[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: QEMU Disassembler
|
From: |
Richard Henderson |
|
Subject: |
Re: QEMU Disassembler |
|
Date: |
Mon, 27 Jun 2022 12:50:17 +0530 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 |
On 6/27/22 12:10, Kenneth Adam Miller wrote:
Actually, I have gotten the QEMU disassembler to run with some short customization. But I
am having trouble understanding the output. I see lots of lines like this:
|
OBJD-H: 06040102a83507000cd8027620272573004c000004c0000d20c100782244038c
You want --enable-capstone, and to have libcapstone-dev installed.
But for the record, these lines can be decoded by e.g.
./scripts/disas-objdump.pl -h i386:x86-64 <dumpfile>
to turn
PROLOGUE: [size=45]
0x7f5010000000:
OBJD-H: 55534154415541564157488bef4881c478fbffffffe633c04881c488040000c5
OBJD-H: f877415f415e415d415c5b5dc3
into
PROLOGUE: [size=45]
0x7f5010000000:
7f5010000000: 55 push %rbp
7f5010000001: 53 push %rbx
7f5010000002: 41 54 push %r12
7f5010000004: 41 55 push %r13
7f5010000006: 41 56 push %r14
7f5010000008: 41 57 push %r15
7f501000000a: 48 8b ef mov %rdi,%rbp
7f501000000d: 48 81 c4 78 fb ff ff add $0xfffffffffffffb78,%rsp
7f5010000014: ff e6 jmp *%rsi
7f5010000016: 33 c0 xor %eax,%eax
7f5010000018: 48 81 c4 88 04 00 00 add $0x488,%rsp
7f501000001f: c5 f8 77 vzeroupper
7f5010000022: 41 5f pop %r15
7f5010000024: 41 5e pop %r14
7f5010000026: 41 5d pop %r13
7f5010000028: 41 5c pop %r12
7f501000002a: 5b pop %rbx
7f501000002b: 5d pop %rbp
7f501000002c: c3 ret
r~