Home/ Questions/Q 9061187
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T15:25:17+00:00

I need to write something like a disassembler, I need to read RAM memory

  • 0

I need to write something like a “disassembler”, I need to read RAM memory (code section) and show it formatted like

ADD rax, rbx
MOV rcx, rax

Where can I find a comprehensive guide/paper on how to translate an opcode to the correspective operation/operands? I’m targeting x64 assembly

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d really recommend you just use the BSD licensed udis86 library instead of writing yet another x86 disassembler:

    #include <stdio.h>
#include <udis86.h>

enum {
    /* Controls whether to disassemble for x86 or x64 */
    UDIS86_MODE = 64 /* 16, 32, or 64 */
};

int main()
{
    ud_t ud_obj;

    ud_init(&ud_obj);

    ud_set_input_file(&ud_obj, stdin);
    ud_set_mode(&ud_obj, UDIS86_MODE);
    ud_set_syntax(&ud_obj, UD_SYN_INTEL);

    while (ud_disassemble(&ud_obj)) {
        printf("\t%s\n", ud_insn_asm(&ud_obj));
    }

    return 0;
}

    The version of Udis86 on github even supports the latest Intel AVX instructions.

    Udis86 is quite easy to build for x86 or x64 Windows with the MinGW64 / MSYS toolchain. Just in case you’re not familiar with GCC and the GNU autotools build system, I’ve built:

    1. http://scottt.tw/mingw32-udis86.tar.gz
    2. http://scottt.tw/mingw64-udis86.tar.gz

    for your convenience. The archives contain the DLL and header files. (Whether it’s wise to download and run DLLs from random strangers who answer questions on Stackoverflow is another matter ;).

    • 0