1

I disassembled a program (with objdump -d a.out) and now I would like understand what the different sections in a line like

400586:       48 83 c4 08             add    $0x8,%rsp

stand for. More specifically I would like to know how you can see how many bytes are used for adding two registers. My idea was that the 0x8 in add $0x8,%rsp, which is 8 in decimal gives me 2 * 4 so 2 bytes for adding 2 registers. Is that correct?

PS: compiler is gcc, OS is suse linux

Improve this question
3
  • 2
    you should read Intel manual. It listed all instructions and opcodes Commented May 20, 2014 at 16:18
  • there are different opcodes for different instruction form. And operations on AX have special shorter opcodes Commented May 20, 2014 at 16:19
  • 3
    Save yourself a lot of time. Get a good book on x86 assembly language and study it. This instruction does not add two registers. It adds an immediate value of 8 to the stack pointer. Nearly all x86 instructions allow different addressing modes (register, indexed, index-offset, base-index-offest, direct, etc.). The number of bytes in an add instruction depend on how its operands are addressed. Commented May 20, 2014 at 16:34

1 Answer 1

Reset to default
3

In the second column you see 48 83 c4 08. Every two-digit hex-number stands for one byte, so the amount of bytes is four. The last 08 correlates to $0x8, the other three bytes are the machine code for "add an 8-bit constant to RSP" (for pedantic editors: Intel writes its registers upper case). It's quite difficult to deconstruct the machine code, but your assumption is completely wrong.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for the explanation! So if I have something like: 40048a: 48 01 d0 add %rdx,%rax - (that is adding two registers, isn't it?) the amount of bytes used is three?
@eva: add %rdx,%rax: add RDX to RAX (result in RAX). The amount is three, you've got it :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.