The command line tool called xed or xed.exe is built when you build the examples (Examples of using Intel® XED) that come with Intel® XED.
More...
The command line tool called xed or xed.exe is built when you build the examples (Examples of using Intel® XED) that come with Intel® XED.
This tool is useful for encoding and decoding or even decoding-then-re-encoding a single instruction or all the instructions in the text segment of an ELF binary (32 or 64b). For decoding, just jump to the examples.
This section also explains a little language for writing the instructions for encode requests (-e option). This tool is constantly updated. The xed-ex3 (xed-ex3.exe) example is just the encoder portion of the xed command line tool.
The SUPPRESSED operands emitted by the decoder are not used when encoding. They are ignored. They are not required to select an encoding.
The syntax for encodable strings is as follows:
Opcode[/width] [operand [operand]]
The width is a 8, 16, 32 or 64, indicating the effective operand width if it differs from the default. 8b operations generally require this. Or since most operations that default to 32b widths in 64b mode, it is required for 64b operation widths in 64b mode.
The operand specifier is one of the following.
- A register name such as EAX or R8B, etc. Case does not matter.
- An immediate specifier such as IMM:12ff
- A branch displacement specifier such as BRDISP:0000001f
- A memory specifier that indicates the base register, index register, scale value, and displacement value. If one of the fields is not required, a - is necessary. The displacement is omittable. For example: MEM4:ESI,EAX,8,ff or MEM4:EBX. The first one specifies that the memory address 4 bytes and should be ESI + EAX * 8 + 0xff. The second one specifies that EBX should be used to access 4 bytes of memory; note the displacement is omitted. A segment override can be specified as follows: MEM4:GS:EAX by using a segment-name followed by a ":" before the base register. If there is no base register, you can use a "-", for example: MEM4:GS:-,-,11223344. One also needs to specify a memory operation width. This can be accomplished by indicating a number of bytes just after the MEM specifier. For example: MEM2:EAX indicates a 2 byte memory operation.
- An address generation specifer that has the same syntax as the above MEM: specifier, but is only used for LEA instructions. Example: AGEN:EAX,EBX,2,-
Here is the help message:
% xed -h
Usage: xed [options]
One of the following is required:
-i input_file (decode pecoff-format file)
-ir raw_input_file (decode a raw unformatted binary file)
-ih hex_input_file (decode a raw unformatted ASCII hex file)
-d hex-string (decode a sequence of bytes, must be last)
-j (just decode one instruction when using -d)
-F prefix (decode ascii hex bytes after prefix)
(running in filter mode from stdin)
-ide input_file (decode/encode file)
-e instruction (encode, must be last)
-f (encode force, skip encoder chip check)
-ie file-to-assemble (assemble the contents of the file)
-de hex-string (decode-then-encode, must be last)
Optional arguments:
-v N (0=quiet, 1=errors, 2=useful-info, 3=trace,
5=very verbose)
-xv N (XED engine verbosity, 0...99)
-chip-check CHIP (count instructions that are not valid for CHIP)
-chip-check-list (list the valid chips)
-s section (target section for file disassembly,
PECOFF and ELF formats only)
-n N (number of instructions to decode. Default 100M,
accepts K/M/G qualifiers)
-b addr (Base address offset, for DLLs/shared libraries.
Use 0x for hex addresses)
-as addr (Address to start disassembling.
Use 0x for hex addresses)
-ae addr (Address to end disassembling.
Use 0x for hex addresses)
-no-resync (Disable symbol-based resynchronization algorithm
for disassembly)
-ast (Show the AVX/SSE transition classfication)
-histo (Histogram decode times)
-I (Intel syntax for disassembly)
-A (ATT SYSV syntax for disassembly)
-isa-set (Emit the XED "ISA set" in dissasembly)
-xml (XML formatting)
-uc (upper case hex formatting)
-pmd (positive memory displacement formatting)
-nwm (Format AVX512 without curly braces for writemasks, include k0)
-emit-ignored-branch-hint (emit ignored branch hints during disassembly)
-emit (Output __emit statements for the Intel compiler)
-S file Read symbol table in "nm" format from file
-dot FN (Emit a register dependence graph file in dot format.
Best used with -as ADDR -ae ADDR to limit graph size.)
-r (for REAL_16 mode, 16b addressing (20b addresses),
16b default data size)
-r32 (for REAL_32 mode, 16b addressing (20b addresses),
32b default data size)
-16 (for LEGACY_16 mode, 16b addressing,
16b default data size)
-32 (for LEGACY_32 mode, 32b addressing,
32b default data size -- default)
-64 (for LONG_64 mode w/64b addressing
Optional on windows/linux)
-mpx (Turn on MPX mode for disassembly, default is off)
-cet (Turn on CET mode for disassembly, default is off)
-s32 (32b stack addressing, default, not in LONG_64 mode)
-s16 (16b stack addressing, not in LONG_64 mode)
-set OP VAL (Set a XED operands to some integer value, repeatable)
-version (The version message)
-help (This help message)
Here are a couple of examples:
% xed -d 0000
ICLASS: ADD
CATEGORY: BINARY
EXTENSION: BASE
IFORM: ADD_MEMb_GPR8
ISA_SET: I86
ATTRIBUTES: BYTEOP LOCKABLE
SHORT: add byte ptr [eax], al
% xed -e ADD EAX EBX
Request: ADD MODE:1, REG0:EAX, REG1:EBX, SMODE:1
OPERAND ORDER: REG0 REG1
Encodable! 01D8
.byte 0x01,0xd8
% xed -e ADD EAX MEM4:ESP,EBX,4
Request: ADD EASZ:2, MEM0:dword ptr [ESP+EBX*4], MEM_WIDTH:4, MODE:1, REG0:EAX, SMODE:1
OPERAND ORDER: REG0 MEM0
Encodable! 03049C
.byte 0x03,0x04,0x9c
% xed -d 6a00
ICLASS: PUSH
CATEGORY: PUSH
EXTENSION: BASE
IFORM: PUSH_IMMb
ISA_SET: I186
ATTRIBUTES: FIXED_BASE0 SCALABLE STACKPUSH0
SHORT: push 0x0
% xed -e MOV EAX MEM4:SS:ESP
Request: MOV EASZ:2, MEM0:dword ptr SS[ESP], MEM_WIDTH:4, MODE:1, REG0:EAX, SMODE:1
OPERAND ORDER: REG0 MEM0
Encodable! 8B0424
.byte 0x8b,0x04,0x24
% xed -64 -e CCMPB r8b r9b dfv14
Request: CCMPB MODE:2, REG0:R8B, REG1:R9B, REG2:DFV14, SMODE:2
OPERAND ORDER: REG0 REG1 REG2
Encodable! 6254740238C8
.byte 0x62,0x54,0x74,0x02,0x38,0xc8
Or using the xed-ex3 example tool:
% obj/xed-ex3
Usage: obj/xed-ex3 [-16|-32|-64] [-s16|-s32] encode-string
The -16, -32 or -64 are for specifying the major mode of the machine. The major mode of the machine determines the default data operand size and default addressing width. In 64b mode, the default data size is 32b and the default addressing mode is 64b addressing. In 32b mode, the default addressing width is 32b. In 16b mode, the default addressing width is 16b. In 32b mode or 16b mode, the stack addressing width must also be specified. Usually it matches the major mode. The -s16 option is for specifying 16b stack addressing in 32b mode. The -s32 is for specifying 32b stack addressing in 16 bit mode.
% obj/xed-ex3 -64 PUSH/64 RAX
Encode request:
PUSH EOSZ:3, MODE:2, REG0:RAX, SMODE:2
OPERAND ORDER: REG0
Encodable! 50
% obj/xed-ex3 MOV MEM4:EAX IMM:11223344
Encode request:
MOV EASZ:2, IMM0:0x11223344, IMM_WIDTH:32, MEM0:dword ptr [EAX], MEM_WIDTH:4, MODE:1, SMODE:1
OPERAND ORDER: MEM0 IMM0
Encodable! C70044332211
An example of using the encoder
The encoder language file which is part of the xed command line tool shows how to build up instructions from scratch. The example uses a string to drive the creation of the instruction, but that is just an example. Look at the parse_encode_request function for the required pieces.
#include <assert.h>
#include <string.h>
#include <stdlib.h>
#include "xed-examples-util.h"
#include "xed-enc-lang.h"
#define BUF_LEN 50
static void upcase(char* s) {
(void)xed_upcase_buf(s);
}
xed_str_list_t*
tokenize(char const* const s,
char const* const delimiter)
{
xed_str_list_t* slist = xed_tokenize(s, delimiter);
return slist;
}
{
if (*buffer == '\0')
return 1;
return 0;
}
void slash_split(char const* const src,
char* first,
char* second)
{
xed_str_list_t* sv = tokenize(src, "/");
xed_str_list_t* p = sv;
*first = 0;
*second = 0;
for(; p ; i++, p=p->next)
{
if (i==0) {
}
else if (i==1) {
}
}
xed_free_token_list(sv);
}
typedef struct {
unsigned int width_bits;
xed_uint64_t immed_val;
} immed_parser_t;
static void immed_parser_init(immed_parser_t* self,
char const* const s,
char const* const tok0)
{
xed_str_list_t* sv = tokenize(s,":");
self->valid = 0;
if (sz==2) {
xed_str_list_t* p = sv;
for(; p ; i++, p=p->next)
{
if (i == 0 && strcmp(p->s,tok0) != 0)
{
break;
}
else if (i == 1) {
self->immed_val = convert_ascii_hex_to_int(p->s);
self->width_bits =
XED_CAST(
unsigned int,strlen(p->s)*4);
self->valid = 1;
}
}
}
xed_free_token_list(sv);
}
typedef struct {
} seg_parser_t;
static void seg_parser_init(seg_parser_t* self,
char const* const s)
{
xed_str_list_t* sv = tokenize(s,":");
self->valid=0;
self->segno=0;
if (ntokens == 2)
{
xed_str_list_t* p = sv;
for(; p ; i++, p=p->next)
{
if (i == 0)
{
if (strcmp(p->s,"SEG")==0 || strcmp(p->s,"SEG0")==0)
segid = 0;
else if (strcmp(p->s,"SEG1")==0)
segid = 1;
}
else if (i == 1 && segid < 2)
{
self->segno = segid;
{
self->valid=1;
}
}
}
}
xed_free_token_list(sv);
}
static void
list2array(
char** array, xed_str_list_t* sl,
xed_uint_t n)
{
xed_str_list_t* p = sl;
for( ; p && i < n ; i++, p=p->next)
array[i] = p->s;
}
static xed_uint_t match(
char const*
const s,
char const*
const b)
{
if (strcmp(s,b)==0)
return 1;
return 0;
}
{
if (match(s,"-") || match(s,"NA"))
return 1;
return 0;
}
typedef struct
{
char segment[BUF_LEN];
char base[BUF_LEN];
char indx[BUF_LEN];
char scale[BUF_LEN];
char disp[BUF_LEN];
xed_uint8_t scale_val;
xed_int64_t disp_val;
unsigned int disp_width_bits;
} mem_bis_parser_t;
static void mem_bis_parser_init(mem_bis_parser_t* self, char* s)
{
xed_str_list_t* sv=0;
char addr_token[BUF_LEN]={0};
char main_token[BUF_LEN]={0};
xed_str_list_t* p = 0;
xed_str_list_t* sa = 0;
char* astr[4];
self->valid = 0;
self->mem = 0;
self->agen = 0;
self->disp_valid = 0;
self->disp_val = 0;
self->disp_width_bits = 0;
self->mem_len = 0;
self->scale_val = 1;
upcase(s);
sv = tokenize(s,":");
ntokens = xed_str_list_size(sv);
i=0;
p = sv;
if (ntokens !=2 && ntokens != 3)
{
xed_free_token_list(sv);
return;
}
for( ; p ; i++, p=p->next) {
if (i==0)
else if (i==1 && ntokens == 3)
else if (i==1 && ntokens == 2)
else if (i==2)
}
xed_free_token_list(sv);
assert(!is_empty_buf(main_token));
if (strcmp(main_token,"AGEN")==0)
self->agen=1;
else if (strncmp(main_token,"MEM",3)==0)
self->mem = 1;
else
return;
if (self->mem && strlen(main_token) > 3) {
char* mlen = main_token+3;
}
if (self->agen && strcmp(self->segment,"INVALID")!=0)
xedex_derror("AGENs cannot have segment overrides");
sa = tokenize(addr_token,",");
n_addr_tokens = xed_str_list_size(sa);
if (n_addr_tokens == 0 || n_addr_tokens > 4)
xedex_derror("Bad addressing mode syntax for memop");
list2array(astr, sa, n_addr_tokens);
if (!skip(astr[0]))
if (n_addr_tokens >= 2)
if (!skip(astr[1]))
if (n_addr_tokens > 2)
if (skip(self->scale))
if (match(self->scale,"1") || match(self->scale,"2") ||
match(self->scale,"4") || match(self->scale,"8") ) {
self->valid=1;
self->scale_val =
XED_CAST(xed_uint8_t,strtol(self->scale, 0, 10));
if (n_addr_tokens == 4 && strcmp(astr[3], "-") != 0) {
xed_uint64_t unsigned64_disp=0;
unsigned int nibbles = 0;
self->disp_valid = 1;
if (nibbles & 1)
xedex_derror("Displacement must have an even number of nibbles");
unsigned64_disp = convert_ascii_hex_to_int(self->disp);
self->disp_width_bits = nibbles*4;
switch (self->disp_width_bits){
break;
break;
break;
case 64: self->disp_val = (xed_int64_t)unsigned64_disp;
break;
}
}
}
xed_free_token_list(sa);
}
{
*vl = 0;
*vl = 1;
#if defined(XED_SUPPORTS_AVX512)
*vl = 2;
#endif
}
{
*eow = 64;
}
parse_encode_request(ascii_encode_request_t areq)
{
unsigned int i;
xed_str_list_t* tokens = 0;
char cfirst[BUF_LEN]={0};
char csecond[BUF_LEN]={0};
unsigned int token_index = 0;
xed_str_list_t* p = 0;
tokens = tokenize(areq.command," ");
p = tokens;
if (p)
{
slash_split(p->s, cfirst, csecond);
if (! is_empty_buf(cfirst))
{
upcase(cfirst);
if (CLIENT_VERBOSE3)
printf("[%s][%s][%s]\n", p->s,
(!is_empty_buf(cfirst)?cfirst:"NULL"),
(!is_empty_buf(cfirst)?csecond:"NULL"));
p = p->next;
}
}
if (!is_empty_buf(csecond))
{
if (strcmp(csecond,"8")==0)
ueow = 8;
else if (strcmp(csecond,"16")==0)
ueow = 16;
else if (strcmp(csecond, "32")==0)
ueow = 32;
else if (strcmp(csecond,"64")==0)
ueow = 64;
else if (strcmp(csecond,"128")==0)
uvl = 0;
else if (strcmp(csecond,"256")==0)
uvl = 1;
else if (strcmp(csecond,"512")==0)
uvl = 2;
else {
fprintf(stderr,"[XED CLIENT ERROR] Bad operand width/vl: %s\n", csecond);
exit(1);
}
}
assert(!is_empty_buf(cfirst));
fprintf(stderr,"[XED CLIENT ERROR] Bad instruction name: %s\n",
cfirst);
exit(1);
}
for( i=token_index; p ; i++, operand_index++, p=p->next ) {
mem_bis_parser_t mem_bis;
seg_parser_t seg_parser;
immed_parser_t imm;
immed_parser_t simm;
immed_parser_t imm2;
immed_parser_t disp;
immed_parser_t ptr_disp;
char cres_reg[BUF_LEN]={0};
char csecond_x[BUF_LEN]={0};
slash_split(p->s, cres_reg, csecond_x);
if (is_empty_buf(cres_reg))
continue;
upcase(cres_reg);
mem_bis_parser_init(&mem_bis,cres_reg);
if (mem_bis.valid) {
if (mem_bis.mem) {
if (memop == 0) {
}
else {
}
memop++;
}
else if (mem_bis.agen) {
}
else
assert(mem_bis.agen || mem_bis.mem);
find_vl(mem_bis.index_reg, &vl);
if (mem_bis.mem_len)
&req,
mem_bis.mem_len );
if (mem_bis.disp_valid)
&req,
mem_bis.disp_val,
mem_bis.disp_width_bits/8);
continue;
}
seg_parser_init(&seg_parser,cres_reg);
if (seg_parser.valid) {
if (CLIENT_VERBOSE3)
printf("Setting segment to %s\n",
if (seg_parser.segno == 0)
else
continue;
}
immed_parser_init(&imm,cres_reg, "IMM");
if (imm.valid) {
if (CLIENT_VERBOSE3)
printf(
"Setting immediate value to " XED_FMT_LX "\n",
imm.immed_val);
imm.immed_val,
imm.width_bits);
operand_index,
continue;
}
immed_parser_init(&simm,cres_reg, "SIMM");
if (simm.valid) {
if (CLIENT_VERBOSE3)
printf(
"Setting immediate value to " XED_FMT_LX "\n",
simm.immed_val);
&req,
simm.width_bits/8);
operand_index,
continue;
}
immed_parser_init(&imm2,cres_reg, "IMM2");
if (imm2.valid) {
if (imm2.width_bits != 8)
xedex_derror("2nd immediate must be just 1 byte long");
operand_index,
continue;
}
immed_parser_init(&disp,cres_reg, "RELBR");
if (disp.valid) {
if (CLIENT_VERBOSE3)
printf(
"Setting displacement value to " XED_FMT_LX "\n",
disp.immed_val);
&req,
disp.width_bits/8);
operand_index,
continue;
}
immed_parser_init(&disp,cres_reg, "ABSBR");
if (disp.valid) {
if (CLIENT_VERBOSE3)
printf(
"Setting displacement value to " XED_FMT_LX "\n",
disp.immed_val);
&req,
disp.width_bits/8);
operand_index,
continue;
}
immed_parser_init(&ptr_disp,cres_reg, "PTR");
if (ptr_disp.valid) {
if (CLIENT_VERBOSE3)
printf(
"Setting pointer displacement value to " XED_FMT_LX "\n",
ptr_disp.immed_val);
&req,
ptr_disp.width_bits/8);
operand_index,
continue;
}
fprintf(stderr,
"[XED CLIENT ERROR] Bad register name: %s on operand %u\n",
cres_reg, i);
exit(1);
}
{
fprintf(stderr,
"[XED CLIENT ERROR] Cannot use DIL/SPL/BPL/SIL outside of 64b mode\n");
exit(1);
}
find_vl(reg, &vl);
find_64bit_eow(reg, &eow);
regnum++;
}
if (uvl == -1)
{
if (vl>=0)
}
else
{
if (vl >= 0 && uvl < vl)
xedex_derror("User specified VL is smaller than largest observed register.");
}
{
if (ueow == -1)
{
if (eow >= 0)
}
else
{
if (eow >= 0 && ueow < eow)
xedex_derror("User specified EOW is smaller than largest observed register.");
}
}
xed_free_token_list(tokens);
return req;
}
1.8.17