Re: disassembler prefix-byte check -- wanting comments good and bad

From: Matt Taylor (para_at_tampabay.rr.com)
Date: 03/26/04 

Date: Fri, 26 Mar 2004 15:38:56 +0000 (UTC)

"Bx.C" <invalid-email-address@invalid.shiragajin> wrote in message
news:0bN8c.61769$zP2.30474@bignews5.bellsouth.net...
> i'm looking for any and all comments i can get regarding the code snippet
> below (other than the 32-bit vs 16-bit argument... i'll be making a 32-bit
> version... somewhere in the future...
>
> every bit in the word [prefix_flags] has special meaning to this code...
> check the description down at the very bottom of the snippet if things get
> confusing... please try to find any and all possible bugs that you can....
> naturally this code will be reading unknown data, so i want to be certain
> that all possible byte combinations have been considered for this code
> snippet...
>
> ....i'm thinking of throwing in a check, to see if BX=0000Eh before
> incrementing again... this is because you can only have a maximum of 14
> prefix bytes (considering multiple prefix bytes here)... as the 15th byte
> has to be an opcode byte,... if it's another prefix byte then you get
#UD...
> so i'm trying to figure out how I want to handle this situation... please
> give any and all possible ideas for this....
<snip>

It doesn't make much sense to write something this complex in assembly.
Prefix decoding is the easy part; decoding ModR/M and SIB bytes is a
nuisance, and decoding opcodes much more so.

Also, the magical limit of 15 does not apply specifically to prefix bytes.
The entire instruction must fit into 15 bytes, so you can have up to 13
prefix bytes when dealing with 0F opcodes. It gets even more complicated
with ModR/M processing. There are a number of cases with 8 bytes of
immediates in the opcode (disp32 + imm32), and in those cases you can't have
more than 5 prefix bytes.

-Matt

Relevant Pages

  • Re: [PATCH -tip 3/6 V4.1] x86: instruction decorder API
    ... see in one place everything you're saying about a particular opcode. ... I have an idea about instruction table. ... Opcode is a REX prefix. ... ModRM 'reg' type or special operand bits ...
    (Linux-Kernel)
  • Re: disassembler prefix-byte check -- wanting comments good and bad
    ... | your opcode is... ... my disassembler work that way. ... | mark down your prefix flag somewhere... ... | thing is that needs to be displayed, ...
    (alt.lang.asm)
  • Re: Writing a disassembler ?
    ... A prefix class, with a byte prefix which identifies which prefix is ... An opcode class with byteopcode, ... A modrm class with a byte modrm and sib, along with boolean flags ... A displacement class with a byte displacement and boolean whether ...
    (comp.compilers)
  • Re: Question about Instruction Format (ModR/M)
    ... Opcode may have length 1, 2, 3 bytes. ... prefix of a valid opcode of length k+1 bytes (escape bytes are used to ... Appendix A) you can find out if you need ModRM byte -- check the ... ModRM is 100 then there is SIB byte. ...
    (comp.lang.asm.x86)
  • Re: Need help wiith TAL proc call PROCESS_GETINFOLIST_
    ... In the code snippet, your SEARCH^VALUES^LEN is incorrect. ... bytes for the integer length prefix ... Posted with NewsLeecher v3.95 Beta 3 ...
    (comp.sys.tandem)