Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-03-2014, 08:54
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 4 Posts
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
XED2 (x86 encoder decoder) c++ library

Hi All,

I just want to use XED2 library made by Intel for assembly encoding. According to the documentation the asm syntax differs from MASM so I have to convert all my original assemblies to XED2 assembly. The question is how? I've read all docus and found out the basic differences but call and jump instructions are pretty special. Is there MASM -> XED conversion howto somewhere? For instance how can I convert the following to XED syntax:

1. call far 0x11223344
2. call near 0x11223344
3. call dword ptr [0x11223344]
4. jmp far 0x11223344
5. jmp near 0x11223344
6. jmp dword ptr [0x11223344]

Thanks in advance!

BR,
Ferrit
Reply With Quote
  #2  
Old 01-03-2014, 14:30
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 831
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 168
Thanks Rcvd at 343 Times in 193 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by ferrit.rce View Post
Hi All,

I just want to use XED2 library made by Intel for assembly encoding. According to the documentation the asm syntax differs from MASM so I have to convert all my original assemblies to XED2 assembly. The question is how? I've read all docus and found out the basic differences but call and jump instructions are pretty special. Is there MASM -> XED conversion howto somewhere? For instance how can I convert the following to XED syntax:

1. call far 0x11223344
2. call near 0x11223344
3. call dword ptr [0x11223344]
4. jmp far 0x11223344
5. jmp near 0x11223344
6. jmp dword ptr [0x11223344]

Thanks in advance!

BR,
Ferrit


if it's just up to changing 0x to ...h so regular expressions will help you here?..
Reply With Quote
  #3  
Old 01-03-2014, 16:59
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 4 Posts
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
Maybe I was not explicit enough

This works:
MASM: xor eax, eax
XED2: xor eax eax

Quote:
c:\pin-2.13-62141-msvc10-windows\extras\xed2-ia32\bin>xed.exe -e "xor eax eax"
Request: XOR MODE:1, REG0:EAX, REG1:EAX, SMODE:1
OPERAND ORDER: REG0 REG1
Encodable! 31C0
.byte 0x31,0xc0
This doesn't:
MASM: jmp far 0x11223344
XED2: jmp_far 0x11223344
XED2: jmp_far 11223344h
Quote:
c:\pin-2.13-62141-msvc10-windows\extras\xed2-ia32\bin>xed.exe -e "jmp_far 0x11223344"
[XED CLIENT ERROR] Bad register name: 0X11223344 on operand 1

c:\pin-2.13-62141-msvc10-windows\extras\xed2-ia32\bin>xed.exe -e "jmp_far 11223344h"
[XED CLIENT ERROR] Bad register name: 11223344H on operand 1
The question is the XED2 syntax.
Reply With Quote
  #4  
Old 01-03-2014, 17:38
ragdog ragdog is offline
Friend
 
Join Date: Feb 2011
Posts: 57
Rept. Given: 2
Rept. Rcvd 25 Times in 7 Posts
Thanks Given: 9
Thanks Rcvd at 6 Times in 4 Posts
ragdog Reputation: 25
Quote:
MASM: jmp_far 0x11223344
This is not masm you must remove 0x and add a h @ end

example
012345678h

Last edited by ragdog; 01-03-2014 at 17:45.
Reply With Quote
  #5  
Old 01-04-2014, 04:33
|roe |roe is offline
Friend
 
Join Date: Jun 2011
Location: Saturn V, towards the heaven
Posts: 50
Rept. Given: 194
Rept. Rcvd 24 Times in 17 Posts
Thanks Given: 2
Thanks Rcvd at 6 Times in 5 Posts
|roe Reputation: 24
Just a slight educated guess. I've read a little (scrambled) through some PDF's from various Universities mentioning xed2 keyword and found that this was made by Intel. Available at http://www.pinpoint.org

You may search there for "XED2" keyword and see if the Downloads and Discussions/Documentation help you. Seems they provide for a flavor of Operating Systems like Window$ and Linux.

And here is some more research from University
Code:
http://www.cs.virginia.edu/kim/publicity/pin/docs/20751/Xed/html/main.html
Edit: Hmm, actually you got me interested, let me download this and play a bit with it... you made me curious, albeit I am unfamiliar with cpp

Last edited by |roe; 01-04-2014 at 04:42.
Reply With Quote
  #6  
Old 01-05-2014, 05:42
h8er h8er is offline
Friend
 
Join Date: Jan 2002
Posts: 38
Rept. Given: 46
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 73
Thanks Rcvd at 11 Times in 5 Posts
h8er Reputation: 7
Hi, the documentation at cs.virginia.edu seems outdated, take look at the documentation in the folder pin-2.13-62141-msvc10-windows\extras\xed2-ia32\doc\ref-manual\html\group__CMDLINE.html or at this site

Code:
http://software.intel.com/sites/landingpage/pintool/docs/58423/Xed/html/group__CMDLINE.html
to encode a jmp you have to do something like this:

Code:
xed -e jmp "BRDISP:11223344"
Code:
g:\projects\pin-2.13-62141-msvc10-windows\extras\xed2-ia32\bin>xed -e jmp "BRDISP:11223344"
Request: JMP BRDISP_WIDTH:32, MODE:1, RELBR:0x11223344, SMODE:1
OPERAND ORDER: RELBR
Encodable! E944332211
.byte 0xe9,0x44,0x33,0x22,0x11

for pointers:

Code:
xed -e jmp "MEM4:EAX"
Code:
g:\projects\pin-2.13-62141-msvc10-windows\extras\xed2-ia32\bin>xed -e jmp "MEM4:
EAX"
Request: JMP EASZ:2, MEM_WIDTH:4, MEM0:dword ptr [EAX], MODE:1, SMODE:1
OPERAND ORDER: MEM0
Encodable! FF20
.byte 0xff,0x20

Last edited by h8er; 01-05-2014 at 05:54.
Reply With Quote
The Following User Gave Reputation+1 to h8er For This Useful Post:
ferrit.rce (01-05-2014)
  #7  
Old 01-05-2014, 06:52
h8er h8er is offline
Friend
 
Join Date: Jan 2002
Posts: 38
Rept. Given: 46
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 73
Thanks Rcvd at 11 Times in 5 Posts
h8er Reputation: 7
I can't edit the post above (don't know why), here is a jmp dword ptr [0x11223344]

Code:
xed -e jmp "MEM4:-,-,-,11223344"
Code:
g:\projects\pin-2.13-62141-msvc10-windows\extras\xed2-ia32\bin>xed -e jmp "MEM4:-,-,-,11223344"
Request: JMP DISP_WIDTH:32, MEM_WIDTH:4, MEM0:dword ptr [0x11223344], MODE:1, SMODE:1
OPERAND ORDER: MEM0
Encodable! FF2544332211
.byte 0xff,0x25,0x44,0x33,0x22,0x11
Reply With Quote
The Following 2 Users Gave Reputation+1 to h8er For This Useful Post:
ferrit.rce (01-05-2014), |roe (01-10-2014)
  #8  
Old 01-05-2014, 07:19
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 4 Posts
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
Hey h8er! You're the maaan
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LZMA1 encoder/decoder (ASM+C) mudlord Developer Section 6 11-05-2018 01:40


All times are GMT +8. The time now is 18:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX