I am writing a disassembler and I was reviewing the instruction format (and doing some disassembling by hand) and I ran into an instruction that I can't seem to be able to decode.
The output for that particular instruction (from objdump) is:
c6 05 14 a0 04 08 01 movb $0x1,0x804a014
However, I dont understand how the instruction is decoded, since the opcode c6 is supposed to be MOV Eb Ib (Mod R/M to imm8).
Can somebody enlighten me as to how it is decoded?
Thanks!
This is explained (in part) by Alex Frunze's answer, but his is a bit terse, so I will provide some explantation here:
- The opcode is c6/0, which indicates that there are 2 operands to the instruction. One is an r/m 8, which means an operand encoded in mod/rm byte, and an immediate operand. Both operands are 8 bits wide.
- The /0 in the opcode means that part of the opcode is encoded in the mod/rm byte. Bits 3-5 in the mod/rm byte are part of the opcode. When you have c6 followed by a mod/rm byte whose bits 3-5 have the value 0, you get an mov opcode.
- The value 5 (the byte that immedietly follows c6), corresponds to an r/m byte of 00 000 101 (in binary).
- The "last three" (bits 0-2) of the r/m byte correspond to the r/m field. An r/m value of 101 (5) means "use a displacement dword", so the next 4 bytes following the mod/rm byte form an immediate address.
- 14 a0 04 08 is the little endian encoding of 0x0804a014
- The last byte 1 is the immediate value to load into the address
I hope this helps.