machine-code

问题 0x042444FF; /* inc dword ptr [esp+4] */ I need this tool to know which part means inc , dword or vice versa. 回答1: You can use the objdump tool to 'decompile' an executable binary back to assembly code, though because of possible optimisations, the resulting assembly code may not be the same as the original assembly (but they should be similar in essence). 回答2: command line tool that takes that hex number and disassembles it for you. I have not heard of a tool. You could take that number make

问题 Suppose these two are essensially the same: push 1 and 0x1231 Which says each assembly instruction maps to a machine code. But is it necessary that each machine code can only map to one assembly code? 回答1: MIPS assembly language has several "pseudoinstructions". For example, "move" is internally just an "add" with an implicit $0 operand. 回答2: You could perfectly well define an assembler program that supports "synonyms" for instructions: no harm is done if you let the user code FOO meaning

问题 Suppose these two are essensially the same: push 1 and 0x1231 Which says each assembly instruction maps to a machine code. But is it necessary that each machine code can only map to one assembly code? 回答1: MIPS assembly language has several "pseudoinstructions". For example, "move" is internally just an "add" with an implicit $0 operand. 回答2: You could perfectly well define an assembler program that supports "synonyms" for instructions: no harm is done if you let the user code FOO meaning

问题 Closed . This question needs details or clarity. It is not currently accepting answers. Want to improve this question? Add details and clarify the problem by editing this post. Closed 4 years ago . These instructions are on page 558 of the intel manual. I get the general idea but I'm stuck on the exact encdoding of these instructions. Here is what I understand, please correct me if I'm wrong. This is all in 64-bit mode. Opcode - Instruction: A6 - compare byte at address RSI with byte at

问题 I am doing a practice question from Question 7 Shouldn't the address I highlighted be x3307, not x3308? The way I reasoned this out was that (PC before 2nd instruction) = (PC after 1st instruction). The PC after 1st instruction is x3301. Therefore when the second instruction executes, the PC, x3301 will be incremented by 6 to x3307. Does everyone agree? Or did I miss something and R3 should actually store x3308? 回答1: PC-relative offsets are applied on top of the already incremented PC, that

问题 I am doing a practice question from Question 7 Shouldn't the address I highlighted be x3307, not x3308? The way I reasoned this out was that (PC before 2nd instruction) = (PC after 1st instruction). The PC after 1st instruction is x3301. Therefore when the second instruction executes, the PC, x3301 will be incremented by 6 to x3307. Does everyone agree? Or did I miss something and R3 should actually store x3308? 回答1: PC-relative offsets are applied on top of the already incremented PC, that

问题 I am reading the ia-32 instruction format and found that ModR/M is one byte if required, but how to determine if it is required, someone says it is determined by Opcode , but how? I want to know the details, and is there some useful and authoritative documents which explain the details? 回答1: Intel's vol.2 manual has details on the encoding of operands for each form of each instruction. e.g. taking just the 8-bit operand size versions of the well-known add instruction, which has 2 reg,rm forms

问题 I'm trying to write a decoder stub and I'm running into a restriction on 0xFF as a bad character. I'm using the jmp-call-pop method to get the address of my encoded shellcode into a register. Here's the relevant snippet: 401012: e8 eb ff ff ff call 0x401002 It seems like call will always use 0xFF in its bytes. Is there another instruction that, when executed, will push rip onto the stack and jump to another section of code? I've tried just pushing the address onto the stack manually, but that

问题 I wanted to create a small program in Assembly language, that delays for several seconds. I am using Windows XP SP3, and opened a DOS window, and ran debug.exe I entered there this short Assembly program: MOV CX,3D MOV DX,0900 MOV AH,86 INT 15 Function 86h in Interrupt 15h, performs a delay, and the Duration for the delay is in CX,DX, in MicroSeconds. So If for example I want to delay for 4 seconds, then it's 4,000,000microseconds = 3D0900h, and that's what I put in CX,DX. Running this short

问题 The question might seem odd, but I am still trying to grasp the concepts of virtual machines. I have read several answers, but I still don't get if Java bytecode (and MSIL as well) is the same as assembly language. As far as I understand both bytecode and assembly gets compiled to machine code, so speaking in terms of abstraction they are at the same level, i.e. one step above machine code. So is bytecode just an assembly language, i.e. a human readable form of machine code. If yes, then why