Thread: Programming a Disassembler

This isn't really a C question, but there is no general programming board for this king of stuff so I decided this was as good of a place as any. Anyway, I've been wondering a few thing about how dissassemblers work. First, you start parsing a file looking for opcodes, and run into something that looks like an opcode but actually is data. Is there any way to discern between the two? Second, if during the parsing the end of a chunk of data, and the beggining of an opcode when put together looked like an opcode in and of themselves, how would you catch this? Last, when you're dealing with a fixed lengnth opcode processor, will opcodes only be stored at addresses that are multiples of the opcode lenth, or can they be anywhere?

Originally Posted by Salem

> Is there any way to discern between the two?
Most object file formats have enough additional information to decide which is code and which is data.
If you've just got a raw block of bytes from a memory dump say, then you're on your own.

Unfourtunately that is my case, but since I am dealing with a fixed length processor that should simplify things a bit.

Originally Posted by Salem

If you start off in the wrong place as it were, then the first few instructions will make no sense, but it usually sorts itself out. Try it with Microsoft debug in a console window.

For a fixed length opcode machine, all opcodes begin on word boundaries (ot whatever word size the machine is). This is so they can be fetched efficiently in one cycle.
Well they have to be aligned to run, they could be obfuscated at mis-aligned addresses to stop disassembling

I figured as much, but of course I could always incorporate a feature for interpretting at odd offsets.