All geek questions in one place

How can I convert Intel 80386 machine code to assembly language?

I was given the following task:

Consider the following sequence of hexadecimal values:

55 89 E5 83 EC 08 83 E4 F0 31 C9 BA 01 00 00 00 B8 0D 00 00 00 01 D1 01 CA 48 79 F9 31 C0 C9 C3

This byte sequence is an Intel 80386 machine language routine in 32-bit mode.

  • When instructions in this routine are executed, they leave values ​​in the% ecx and% edx registers. What are the meanings?

  • What is a C program that performs the calculations performed by this routine, then prints the values ​​computed by this program% ecx and% edx, as they appear at the end of the routine.

Since I do not have instruction set 80386, I must first convert these bytes of the operation code to their mnemonic equivalents at the assembly level. So, is there an online link somewhere, a table displaying hexadecimal values ​​in an instruction, or the like? I checked the Intel website but did not find anything. Or is there a better way to decrypt this ...?

+3
source share
6 answers

( ), - , Intel 80386. 17. / , StackOverflow , .

+10

, , . NDISASM NASM. :

ndisasm -b 32 file        # -b 32 specifies you're running in 32 bit mode
+1

, , . . , C. , x86. - SPARC MIPS ( ).

0

, , , , :

  • Debug
  • "e"
  • "u"

, , , , .

0
source

Use objdump -d if you are using Unix.

0
source 
// hex.c
1   #include <sys/mman.h>
2   #include <string.h>
3   
4   int main () {
5     char code[] = {0xB8, 0x3C, 0x0, 0x0, 0x0, 0xBF, 0x2, 0x0, 0x0, 0x0, 0xBA, 0x7D, 0x0, 0x0, 0x0, 0xC3};
6     void *buf;
7     buf = mmap (0,sizeof(code),PROT_READ|PROT_WRITE|PROT_EXEC,MAP_PRIVATE|MAP_ANON,-1,0);
8     memcpy (buf, code, sizeof(code));
9     return 0;
10  }
// gcc -g hex.c -o hex

gdb hex,
b 9,
g;
x / 10i buf

mov $0x3c,%eax
mov $0x2,%edi
mov $0x7d,%edx
ret
-1
source

Source: https://habr.com/ru/post/1730788/

More articles:


All Articles