Reputation: 1
java byte code in 64bit
I have looked over the instruction set for x86_64bit machine and try to match but unfortunately didn't get any solution. I don't want the exact answer, just asking if someone know the steps to solve this problem or if there are any tools to solve it.
Thanks for your time
Upvotes: 0
Views: 360
Answers (2)
Reputation: 88378
Use gdb. You can define data bytes in a sequence, then use the disassembly operation. Let me know if you need this answer expanded.
EDIT. Because this is homework, you should probably do it by hand.
The decoding tables at sandpile.org are pretty good. Click on "one byte opcodes" to start.
Your machine language is:
ba000000004885ff74144889fa8b073b02480f4cd7488b7f084885ff75ef4889d0c3
so your first byte is ba. Look that up in the table. It says MOV rDX,Iv (r10,Iv). There is no REX prefix so it is a move into edx. To understand the I and the v, go to http://www.sandpile.org/x86/opc_enc.htm. Here we see the capital I means immediate and the lower case v is either a word or dword or qword. As you are moving into edx you have a dword, so look at the next 8 bytes after the ba. They are all zeros so your first instruction is mov edx, 0. Painful, yes, but it's homework. If you haven't covered the use of these decoding tables yet, then use the nice techniques presented in user786653's answer.
Upvotes: 0
Reputation: 30460
First of all, get that byte stream written to a file. That's a lot easier to work with than a string. There are many ways to solve that particular problem I just used what came first to mind (probably highly suboptimal):
echo -n `echo ba000000004885ff74144889fa8b073b02480f4cd7488b7f084885ff75ef4889d0c3 | sed 's/(..)/\\x\1/g'` > f.bin
Now you can use various tools to disassemble the file:
e.g.
ndisasm -b 64 f.bin
-b selects 64-bit default mode
or
objdump -D -b binary -m i386:x86-64:intel f.bin
-D means disassemble all sections, -b binary specifies that the file is a binary file (rather than e.g. an object file), and -m i386:x86-64:intel selects 64-bit x86-64 decoding with intel syntax.
You can also look at an opcode map to decode the stream. Starting out we see BA which matches B8+r which is MOV r16/32/64 imm16/32/64. Since the instruction doesn't have a REX prefix it's the r32 imm32 version. In this case is r == 0xBA-0xB8 == 2, looking at the "32/64-bit ModR/M Byte" table we see that r is edx. The immediate follows in the next 4 bytes (in this case it is 0). The instruction in other words decodes to:
mov edx, 0
The next instruction starts with a REX.W prefix (48) followed by TEST r/m16/32/64 r16/32/64 (85). You should be able to decode the follow ModR byte on your own.
A final hint: You might want to look at objdumps --adjust-vma command line option.
Upvotes: 3
Related Questions
- How do I make 32 bit or 64 bit application?
- Converting int/long to 64-bit binary
- Java compiled on 32-bit OS runtime issues on 64-bit OS
- Java BitShift difference between 32 and 64 bit JVM
- JAVA SE x86 or x64?
- Java 32 bits JRE: can this JRE run a 64 bit program?
- Converting long[64] to byte[512] in Java?
- Can a .class file generated using a 32 bit java compiler be used on a 64 bit system with 64 bit JVM?
- Java 64 bit JDK question
- Java programing for 64 bit JVM