Checking up Intel assembly opcodes easily in Linux

2019-02-18 16:38发布

问题:

I have been looking for an practical tool that would print the opcodes of any Intel 64-bit or 32-bit instruction in Linux, eg. something like Hiew's assembler in DOS. A web-based service would be one option too.

As I wasn't able to find any, I made my own bash script, that creates an assembly source file from command line parameters (instruction[s] and <32/64>), compiles, links and disassembles it and shows the correct rows of disassembly. But is there already some program that would show all the possible encodings for any given instruction, eg. for mov eax,ebx? My approach using nasm, ld and ndisasm obviously only gives one possible encoding for each instruction.

With this script I can get the encodings used by nasm for 64 and 32-bit code, eg:

/home/user/code/asm$ showop 'nop;add eax,ebx;cpuid' 64

00000000  90                nop
00000001  01D8              add eax,ebx
00000003  0FA2              cpuid

But how could I get easily all the possible opcode encodings? Is there already some program available for that?

Here's the code:

#!/bin/bash

# usage: showop instructions bits

asminstr=$1
bits=$2

# asminstr="nop;nop;nop;nop;add eax,ebx;nop;nop;nop"
# bits=64

numberofinstr=`echo $asminstr | grep -o ";" | wc -l`
((numberofinstr++))

if [ -f tempasmfile.asm ]
    then
    rm tempasmfile.asm
fi
if [ -f tempobjfile.o ]
    then
    rm tempobjfile.o
fi
if [ -f tempexefile ]
    then
    rm tempexefile
fi

printf "[bits $bits]\nsection .text\nglobal _start\n\n_start:\n`echo $asminstr | sed 's/;/\\n/g'`\n" >tempasmfile.asm

nasm -f elf$bits tempasmfile.asm -o tempobjfile.o
ld tempobjfile.o -o tempexefile

if [ $bits -eq 32 ]
then
    ndisasm -b $bits -e 0x60 tempexefile | head -n $numberofinstr
elif [ $bits -eq 64 ]
then
    ndisasm -b $bits -e 0x80 tempexefile | head -n $numberofinstr
fi
rm tempasmfile.asm
rm tempobjfile.o
rm tempexefile

回答1:

Disassemblers, like libdisasm and udis86 usually come with a lookup table for opcodes.

udis86 also comes with a command line tool (udcli), which you feed hex bytes and it gives you the decoded version.