最后一起看看Intel xed 反汇编引擎的使用方法,intel-xed是针对x86平台的反汇编引擎,对于其他架构的支持还是有所欠缺;
github:https://github.com/intelxed/xed --> xed
https://github.com/intelxed/mbuild --> mbuild
//解压初始代码
curits@curits-virtual-machine:~/Desktop$ unzip xed-master.zip
//从git拉mbuild代码
curits@curits-virtual-machine:~/Desktop$ git clone https://github.com/intelxed/mbuild.git mbuild
Cloning into 'mbuild'...
remote: Enumerating objects: 455, done.
remote: Total 455 (delta 0), reused 0 (delta 0), pack-reused 455
Receiving objects: 100% (455/455), 187.69 KiB | 9.00 KiB/s, done.
Resolving deltas: 100% (304/304), done.
//编译xed-master,会从当前目录或者上级目录找mbuild
curits@curits-virtual-machine:~/Desktop/xed-master$ ./mfile.py
...........................................
R: 1 P: 0 C: 112 E: 0 / 16 secs
[REMOVING] obj/libxed.a
R: 0 P: 0 C: 113 E: 0 / 16 secs
BUILT: /home/curits/Desktop/xed-master/obj/libxed.a
[XED KIT BUILD COMPLETE]
[ELAPSED TIME] 37 secs
[RETVAL=0]
//找到编译出来的xed二进制文件
curits@curits-virtual-machine:~/Desktop$ find xed-master/ -name xed
xed-master/obj/wkit/examples/obj/xed
xed-master/obj/wkit/bin/xed
xed-master/obj/wkit/include/xed
xed-master/include/public/xed
//参数以及使用方法
curits@curits-virtual-machine:~/Desktop$ cd xed-master/obj/wkit/bin/
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ls
xed xed-dec-print xed-ex1 xed-ex4 xed-ex6 xed-ex8 xed-ex-agen xed-ex-ild2 xed-min xed-size xed-tester
xed-asmparse-main xed-dll-discovery xed-ex3 xed-ex5-enc xed-ex7 xed-ex9-patch xed-ex-cpuid xed-find-special xed-reps xed-tables
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ./xed
ERROR: required argument(s) were missing
Copyright (C) 2019, Intel Corporation. All rights reserved.
XED version: [11.0.1]
Usage: ./xed [options]
One of the following is required:
-i input_file (decode elf-format file)
-ir raw_input_file (decode a raw unformatted binary file)
-ih hex_input_file (decode a raw unformatted ASCII hex file)
-d hex-string (decode one instruction, must be last)
-F prefix (decode ascii hex bytes after prefix)
(running in filter mode from stdin)
-ide input_file (decode/encode file)
-e instruction (encode, must be last)
-ie file-to-assemble (assemble the contents of the file)
-de hex-string (decode-then-encode, must be last)
Optional arguments:
-v N (0=quiet, 1=errors, 2=useful-info, 3=trace,
5=very verbose)
-xv N (XED engine verbosity, 0...99)
-chip-check CHIP (count instructions that are not valid for CHIP)
-chip-check-list (list the valid chips)
-s section (target section for file disassembly,
PECOFF and ELF formats only)
-n N (number of instructions to decode. Default 100M,
accepts K/M/G qualifiers)
-b addr (Base address offset, for DLLs/shared libraries.
Use 0x for hex addresses)
-as addr (Address to start disassembling.
Use 0x for hex addresses)
-ae addr (Address to end disassembling.
Use 0x for hex addresses)
-no-resync (Disable symbol-based resynchronization algorithm
for disassembly)
-ast (Show the AVX/SSE transition classfication)
-histo (Histogram decode times)
-I (Intel syntax for disassembly)
-A (ATT SYSV syntax for disassembly)
-isa-set (Emit the XED "ISA set" in dissasembly)
-xml (XML formatting)
-uc (upper case hex formatting)
-nwm (Format AVX512 without curly braces for writemasks, include k0)
-emit (Output __emit statements for the Intel compiler)
-S file Read symbol table in "nm" format from file
-dot FN (Emit a register dependence graph file in dot format.
Best used with -as ADDR -ae ADDR to limit graph size.)
-r (for REAL_16 mode, 16b addressing (20b addresses),
16b default data size)
-r32 (for REAL_32 mode, 16b addressing (20b addresses),
32b default data size)
-16 (for LEGACY_16 mode, 16b addressing,
16b default data size)
-32 (for LEGACY_32 mode, 32b addressing,
32b default data size -- default)
-64 (for LONG_64 mode w/64b addressing
Optional on windows/linux)
-mpx (Turn on MPX mode for disassembly, default is off)
-cet (Turn on CET mode for disassembly, default is off)
-s32 (32b stack addressing, default, not in LONG_64 mode)
-s16 (16b stack addressing, not in LONG_64 mode)
-set OP VAL (Set a XED operand to some integer value)
-version (The version message)
-help (This help message)
//把xed工具用起来
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ sudo ./xed -ir /home/curits/Desktop/ins.txt -64
[sudo] password for curits:
XDIS 0: WIDENOP BASE 0F1F440000 nop dword ptr [rax+rax*1], eax
XDIS 5: PUSH BASE 55 push rbp
XDIS 6: DATAXFER BASE 4889E5 mov rbp, rsp
XDIS 9: POP BASE 5D pop rbp
XDIS a: RET BASE C3 ret
XDIS b: WIDENOP BASE 0F1F440000 nop dword ptr [rax+rax*1], eax
# end of text section.
# Errors: 0
#XED3 DECODE STATS
#Total DECODE cycles: 150496
#Total instructions DECODE: 6
#Total tail DECODE cycles: 150496
#Total tail instructions DECODE: 6
#Total cycles/instruction DECODE: 25082.67
#Total tail cycles/instruction DECODE: 25082.67
//xed bin file文件大小
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ls -alh | grep xed
-rwxr-xr-x 1 curits curits 8.9M 10月 28 11:28 xed
成功的把从内存dump出来的函数反汇编,从反汇回来的数据可以看到,末尾有对所有反汇编情况的说明,有没有发生错误,decode反汇编指令的条数等等;