- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to encode the following instruction using the displacement bytes instead of SIB byte. Is it possible?
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]
where does this extra 7 come from. in other cases the interpretation of addresses is even different
00000000055C0251 48 8B 0D E8 26 C8 01 mov rcx,qword ptr [7242940h]
what am i doing wrong?
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]
where does this extra 7 come from. in other cases the interpretation of addresses is even different
00000000055C0251 48 8B 0D E8 26 C8 01 mov rcx,qword ptr [7242940h]
what am i doing wrong?
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - anujgarg2004gmail.com
I want to encode the following instruction using the displacement bytes instead of SIB byte. Is it possible?
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]
Hi,
48 0B 0D F0 26 CE 01 is a RIP-relative "OR" instruction. (Did you mean 8B instead of 0B?)
% xed -64 -d 48 0b 0d f0 26 ce 01
SHORT: or rcx, qword ptr [rip+0x1ce26f0]
If you want a RIP-relative MOV, then you want this:
% xed -64 -e mov/64 rcx MEM8:RIP,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [RIP+0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0DF026CE01
.byte 0x48,0x8b,0x0d,0xf0,0x26,0xce,0x01
The disassembler will factor in the address of the instruction when presenting the actual address to you. That is probably where the 7 is coming from.
To answer your question: unless your dest is rAX, you need a SIB byte to get a displacement-only load. The A0...A3 opcodes can reference displacements without a SIB byte but use rAX as one operand.
To encode the instruction "mov RCX, qword ptr[1CE26F0]" -- not rip-relative, you'd want the following:
% xed -64 -e mov/64 RCX MEM8:-,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0C25F026CE01
.byte 0x48,0x8b,0x0c,0x25,0xf0,0x26,0xce,0x01
Also note, this references a very low address. Probably not what you want.
(Compiled versions of libxed (and the source examples) are available inside pin kits from http://www.pintool.org )
Regards,
Mark
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - anujgarg2004gmail.com
I want to encode the following instruction using the displacement bytes instead of SIB byte. Is it possible?
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]
mov rcx, ptr[1CE26F0h]
the following encoding should work
48 0B 0D F0 26 CE 01
however the assembler is interpreting it as
mov rcx,qword ptr [1CE26F7h] instead of
mov rcx, ptr[1CE26F0h]
Hi,
48 0B 0D F0 26 CE 01 is a RIP-relative "OR" instruction. (Did you mean 8B instead of 0B?)
% xed -64 -d 48 0b 0d f0 26 ce 01
SHORT: or rcx, qword ptr [rip+0x1ce26f0]
If you want a RIP-relative MOV, then you want this:
% xed -64 -e mov/64 rcx MEM8:RIP,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [RIP+0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0DF026CE01
.byte 0x48,0x8b,0x0d,0xf0,0x26,0xce,0x01
The disassembler will factor in the address of the instruction when presenting the actual address to you. That is probably where the 7 is coming from.
To answer your question: unless your dest is rAX, you need a SIB byte to get a displacement-only load. The A0...A3 opcodes can reference displacements without a SIB byte but use rAX as one operand.
To encode the instruction "mov RCX, qword ptr[1CE26F0]" -- not rip-relative, you'd want the following:
% xed -64 -e mov/64 RCX MEM8:-,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0C25F026CE01
.byte 0x48,0x8b,0x0c,0x25,0xf0,0x26,0xce,0x01
Also note, this references a very low address. Probably not what you want.
(Compiled versions of libxed (and the source examples) are available inside pin kits from http://www.pintool.org )
Regards,
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - Mark Charney (Intel)
Hi,
48 0B 0D F0 26 CE 01 is a RIP-relative "OR" instruction. (Did you mean 8B instead of 0B?)
% xed -64 -d 48 0b 0d f0 26 ce 01
SHORT: or rcx, qword ptr [rip+0x1ce26f0]
If you want a RIP-relative MOV, then you want this:
% xed -64 -e mov/64 rcx MEM8:RIP,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [RIP+0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0DF026CE01
.byte 0x48,0x8b,0x0d,0xf0,0x26,0xce,0x01
The disassembler will factor in the address of the instruction when presenting the actual address to you. That is probably where the 7 is coming from.
To answer your question: unless your dest is rAX, you need a SIB byte to get a displacement-only load. The A0...A3 opcodes can reference displacements without a SIB byte but use rAX as one operand.
To encode the instruction "mov RCX, qword ptr[1CE26F0]" -- not rip-relative, you'd want the following:
% xed -64 -e mov/64 RCX MEM8:-,-,-,01ce26f0
Request: MOV DISP_WIDTH:32, EOSZ:3, MEM_WIDTH:8, MEM0:qword ptr [0x1ce26f0], MODE:2, REG0:RCX, SMODE:2
OPERAND ORDER: REG0 MEM0
Encodable! 488B0C25F026CE01
.byte 0x48,0x8b,0x0c,0x25,0xf0,0x26,0xce,0x01
Also note, this references a very low address. Probably not what you want.
(Compiled versions of libxed (and the source examples) are available inside pin kits from http://www.pintool.org )
Regards,
Mark
thanx a lot for xed. i am actually writting an encoder so thats pretty handy. thanx for the explanation. i forgot about the RIP mode.

Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page