opcode

问题 IDM says the memory op uses SS segment if EBP is used as base register. As a result, [ebp + esi] and [esi + ebp] references SS and DS segments, respectively. See NASM's doc: 3.3 Effective Address. In the above same section, NASM mentioned how to generate shorter machine code by replacing [eax*2] with [eax+eax] . However, NASM also generates [ebp + ebp] for [ebp*2] (i.e. no base register). I suspect [ebp+ebp] references SS segment, and [ebp*2] references DS segment. I asked NASM this question.

问题 I am reading the ia-32 instruction format and found that ModR/M is one byte if required, but how to determine if it is required, someone says it is determined by Opcode , but how? I want to know the details, and is there some useful and authoritative documents which explain the details? 回答1: Intel's vol.2 manual has details on the encoding of operands for each form of each instruction. e.g. taking just the 8-bit operand size versions of the well-known add instruction, which has 2 reg,rm forms

问题 I'm trying to create an opcode to jump to an address. I looked in the manual and I see: B<c> <label> 31 30 29 28 | 27 26 25 24 | 23 ................. 0 cond 1 0 1 0 imm24 I don't understand what cond and imm24 are. How would I go about creating an opcode to branch to some address, for example branch to 0xbeffffbc ? 回答1: B is a relative branch of up to +/-32MB. The immediate encodes the signed offset of the target address from the current PC (i.e. this instruction + 8) - note that this offset

问题 In 32-bit mode Intel solves the VEX prefix vs LDS/LES conflict by inverting the high bits of register extension, because the mod field of ModRM byte can't be 11b The VEX prefix's initial-byte values, C4h and C5h, are the same as the opcodes of the LDS and LES instructions. These instructions are not supported in 64-bit mode. To resolve the ambiguity while in 32-bit mode, VEX's specification exploits the fact that a legal LDS or LES's ModRM byte can not be of the form 11xxxxxx (which would

问题 I have a program loaded in the memory. Now I want to access the memory directly and change the OPCODE and DATA in the memory for that program. For this I need to write a Java program. Can you please tell me if this is feasible? If yes, please let me know how to write such a program. Thanks in advance! 回答1: Java is not designed for this. The main aim of Java is to let the JVM manage the memory for you. Thus, your programs are sandboxed. However, there seems to be a backdoor in HotSpot JVM:

问题 I've got the 32bit opcode: FF 35 0E 20 40 00 . Does anybody know a good OpCode table that gives an answer to this? (I know I could use a disassembler, but I'd like to know, how to determine this with an opcode table). I found this webpage, but there are 7 different solutions for FF . I'm not getting it. 回答1: You're looking in the wrong place. You should looking this in Intel's or AMD's official documentation. Appendix A Opcode Map of Vol 2B of Intel® 64 and IA-32 Architectures Software

问题 I've got the 32bit opcode: FF 35 0E 20 40 00 . Does anybody know a good OpCode table that gives an answer to this? (I know I could use a disassembler, but I'd like to know, how to determine this with an opcode table). I found this webpage, but there are 7 different solutions for FF . I'm not getting it. 回答1: You're looking in the wrong place. You should looking this in Intel's or AMD's official documentation. Appendix A Opcode Map of Vol 2B of Intel® 64 and IA-32 Architectures Software

问题 77f4bcbc 8945fc mov dword ptr [ebp-4],eax And here's the rule: 88 /r MOV r/m8,r8 2/2 Move byte register to r/m byte 89 /r MOV r/m16,r16 2/2 Move word register to r/m word 89 /r MOV r/m32,r32 2/2 Move dword register to r/m dword How to interpret 8945fc to mov dword ptr [ebp-4],eax ? 回答1: We have here a three-byte instruction: 89 45 fc. The first byte is the opcode byte. Looking it up in the table, we can see that it's a MOV instruction and it takes a Mod R/M byte. The Mod R/M byte has the

问题 Imagine I am doing something like this: void *p = malloc (1000); *((char*)p) = some_opcode; *((char*)p+1) = another_opcode; // for the sake of the example: the opcodes are ok .... etc... How can I define a function pointer to call p as if it was a function? (i'm using VC++ 2008 express). Thanks 回答1: A comment wasn't enough space. Joe_Muc is correct. You should not stuff code into memory obtained by malloc or new . You will run into problems if you change the page properties of pages that

问题 I am trying to use either APC or XCache as an opcode to cache my php pages. I am using it with Zend and Doctrine and it's having a problem with the autoloader. If I try with APC, I get the following: Fatal error: spl_autoload() [<a href='function.spl-autoload'>function.spl-autoload</a>]: Class Doctrine_Event could not be loaded in C:\\[mydir]\\library\\doctrine\\Doctrine\\Record.php on line 777 If I try with XCache I get the following: PHP Fatal error: Cannot redeclare class Zend_Registry in