All geek questions in one place

Easy way to get opcodes

I know how to get operation codes and the corresponding assembly syntax from an executable; however, is there an easy way to get the operation codes of a specific assembly instruction yourself without writing the program using the same one, and then manually linking and loading it and executing objdump in the executable?

Is there an easy way to find the appropriate opcodes for a particular command?

+4
source share
5 answers

You can use the gdb (GNU Debugger) x / bx command.

I made a tutorial here:

http://aimbots.net/tutorials/9276-how-get-op-codes.html Affairs>

http://aimbots.net/threads/9276-How-to-get-OP-codes

+4
source

I asked a similar question a while ago ( DOS, debugging a program for 32-bit x86 build ).

Someone was kind enough to provide me with an automated script to do this. You can follow the link to the question or refer to the script that they provided to me below ...

opcode() { echo $* > tmp.S && nasm tmp.S -o tmp.o && od -x tmp.o rm -f tmp.o tmp.S }

Hope this helps.

+4
source

X86 Opcode and the instruction manual contain a bunch of reference tables of instructions and their corresponding opcode on 32-bit and 64-bit x86 processors.

+3
source

For x86, you can simply view them in the Intel Manual ( Part 1 (AM) , Part 2 (NZ) ). And no, I don’t know why the manual is divided into 2 parts.

+3
source

I'm not sure why you need opcodes. But if for exploit development you probably already have metasploit, which comes with a really useful ruby ​​script called nasm_shell.rb (in the tools directory).

Each line you enter is displayed as a hexadecimal representation of the ascii correct operation codes.

If this is for some other purpose or you don’t want any heavyweight toolset like metasploit to freeze for any reason, you can just pull out the script and install its dependencies. It uses Rex and assumes nasm is installed.

If you want to adapt it, you only need a few lines in the shell.run function

0
source

Source: https://habr.com/ru/post/1336689/

More articles:


All Articles