Disassembly

[HellOfMice]

When we write our code sometime we donn't  take care what the assembler really selects: MOV [A + B],al or MOV [B + A],al
it is the same but there are cases when it is not possible to proceed like this.

I take this case always with ADC but is is good for many others opcodes:

10 1C 0C   ADC BYTE PTR [RCX + RSP],BL   => Base = RSP = 100; Index = RCX = 001   00 001 100 => [(1 * RCX) + RSP] => 10 1C 0c
10 1C 0C   ADC BYTE PTR [RSP + RCX],BL   => Base = 000 = 000; Index = 000         00 000 001 => Invalid

MODREGR/M : 1C = 00 011 100 => SIB
Identifies BL (011) and a SIB (100)
SIB = 00 001 100 Scale = 00 => Scale = (1 *)
Index = 001 => RCX
Base = 100  => RSP
So we get ADC [(1 * RCX) + RSP)] => 10 1C 0C => GOOD
----------------------------------------------------------------------
ADC BYTE PTR [RSP + RCX],BL
is Invalid because the Index 100 sets adresse to 0
[(1 * 0) + RCX] for this code AMD says:

Register specification is null. The scale index portion of the indexed register-indirect effective address is set to 0.

In the SIB bits 7-6 = Scale, 5-3 = Index, 2-0 = Base

If that could be encoded it could not be with
an even code, because the value of RCX is 001 so 0C is FALSE

If we apply the AMD rule, the result is ADC [(1 * 0) + RCX],BL
=> ADC [RCX],BL => SIB = 00 000 001
and the whole opcode is 10 1c 01 but is shorter with 10 01
----------------------------------------------------------------------
I have tried to join INTEL and AMD forum without success because I should like
to if I make an error or not and should like to know the reason of this encoding form.
If someone as some information, I hope he will share them

[TimoVJL]

Have to confess, that you have a challenging project 

For me, supporting Pelle's C have been enough.
Pelles C debug format could be a interesting project to someone.
A debug coff format isn't enough for new debuggers and analyzers.

[HellOfMice]

Yes it is a great challenge and I don't want to do like everyone does. A big problem will be to detect alignment because it does not always use NOP but prefixes. It is hard to find valid informations and when found it is hard to understand.
Rather than taking the opcode in tables, I search all the possibilities. For now I have found 80 000 cases but I am reducing this number drasticaly. In my test I added prefixes that are not used in normal coding. For example if the 66h prefix is before a REX prefix, the REX prefix has the priority so the 66h has no reason to be there.

Now I have many docs that correct the error I have made. The X64 is a strange processor, for me it is an X32 extended, with just 64 bits registers but it can't address memory > 32 bits! You can address the same memory with a 64 bits register or with a 32 bits register!

With this processor you always change from 16 bits to 32 bits to 64 bits! You loose speed. I think that it is better to stay in 64 bits mode and don't use 32 or 16 bits.
That means when calling a windows function don't put on the stack 32 bits registers but 64 bits registers. That creates more trafic on band width.

Thank you to support me

A+

Philippe

[HellOfMice]

This afternoon, in a message I said that I had found 80,000 combinations for ADC, but that I was doing and that it was going down a lot, drastically. Indeed, the number of combinations has really changed, but not in a good way, now I have 249,817! And I didn't generate everything.

I have the impression that people are going to make fun of me.

Too bad, we're here for that too.

[HellOfMice]

Now all that has been simplified and resumed in 130 lines.

[HellOfMice]

I made a program that is able to generate the codes for other instructions.
The program generates duplicates.
There are no problems to remove them with NotePad++ (https://notepad-plus-plus.org/downloads/)

Code: [Select]

int main(int argc, char *argv[])
{
    char    _szTmp[1024];

    HANDLE hFile;

   lstrcpy(szInstruction,"ADD") ;      // <-------------- JUST CHANGE THE INSTRUCTION HERE

   sqlite3_snprintf(sizeof(_szTmp),_szTmp,".\\%s.txt",szInstruction) ;
   DeleteFile(_szTmp) ;

    hFile = CreateFile(_szTmp,GENERIC_READ|GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL) ;
   if(hFile == INVALID_HANDLE_VALUE)
      return (-1) ;

//   ********************************************************
   DoTheJob_01(hFile,Reg8_0,127) ;
   DoTheJob_01(hFile,Reg8_1,127) ;
   DoTheJob_02(hFile,Reg8_0,Reg8_0) ;
   DoTheJob_02(hFile,Reg8_1,Reg8_1) ;
   DoTheJob_03(hFile,Reg8_0,"BYTE PTR") ;
   DoTheJob_03(hFile,Reg8_1,"BYTE PTR") ;
   DoTheJob_04(hFile,Reg8_0,"BYTE PTR") ;
   DoTheJob_04(hFile,Reg8_1,"BYTE PTR") ;
   DoTheJob_05(hFile,Reg8_0,"BYTE PTR",Reg64_3) ;
   DoTheJob_05(hFile,Reg8_1,"BYTE PTR",Reg64_4) ;
   DoTheJob_06(hFile,Reg8_0,"BYTE PTR",Reg64_3) ;
   DoTheJob_06(hFile,Reg8_1,"BYTE PTR",Reg64_4) ;
   DoTheJob_07(hFile,Reg8_0,"BYTE PTR",Reg32_0) ;
   DoTheJob_07(hFile,Reg8_1,"BYTE PTR",Reg32_1) ;
//   ********************************************************
   DoTheJob_01(hFile,Reg16_0,65535) ;
   DoTheJob_01(hFile,Reg16_1,65535) ;
   DoTheJob_02(hFile,Reg16_0,Reg16_0) ;
   DoTheJob_02(hFile,Reg16_1,Reg16_1) ;
   DoTheJob_03(hFile,Reg16_0,"WORD PTR") ;
   DoTheJob_03(hFile,Reg16_1,"WORD PTR") ;
   DoTheJob_04(hFile,Reg16_0,"WORD PTR") ;
   DoTheJob_04(hFile,Reg16_1,"WORD PTR") ;
   DoTheJob_05(hFile,Reg16_0,"WORD PTR",Reg64_3) ;
   DoTheJob_05(hFile,Reg16_1,"WORD PTR",Reg64_4) ;
   DoTheJob_06(hFile,Reg16_0,"WORD PTR",Reg64_3) ;
   DoTheJob_06(hFile,Reg16_1,"WORD PTR",Reg64_4) ;
   DoTheJob_07(hFile,Reg16_0,"WORD PTR",Reg32_0) ;
   DoTheJob_07(hFile,Reg16_1,"WORD PTR",Reg32_1) ;
//   ********************************************************
   DoTheJob_01(hFile,Reg32_0,0x12345678) ;
   DoTheJob_01(hFile,Reg32_1,0x12345678) ;
   DoTheJob_02(hFile,Reg32_0,Reg32_0) ;
   DoTheJob_02(hFile,Reg32_1,Reg32_1) ;
   DoTheJob_03(hFile,Reg32_0,"DWORD PTR") ;
   DoTheJob_03(hFile,Reg32_1,"DWORD PTR") ;
   DoTheJob_04(hFile,Reg32_0,"DWORD PTR") ;
   DoTheJob_04(hFile,Reg32_1,"DWORD PTR") ;
   DoTheJob_05(hFile,Reg32_0,"DWORD PTR",Reg64_3) ;
   DoTheJob_05(hFile,Reg32_1,"DWORD PTR",Reg64_4) ;
   DoTheJob_06(hFile,Reg32_0,"DWORD PTR",Reg64_3) ;
   DoTheJob_06(hFile,Reg32_1,"DWORD PTR",Reg64_4) ;
   DoTheJob_07(hFile,Reg32_0,"DWORD PTR",Reg32_0) ;
   DoTheJob_07(hFile,Reg32_1,"DWORD PTR",Reg32_1) ;
//   ********************************************************
   DoTheJob_01(hFile,Reg64_0,0x12345678) ;
   DoTheJob_01(hFile,Reg64_1,0x12345678) ;
   DoTheJob_02(hFile,Reg64_0,Reg64_0) ;
   DoTheJob_02(hFile,Reg64_1,Reg64_1) ;
   DoTheJob_03(hFile,Reg64_0,"QWORD PTR") ;
   DoTheJob_03(hFile,Reg64_1,"QWORD PTR") ;
   DoTheJob_04(hFile,Reg64_0,"QWORD PTR") ;
   DoTheJob_04(hFile,Reg64_1,"QWORD PTR") ;
   DoTheJob_05(hFile,Reg64_0,"QWORD PTR",Reg64_3) ;
   DoTheJob_05(hFile,Reg64_1,"QWORD PTR",Reg64_4) ;
   DoTheJob_06(hFile,Reg64_0,"QWORD PTR",Reg64_3) ;
   DoTheJob_06(hFile,Reg64_1,"QWORD PTR",Reg64_4) ;
   DoTheJob_07(hFile,Reg64_0,"QWORD PTR",Reg32_0) ;
   DoTheJob_07(hFile,Reg64_1,"QWORD PTR",Reg32_1) ;
//   ********************************************************
   CloseHandle(hFile) ;

   printf("Hello, world I have finished!\n");
   return 0;
}
I join the project in this post and two samples in another one.
I join the result of a compilation un poasm to show you that the generated code does not produce errors.

[HellOfMice]

Here are the samples
Listing created with PoAsm

4B 13 7C DD 00           |          ADC      RDI,QWORD PTR [R13 + 8 * R11]
4B 13 7C E5 00           |          ADC      RDI,QWORD PTR [R13 + 8 * R12]
4B 13 7C ED 00           |          ADC      RDI,QWORD PTR [R13 + 8 * R13]
4B 13 7C F5 00           |          ADC      RDI,QWORD PTR [R13 + 8 * R14]
4B 13 7C FD 00           |          ADC      RDI,QWORD PTR [R13 + 8 * R15]
4B 13 84 00 DD DD DD DD  |          ADC      RAX,QWORD PTR [2 * R8 + 00000000DDDDDDDDh]
4B 13 84 00 DD DD DD DD  |          ADC      RAX,QWORD PTR [R8 + R8 + 00000000DDDDDDDDh]
4B 13 84 01 DD DD DD DD  |          ADC      RAX,QWORD PTR [R9 + R8 + 00000000DDDDDDDDh]
4B 13 84 02 DD DD DD DD  |          ADC      RAX,QWORD PTR [R10 + R8 + 00000000DDDDDDDDh]
4B 13 84 03 DD DD DD DD  |          ADC      RAX,QWORD PTR [R11 + R8 + 00000000DDDDDDDDh]
4B 13 84 04 DD DD DD DD  |          ADC      RAX,QWORD PTR [R12 + R8 + 00000000DDDDDDDDh]
4B 13 84 05 DD DD DD DD  |          ADC      RAX,QWORD PTR [R13 + R8 + 00000000DDDDDDDDh]
4B 13 84 06 DD DD DD DD  |          ADC      RAX,QWORD PTR [R14 + R8 + 00000000DDDDDDDDh]
4B 13 84 07 DD DD DD DD  |          ADC      RAX,QWORD PTR [R15 + R8 + 00000000DDDDDDDDh