Not listed here are floating-point instructions, privileged instructions, and instructions that are used only in segmented models (which Microsoft Win32 does not use). Some of the instructions have both 16-bit and 32-bit versions, but only the 32-bit versions are listed here. The result is stored into the destination. However, there can be some exceptions to this rule.Īrithmetic instructions are typically two-register with the source and destination registers combining. The general notation for instructions is to put the destination register on the left and the source on the right. Find the end of the data and continue disassembling there. There is a possibility, unfortunately, that the disassembly will never synchronize with the instruction stream and you will have to try disassembling at a different starting point until you find a starting point that works.įor well-packed switch statements, the compiler emits data directly into the code stream, so disassembling through a switch statement will usually stumble across instructions that make no sense (because they are really data). The first few instructions may not make any sense because you may have started disassembling in the middle of an instruction. To disassemble backward from an address, you should start disassembling at a point further back than you really want to go, then look forward until the instructions start making sense. On the x86 processor, instructions are variable-sized, so disassembling backward is an exercise in pattern matching. Instructions not so marked are not critical. In the lists in this section, instructions marked with an asterisk ( *) are particularly important.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |