How to interpret the opcode manually?

Question

77f4bcbc 8945fc          mov     dword ptr [ebp-4],eax

And here\'s the rule:

88  /r   MOV r/m8,r8       2/2           Move byte reg         


        

Answer 1

look for mov dword ptr [ebp-4],eax you have 8 bits of code.you can get it easily here is the procedure first six bits are given or should be memorized for mov command and then add on LSB the destination bit(D) where d=1 when there is a register in the destination or d=0 when the register is in source.Here the register eax is in source side so should add 0 and then the last bit which is called word bit(W bit) is add in the LSB side after destination bit where W bit= 1 when there is 16/32 bit register or 0 when there is 8 bit register so now according to the command "mov dword ptr [ebp-4],eax"
the d bit=0 and w bit =1 now you get the 8 bits of opcode then you have to findout the MOD(R/M) field. for this you have to find out the 3 things. 1) mod value 2) register value 3) R/M value here is the format +-----+---------+---------+ | Mod | Reg | R/M | +-----+---------+---------+ as mentioned in above answer then check in the command mov dword ptr [ebp-4],eax there is 8 bit displacement according to -4 then mod value =01 MOD VALUES: 00 for no displacement 01 for 8 bit displacement 10 for 16 bit displacment 11 for register to register transfer

so here mod=01 then for reg eax the value is 000 and for (R/M) the value is 101

so the R/M field 8 bits are

01000101 hope this description will help