handmade.network » Forums » Work-in-Progress » Project EagleFly - Disassembler for IA-32 & x64 arquitectures
AlejandroArmenta
Alejadro Armenta
2 posts / 2 projects

23 years old, Engine programmer, coding EagleFly debugger

#16791 Project EagleFly - Disassembler for IA-32 & x64 arquitectures
1 month ago Edited by Alejadro Armenta on Nov. 17, 2018, 6:57 p.m.

Hello Everyone, my name is Alejandro Armenta and I'm making a disassembler for IA-32 and x64 arquitectures. The disassembler comes along a bigger project of a debugger/binary analysis tool. So I decided to start with the disassembler as its basis.

The project started based on the handmade principles and it's being inspired by many different projects that are being made throughout the network. Its sessions are recorded and uploaded into Youtube for people to watch them whenever they want.

The goal is to make a fast and robust disassembler that the debugger can use, explaining the different methodologies used for solving the problems we face.

The disassembler right now it's taking it's own form, disassembling a test instruction stream with different instuction encoding types (one , two, three byte opcodes, Opcode extended, x87, SSE2, all addressing modes and REX prefixes) so that, we've already started to define it's usage code and we are starting to see the API design construction that we are looking for.

If you feel like, follow us on Youtube and retweet our tweets on Twitter!
Youtube: https://www.youtube.com/channel/UCumRmCCamu0sJnRywpfWVTw
Twitter: https://twitter.com/lex_armenta

If you have any questions, please feel free to ask directly here!, or if you have a session specific question you can post them on the specific Youtube video or Twitter post.


Current x64 output:

Arg1: V:\build\win32_eaglefly_disasm..exe
PUSH R12 , ,
PUSH RAX , ,
MOV SPL , [RAX] ,
MOV RBX , [R13 + RAX * 2 + 0000000000000000] ,
MOV RBX , [RBP + RAX * 2 + 0000000000000000] ,
MOV RBX , [RBP + RAX * 1 + FFFFFFFFFFFFFFFF] ,
MOV RBX , [RAX * 4 + 0000000033221100] ,
MOV RBP , [RSP + R12 * 8 + 0000000033221100] ,
MOV R8 , [R12] ,
MOV R8 , [R13 + 0000000000000000] ,
MOV R8 , [RAX + 0000000033221100] ,
MOV R8D , [RAX + 0000000033221100] ,
MOV RAX , RDX ,
ADD [RAX + FFFFFFFFFFFFFFF0] , , 0B
FADD ST(0) , ST(1) ,
FUCOM ST(1) , ST(0) ,
FLD , [0000000000000004] ,
VMRESUME , ,
PALIGNR XMM0 , XMM1 , 08
SHLD [0000000000000000] , EAX , 03
ADD EAX , [0000000000000000] ,


Instruction groups to dissassemble:

1.1. General Purpose
1.2. x87 FPU
1.3. x87 FPU and SIMD state management
1.4. Intel MMX technology
1.5. SSE/SSE2/SSE3/SSSE3/SSE4 extensions
1.6. AESNI/PCMULQDQ
1.7. Intel AVX extensions
1.8. F16C, RDRAND, RDSEED, FS/GS base access
1.9. FMA extensions
1.10. Intel AVX2 Extensions
1.11. Intel transactional synchronization extensions
1.12. System Instructions
1.13. IA-32e mode: 64-bit mode instructions
1.14. VMX Instructions
1.15. SMX Instructions
1.16. ADCX and ADOX
1.17. Intel Memory Protection Extensions
1.18. Intel Security Guard Extensions

mmozeiko
Mārtiņš Možeiko
1832 posts / 1 project
#16792 Project EagleFly - Disassembler for IA-32 & x64 arquitectures
1 month ago Edited by Mārtiņš Možeiko on Nov. 16, 2018, 4:20 a.m.

Nice! I have written couple (limited) disassemblers in past, and I've found it is a great way to learn about assembly and CPU.
Btw if the goal is to be fast I expect to see benchmarks against Zydis :) Afaik it is fastest and most accurate x86/x64 disassembler from open-source ones (pretty small too).

Not to discourage you, bet there are so many good x86/64 disassemblers out there... ARM one's on the other hand, I have seen no good ones (fast/small/complete). Especially nowadays when ARM has released formal instruction set reference in machine readable files: ARM - Exploration Tools. Meaning that it should be possible to write generator for disassembler.
AlejandroArmenta
Alejadro Armenta
2 posts / 2 projects

23 years old, Engine programmer, coding EagleFly debugger

#16795 Project EagleFly - Disassembler for IA-32 & x64 arquitectures
1 month ago

mmozeico
Nice! I have written couple (limited) disassemblers in past, and I've found it is a great way to learn about assembly and CPU.
Btw if the goal is to be fast I expect to see benchmarks against Zydis :) Afaik it is fastest and most accurate x86/x64 disassembler from open-source ones (pretty small too).

Not to discourage you, bet there are so many good x86/64 disassemblers out there... ARM one's on the other hand, I have seen no good ones (fast/small/complete). Especially nowadays when ARM has released formal instruction set reference in machine readable files: ARM - Exploration Tools. Meaning that it should be possible to write generator for disassembler.


Awesome, I've been looking for test benchmarks that I could compare the disassembler against. I found Zydis' tests benchmarks where made against intel xed x86 encoder / decoder. So i'll give it a shot.

Yeah! I think it'ld be great if Intel had a formal specification as well, so that we could use it to generate disassembler, its reallly sad =(.

QUESTION: Do you know how to attach local pictures inside this posts? I tried with "", but it didn´t work.





mmozeiko
Mārtiņš Možeiko
1832 posts / 1 project
#16796 Project EagleFly - Disassembler for IA-32 & x64 arquitectures
1 month ago

You cannot attach. You need to host them somewhere - imgur, google drive, ... your choice. Then you put following bbtag with full image address:

1
[img]http://address/to/image.png[/img]