[请教]关于mov ebx,eax机器码-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (7)
foxabu 雪币： 325 活跃值： (97) 能力值： ( LV13，RANK：530 ) 在线值：发帖 55 回帖 1236 粉丝 5 关注私信	foxabu 13 2 楼 88 /r MOV r/m8,r8 Move 89 /r MOV r/m32,r32 Move 8A /r MOV r8,r/m8 Move 8B /r MOV r32,r/m32 Move 2006-12-25 21:20 0
shoooo 雪币： 398 活跃值： (343) 能力值： (RANK：650 ) 在线值：发帖 91 回帖 2169 粉丝 5 关注私信	shoooo 16 3 楼 50 push eax FF F0 push eax 8B 05 00 00 00 10 mov eax, dword ptr [10000000] A1 00 00 00 10 mov eax, dword ptr [10000000] 还有N多 2006-12-25 21:27 0
Ivanov 雪币： 1334 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 226 回帖 1054 粉丝 2 关注私信	Ivanov 4 楼赫赫很多种 2006-12-25 22:15 0
Ryosuke 雪币： 370 活跃值： (78) 能力值： ( LV9，RANK：970 ) 在线值：发帖 26 回帖 195 粉丝 3 关注私信	Ryosuke 24 5 楼 89 C3 C3=11000011 Mod = 11 REG = 000 RM = 011 89 /r MOV r/m32,r32 Move 查表 r/m32 = ebx r32 = eax 就是 mov ebx,eax 8BD8 D8=11011000 Mod = 11 REG = 011 RM = 000 8B /r MOV r32,r/m32 Move r/m32 = eax r32 = ebx 就是 mov ebx,eax 这个表可以看intel官方手册 r/m32由 Mod和RM决定单Mod等于11 RM=000-111 分别代表 eax,ecx,edx,ebx,esp,ebp,esi,edi 2006-12-26 12:15 0
gzgzlxg 雪币： 238 活跃值： (326) 能力值： ( LV12，RANK：450 ) 在线值：发帖 12 回帖 346 粉丝 7 关注私信	gzgzlxg 11 6 楼可参考[INTEL 80386 PROGRAMMER'S REFERENCE MANUAL 1986]的Chapter 17 80386 Instruction Set或其后的版本的相应部分 2006-12-26 21:22 0
qiweixue 雪币： 258 活跃值： (230) 能力值： ( LV12，RANK：770 ) 在线值：发帖 47 回帖 1136 粉丝 3 关注私信	qiweixue 19 7 楼 Intel IA-32手册 Volume 2A Instruction Set Reference, A-M. 第635 页 88 /r MOV r/m8,r8 Valid Valid Move r8 to r/m8. REX + 88 /r MOV r/m8*,r8* Valid N.E. Move r8 to r/m8. 89 /r MOV r/m16,r16 Valid Valid Move r16 to r/m16. 89 /r MOV r/m32,r32 Valid Valid Move r32 to r/m32. REX.W + 89 /r MOV r/m64,r64 Valid N.E. Move r64 to r/m64. 8A /r MOV r8,r/m8 Valid Valid Move r/m8 to r8. REX + 8A /r MOV r8*,r/m8* Valid N.E. Move r/m8 to r8. 8B /r MOV r16,r/m16 Valid Valid Move r/m16 to r16. 8B /r MOV r32,r/m32 Valid Valid Move r/m32 to r32. REX.W + 8B /r MOV r64,r/m64 Valid N.E. Move r/m64 to r64. 8C /r MOV r/m16,Sreg Valid Valid Move segment register to r/m16. REX.W + 8C /r MOV r/m64,Sreg Valid Valid Move zero extended 16-bit segment register to r/m64. 8E /r MOV Sreg,r/m16 Valid Valid Move r/m16 to segment register. REX.W + 8E /r MOV Sreg,r/m64 Valid Valid Move lower 16 bits of r/m64 to segment register. A0 MOV AL,moffs8* Valid Valid Move byte at (seg:offset) to AL. REX.W + A0 MOV AL,moffs8* Valid N.E. Move byte at (offset) to AL. A1 MOV AX,moffs16* Valid Valid Move word at (seg:offset) to AX. A1 MOV EAX,moffs32* Valid Valid Move doubleword at (seg:offset) to EAX. REX.W + A1 MOV RAX,moffs64* Valid N.E. Move quadword at (offset) to RAX. A2 MOV moffs8,AL Valid Valid Move AL to (seg:offset). REX.W + A2 MOV moffs8**,AL Valid N.E. Move AL to (offset). A3 MOV moffs16,AX Valid Valid Move AX to (seg:offset). A3 MOV moffs32,EAX Valid Valid Move EAX to (seg:offset). REX.W + A3 MOV moffs64,RAX Valid N.E. Move RAX to (offset). B0+ rb MOV r8, imm8 Valid Valid Move imm8 to r8. REX + B0+ rb MOV r8*, imm8 Valid N.E. Move imm8 to r8. B8+ rw MOV r16, imm16 Valid Valid Move imm16 to r16. B8+ rd MOV r32, imm32 Valid Valid Move imm32 to r32. REX.W + B8+ rd MOV r64, imm64 Valid N.E. Move imm64 to r64. C6 /0 MOV r/m8, imm8 Valid Valid Move imm8 to r/m8. REX + C6 /0 MOV r/m8*, imm8 Valid N.E. Move imm8 to r/m8. C7 /0 MOV r/m16, imm16 Valid Valid Move imm16 to r/m16. 3-588 Vol. 2A INSTRUCTION SET REFERENCE, A-M MOV―Move Description Copies the second operand (source operand) to the first operand (destination operand). The source operand can be an immediate value, general-purpose register, segment register, or memory location; the destination register can be a general-purpose register, segment register, or memory location. Both operands must be the same size, which can be a byte, a word, or a doubleword. The MOV instruction cannot be used to load the CS register. Attempting to do so results in an invalid opcode exception (#UD). To load the CS register, use the far JMP, CALL, or RET instruction. If the destination operand is a segment register (DS, ES, FS, GS, or SS), the source operand must be a valid segment selector. In protected mode, moving a segment selector into a segment register automatically causes the segment descriptor information associated with that segment selector to be loaded into the hidden (shadow) part of the segment register. While loading this information, the segment selector and segment descriptor information is validated (see the “Operation” algorithm below). The segment descriptor data is obtained from the GDT or LDT entry for the specified segment selector. A NULL segment selector (values 0000-0003) can be loaded into the DS, ES, FS, and GS registers without causing a protection exception. However, any subsequent attempt to reference a segment whose corresponding segment register is loaded with a NULL value causes a general protection exception (#GP) and no memory reference occurs. Loading the SS register with a MOV instruction inhibits all interrupts until after the execution of the next instruction. This operation allows a stack pointer to be loaded into the ESP register with the next instruction (MOV ESP, stack-pointer value) before an interrupt occurs1. Be aware that the LSS instruction offers a more efficient method of loading the SS and ESP registers. When operating in 32-bit mode and moving data between a segment register and a generalpurpose register, the 32-bit IA-32 processors do not require the use of the 16-bit operand-size prefix (a byte with the value 66H) with this instruction, but most assemblers will insert it if the standard form of the instruction is used (for example, MOV DS, AX). The processor will 2006-12-27 09:18 0
仙剑太郎雪币： 214 活跃值： (70) 能力值： ( LV6，RANK：90 ) 在线值：发帖 9 回帖 242 粉丝 0 关注私信	仙剑太郎 2 8 楼受教!谢谢了 2006-12-27 11:33 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

foxabu

雪币： 325

活跃值： (97)

能力值：

( LV13，RANK：530 )

在线值：

发帖

55

回帖

1236

粉丝

5

关注

私信

foxabu 13: 2 楼

88 /r    MOV r/m8,r8          Move
89 /r    MOV r/m32,r32          Move
8A /r    MOV r8,r/m8          Move
8B /r    MOV r32,r/m32          Move

2006-12-25 21:20

0

shoooo

雪币： 398

活跃值： (343)

能力值： (RANK：650 )

在线值：

发帖

91

回帖

2169

粉丝

5

关注

私信

shoooo 16: 3 楼

50                push eax
FF F0             push eax

8B 05 00 00 00 10 mov eax, dword ptr [10000000]
A1 00 00 00 10    mov eax, dword ptr [10000000]

还有N多

2006-12-25 21:27

0

Ivanov

雪币： 1334

活跃值： (15)

能力值：

( LV2，RANK：10 )

在线值：

发帖

226

回帖

1054

粉丝

2

关注

私信

Ivanov: 4 楼

赫赫
很多种

2006-12-25 22:15

0

Ryosuke

雪币： 370

活跃值： (78)

能力值：

( LV9，RANK：970 )

在线值：

发帖

26

回帖

195

粉丝

3

关注

私信

Ryosuke 24: 5 楼

89 C3
C3=11000011
Mod = 11
REG = 000
RM = 011
89 /r MOV r/m32,r32 Move
查表
r/m32 = ebx
r32 = eax
就是 mov ebx,eax

8BD8
D8=11011000
Mod = 11
REG = 011
RM = 000
8B /r MOV r32,r/m32 Move
r/m32 = eax
r32 = ebx
就是
mov ebx,eax
这个表可以看intel官方手册

r/m32由 Mod和RM决定
单Mod等于11 RM=000-111
分别代表
eax,ecx,edx,ebx,esp,ebp,esi,edi

2006-12-26 12:15

0

gzgzlxg

雪币： 238

活跃值： (326)

能力值：

( LV12，RANK：450 )

在线值：

发帖

12

回帖

346

粉丝

7

关注

私信

gzgzlxg 11: 6 楼

可参考[INTEL 80386 PROGRAMMER'S REFERENCE MANUAL 1986]的Chapter 17 80386 Instruction Set或其后的版本的相应部分

2006-12-26 21:22

0

qiweixue

雪币： 258

活跃值： (230)

能力值：

( LV12，RANK：770 )

在线值：

发帖

47

回帖

1136

粉丝

3

关注

私信

qiweixue 19: 7 楼

Intel IA-32手册
Volume 2A Instruction Set Reference, A-M.
第635
页

88 /r MOV r/m8,r8 Valid Valid Move r8 to r/m8.
REX + 88 /r MOV r/m8***,r8*** Valid N.E. Move r8 to r/m8.
89 /r MOV r/m16,r16 Valid Valid Move r16 to r/m16.
89 /r MOV r/m32,r32 Valid Valid Move r32 to r/m32.
REX.W + 89 /r MOV r/m64,r64 Valid N.E. Move r64 to r/m64.
8A /r MOV r8,r/m8 Valid Valid Move r/m8 to r8.
REX + 8A /r MOV r8***,r/m8*** Valid N.E. Move r/m8 to r8.
8B /r MOV r16,r/m16 Valid Valid Move r/m16 to r16.
8B /r MOV r32,r/m32 Valid Valid Move r/m32 to r32.
REX.W + 8B /r MOV r64,r/m64 Valid N.E. Move r/m64 to r64.
8C /r MOV r/m16,Sreg** Valid Valid Move segment register to
r/m16.
REX.W + 8C /r MOV r/m64,Sreg** Valid Valid Move zero extended 16-bit
segment register to r/m64.
8E /r MOV Sreg,r/m16** Valid Valid Move r/m16 to segment
register.
REX.W + 8E /r MOV Sreg,r/m64** Valid Valid Move lower 16 bits of
r/m64 to segment register.
A0 MOV AL,moffs8* Valid Valid Move byte at (seg:offset) to
AL.
REX.W + A0 MOV AL,moffs8* Valid N.E. Move byte at (offset) to AL.
A1 MOV AX,moffs16* Valid Valid Move word at (seg:offset)
to AX.
A1 MOV EAX,moffs32* Valid Valid Move doubleword at
(seg:offset) to EAX.
REX.W + A1 MOV RAX,moffs64* Valid N.E. Move quadword at (offset)
to RAX.
A2 MOV moffs8,AL Valid Valid Move AL to (seg:offset).
REX.W + A2 MOV moffs8***,AL Valid N.E. Move AL to (offset).
A3 MOV moffs16*,AX Valid Valid Move AX to (seg:offset).
A3 MOV moffs32*,EAX Valid Valid Move EAX to (seg:offset).
REX.W + A3 MOV moffs64*,RAX Valid N.E. Move RAX to (offset).
B0+ rb MOV r8, imm8 Valid Valid Move imm8 to r8.
REX + B0+ rb MOV r8***, imm8 Valid N.E. Move imm8 to r8.
B8+ rw MOV r16, imm16 Valid Valid Move imm16 to r16.
B8+ rd MOV r32, imm32 Valid Valid Move imm32 to r32.
REX.W + B8+ rd MOV r64, imm64 Valid N.E. Move imm64 to r64.
C6 /0 MOV r/m8, imm8 Valid Valid Move imm8 to r/m8.
REX + C6 /0 MOV r/m8***, imm8 Valid N.E. Move imm8 to r/m8.
C7 /0 MOV r/m16, imm16 Valid Valid Move imm16 to r/m16.
3-588 Vol. 2A

INSTRUCTION SET REFERENCE, A-M
MOV―Move
Description
Copies the second operand (source operand) to the first operand (destination operand). The
source operand can be an immediate value, general-purpose register, segment register, or
memory location; the destination register can be a general-purpose register, segment register, or
memory location. Both operands must be the same size, which can be a byte, a word, or a
doubleword.
The MOV instruction cannot be used to load the CS register. Attempting to do so results in an
invalid opcode exception (#UD). To load the CS register, use the far JMP, CALL, or RET
instruction.
If the destination operand is a segment register (DS, ES, FS, GS, or SS), the source operand must
be a valid segment selector. In protected mode, moving a segment selector into a segment
register automatically causes the segment descriptor information associated with that segment
selector to be loaded into the hidden (shadow) part of the segment register. While loading this
information, the segment selector and segment descriptor information is validated (see the
“Operation” algorithm below). The segment descriptor data is obtained from the GDT or LDT
entry for the specified segment selector.
A NULL segment selector (values 0000-0003) can be loaded into the DS, ES, FS, and GS registers
without causing a protection exception. However, any subsequent attempt to reference a
segment whose corresponding segment register is loaded with a NULL value causes a general
protection exception (#GP) and no memory reference occurs.
Loading the SS register with a MOV instruction inhibits all interrupts until after the execution of
the next instruction. This operation allows a stack pointer to be loaded into the ESP register with
the next instruction (MOV ESP, stack-pointer value) before an interrupt occurs1. Be aware that
the LSS instruction offers a more efficient method of loading the SS and ESP registers.
When operating in 32-bit mode and moving data between a segment register and a generalpurpose
register, the 32-bit IA-32 processors do not require the use of the 16-bit operand-size
prefix (a byte with the value 66H) with this instruction, but most assemblers will insert it if the
standard form of the instruction is used (for example, MOV DS, AX). The processor will

2006-12-27 09:18

0

仙剑太郎

雪币： 214

活跃值： (70)

能力值：

( LV6，RANK：90 )

在线值：

发帖

9

回帖

242

粉丝

0

关注

私信

仙剑太郎 2: 8 楼

受教!谢谢了

2006-12-27 11:33

0