I would like to create my own disassembler for educational purpose. So has anybody some tutorials on the topic? I have the Intel documentation but it's very hard to me. I don't understand how to decode hex-dump to mnemonic constructions. For example, we have a dump: B8 05 00 00 00 8B D0. How translate it to
How does a disassembler understand that "B8 05 00 00 00" is a first instruction and "8B D0" is a second instruction?
mov eax, 5 mov edx, eax ?
Look at Appendix A: OPCODE MAP and Appendix B: INSTRUCTION FORMATS AND ENCODINGS - these contain most of the data you will need. Look at some existing disassemblers. Here is one method that is common: Create an opcode table and branch on the first byte to the different decode algorithms - some of these algorithms begin by branching on the second byte to other decode algorithms - etc. General algorithms will be created to handle the bitfields that are common. I made a disassebler for 680x0 this way several years ago - it's a great way to learn the full instruction set.
I've never writen a disasmebler but here's a thought B8 means move a value into eax so the disasembler knows that if it finds 8B in a section of code then following it will be a dword indicating what value to move to eax since intel puts things backward 5 is stored as 05 00 00 00 so 8B 01 00 00 00 would be mov eax, 1 and 8B 02 00 00 00 would be mov eax, 2 etc. different instructions will expect a different amount of values to follow them.
Hi, Well, if you're really serious then this should help: How to write a disassembler: Table of Contents - Chapters Introduction Overall architecture Getting machine code byte stream: PE file wrapper object Understanding 32-bit Intel Processor Architecture (IA32) for parsing. Parsing machine code byte stream: Instruction Parser Decoding raw instructions: Simple implementation - SimpeDecoder. Decoding raw instructions: More sophisticated implementation -Disassembler. Appendix A. Downloading source and executable files. http://www.spiralspace.com/programming/disassembler/ Kayaker
Thanks to all! I am surprised, Intel documentation is not so comlpex as I thought!
http://www.coderz.net/ikx/lw/stuff/intel.txt will help you ;)