3

I've been given the following task:

Consider the following sequence of hexadecimal values:

55 89 E5 83 EC 08 83 E4 F0 31 C9 BA 01 00 00 00 B8 0D 00 00 00 01 D1 01 CA 48 79 F9 31 C0 C9 C3

This sequence of bytes represents a subroutine in Intel 80386 machine language in 32-bit mode.

  • When the instructions in this subroutine are executed, they leave values in the registers %ecx and %edx. What are the values?

  • What is the program in C that carries out the computation done by this subroutine, then prints the values computed by this program of %ecx and %edx as they would appear at the end of the execution of the subroutine.

As I do not have the 80386 instruction set memorized, I must first convert these opcode bytes into their assembly-language mnemonic equivalents. So, is there an online reference somewhere, a table mapping hex values to instructions or the like? I checked out Intel's website, but could find nothing. Or is there a better way to go about deciphering this...?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Ray
  • 47
  • 1
  • 1
  • 2
  • 1
    This is half decent, imho: [coder32 edition of X86 Opcode and Instruction Reference](http://ref.x86asm.net/coder32.html "opcodes") – Brian Sweeney Jul 05 '11 at 20:51

5 Answers5

10

While you could cheat and use a dissassembler (a disassembler would not be very much help in learning), I would recommend actually learning something by reading the relevant chapters in the Intel 80386 manual. Start with Chapter 17. If/when you get stuck, come back to StackOverflow and post a question stating exactly how far you've gotten and what you don't understand.

  • 10
    WTF?! Using a disassembler is cheating? Decoding x86 instructions is a horribly stupid homework. I think the point was understanding the instructions, not their encoding. – Mehrdad Afshari Jan 31 '10 at 22:33
  • 4
    @Mehrdad - Yes it is cheating, if you are trying to understand machine opcodes/their encodings and translations to higher level languages (opcode -> assembly -> C). If the only point of the assignment was to understand the instructions then the professor should have started with assembly language *not* machine code. That's why I believe the intent of the assignment is to grasp a little bit of machine code which *is not that difficult.* –  Jan 31 '10 at 22:38
  • 8
    @roygbiv: If I wanted my students to learn instruction encoding for a particular architecture, I would have asked them to *write a disassembler*, not decode stuff by hand. I don't think any sane teacher will give such a homework for the purpose of instruction encoding. I assumed the purpose of the homework was to trace the instructions. By the way, I would have chosen something more elegant than x86 to teach them instruction encodings. The x86 instruction encoding is too complex to be suitable for learning. – Mehrdad Afshari Jan 31 '10 at 22:43
  • 1
    @roygbiv: No, I'm not. But I reserve the right to express my personal opinion and neutralize stupidity (in case what you think is the purpose of the homework, which I don't assume to be true) as much as I can. – Mehrdad Afshari Jan 31 '10 at 22:48
  • 1
    @roygbiv, If you have this at the bottom of the assignement : Your professor knows that most of you don't know 80386 assembly and machine language. You will need to be resourceful... What would you do ??? – Ray Jan 31 '10 at 22:50
  • @roaygbiv, I am asking for a hint or a reference I can use. I am not asking you to solve my problem. If you can not help don't bother to comment. Thanks Mehrdad. – Ray Jan 31 '10 at 23:03
  • @Visible Spectrum, I would imagine someone is having a bad day ;) @Ray, that is a hint! – Bear Jan 31 '10 at 23:05
  • 4
    @Ray - I *gave* you a link that would help you enormously. Did you bother to *read* it? I would say at least try to decode one or two instructions in an attempt to at least gain *something* more from the assignment than *yea, I posted on stackoverflow and they said download a disassembler, but I didn't even have to do that because they posted the disassembled bytes for me*. –  Jan 31 '10 at 23:07
  • 1
    @roygbiv: I wasn't the downvoter. Contrary to how it looks, I appreciate your concern and for the reason you mentioned I didn't post the disassembly. I don't think @Ray downvoted you either as he doesn't have enough rep to do so. It should have been a drive-by downvoter. Happens in SO sometimes. – Mehrdad Afshari Jan 31 '10 at 23:10
2

You should use a disassembler to see what are the instructions. You can grab NDISASM from the NASM package. Store the bytes in a file and run:

ndisasm -b 32 file        # -b 32 specifies you're running in 32 bit mode
Mehrdad Afshari
  • 414,610
  • 91
  • 852
  • 789
  • Correction, the OP should do his homework and figure out the assembly instructions! –  Jan 31 '10 at 22:43
  • Mehrdad, I don't have the assembly file, just the Opcodes in Hex. – Ray Jan 31 '10 at 22:46
  • 1
    @Ray: Use a hex editor to enter hex values in a file. Google hex editor for one that suits your platform. – Mehrdad Afshari Jan 31 '10 at 22:48
  • @roygbiv: grow up if you don't like the op asking homework questions then add it to your list of ignored tags. Personally, I welcome people trying to understand something even if the question originated in HW. – Evan Carroll Feb 01 '10 at 01:08
  • 1
    @Evan Carroll - I think your comment is offensive and out-of-line. You mis-understand and mis-construe what has been said in this thread as the post with the disassembled bytes was removed (Thank you!). Telling me things like "grow up" is childish. I'm not against homework questions. Quite the contrary. I'm trying my best to help the OP *learn* without being voted off StackOverflow. In fact, I invite him to post back telling us where he is stuck at next so that we can help him. In an effort to encourage learning, blatant answers/help to homework questions should never be given. –  Feb 01 '10 at 02:40
  • @Evan, how does the OP using a disassembler for his/her assignment help them understand anything? The disassembler should be used for checking answers, that's it. – DigitalZebra Feb 01 '10 at 04:01
  • How do you guys know it's homework? He might be trying to determine the results of a sequence of bytes from a... dare I say it? Stack overflow! – Arthur Kalliokoski Feb 01 '10 at 04:09
  • 1
    @everyone here: as you can see, using the disassembler teaches two brand-new practical things to the op: hex editors and disassemblers on its own. so, its not all too bad to use a disassembler for this task ;-) – Frunsi Feb 01 '10 at 04:11
  • @akallio: check above comments, he doesn't know hex editors.. so no – Frunsi Feb 01 '10 at 04:11
  • Running the sequence of bytes through an online disassembler in 16, 32 and 64 bit modes didn't seem to make sense, since the stack pointer was and'ed with a constant, but wasn't restored before the 'leave ret' sequence. – Arthur Kalliokoski Feb 01 '10 at 04:18
  • @Arthur, the stack pointer doesn't need to be restored before leave, because the first thing leave does is to move [er]bp into [er]sp. – prl Jan 21 '18 at 20:20
1

I wouldn't use a disassembler, go through the instruction manual and figure out what each group of bits could mean. This will get you the corresponding assembly instruction. From there it shouldn't be too hard to get that into C. I agree with the other poster that it is messed up doing this assignment in x86. Something like SPARC or MIPS would be much easier (as these have fixed width instructions).

DigitalZebra
  • 39,494
  • 39
  • 114
  • 146
0

There's a much simpler method than those suggested, and I suspect this is the one the teacher has in mind:

  1. Go to a command prompt
  2. run Debug
  3. command "e"
  4. enter the byte values
  5. command "u"
  6. read the results

Decoding opcodes from the chart is very, very tedious, and I'd be surprised if that was what was intended.

egrunin
  • 24,650
  • 8
  • 50
  • 93
0

Use objdump -d if you're using Unix.

0fnt
  • 8,211
  • 9
  • 45
  • 62