Linux intel-xed反汇编引擎使用

最后一起看看Intel xed 反汇编引擎的使用方法，intel-xed是针对x86平台的反汇编引擎，对于其他架构的支持还是有所欠缺；

github:https://github.com/intelxed/xed --> xed
https://github.com/intelxed/mbuild --> mbuild

//解压初始代码
curits@curits-virtual-machine:~/Desktop$ unzip xed-master.zip
//从git拉mbuild代码
curits@curits-virtual-machine:~/Desktop$ git clone https://github.com/intelxed/mbuild.git mbuild
Cloning into 'mbuild'...
remote: Enumerating objects: 455, done.
remote: Total 455 (delta 0), reused 0 (delta 0), pack-reused 455
Receiving objects: 100% (455/455), 187.69 KiB | 9.00 KiB/s, done.
Resolving deltas: 100% (304/304), done.
//编译xed-master,会从当前目录或者上级目录找mbuild
curits@curits-virtual-machine:~/Desktop/xed-master$ ./mfile.py 
...........................................
R: 1 P: 0 C: 112 E: 0 / 16 secs 
[REMOVING] obj/libxed.a
R: 0 P: 0 C: 113 E: 0 / 16 secs 
	BUILT: /home/curits/Desktop/xed-master/obj/libxed.a
[XED KIT BUILD COMPLETE] 
[ELAPSED TIME] 37 secs
[RETVAL=0] 

//找到编译出来的xed二进制文件
curits@curits-virtual-machine:~/Desktop$ find xed-master/ -name xed
xed-master/obj/wkit/examples/obj/xed
xed-master/obj/wkit/bin/xed
xed-master/obj/wkit/include/xed
xed-master/include/public/xed

//参数以及使用方法
curits@curits-virtual-machine:~/Desktop$ cd xed-master/obj/wkit/bin/
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ls
xed                xed-dec-print      xed-ex1  xed-ex4      xed-ex6  xed-ex8        xed-ex-agen   xed-ex-ild2       xed-min   xed-size    xed-tester
xed-asmparse-main  xed-dll-discovery  xed-ex3  xed-ex5-enc  xed-ex7  xed-ex9-patch  xed-ex-cpuid  xed-find-special  xed-reps  xed-tables
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ./xed
ERROR: required argument(s) were missing
Copyright (C) 2019, Intel Corporation. All rights reserved.
XED version: [11.0.1]

Usage: ./xed [options]
One of the following is required:
	-i input_file             (decode elf-format file)
	-ir raw_input_file        (decode a raw unformatted binary file)
	-ih hex_input_file        (decode a raw unformatted ASCII hex file)
	-d hex-string             (decode one instruction, must be last)
	-F prefix		  (decode ascii hex bytes after prefix)
				  (running in filter mode from stdin)
	-ide input_file           (decode/encode file)
	-e instruction            (encode, must be last)
	-ie file-to-assemble      (assemble the contents of the file)
	-de hex-string            (decode-then-encode, must be last)

Optional arguments:

	-v N          (0=quiet, 1=errors, 2=useful-info, 3=trace,
	               5=very verbose)
	-xv N         (XED engine verbosity, 0...99)

	-chip-check CHIP   (count instructions that are not valid for CHIP)
	-chip-check-list   (list the valid chips)

	-s section    (target section for file disassembly,
	               PECOFF and ELF formats only)

	-n N          (number of instructions to decode. Default 100M,
	               accepts K/M/G qualifiers)
 
	-b addr       (Base address offset, for DLLs/shared libraries.
	               Use 0x for hex addresses)
	-as addr      (Address to start disassembling.
	               Use 0x for hex addresses)
	-ae addr      (Address to end   disassembling.
	               Use 0x for hex addresses)
	-no-resync    (Disable symbol-based resynchronization algorithm
	               for disassembly)
	-ast          (Show the AVX/SSE transition classfication)
	-histo        (Histogram decode times)

	-I            (Intel syntax for disassembly)
	-A            (ATT SYSV syntax for disassembly)
	-isa-set      (Emit the XED "ISA set" in dissasembly)
	-xml          (XML formatting)
	-uc           (upper case hex formatting)
	-nwm          (Format AVX512 without curly braces for writemasks, include k0)
	-emit         (Output __emit statements for the Intel compiler)
	-S file       Read symbol table in "nm" format from file
	-dot FN       (Emit a register dependence graph file in dot format.
	               Best used with -as ADDR -ae ADDR to limit graph size.)

	-r            (for REAL_16 mode, 16b addressing (20b addresses),
	               16b default data size)
	-r32          (for REAL_32 mode, 16b addressing (20b addresses),
	               32b default data size)
	-16           (for LEGACY_16 mode, 16b addressing,
	               16b default data size)
	-32           (for LEGACY_32 mode, 32b addressing,
	               32b default data size -- default)
	-64           (for LONG_64 mode w/64b addressing
	               Optional on windows/linux)
	-mpx          (Turn on MPX mode for disassembly, default is off)
	-cet          (Turn on CET mode for disassembly, default is off)
	-s32          (32b stack addressing, default, not in LONG_64 mode)
	-s16          (16b stack addressing, not in LONG_64 mode)
	-set OP VAL   (Set a XED operand to some integer value)
	-version      (The version message)
	-help         (This help message)
 
 //把xed工具用起来
 curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ sudo ./xed -ir /home/curits/Desktop/ins.txt -64
[sudo] password for curits: 
XDIS 0: WIDENOP   BASE       0F1F440000               nop dword ptr [rax+rax*1], eax
XDIS 5: PUSH      BASE       55                       push rbp
XDIS 6: DATAXFER  BASE       4889E5                   mov rbp, rsp
XDIS 9: POP       BASE       5D                       pop rbp
XDIS a: RET       BASE       C3                       ret 
XDIS b: WIDENOP   BASE       0F1F440000               nop dword ptr [rax+rax*1], eax
# end of text section.
# Errors: 0
#XED3 DECODE STATS
#Total DECODE cycles:        150496
#Total instructions DECODE: 6
#Total tail DECODE cycles:        150496
#Total tail instructions DECODE: 6
#Total cycles/instruction DECODE: 25082.67
#Total tail cycles/instruction DECODE: 25082.67

//xed bin file文件大小
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ls -alh | grep xed
-rwxr-xr-x  1 curits curits 8.9M 10月 28 11:28 xed

成功的把从内存dump出来的函数反汇编，从反汇回来的数据可以看到，末尾有对所有反汇编情况的说明，有没有发生错误，decode反汇编指令的条数等等；