发表新帖
发表新帖

x86_64 ASM - maximum bytes for an instruction?

前端 未结
关注
3 1798
清歌不尽
清歌不尽 2020-11-29 06:48

What is the maximum number of bytes a complete instruction would require in x64 asm code?

Something like a jump to address might occupy up to 9 bytes I suppose:

3条回答
  • Happy的楠姐
    Happy的楠姐 (楼主)
    2020-11-29 06:59

    Questions is, what’s the longest possible instruction in the x86 instruction set?

    Answer: you can form a valid x86 instruction with an infinite number of bytes!

    That’s right, you could fill up an entire 64K ROM image with a single valid instruction. To be more specific, there is no limit to the length of 8086 instructions. Cool! Unfortunately, modern day i386 variants throw a general protection fault when attempting to decode instructions longer than 15 bytes.

    So what does an infinitely-long-but-valid 8086 instruction look like? Kinda boring, actually. You could only form an infinitely long instruction by using redundant prefixes in front on the opcodes. Instruction prefixes are bytes pre-pended to the beginning of an instruction that can modify the default address size, data size, or segment registers used by an instruction.

    For example, you can take the innocuous looking instruction:

    89 E5              mov %sp,%bp

    And turn it into a really long instruction:

    66 66 66 66 … 66 66 89 E5                mov %sp,%bp

    Now that’s just evil.

    https://web.archive.org/web/20131109063453/https://www.onlinedisassembler.com/blog/?p=23

    Another long instruction without repeating prefixes

    In some cases it is possible to encode valid instructions that exceed the traditional 15-byte length limit. For example:

      ; 16-bit mode
  F2 F0 36 66 67 81 84 24 disp32 imm32 =  xaquire lock add [ss:esp*1+disp32],imm32
  F3 F0 36 66 67 81 84 24 disp32 imm32 = xrelease lock add [ss:esp*1+disp32],imm32

  ; 16-bit mode
  36 67 8F EA 78 12 84 24 disp32 imm32 = lwpins eax,[ss:esp*1+disp32],imm32
  36 67 8F EA 78 12 8C 24 disp32 imm32 = lwpval eax,[ss:esp*1+disp32],imm32
  36 67 8F EA 78 10 84 24 disp32 imm32 =  bextr eax,[ss:esp*1+disp32],imm32

  ; 64-bit mode
  64 67 8F EA F8 12 84 18 disp32 imm32 = lwpins rax,[fs:eax+ebx+disp32],imm32
  64 67 8F EA F8 12 8C 18 disp32 imm32 = lwpval rax,[fs:eax+ebx+disp32],imm32
  64 67 8F EA F8 10 84 18 disp32 imm32 =  bextr rax,[fs:eax+ebx+disp32],imm32

    http://www.sandpile.org/x86/opc_enc.htm

    0 讨论(0)
 看不清?
提交回复
热议问题