I need to disassemble command 8E C0, can you help me?
I already made this:
First byte 8E = 10001110b it's mov sr,reg/mem
But I don't know what to do with the second byte 开发者_C百科11000000
You can wade through the intel docs to work it out yourself, or you can use a disassembler which is far easier. The answer is:
mov ES, EAX
I use yasm, and did the following:
# assemble the two bytes:
echo 'lbl: db 0x8e, 0xc0' | yasm -f elf - -o tmp.o
# disassemble the output:
objdump -d -M intel tmp.o
If you want to do this by hand, the bytes can by interpreted as follows.
8E
corresponds to this instruction in the Intel instruction set reference:
8E /r ... MOV Sreg,r/m16 ... Move r/m16 to segment register
The /r
indicates that the following byte is a "Mod R/M" byte. The description of the instruction indicates that we should interpret the Reg/Opcode part as a segment register which will be the destination and the the Mod and R/M parts will indicate the source. Seperating out the bits, Mod is the top two bits (11b
), Reg is the next three (000b
) and R/M the bottom three bits (000b
).
Looking up in the appropriate table, Mod of 11
indicates a register operand, with R/M denoting EAX
(or AX
in 16-bit mode) and 000
for Reg when referring to a segment register is ES
.
精彩评论