Hi, I'd like to know where I can find a list with every OpCode(or whatever you call it in MASM) and the OpCode's description. Where can I find it?
Posted on 2004-01-03 20:11:55 by bRaNcO
There are quite a few references, x86eas.hlp is a small help file that covers most of the opcodes up to MMX. It is probably one of the better ones out there, it used to be on the SpAsm page but no longer, I am not sure where you can get it now. At worst PM me your email address and I will email it to you (340K). The best reference is the IA32 manual volume 2 from Intel though the newer the instruction the newer your version of MASM has to be.
Posted on 2004-01-03 20:44:01 by donkey
I'll search for it. Thanks by the answer.
When i compiled my proj with MSVC++ to output asm code it shown strings like the following:
00000	68 00 00 00 00	 push	 OFFSET FLAT:??_C@_02PHAKHKBO@oi?$AA@

what are those numbers in the beggining of the string(00000 68 00 00 00 00)? They don't seem labels, are they?
Posted on 2004-01-04 04:55:17 by bRaNcO
68 is one of the opcodes for push - push (dword operand), it is pushing 0 onto the stack, it should have done it with 6A 00 instead, less space.
Posted on 2004-01-04 05:09:35 by donkey
if you are using masmpackage by hutch then it comes with one opcode.hlp file
it lists opcodes
like this
68 PUSH imm16 Push imm16 <---
68 PUSH imm32 Push imm32 <---- here is your opcode

or u can use his hutch hex to mnemonic also and type 68

it will show what 68 stands for

68 00 00 00 00 means push 0

0040129A 68 00000000 PUSH 0

and here 0040129a is the address

here are some more pushes for you
0040129A 68 00000000 PUSH 0
0040129F 6A 00 PUSH 0
004012A1 FF35 00000000 PUSH DWORD PTR DS:[0]
004012A7 50 PUSH EAX
004012A8 0E PUSH CS
004012A9 16 PUSH SS
004012AA 1E PUSH DS
004012AB 06 PUSH ES
004012AC 0FA0 PUSH FS
004012AE 0FA8 PUSH GS
Posted on 2004-01-04 05:09:55 by bluffer
hmm but I still don't get the sintax:
  00000	68 00 00 00 00	 push	 OFFSET FLAT:??_C@_02PHAKHKBO@oi?$AA@

00005 68 00 00 00 00 push OFFSET FLAT:?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ; std::cout
0000a e8 00 00 00 00 call ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z ; std::operator<<<std::char_traits<char> >
0000f 83 c4 08 add esp, 8

the first segment of numbers is what? the second from what I understood is the OpCode and the third is like the arg of the OpCode

right? or not?
Posted on 2004-01-04 05:11:28 by bRaNcO
they are the address of opcodes
0000 is the first line it took 5 bytes so the next line starts at 5 from counting from 0
line 2 takes 5 bytes 5,6,7,8,9,a ther you see you a at 3rd line

some thing called as relative addressing
Posted on 2004-01-04 05:24:21 by bluffer
Yes, the first line is the 'address', see that it is incremented with the size of each instruction (the second columnd), each pair of numbers (they are hexadecimal) is a byte and one hexNumber(4 bits) is a called 'nibble', eg, the first opcode is: 68 00 00 00 00 then you have: 10 nibbles == 5 pairs of bytes, then you fill with this intruction 5 bytes, and you add to the previous 00000 + 5 and you get the next address, see the second line 00005, the third column show you the real names of your variables, eg, you use MessageBox(NULL, "hello", "more hello", MB_OK and in the expansion you will see some like push MB_OK, push somewhre:inTheSpace, push more:YouDontKnowMyRealName, call __imp_MessageBoxA@16 or whatever, I dont know exactly, but like you see the compiler do some work for you it use decorated names, but in you code, you use normal names, also if you are using C++ the names will be more xtrange, because C++ make use of more name mangling than plain C, I think with C you will never see a name like this: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z , also dont worry by the extension of this, at the end is only a direction with a pretty fun name!!!... you know a function is only a start (or entry) of a space that will be executed. But worry about the meaning of the name :) because is the real name of your var, for fortune aparently are comented the C++ lines... at the end, I think there exist other option for the outputed files that let you see commented the C++ file.
Posted on 2004-01-04 10:17:22 by rea

it should have done it with 6A 00 instead, less space.

Nope. This is looks like an external reference, which will have to be fixed up by the linker at a later time.
Posted on 2004-01-04 10:25:04 by f0dder
Posted on 2004-01-04 10:27:05 by wizzra
Thx wizzra I like the look && feel there ;)
This is looks like an external reference

I think you are right, because if you look at the names at the right, there have diferent names, but is the same instruction, then the correct question need be, how I can recognogize if is a external reference that need be fixed by the linker at link-time??, when I list with nasm, the outputs of undefined references are enclosed in () and you know that this number with this mark will be corrected in the link time...., but aparently here is no easy way to look for this.....

Have a nice day or night.
Posted on 2004-01-04 10:42:47 by rea
It is an external reference if it's not a variable/function used in the same source file. This _can_ be a bit tricky to see in the case of C++ and mangled names, but then you can use the mixed-listing (C++ source and asm output) which should make it easier to tell.
Posted on 2004-01-04 10:48:40 by f0dder