Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
 
  ACPI调试
Linux内核调试
Windows内核调试
 
  调试战役
调试原理
新工具观察
 
  Linux
Windows Vista
Windows
 
  Linux驱动
WDF
WDM
 
  PCI Express
PCI/PCI-X
USB
无线通信协议
 
  64位CPU
ARM
IA-32
  CPU Info Center
 
  ACPI标准
系统认证
Desktop
服务器
 
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
 
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

CPU架构

帖子发起人: sgyhm   发起时间: 2007-03-22 19:13 下午   回复: 6

Print Search
帖子排序:    
   2007-03-22, 19:13 下午
sgyhm 离线,最后访问时间: 2007/6/24 9:14:32 sgyhm

发帖数前75位
注册: 2007-02-09
发 贴: 16
阅读Intel指令手册,好难。
Reply Quote

我阅读的是第二卷,Chapter2 Instruction Format.

 

有些地方实在不明白:

2.4. MODR/M AND SIB BYTES
Most instructions that refer to an operand in memory have an addressing-form specifier byte
(called the ModR/M byte) following the primary opcode. The ModR/M byte contains three
fields of information:
• The mod field combines with the r/m field to form 32 possible values: eight registers and
24 addressing modes.
• The reg/opcode field specifies either a register number or three more bits of opcode information.
The purpose of the reg/opcode field is specified in the primary opcode.
• The r/m field can specify a register as an operand or can be combined with the mod field to
encode an addressing mode.
Certain encodings of the ModR/M byte require a second addressing byte, the SIB byte, to fully
specify the addressing form. The base-plus-index and scale-plus-index forms of 32-bit
addressing require the SIB byte. The SIB byte includes the following fields:
• The scale field specifies the scale factor.
• The index field specifies the register number of the index register.
• The base field specifies the register number of the base register.
See Section 2.6., “Addressing-Mode Encoding of ModR/M and SIB Bytes

如果能列举一个例子也许还能读懂,什么样的汇编指令?哪条用到SIB了,如何fully specify the addressing form?

 

 

2.6. ADDRESSING-MODE ENCODING OF MODR/M AND SIB BYTES

第四段:
Across the top of Tables 2-1 and 2-2, the eight possible values of the 3-bit Reg/Opcode field are
listed, in decimal (sixth row from top) and in binary (seventh row from top). The seventh row is
labeled “REG=”, which represents the use of these 3 bits to give the location of a second
operand, which must be a general-purpose, MMX, or XMM register. If the instruction does not
require a second operand to be specified, then the 3 bits of the Reg/Opcode field may be used as
an extension of the opcode, which is represented by the sixth row, labeled “/digit (Opcode)”.

能不能举个例子?指令不需要第二个操作数,3 bits of Reg/Opcode域会成为扩展?太抽象了,能不能给一条汇编指令

我自己可以反汇编来看看。

 

 

APPENDIX B
INSTRUCTION FORMATS AND ENCODINGS

B.1. MACHINE INSTRUCTION FORMAT

The primary opcode for an instruction is encoded in one or two bytes of the instruction. Some
instructions also use an opcode extension field encoded in bits 5, 4, and 3 of the ModR/M byte.
Within the primary opcode, smaller encoding fields may be defined. These fields vary according
to the class of operation being performed. The fields define such information as register encoding,
conditional test performed, or sign extension of immediate byte.

这段更令人费解:主要操作码中,什么时smaller encoding fields, conditional test 和sign extension又是指什么,

感觉都没有这样的汇编指令对应一样,能否也给条汇编指令的例子?


IP 地址: 已记录   报告
   2007-03-27, 13:23 下午
advdbg 离线,最后访问时间: 2007/3/28 13:25:15 advdbg

发帖数前75位
注册: 2005-12-19
发 贴: 14
Re: 阅读Intel指令手册,好难。
Reply Quote

首先对这样的钻研精神表示敬佩。时间关系,今天给出一个例子吧。

比如在KeBugCheck2函数中,有一条这样的MOV指令:

mov     dword ptr [esp+390h],eax

他的作用就是将EAX寄存器的值赋给ESP+0x390所代表的地址。

其机器码为:

89842490030000

其中各字段的含义如下(以下是开会时使用英文写的):

89 is Opcode of MOV r/m32, r32.

90030000 is little endian format of 390h.

84 is the ModR/M byte, 84 indicates that effective address is [--][--]+disp32. [--][--] means a SIB byte follows the ModR/M byte. Disp32 denotes a 32-bit displacement follows the ModR/M or SIB byte (if exists). For this sample, Disp32 refers to 90030000.

24 is the SIB byte. 24 corresponds 00 100 100, that’s base is 100, index is 100, scale is 00. base field specifies register number of the base register, no 4 stands for ESP register. Index 100 stands for index is [none], because above instruction does not use index register.

 

 


IP 地址: 已记录   报告
   2007-03-27, 17:02 下午
sgyhm 离线,最后访问时间: 2007/6/24 9:14:32 sgyhm

发帖数前75位
注册: 2007-02-09
发 贴: 16
Re: 阅读Intel指令手册,好难。
Reply Quote
非常感谢,尤其是您在开会时用英语写的那段,我总算明白displacement or sib到底是什么东西了。 感谢advdbg,一指楼上的,二指像raymond老师等帮助过我的高人,三指这个论坛,我翻遍了网络各处都找不到解释指令手册的,终于在这里得到回答。 最后还有个问题:why No 4 stands for ESP? 指令手册规定的? Index 100 stands for index x is none?这又是为什么?不明白这句 because above instruction does not use index register.应该是说mov指令不使用index register, 请问index register 指代什么? 期待另外两个例子谢谢谢谢。
IP 地址: 已记录   报告
   2007-03-28, 13:30 下午
advdbg 离线,最后访问时间: 2007/3/28 13:25:15 advdbg

发帖数前75位
注册: 2005-12-19
发 贴: 14
Re: 阅读Intel指令手册,好难。
Reply Quote
why No 4 stands for ESP?
每个通用寄存器都有个序号,4在这里就代表ESP寄存器。以下是它寄存器的序号:
EAX - 0
ECX - 1
EDX -2
EBX - 3
ESI - 6
EDI - 7

当作字符串复制等操作时,ESI指向源,EDI 指向目标,此外还需要一个Index Register,比如ECX。
IP 地址: 已记录   报告
   2007-03-28, 16:50 下午
sgyhm 离线,最后访问时间: 2007/6/24 9:14:32 sgyhm

发帖数前75位
注册: 2007-02-09
发 贴: 16
Re: 阅读Intel指令手册,好难。
Reply Quote
是不是只有串操作有这个index register?
IP 地址: 已记录   报告
   2007-03-28, 16:52 下午
sgyhm 离线,最后访问时间: 2007/6/24 9:14:32 sgyhm

发帖数前75位
注册: 2007-02-09
发 贴: 16
Re: 阅读Intel指令手册,好难。
Reply Quote
或者说index register是不是只对串操作有意义?
IP 地址: 已记录   报告
   2008-04-10, 15:54 下午
WANGyu 离线,最后访问时间: 2012/9/10 3:34:00 王宇

发帖数前10位
男
注册: 2007-05-08
发 贴: 306
Re: 阅读Intel指令手册,好难。
Reply Quote
强悍强悍...
IP 地址: 已记录   报告
高端调试 » 系统架构 » CPU架构 » Re: 阅读Intel指令手册,好难。

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.