blog 文章

2013年9月26日 星期四

x86 machine code 初探 (6) - displacement-only

mod reg r/m 當 r/m 是 101 時, 也是例外。這表示 displacement only。

ex1:
address_mode.S
 1 # practice x86 machine code
 2 #.code16
 3 .code32
 4 .text
 5 .global begin
 6 begin:
 7   mov val, %esi
 8
 9 val:
10 .int

這個竟然這麼麻煩, 要出動 readelf

readelf -a   address_mode.elf 
Symbol table '.symtab' contains 14 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 00000100     0 SECTION LOCAL  DEFAULT    1 
     2: 00000000     0 SECTION LOCAL  DEFAULT    2 
     3: 00000000     0 SECTION LOCAL  DEFAULT    3 
     4: 00000000     0 SECTION LOCAL  DEFAULT    4 
     5: 00000000     0 SECTION LOCAL  DEFAULT    5 
     6: 00000000     0 FILE    LOCAL  DEFAULT  ABS address_mode.o
     7: 00000106     0 NOTYPE  LOCAL  DEFAULT    1 val
     8: 00000000     0 FILE    LOCAL  DEFAULT  ABS 
     9: 00000106     0 NOTYPE  GLOBAL DEFAULT    1 _text_end
    10: 00000100     0 NOTYPE  GLOBAL DEFAULT    1 begin
    11: 00000106     0 NOTYPE  GLOBAL DEFAULT    1 _data_end
    12: 00000100     0 NOTYPE  GLOBAL DEFAULT    1 _text
    13: 00000106     0 NOTYPE  GLOBAL DEFAULT    1 _data

L7 : val 的位址 0x106
objdump -d address_mode.elf
8b 35 06 01 00 00     mov    0x106,%esi

mod reg r/m 35 => 00 110 101
mod, r/m 查表 DS:Disp32
reg 110 => %esi
disp32 => 06 01 00 00 => 00 00 01 06
b8 自己查。

ex2:

address_mode.S
 1 # practice x86 machine code
 2 #.code16
 3 .code32
 4 .text
 5 .global begin
 6 begin:
 7   movb $0x12, val
 8
 9 val:
10 .byte

gcc -m32  -g -Wall -Wextra -Werror -nostdlib -fno-builtin -nostartfiles -nodefaultlibs -fno-exceptions -fno-rtti -fno-stack-protector -c address_mode.S
ld -m elf_i386 -static -Tas.ld -nostdlib --nmagic -o address_mode.elf address_mode.o

objdump
c6 05 07 01 00 00 12  movb   $0x12,0x107


readelf -a   address_mode.elf 

Symbol table '.symtab' contains 14 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 00000100     0 SECTION LOCAL  DEFAULT    1 
     2: 00000000     0 SECTION LOCAL  DEFAULT    2 
     3: 00000000     0 SECTION LOCAL  DEFAULT    3 
     4: 00000000     0 SECTION LOCAL  DEFAULT    4 
     5: 00000000     0 SECTION LOCAL  DEFAULT    5 
     6: 00000000     0 FILE    LOCAL  DEFAULT  ABS address_mode.o
     7: 00000107     0 NOTYPE  LOCAL  DEFAULT    1 val
     8: 00000000     0 FILE    LOCAL  DEFAULT  ABS 
     9: 00000107     0 NOTYPE  GLOBAL DEFAULT    1 _text_end
    10: 00000100     0 NOTYPE  GLOBAL DEFAULT    1 begin
    11: 00000107     0 NOTYPE  GLOBAL DEFAULT    1 _data_end
    12: 00000100     0 NOTYPE  GLOBAL DEFAULT    1 _text
    13: 00000107     0 NOTYPE  GLOBAL DEFAULT    1 _data
L7 : val 的位址 0x107

mod reg r/m 05 => 00 000 101
r/m 101

100:    c6 05 07 01 00 00 12     movb   $0x12,0x107
c6 查表 One-Byte Opcode Map Eb, Ib

ref:Intel_64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 3A, 3B and 3C
page Vol. 2C B-16

mov 指令格式
immediate to memory 1100 011w : mod 000 r/m : immediate data

應該是 Ib

I
Immediate data. The value of the operand is encoded in subsequent bytes of the instruction.

b
Byte (regardless of operand size attribute)

07 01 00 00 : displacement
12 : immediate

沒有留言:

張貼留言

使用 google 的 reCAPTCHA 驗證碼, 總算可以輕鬆留言了。

我實在受不了 spam 了, 又不想讓大家的眼睛花掉, 只好放棄匿名留言。這是沒辦法中的辦法了。留言的朋友需要有 google 帳號。