I would like to create my own disassembler for educational purpose. So has anybody some tutorials on the topic? I have the Intel documentation but it's very hard to me. I don't understand how to decode hex-dump to mnemonic constructions. For example, we have a dump: B8 05 00 00 00 8B D0. How translate it to

mov eax, 5
mov edx, eax ?
How does a disassembler understand that "B8 05 00 00 00" is a first instruction and "8B D0" is a second instruction?
Posted on 2001-07-03 23:22:00 by vkim
Look at Appendix A: OPCODE MAP and Appendix B: INSTRUCTION FORMATS AND ENCODINGS - these contain most of the data you will need. Look at some existing disassemblers. Here is one method that is common: Create an opcode table and branch on the first byte to the different decode algorithms - some of these algorithms begin by branching on the second byte to other decode algorithms - etc. General algorithms will be created to handle the bitfields that are common. I made a disassebler for 680x0 this way several years ago - it's a great way to learn the full instruction set.
Posted on 2001-07-03 23:42:00 by bitRAKE
I've never writen a disasmebler but here's a thought B8 means move a value into eax so the disasembler knows that if it finds 8B in a section of code then following it will be a dword indicating what value to move to eax since intel puts things backward 5 is stored as 05 00 00 00 so 8B 01 00 00 00 would be mov eax, 1 and 8B 02 00 00 00 would be mov eax, 2 etc. different instructions will expect a different amount of values to follow them.
Posted on 2001-07-03 23:44:00 by zCode
Hi, Well, if you're really serious then this should help: How to write a disassembler: Table of Contents - Chapters Introduction Overall architecture Getting machine code byte stream: PE file wrapper object Understanding 32-bit Intel Processor Architecture (IA32) for parsing. Parsing machine code byte stream: Instruction Parser Decoding raw instructions: Simple implementation - SimpeDecoder. Decoding raw instructions: More sophisticated implementation -Disassembler. Appendix A. Downloading source and executable files. http://www.spiralspace.com/programming/disassembler/ Kayaker
Posted on 2001-07-04 01:55:00 by Kayaker
Thanks to all! I am surprised, Intel documentation is not so comlpex as I thought!
Posted on 2001-07-06 04:48:00 by vkim
http://www.coderz.net/ikx/lw/stuff/intel.txt will help you ;)
Posted on 2001-07-06 16:03:00 by lw_ikx