
<div dir="ltr">


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">It looks to me like llvm-mc is doing something strange. Eg:<span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">             

<span style="font-size:9pt;font-family:"Lucida Console"">echo "pop

ebp" | llvm-mc -assemble -arch=x86 -filetype=obj -o temp.bin<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">Now disassembling temp.bin:<span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console";color:rgb(191,191,0)"><span> </span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">$ llvm-objdump -disassemble -x86-asm-syntax=intel

-section-headers temp.bin<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console""><span> </span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">temp.bin:      

file format COFF-i386<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console""><span> </span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">Disassembly of section .text:<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">0000000000000000 .text:<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">      

0:       8f 05 00 00 00

00       pop     dword ptr

[0]<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">Sections:<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">Idx

Name         

Size     

Address          Type<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">  0

.text         00000006 0000000000000000

TEXT<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">  1

.data         00000000 0000000000000000

DATA<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">  2

.bss          00000000

0000000000000000 BSS<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">Llvm-mc is generating the opcode 8f, which is why its

getting disassembled as “pop dword ptr [0]”. Looking at the intel

reference for pop you’ll see that the “8f” opcodes are for pops to memory

locations, not to registers. If I create a file "simple.s" containing "pop ebp" using a different assembler (eg nasm) generates

the correct opcode (5D):<span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console""><span> </span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">$ nasm -f win32 simple.s -l simple.lst<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console""><span> </span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">$ more simple.lst<span></span></span></p>


<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console"">     1 00000000

5D                     

POP EBP</span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><br></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">Anyone know what's going on? Did I miss a flag somewhere<br></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">thanks</p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><br></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:9pt;font-family:"Lucida Console""><span></span></span></p>


</div>