I'm developing a disassembler for the 32-bit x86 instruction set. My code currently decodes most 1 and 2 byte opcodes correctly, but I have run into a problem. When I compare the output of my code to Objdump, I find that Objdump sees the following:-
89 14 98 mov %edx,(%eax,%ebx,4)
8b 45 d8 mov -0x28(%ebp),%eax
On the other hand, my code gives:-
89 14 98 8B 45 D8 89 MOV.
From my understanding of Intels documentation (The Modrm and Sib addressing form tables), this byte stream should be interpreted as:-
89 - The opcode
14 - The Modrm byte
98 - The Sib byte specified by the Modrm byte
8B 45 D8 89 - The four byte displacement specified by the Sib byte.
Objdump says that there are no displacement bytes, but both my code and Intels documentation appear (to me at least) to say otherwise.
If anyone could point out where my error is, it would be much appreciated.
0 · ·