Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
Announcements
FPGA community forums and blogs on community.intel.com are migrating to the new Altera Community and are read-only. For urgent support needs during this transition, please visit the FPGA Design Resources page or contact an Altera Authorized Distributor.
1135 Discussions

encoding disp32 in Amd64

anujgarg2004gmail_co
Beginner
‎06-23-2009 04:57 AM
1,260 Views
Solved Jump to solution
I want to encode the following instruction using the displacement bytes instead of SIB byte. Is it possible?

mov rcx, ptr[1CE26F0h]

the following encoding should work
48 0B 0D F0 26 CE 01

however the assembler is interpreting it as

mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]


where does this extra 7 come from. in other cases the interpretation of addresses is even different

00000000055C0251 48 8B 0D E8 26 C8 01 mov rcx,qword ptr [7242940h]


what am i doing wrong?

0 Kudos
1 Solution
MarkC_Intel
Moderator
‎06-23-2009 06:37 AM
1,260 Views
Solved Jump to solution
I want to encode the following instruction using the displacement bytes instead of SIB byte. Is it possible?
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]

Hi,
48 0B 0D F0 26 CE 01 is a RIP-relative "OR" instruction. (Did you mean 8B instead of 0B?)

% xed -64 -d 48 0b 0d f0 26 ce 01
SHORT: or rcx, qword ptr [rip+0x1ce26f0]

If you want a RIP-relative MOV, then you want this:

% xed -64 -e mov/64 rcx MEM8:RIP,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [RIP+0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0DF026CE01
.byte 0x48,0x8b,0x0d,0xf0,0x26,0xce,0x01

The disassembler will factor in the address of the instruction when presenting the actual address to you. That is probably where the 7 is coming from.

To answer your question: unless your dest is rAX, you need a SIB byte to get a displacement-only load. The A0...A3 opcodes can reference displacements without a SIB byte but use rAX as one operand.

To encode the instruction "mov RCX, qword ptr[1CE26F0]" -- not rip-relative, you'd want the following:

% xed -64 -e mov/64 RCX MEM8:-,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0C25F026CE01
.byte 0x48,0x8b,0x0c,0x25,0xf0,0x26,0xce,0x01

Also note, this references a very low address. Probably not what you want.

(Compiled versions of libxed (and the source examples) are available inside pin kits from http://www.pintool.org )

Regards,
Mark


View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
MarkC_Intel
Moderator
‎06-23-2009 06:37 AM
1,261 Views
Solved Jump to solution
I want to encode the following instruction using the displacement bytes instead of SIB byte. Is it possible?
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]

Hi,
48 0B 0D F0 26 CE 01 is a RIP-relative "OR" instruction. (Did you mean 8B instead of 0B?)

% xed -64 -d 48 0b 0d f0 26 ce 01
SHORT: or rcx, qword ptr [rip+0x1ce26f0]

If you want a RIP-relative MOV, then you want this:

% xed -64 -e mov/64 rcx MEM8:RIP,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [RIP+0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0DF026CE01
.byte 0x48,0x8b,0x0d,0xf0,0x26,0xce,0x01

The disassembler will factor in the address of the instruction when presenting the actual address to you. That is probably where the 7 is coming from.

To answer your question: unless your dest is rAX, you need a SIB byte to get a displacement-only load. The A0...A3 opcodes can reference displacements without a SIB byte but use rAX as one operand.

To encode the instruction "mov RCX, qword ptr[1CE26F0]" -- not rip-relative, you'd want the following:

% xed -64 -e mov/64 RCX MEM8:-,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0C25F026CE01
.byte 0x48,0x8b,0x0c,0x25,0xf0,0x26,0xce,0x01

Also note, this references a very low address. Probably not what you want.

(Compiled versions of libxed (and the source examples) are available inside pin kits from http://www.pintool.org )

Regards,
Mark


0 Kudos
Copy link
anujgarg2004gmail_co
Beginner
‎06-23-2009 10:09 AM
1,260 Views
Solved Jump to solution

Hi,
48 0B 0D F0 26 CE 01 is a RIP-relative "OR" instruction. (Did you mean 8B instead of 0B?)

% xed -64 -d 48 0b 0d f0 26 ce 01
SHORT: or rcx, qword ptr [rip+0x1ce26f0]

If you want a RIP-relative MOV, then you want this:

% xed -64 -e mov/64 rcx MEM8:RIP,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [RIP+0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0DF026CE01
.byte 0x48,0x8b,0x0d,0xf0,0x26,0xce,0x01

The disassembler will factor in the address of the instruction when presenting the actual address to you. That is probably where the 7 is coming from.

To answer your question: unless your dest is rAX, you need a SIB byte to get a displacement-only load. The A0...A3 opcodes can reference displacements without a SIB byte but use rAX as one operand.

To encode the instruction "mov RCX, qword ptr[1CE26F0]" -- not rip-relative, you'd want the following:

% xed -64 -e mov/64 RCX MEM8:-,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0C25F026CE01
.byte 0x48,0x8b,0x0c,0x25,0xf0,0x26,0xce,0x01

Also note, this references a very low address. Probably not what you want.

(Compiled versions of libxed (and the source examples) are available inside pin kits from http://www.pintool.org )

Regards,
Mark



thanx a lot for xed. i am actually writting an encoder so thats pretty handy. thanx for the explanation. i forgot about the RIP mode.
0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.