Checking Up Intel Assembly Opcodes Easily in Linux

Checking up Intel assembly opcodes easily in Linux

Disassemblers, like libdisasm and udis86 usually come with a lookup table for opcodes.

udis86 also comes with a command line tool (udcli), which you feed hex bytes and it gives you the decoded version.

Looking for program to show ASM instructions as binary ocodes

I always use as from binutils for that. E.g:

$ echo -e "MOV DWORD PTR [RSP+4], 0x12345678" | as -o /dev/null -64 -al -msyntax=intel -mnaked-reg
GAS LISTING             page 1

   1 0000 C7442404  MOV DWORD PTR [RSP+4],0x12345678
   1      78563412 

$ echo -e "push eax" | as -o /dev/null -32 -al -msyntax=intel -mnaked-reg
GAS LISTING             page 1

   1 0000 50        push eax

Intel x64 Opcodes

There's an explanation section right before the instruction list starts (the numbers may differ between different version):

3.1.1.1 Opcode Column in the Instruction Summary Table

...   

/digit — A digit between 0 and 7 indicates that the ModR/M byte of the
instruction uses only the r/m (register or memory) operand. The reg field
contains the digit that provides an extension to the instruction's opcode.

So these digits show a part of the opcode. If you check the example you gave, you'll see that the opcodes 80 \2 (ADC) and 80 \4 (AND) are completely valid, and represent different instructions.

Checking if an address is writable in x86 assembly

If you have kernel privileges you could probably find that info in the MMU.

But if you don't, you simply do not have access to it and must use OS facilities.

If you mean not calling an OS function, then it is possible at least on Windows by using Structured Exception Handling. It is still OS specific of course, because you need to access the Windows TIB at the FS segment.

Is there an `x86` instruction to tell which core the instruction is being run on?

The Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 3A: System Programming Guide, Part 1, section 8.4.5 Identifying Logical Processors in an MP System lists, among others:

This APIC ID is reported by CPUID.0BH:EDX[31:0]

Note that this doesn't directly equate to the linux kernel's numbering. In the kernel there is an x86_cpu_to_apicid table that you can read. Of course the kernel also knows what cpu the code is executing on, without having to consult the APIC:

 * smp_processor_id(): get the current CPU ID.
 *
 * if DEBUG_PREEMPT is enabled then we check whether it is
 * used in a preemption-safe way. (smp_processor_id() is safe
 * if it's used in a preemption-off critical section, or in
 * a thread that is bound to the current CPU.)

Decoding muli-length opcodes (SPU ISA)

I figured it out.
I read the maximum number of opcode bits (11) for all instructions, and ignore the bits that don't make sense (i.e the bits that wouldn't result in a possible opcode).


Related Topics

Kubernetes Can't Start Due to Too Many Open Files in System

How to Enable/Disable Kernel Kaslr, Smep and Smap

Using Xargs with Special Characters

How to Search for Invisible Control Characters

Gdb Backtrace by Walking Frame Pointers

Why Is Execution Time of a Process Shorter When Another Process Shares the Same Ht Core

Can Any One Say How to Install the Slack in Ubuntu14.04 and While Trying This Was the Error

Nginx Loadbalancer Too Many Open Files

Intellij Idea 2017.2 Can't Add Openjk 9 on Linux Mint 18

How to Install an Older Version of PHP Using Apt-Get

How to Set a Dynamic Variable in Haproxy

How to Get the Filename Along with Absolute Path to the File, Whenever a New File Is Created Using Inode in Linux

Redirecting Console Output to a File in Unix

How to Cross Compile R Packages for MACos from a Linux Environment

Does Linux Support Memory Isolation for Processes

Convert Multiple Sftp Command Lines to a Single Line Command Line

Collecting the Data for a Partiulcar Process from Pmu for Every 1 Milli Second

Git Clone from Linux to Tfs Git Repo


Leave a reply



Submit