I've been given the following task:
Consider the following sequence of hexadecimal values:
55 89 E5 83 EC 08 83 E4 F0 31 C9 BA 01 00 00 00 B8 0D 00 00 00 01 D1 01 CA 48 79 F9 31 C0 C9 C3
This sequence of bytes represents a subroutine in Intel 80386 machine language in 32-bit mode.
When the instructions in this subroutine are executed, they leave values in the registers %ecx and %edx. What are the values?
What is the program in C that carries out the computation done by this subroutine, then prints the values computed by this program of %ecx and %edx as they would appear at the end of the execution of the subroutine.
As I do not have the 80386 instruction set memorized, I must first convert these opcode bytes into their assembly-language mnemonic equivalents. So, is there an online reference somewhere, a table mapping hex values to instructions or the like? I checked out Intel's website, but could find nothing. Or is there a better way to go about deciphering this...?
While you could cheat and use a dissassembler (a disassembler would not be very much help in learning), I would recommend actually learning something by reading the relevant chapters in the Intel 80386 manual. Start with Chapter 17. If/when you get stuck, come back to StackOverflow and post a question stating exactly how far you've gotten and what you don't understand.
You should use a disassembler to see what are the instructions. You can grab NDISASM from the NASM package. Store the bytes in a file and run:
ndisasm -b 32 file # -b 32 specifies you're running in 32 bit mode
I wouldn't use a disassembler, go through the instruction manual and figure out what each group of bits could mean. This will get you the corresponding assembly instruction. From there it shouldn't be too hard to get that into C. I agree with the other poster that it is messed up doing this assignment in x86. Something like SPARC or MIPS would be much easier (as these have fixed width instructions).
There's a much simpler method than those suggested, and I suspect this is the one the teacher has in mind:
- Go to a command prompt
- run Debug
- command "e"
- enter the byte values
- command "u"
- read the results
Decoding opcodes from the chart is very, very tedious, and I'd be surprised if that was what was intended.
Use objdump -d if you're using Unix.
// hex.c
1 #include <sys/mman.h>
2 #include <string.h>
3
4 int main () {
5 char code[] = {0xB8, 0x3C, 0x0, 0x0, 0x0, 0xBF, 0x2, 0x0, 0x0, 0x0, 0xBA, 0x7D, 0x0, 0x0, 0x0, 0xC3};
6 void *buf;
7 buf = mmap (0,sizeof(code),PROT_READ|PROT_WRITE|PROT_EXEC,MAP_PRIVATE|MAP_ANON,-1,0);
8 memcpy (buf, code, sizeof(code));
9 return 0;
10 }
// gcc -g hex.c -o hex
gdb hex;
b 9;
r;
x /10i buf
mov $0x3c,%eax
mov $0x2,%edi
mov $0x7d,%edx
ret