Figure 4.1 Translating an IA-32 instruction from machine code into human-readable
assembly language.IDA Pro
IDA (Interactive Disassembler) by DataRescue (www.datarescue.com) is an
extremely powerful disassembler that supports a variety of processor architec-
tures, including IA-32, IA-64 (Itanium), AMD64, and many others. IDA also
supports a variety of executable file formats, such as PE (Portable Executable,
used in Windows), ELF (Executable and Linking Format, used in Linux), and
even XBE, which is used on Microsoft’s Xbox. IDA is not cheap at $399 for the8B 79 04Instruction
OpcodeMOV Opcode
Defined as:
MOV Register,
Register/MemoryMOD/RM Byte:
Specifies a register and memory-address pair. Displacement ByteMOV EDI, DWORD PTR ECX + 4MOD/RM
Byte DisplacementMOD (2 bits) REG (3 bits) R/M (3 bits)Describes the
format of the
address sideSpecifies a
register for the
address sideSpecifies a
register112 Chapter 4