-
-
[分享]IA-32指令解析
-
发表于: 2019-8-2 17:27
-
指令格式
【指令前缀】【操作码】【ModR/M】【SIB】【位移】【立即数】
【Prefixes】【Opcode】【ModR/M】【SIB】【Displacement】【Immediate】
ModR/M 辅助说明操作码的操作数,可选。7-6 Mod 5-3 Reg/Opcode 2-0 R/M
SIB 辅助说明ModR/M,可选。7-6 scale 5-3 index 2-0 Base
指令表
Codes for Addressing Method
寻址方法代码:
The following abbreviations are used to document addressing methods:
记录寻址方法:
A Direct address: the instruction has no ModR/M byte; the address of the operand is encoded in the instruc-tion. No base register, index register, or scaling factor can be applied (for example, far JMP (EA)).
A 直接寻址:指令没有ModR/M字节,操作数的地址被编码在指令中。不能应用基寄存器,索引寄存器,缩放因子(例如,JMP(EA))
B The VEX.vvvv field of the VEX prefix selects a general purpose register.
B VEX.vvvv字段的VEX前缀选择通用寄存器。
C The reg field of the ModR/M byte selects a control register (for example, MOV (0F20, 0F22)).
C ModR/M字节的reg字段选择一个控制寄存器(例如,MOV(0F20,0F22))
D The reg field of the ModR/M byte selects a debug register (for example, MOV (0F21,0F23)).
D ModR/M字节的reg字段选择一个调试寄存器(例如,MOV(0F21,0F23))
E A ModR/M byte follows the opcode and specifies the operand. The operand is either a general-purpose register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, a displacement.
E ModR/M字节遵循操作码并指定操作数。操作数是通用寄存器或者内存地址。如果是内存地址,则从段寄存器和下列值之一计算该地址:基寄存器、索引寄存器、比例因子和位移。
F EFLAGS/RFLAGS Register.
F EFLAGS/RFLAGS 寄存器
G The reg field of the ModR/M byte selects a general register (for example, AX (000)).
G ModR/M字节的reg字段选择一个通用寄存器(例如AX(000))。
H The VEX.vvvv field of the VEX prefix selects a 128-bit XMM register or a 256-bit YMM register, determined by operand type. For legacy SSE encodings this operand does not exist, changing the instruction to destructive form.
H VEX.vvvv的VEX前缀选择一个128位XMM或者256位YMM寄存器,由操作数类型决定。对于遗留的SSE编码这个操作数不存在了,改变指令位破坏性形式。
I Immediate data: the operand value is encoded in subsequent bytes of the instruction.
I 立即数:操作值以指令的后续字节编码。
J The instruction contains a relative offset to be added to the instruction pointer register (for example, JMP (0E9), LOOP).
J 该指令包含要添加到指令指针寄存器的相对偏移量(例如,JMP (0E9), LOOP)。
L The upper 4 bits of the 8-bit immediate selects a 128-bit XMM register or a 256-bit YMM register, deter-mined by operand type. (the MSB is ignored in 32-bit mode)
L 8位立即寄存器的高4位选择128位XMM寄存器或256位YMM寄存器,由操作数类型决定。(32位模式忽略MSB)
M The ModR/M byte may refer only to memory (for example, BOUND, LES, LDS, LSS, LFS, LGS, CMPXCHG8B).
M ModR/M字节只能引用内存(例如,BOUND、LES、LDS、LSS、LFS、LGS、CMPXCHG8B)。
N The R/M field of the ModR/M byte selects a packed-quadword, MMX technology register.
N ModR/M字节的R/M字段选择一个压缩四字MMX技术寄存器。
O The instruction has no ModR/M byte. The offset of the operand is coded as a word or double word (depending on address size attribute) in the instruction. No base register, index register, or scaling factor can be applied (for example, MOV (A0–A3)).
O 指令没有ModR/M字节。操作数的偏移量在指令中编码为单字或双字(取决于地址大小属性)。不能应用基寄存器、索引寄存器或比例因子(例如MOV (A0-A3))。
P The reg field of the ModR/M byte selects a packed quadword MMX technology register.
P ModR/M字节的reg字段选择一个压缩的四字MMX技术寄存器。
Q A ModR/M byte follows the opcode and specifies the operand. The operand is either an MMX technology register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, and a displacement.
Q ModR/M字节遵循操作码并指定操作数。操作数要么是MMX技术寄存器,要么是内存地址。如果是内存地址,则从段寄存器和下列值之一计算地址:基寄存器、索引寄存器、比例因子和位移。
R The R/M field of the ModR/M byte may refer only to a general register (for example, MOV (0F20-0F23)).
R ModR/M字节的R/M字段只能引用一般寄存器(例如,MOV (0F20-0F23))。
S The reg field of the ModR/M byte selects a segment register (for example, MOV (8C,8E)).
S ModR/M字节的reg字段选择一个段寄存器(例如,MOV (8C,8E))。
U The R/M field of the ModR/M byte selects a 128-bit XMM register or a 256-bit YMM register, determined by operand type.
U ModR/M字节的R/M字段选择128位XMM寄存器或256位YMM寄存器,由操作数类型决定。
V The reg field of the ModR/M byte selects a 128-bit XMM register or a 256-bit YMM register, determined by operand type.
V ModR/M字节的reg字段选择128位XMM寄存器或256位YMM寄存器,由操作数类型决定。
W A ModR/M byte follows the opcode and specifies the operand. The operand is either a 128-bit XMM register, a 256-bit YMM register (determined by operand type), or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, and a displacement.
W ModR/M字节遵循操作码并指定操作数。操作数可以是128位XMM寄存器、256位YMM寄存器(由操作数类型决定),也可以是内存地址。如果是内存地址,则从段寄存器和下列值之一计算地址:基寄存器、索引寄存器、比例因子和位移。
X Memory addressed by the DS:rSI register pair (for example, MOVS, CMPS, OUTS, or LODS).
X 由DS:rSI寄存器对寻址的内存(例如,MOVS、CMPS、out或LODS)。
Y Memory addressed by the ES:rDI register pair (for example, MOVS, CMPS, INS, STOS, or SCAS).
Y 由ES:rDI寄存器对(例如,MOVS、CMPS、INS、STOS或SCAS)寻址的内存。
Codes for Operand Type
操作类型代码
The following abbreviations are used to document operand types:
记录操作数类型
a Two one-word operands in memory or two double-word operands in memory, depending on operand-size attribute (used only by the BOUND instruction).
a 内存中的两个单字操作数或两个双字操作数,取决于操作数大小属性(仅由绑定指令使用)。
b Byte, regardless of operand-size attribute.
b 字节,与操作数大小属性无关。
c Byte or word, depending on operand-size attribute.
c 字节或字,取决于操作数大小属性。
d Doubleword, regardless of operand-size attribute.
d 双字,不论操作数大小属性。
dq Double-quadword, regardless of operand-size attribute.
dq 双四字,无论操作数大小属性。
p 32-bit, 48-bit, or 80-bit pointer, depending on operand-size attribute.
p 32位、48位或80位指针,取决于操作数大小属性。
pd 128-bit or 256-bit packed double-precision floating-point data.
pd 128位或256位压缩的双精度浮点数据。
pi Quadword MMX technology register (for example: mm0).
pi 四字MMX技术寄存器(例如:mm0)。
ps 128-bit or 256-bit packed single-precision floating-point data.
ps 128位或256位封装的单精度浮点数据。
q Quadword, regardless of operand-size attribute.
q 四字,无论操作数大小属性。
qq Quad-Quadword (256-bits), regardless of operand-size attribute.
qq 四四字(256位),与操作数大小属性无关。
s 6-byte or 10-byte pseudo-descriptor.
s 6字节或10字节伪描述符。
sd Scalar element of a 128-bit double-precision floating data.
sd 一个128位双精度浮点数据的标量元素。
ss Scalar element of a 128-bit single-precision floating data.
ss 一个128位单精度浮点数据的标量元素。
si Doubleword integer register (for example: eax).
si 双字整数寄存器(例如:eax)。
v Word, doubleword or quadword (in 64-bit mode), depending on operand-size attribute.
v Word、doubleword或quadword(在64位模式下),这取决于操作数大小属性。
w Word, regardless of operand-size attribute.
w 字,与操作数大小属性无关。
x dq or qq based on the operand-size attribute.
x 基于操作数大小属性的dq或qq。
y Doubleword or quadword (in 64-bit mode), depending on operand-size attribute.
y 双字或四字(在64位模式下),取决于操作数大小属性。
z Word for 16-bit operand-size or doubleword for 32 or 64-bit operand-size.
z 字表示16位操作数大小,双字表示32位或64位操作数大小。
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
