1

I created a simple c++ source file with the following code:

    int main() {
    int a = 1;
    int b = 2;
    if(a < b) {
        return 1;
    }
    else if(a > b) {
        return 2;
    }
    else {
        return 3;
    }
}

I used the objdump command to get the assembly code for the above source code.
The line int b = 2; got converted into mov DWORD PTR [rbp-0x4], 0x2.
Its corresponding machine code is C7 45 FC 02 00 00 00 (hex format).

I would like to know how I can convert assembly code into binary code. I went through the Intel Reference Manual for x86-64, but I was not able to understand it, since I am new to low level programming.

Improve this question
3
  • 1
    What do you mean by 'convert'? Using a program? Doing it manually? Commented May 24, 2017 at 14:57
  • Converting it manually. Commented May 24, 2017 at 14:58
  • 1
    int b = 2; is NOT Assembly language. The difference is, that C is compiled language, so the line int b = 2; may be implemented in many different ways (even removed completely by optimizer), depending on what compiler will decide, how to produce machine code which will produce results as defined by C language standard. Assembly language is different in a way, that Assembler is not compiler of this kind, when you write in Assembly add rax,rbx, it will be compiled as that, not changing the instruction, or removing by some kind of optimizer, so that's more like "1:1 transformation". Commented May 24, 2017 at 15:07

1 Answer 1

Reset to default
6

You should read the Intel manuals, it explains how to do that. For a simpler reference, read this. The way x86 instructions are encoded is fairly straightforward, but the number of possibilities can be a bit overwhelming.

In a nutshell, an x86 instruction comprises the following parts, where every part except the opcode may be missing:

prefix opcode operands immediate

The prefix field may modify the behaviour of the instruction, which doesn't apply to your use case. You can look up the opcode in a reference (I like this one), for example, mov r/m32, imm32 is C7 /0 which means: The opcode is C7 and one of the two operands is zero, encoding an extended opcode. The instruction thus has the form

C7 /0 imm32

The operand/extended opcode is encoded as a modr/m byte with an optional sib (scale index base) byte for some addressing modes and an optional 8 bit or 32 bit displacement. You can look up what value you need in the reference. So in your case, you want to encode a memory operand [rbp] with a one byte displacement and a register operand of 0, leading to the modr/m byte 45. So the encoding is:

C7 45 disp8 imm32

Now we encode the 8 bit displacement in two's complement. -4 corresponds to FC, so this is

C7 45 FC imm32

Lastly, we encode the 32 bit immediate, which you want to be 2. Note that it is in little endian:

C7 45 FC 02 00 00 00

And that's how the instruction is encoded.

Improve this answer
Sign up to request clarification or add additional context in comments.

19 Comments

So int the the link you provided, I went to C7 1 Byte Opcode, and it is for MOV instruction. but what does the two operand Evqp and Ivds mean, do they correspond to rm32 addressing and immediate? Thank you for the help
See this page for the meaning of the fields. The reference I linked is highly condensed but more difficult to read.
Okay great. Another question was that you said "I wanted to encode rbp register with 1 byte displacement(8 bits)[DWORD PTR [rbp-0x4]]" , when I was seeing the table for MOD r/m in the link I am also seeing a version of 32 bits displacements, can you give me an example of that?
@AbhisheykDeb The 48 prefix is a REX.W prefix. It indicates that the operand size is 64 bit instead of 32 bit.
@AbhisheykDeb Can you please not ask hundreds of questions in comments? This is the last follow-up I am going to answer. Yes, the 15 byte limit applies to 64 bit moe, too. If an instruction-encoding would be longer than 15 byte, that instruction encoding is invalid.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.