sometimes includes a sib (scale-index-base) byte, an offset (optional), and an immediate number (optional ).

2.2 command prefix

Including lock prefix and repeated Prefix:

-F0H-LOCK prefix.
-F2H-REPNE/repnz prefix (used only with string instructions ctions ).

Segment overwrite Prefix:
-2eh-cs segment override prefix.
-36h-ss segment override prefix.
• Operand-size override, 66 h
• Address-size override, 67 h
2.3 opcode

2.4 modr/m and SIB bytes

In most commands involving the operands in the memory, there is a byte following the opcode, which is used to specify the addressing mode. Modr/M includes three parts:

Mode part: there are 32 possible values-8 registers plus 24 addressing modes

Reg/opcode: either specify the value of a register or specify the information of three additional BITs in opcode.

The R/M part can specify a register as the operand, or combine it with the MOD part to indicate an addressing mode.

The sib byte consists of three parts:

Scale part-specify the scale factor.

Index-number of the specified index register

Base-specify the Register number

And so on .....

 

After checking the table, we found that the opcode of push is 50, and the modr/m value of ECx is 1.