Formatting hex code to asm code

StackOverflow https://stackoverflow.com/questions/14092392

Question

I need to write something like a "disassembler", I need to read RAM memory (code section) and show it formatted like

ADD rax, rbx
MOV rcx, rax

Where can I find a comprehensive guide/paper on how to translate an opcode to the correspective operation/operands? I'm targeting x64 assembly

Was it helpful?

Solution 2

I'd really recommend you just use the BSD licensed udis86 library instead of writing yet another x86 disassembler:

#include <stdio.h>
#include <udis86.h>

enum {
    /* Controls whether to disassemble for x86 or x64 */
    UDIS86_MODE = 64 /* 16, 32, or 64 */
};

int main()
{
    ud_t ud_obj;

    ud_init(&ud_obj);

    ud_set_input_file(&ud_obj, stdin);
    ud_set_mode(&ud_obj, UDIS86_MODE);
    ud_set_syntax(&ud_obj, UD_SYN_INTEL);

    while (ud_disassemble(&ud_obj)) {
        printf("\t%s\n", ud_insn_asm(&ud_obj));
    }

    return 0;
}

The version of Udis86 on github even supports the latest Intel AVX instructions.

Udis86 is quite easy to build for x86 or x64 Windows with the MinGW64 / MSYS toolchain. Just in case you're not familiar with GCC and the GNU autotools build system, I've built:

  1. http://scottt.tw/mingw32-udis86.tar.gz
  2. http://scottt.tw/mingw64-udis86.tar.gz

for your convenience. The archives contain the DLL and header files. (Whether it's wise to download and run DLLs from random strangers who answer questions on Stackoverflow is another matter ;).

OTHER TIPS

You can have a look at this library - you can use it "as it is" or just learn from its source (which is released under BSD license).

This is my go-to list for opcodes, sorted numerically:

http://ref.x86asm.net/geek64.html

That site also has many other lists. However, as you can see, there's quite a lot of opcodes on x86/64, so writing a disassembler by hand will take a while.

I'd suggest you feed the code to an existing disassembler. For example, see this question:

How do I disassemble raw x86 code?

  1. For Intel, you can find it at http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html - particularly, you may have been interested in Volume 2.

  2. For AMD processors, it must be here: http://developer.amd.com/resources/documentation-articles/developer-guides-manuals/#manuals . Seems like you'll need volume 3.

Still, they have a lot in common.

If you are creating your own disassembler, it is imperative that you download the instruction set guide (Volume 2) from ...

http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html

The notes and tables in the appendices are invaluable. You will likely note that many of the instructions follow a similar pattern. As a result, you can build your own tables of function pointers to decode the instructions. Populating the tables can be time consuming.

Hope this helps.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top