flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
revolution 13 Apr 2016, 18:22
There are already some posts and code on this board demonstrating Length disassembly engines. A possible other search term is LDE.
|
|||
![]() |
|
system error 13 Apr 2016, 18:31
Didn't know that this thing I am asking is about disassembly. HAHA. Thought it was like a walk in the park. But it is mathematically possible right, even without using LDE? Maybe using a lookup table?
|
|||
![]() |
|
revolution 13 Apr 2016, 18:54
That is what an LDE does, exactly what you are trying to do. Have a look at the existing solutions, maybe you can find improvements or something.
|
|||
![]() |
|
system error 15 Apr 2016, 07:46
Yeah, I've seen the code. Lots and lots of lookup tables. I suspect FASM source have something similar but I can't find it.
|
|||
![]() |
|
revolution 15 Apr 2016, 08:23
fasm is an assembler, and doesn't have any need for determining the length from the byte output stream. Your question is the opposite of that, hence they are called length disassembly engines.
|
|||
![]() |
|
system error 01 May 2016, 11:46
btw mom, i have completed my own length engine up to VEX prefix. Not that difficult anyway.
The only problem is when xacquire (0xF3) is followed next by xgetbv (0x0F01D0). It gives the wrong length. Don't know how to deal with this since my lookup table isn't really a lookup table but rather as simple reference. All calculations are done internally using code. If u know anything around this little problem, do let me know. Still need some time to build a symbolic lookies and then voila, I have written my own disassembler and become a useful earthling finally ^_^ |
|||
![]() |
|
system error 01 May 2016, 11:52
And frankly speaking, binaries produced by FASM is very clean and extremely accurate. Congrats Tomasz! ^_^
|
|||
![]() |
|
revolution 01 May 2016, 14:31
system error wrote: i have completed my own length engine up to VEX prefix. |
|||
![]() |
|
system error 11 May 2016, 04:16
Sorry for the delay. Still working on the symbol translations. But for the length engine alone, here's the code plus the old table. It's messy. For windows only, but for linux, you just need the length_engine, decoder, init functions and the table.
Just added XOP prefix lookup. I need help testing it because I can't possibly know all instructions and variants.. All table entries are single ops of 4 byte chunks. Length calculation is done via code, not by lookup. |
|||
![]() |
|
system error 11 May 2016, 04:22
oh oh btw, if you decided to use the length_engine in other forms (command-line, DLL, etc), you need to point RAX to the offset of the instruction you want to calculate. It returns the length in RAX.
|
|||
![]() |
|
system error 14 May 2016, 13:32
Mom, does FASM support RDPKRU? It gives me illegal instruction.
Code: flat assembler version 1.71.51 (16384 kilobytes memory) analytix.asm [11]: rdpkru error: illegal instruction. It's a 3-byte opcode in my table. |
|||
![]() |
|
system error 14 May 2016, 13:38
and WRPKRU too!
|
|||
![]() |
|
revolution 14 May 2016, 14:13
fasm v1.71.52 wrote: version 1.71.52 (May 13, 2016) |
|||
![]() |
|
system error 14 May 2016, 15:59
the timing is just perfect!
![]() There's one still missing; VMFUNC (0x0F01D4) |
|||
![]() |
|
system error 14 May 2016, 16:07
VMFUNC takes no operand and belongs to the same 3-byte instruction class as RDPKRU/WRPKRU.
|
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.