call dword ptr [00DF81D4h]
descent@w-linux:x86_machine_code$ rasm2 "call dword ptr [00DF81D4h]" ff15d481df00 descent@w-linux:x86_machine_code$ man rasm2 descent@w-linux:x86_machine_code$ rasm2 -s att "call (0x00DF81D4)" e8cf81df00 descent@w-linux:x86_machine_code$ rasm2 -d "FF 15 D4 81 DF 00" call dword [0xdf81d4]
att syntax:
ff 15 d4 81 df 00 call *0xdf81d4
ModRM: 15
mod: 00
reg: 010
r/m: 101
mod: 00
r/m: 101
-> disp32
ff 查 opcode map 得到 group5 (Grp5), 再根據 reg: 010 查 opcode extensions group 表得到 call (Ev)
| E | A modR/M byte follows the opcode and specifies the operand. The operand is either a general register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, a displacement. |
| v | Word or double word, depending on operand size attribute. |
One-Byte Opcode Map
0 1 2 3 4 5 6 7 8 9 A B C D E F +-----------------------------------------------------------+--------+--------+-----------------------------------------------------------+--------+--------+ | ADD | PUSH | POP | OR | PUSH | 2-byte | 0|---------+---------+---------+---------+---------+---------+ | +---------+---------+---------+---------+---------+---------+ | | | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | ES | ES | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | CS | escape | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | ADC | PUSH | POP | SBB | PUSH | POP | 1|---------+---------+---------+---------+---------+---------+ | +---------+---------+---------+---------+---------+---------+ | | | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | SS | SS | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | DS | DS | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | AND | SEG | | SUB | SEG | | 2|---------+---------+---------+---------+---------+---------+ | DAA +---------+---------+---------+---------+---------+---------+ | DAS | | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | =ES | | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | =CS | | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | XOR | SEG | | CMP | SEG | | 3|---------+---------+---------+---------+---------+---------+ | AAA +---------+---------+---------+---------+---------+---------+ | AAS | | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | =SS | | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | AL,Ib | eAX,Iv | =CS | | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | INC general register | DEC general register | 4|---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | eAX | eCX | eDX | eBX | eSP | eBP | eSI | eDI | eAX | eCX | eDX | eBX | eSP | eBP | eSI | eDI | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | PUSH general register | POP into general register | 5|---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | eAX | eCX | eDX | eBX | eSP | eBP | eSI | eDI | eAX | eCX | eDX | eBX | eSP | eBP | eSI | eDI | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | | | BOUND | ARPL | SEG | SEG | Operand| Address| PUSH | IMUL | PUSH | IMUL | INSB | INSW/D | OUTSB |OUTSW/D | 6| PUSHA | POPA | | | | | | | | | | | | | | | | | | Gv,Ma | Ew,Rw | =FS | =GS | Size | Size | Ib | GvEvIv | Ib | GvEvIv | Yb,DX | Yb,DX | Dx,Xb | DX,Xv | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | Short displacement jump of condition (Jb) | Short-displacement jump on condition(Jb) | 7|---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | JO | JNO | JB | JNB | JZ | JNZ | JBE | JNBE | JS | JNS | JP | JNP | JL | JNL | JLE | JNLE | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | Immediate Grpl | | Grpl | TEST | XCHG | MOV | MOV | LEA | MOV | POP | 8|---------+---------+ | +---------+---------+--------+--------+---------+---------+---------+---------+ | | | | | Eb,Ib | Ev,Iv | | Ev,Iv | Eb,Gb | Ev,Gv | Eb,Gb | Ev,Gv | Eb,Gb | Ev,Gv | Gb,Eb | Gv,Ev | Ew,Sw | Gv,M | Sw,Ew | Ev | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | | XCHG word or double-word register with eAX | | | CALL | | PUSHF | POPF | | | 9| NOP +---------+---------+---------+---------+---------+--------+--------+ CBW | CWD | | WAIT | | | SAHF | LAHF | | | eCX | eDX | eBX | eSP | eBP | eSI | eDI | | | Ap | | Fv | Fv | | | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | MOV | MOVSB | MOVSW/D | CMPSB |CMPSW/D | TEST | STOSB | STOSW/D | LODSB | LODSW/D | SCASB |SCASW/D | A|---------+---------+---------+---------+ | | | +---------+---------+ | | | | | | | AL,Ob | eAX,Ov | Ob,AL | Ov,eAX | Xb,Yb | Xv,Yv | Xb,Yb | Xv,Yv | AL,Ib | eAX,Iv | Yb,AL | Yv,eAX | AL,Xb | eAX,Xv | AL,Xb |eAX,Xv | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | MOV immediate byte into byte register | MOV immediate word or double into word or double register | B|---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | AL | CL | DL | BL | AH | CH | DH | BH | eAX | eCX | eDX | eBX | eSP | eBP | eSI | eDI | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | Shift Grp2 | RET near | LES | LDS | MOV | ENTER | | RET far | INT | INT | | | C|---------+---------+---------+---------+ | +--------+--------+ | LEAVE +---------+---------+ | | INTO | IRET | | Eb,Ib | Ev,Iv | Iw | | Gv,Mp | Gv,Mp | Eb,Ib | Ev,Iv | Iw,Ib | | Iw | | 3 | Ib | | | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | Shift Grp2 | | | | | | D|---------+---------+---------+---------+ AAM | AAD | | XLAT | ESC(Escape to coprocessor instruction set) | | Eb,1 | Ev,1 | Eb,CL | Ev,CL | | | | | | +---------+---------+---------+---------+---------+---------+--------+--------+---------+-----------------------------+-------------------+-----------------+ | LOOPNE | LOOPE | LOOP | JCXZ | IN | OUT | CALL | JNP | IN | OUT | E| | | | +---------+---------+--------+--------+ +---------+---------+---------+---------+---------+--------+--------+ | Jb | Jb | Jb | Jb | AL,Ib | eAX,Ib | Ib,AL | Ib,eAX | Av | Jv | Ap | Jb | AL,DX | eAX,DX | DX,AL | DX,eAX | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+ | | | | REP | | | Unary Grp3 | | | | | | |INC/DEC |Indirct | F| LOCK | | REPNE | | HLT | CMC +--------+--------+ CLC | STC | CLI | STI | CLD | STD | | | | | | | REPE | | | Eb | Ev | | | | | | | Grp4 | Grp5 | +---------+---------+---------+---------+---------+---------+--------+--------+---------+---------+---------+---------+---------+---------+--------+--------+
Opcodes determined by bits 5,4,3 of modR/M byte (opcode extensions group)
G +-------+-------+-------+
r | mod | nnn | R/M |
o +-------+-------+-------+
u
p 000 001 010 011 100 101 110 111
+-------+-------+-------+-------+-------+-------+-------+-------+
1| ADD | OR | ADC | SBB | AND | SUB | XOR | CMP |
| | | | | | | | |
+-------+-------+-------+-------+-------+-------+-------+-------+
2| ROL | ROR | RCL | RCR | SHL | SHR | | SAR |
| | | | | | | | |
+-------+-------+-------+-------+-------+-------+-------+-------+
3| TEST | | NOT | NEG | MUL | IMUL | DIV | IDIV |
| Ib/Iv | | | |AL/eAX |AL/eAX |AL/eAX |AL/eAX |
+-------+-------+-------+-------+-------+-------+-------+-------+
4| INC | DEC | | | | | | |
| Eb | Eb | | | | | | |
+-------+-------+-------+-------+-------+-------+-------+-------+
5| INC | DEC | CALL | CALL | JMP | JMP | PUSH | |
| Ev | Ev | Ev | eP | Ev | Ep | Ev | |
+-------+-------+-------+-------+-------+-------+-------+-------+
沒有留言:
張貼留言
使用 google 的 reCAPTCHA 驗證碼, 總算可以輕鬆留言了。
我實在受不了 spam 了, 又不想讓大家的眼睛花掉, 只好放棄匿名留言。這是沒辦法中的辦法了。留言的朋友需要有 google 帳號。