https://stackoverflow.com/questions/15321220
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFor example:
0xa1 : ['MOV', 'rAX,Ov']
According to Intel® 64 and IA-32 Architectures Developer's Manual: Combined Volumes Table A-2. One-byte Opcode Map: (00H — F7H) 0xa1 is mov rAX, Ov.
Then table A.2.1 Codes for Addressing Method explains the abbreviations used in the addressing:
O The instruction has no ModR/M byte. The offset of the operand is coded as
a word or double word (depending on address size attribute) in the instruction.
No base register, index register, or scaling factor can be applied (for example,
MOV (A0–A3)).
Table A.2.2 Codes for Operand Type explains the operand type:
v Word, doubleword or quadword (in 64-bit mode), depending on operand-size
attribute.
And below A.2.3 Register Codes it says:
A register identifier of the form eXX or rXX is used when register width depends
on the operand-size attribute. eXX is used when 16 or 32-bit sizes are possible;
rXX is used when 16, 32, or 64-bit sizes are possible. For example: eAX indicates
that the AX register is used when the operand-size attribute is 16 and the EAX
register is used when the operand-size attribute is 32. rAX can indicate AX, EAX
or RAX.
So here are some example instruction encodings for 0xa1 opcode (confirmed with udcli -x):
a10102 mov ax, [0x201] ; in x86 16-bit code
a101020304 mov eax, [0x4030201] ; in x86 32-bit code
a10102030405060708 mov eax, [0x807060504030201] ; in x86-64
66a101020304 mov ax, [0x4030201] ; with 0x66, in x86 32-bit code
66a10102030405060708 mov ax, [0x807060504030201] ; with 0x66, in x86-64
48a10102030405060708 mov rax, [0x807060504030201] ; with 0x48 REX.W, in x86-64
