The general problem of separating code from data in arbitrary executable programs is equivalent to the halting problem. As a consequence, it is not possible to write a disassembler that will correctly separate code and data for all possible input programs. Reverse engineering is full of such theoretical limitations, although by Rice's theorem all interesting questions about program properties are undecidable (so compilers and many other tools that deal with programs in any form run into such limits as well). In practice a combination of interactive and automatic analysis and perseverance can handle all but programs specifically designed to thwart reverse engineering, like using encryption and decrypting code just prior to use, and moving code around in memory.
If you're just looking to use a disassembler, then objdump is one choice. The disassembler that comes with the nasm assembler is ndisasm. You can also run "debug.exe" in DOS Box on Linux, provided you get a hold of a copy of the program. It also does disassembly, as well as controlled execution; i.e. simulation of the CPU, itself - which is also important, even when doing disassembly, for reasons I'm about to describe.
8086 disassembler download just
This gets to the other sense of your query: "I want to make a disassembler". The source for ndisasm is available, and it handles many of the descendants of 8086, not just 8086, itself (which seriously clutters it, if all you want is an 8086 or even 80386 disassembler), but it is not self-contained and has a heavy dependency on the rest of the distribution.
And then you've just disassembled a disassembler that also happens to do CPU emulation, like Fake86 does - but only for the 8086. You'll have to make the absolute addresses relative (using the original relocation table as a guide), to make is re-assemblable. Once you do that, you can work on the source. The opcode table is in clear view (if you display it as text) - both when seen in the packed and unpacked versions of debug.exe.
I might port the DAS disassembler to the x86, since items (a)-(f) are already incorporated into DAS's design. I've only ever ported it to the 8051, 6800, 6809 and 8080/8085 (and Z80) up to now; but the transition from 8085 to 8086 is relatively small. To that end, I might hack something out of Fake86. That's mostly abandonware, now, since the author replaced it by XTulator, as Fake86 was written when the programmer was relatively new to C. You might also be able to hack something directly out of DosDebug's opcode tables (their "instr.*" files).
Please note that this code was written when i was trying to learn C++, so it is not a very well commented code, but dont hesitate to download and have a look - i have added quite a few comments at very important places and that should help you. If you already have a good knowledge of decompilation and the 8086 assembly language, then it would be a breeze for you!
Extended mnemonics are often used to support specialized uses of instructions, often for purposes not obvious from the instruction name. For example, many CPU's do not have an explicit NOP instruction, but do have instructions that can be used for the purpose. In 8086 CPUs the instruction xchg ax,ax is used for nop, with nop being a pseudo-opcode to encode the instruction xchg ax,ax. Some disassemblers recognize this and will decode the xchg ax,ax instruction as nop. Similarly, IBM assemblers for System/360 and System/370 use the extended mnemonics NOP and NOPR for BC and BCR with zero masks. For the SPARC architecture, these are known as synthetic instructions.[26]
The rows in the mix output histograms come in two flavors. The rows that begin with "*" are meta-categories which sum up the data in different ways. Here are descriptions of some of the meta categories:*scalar-simd anything with the XED_ATTRIBUTE_SIMD_SCALAR including AVX and SSE operations. The instructions that operate on one vector element and whose iclass name ends with "SS" or "SD" have this attribute.*sse-scalar any SSE instruction with the XED_ATTRIBUTE_SIMD_SCALAR*sse-packed any SSE instruction without the XED_ATTRIBUTE_SIMD_SCALAR*avx-scalar Any AVX instruction with the attribute XED_ATTRIBUTE_SIMD_SCALAR*avx128 Any AVX instruction with a 128b vector length but without the XED_ATTRIBUTE_SIMD_SCALAR*avx256 Any AVX instruction with a 256b vector length*avx512 Any AVX instruction with a 512b vector length.*mem-atomic Atomic memory operations*stack-read Stack reads*stack-write Stack writes*iprel-read IP-relative memory reads*iprel-write IP-relative memory writes*mem-read-1 Memory read, 1 byte*mem-read-2 Memory read, 2 bytes*mem-read-4 Memory read, 4 bytes*mem-read-8 Memory read, 8 bytes*mem-write-1 Memory write, 1 byte*mem-write-2 Memory write, 2 bytes*mem-write-4 Memory write, 4 bytes*mem-write-8 Memory write, 8 bytes*isa-ext-BASE The "BASE" ISA-extension (generic group of instructions. Base includes much of the older instructions*isa-ext-LONGMODE The set of instructions added with Intel64. These may be 32b or 64b instructions*isa-set-I186 ISA "set" is a categorization of instructions in the BASE ISA-extension. I186 includes instructions introduced on the 80186 processor.*isa-set-I386 ISA "set" is a categorization of instructions in the BASE ISA-extension. I386 includes instructions introduced on the 80386 processor.*isa-set-I486REAL ISA "set" is a categorization of instructions in the BASE ISA-extension. I486REAL includes instructions introduced on the 80486 processor and valid in REAL mode.*isa-set-I86 ISA "set" is a categorization of instructions in the BASE ISA-extension. I86 includes instructions introduced on the 8086 processor.*isa-set-LONGMODE ISA "set" is a categorization of instructions in the LONGMODE ISA-extension. LONGMODE includes instructions introduced with Intel64 mode.*isa-set-PENTIUMREAL ISA "set" is a categorization of instructions in the BASE ISA-extension. PENTIUMREAL includes instructions introduced with Pentium and valid in REAL mode.*isa-set-PPRO ISA "set" is a categorization of instructions in the BASE ISA-extension. PPRO includes instructions introduced with the PentiumPro.*lock_prefix Instructions with a 0xF0 LOCK prefix*rep_prefix Instructions with a 0xF3 REP prefix*repne_prefix Instructions with a 0xF2 REPNE prefix*osz_prefix Instructions with a 0x66 prefix*rex_prefix Instructions with a REX prefix (includes the following 4 cases). REX prefixes can be sued without any of the following 4 bits set as well.*rexw_prefix Instructions with a REX prefix with the REX.W bit set*rexr_prefix Instructions with a REX prefix with the REX.R bit set*rexx_prefix Instructions with a REX prefix with the REX.X bit set*rexb_prefix Instructions with a REX prefix with the REX.B bit set*one-memops Instructions with one memory operation*two-memops Instructions with two memory operations*disp_only Instructions with a memory operation that addresses memory without using a base register or index register -- just a displacement.*base_index Instructions with a memory operation that addresses meory using a base and index register, but without a displacement.*base_index_disp Instructions with a memory operation that addresses memory using a base, index and displacement.*scale_1 Number of instructions with a scale=1 for the index register*scale_2 Number of instructions with a scale=2 for the index registern*scale_4 Number of instructions with a scale=4 for the index register*scale_8 Number of instructions with a scale=8 for the index register*memdisp8 Memory operations with 8-bit displacements*memdisp32 Memory operations with 32-bit displacements 2ff7e9595c
Comments