Chapter 3

Basic Instructions

3.1 Copying Data

mov Instructions
mov (move) instructions are really copy
instructions, like simple assignment
statements in a high-level language
Format: mov destination, source
register
or
memory

register,
memory
or
immediate

Operand Restrictions
Operands must be same size
Cant move from memory to memory
mov nbr1, nbr2
illegal if nbr1 and nbr2 reference doublewords
in memory
Instead use a register
mov eax, nbr2
mov nbr1, eax

Can only move one byte, word or

doubleword at a time

Effect on Flags
In general, an instruction may have one of
three effects:
no flags are altered
specific flags are given values depending on
the results of the instruction
some flags may be altered, but their settings
cannot be predicted

No mov instruction changes any flag

Machine Code
Depends on operand type(s), with several
different opcodes used for mov instructions
Word-size and doubleword-size instructions
use same opcodes, but word-size
instructions have 66 prefix byte
Object and source code from listing file
B0 9B
mov
al, 155
66| B8 009B
mov
ax, 155
B8 0000009B
mov eax, 155

mod-reg-r/m Byte
Part of the object code for many instructions
Used to encode specific registers
Used to distinguish between instructions that
share the same opcode
Used to specify memory modes

mod-reg-r/m Fields

mod (mode), 2 bits

reg (register), 3 bits
r/m (register/memory), 3 bits
Examples of encodings
mod = 00 and r/m = 101 combined always
means direct memory addressing
reg = 011 means the EBX register in a 32-bit
instruction

xchg Instruction
Swaps the values referenced by its two
operands
Cant have both operands in memory

Does not alter any flag

3.2 Integer Addition and

Subtraction Instructions

add Instruction
Format: add destination, source
The integer at source is added to the integer
at destination and the sum replaces the old
value at destination
SF, ZF, OF, CF, PF and AF flags are set
according to the value of the result of the
operation
Example: CF = 1 if there is a carry out of the sum

Addition Example
Before
EAX: 00000075
ECX: 000001A2
Instruction
add eax, ecx
After
EAX: 00000217
ECX: 000001A2
SF=0 ZF=0 CF=0 OF=0

sub Instruction
Format: sub destination, source
The integer at source is subtracted from
the integer at destination and the
difference replaces the old value at
destination
SF, ZF, OF, CF, PF and AF flags are set
according to the value of the result of the
operation
Example: ZF = 1 if the difference is zero

Subtraction Example
Before
doubleword at Dbl: 00000100
Instruction
sub Dbl, 2
After
Dbl: 000000FE
SF=0 ZF=0 CF=0 OF=0

Instruction Encoding
Opcode depends on operand types
The mod-reg-r/m byte distinguishes
Between operand types
Between add, sub and other operations for
certain operand types

An small immediate operand is sometimes

encoded as a byte even in a 32-bit
instruction

Increment and Decrement

Instructions
inc

destination

Adds 1 to destination

dec

destination

Subtracts 1 from destination

Each sets same flags as add or sub

except for CF which isnt changed

neg Instruction
neg

destination
Negates (takes the 2's complement of) its
operand
A positive value gives a negative result
A negative value will become positive
Zero remains 0

Affects same flags as add and sub

Programming in Assembly
Language
Start with a design
Plan register usage
Decide what registers will be used for what
variables in the design
There are only a few available registers

Plan memory usage

3.3 Multiplication Instructions

Multiplication Instruction
Mnemonics
mul for unsigned multiplication
Operands treated as unsigned numbers

imul for signed multiplication

Operands treated as signed numbers and
result is positive or negative depending on the
signs of the operands

mul Instruction Format

mul

source
Single operand may be byte, word or
doubleword in register or memory (not
immediate) and specifies one factor
Location of other factor is implied
AL for byte-size source
AX for word source
EAX for doubleword source

mul Instruction Operation

When a byte source is multiplied by the
value in AL, the product is put in AX
When a word source is multiplied by the
value in AX, the product is put in DX:AX
The high-order 16 bits in DX and the loworder 16 bits in AX

When a doubleword source is multiplied

by the value in EAX, the product is put in
EDX:EAX

Double-Length Product
The double-length product ensures that
the result will always fit in the destination
location
If significant bits of the product actually
spill over into the high-order half (AH, DX
or EDX), then CF and OF are both set to 1
If the high-order half is zero, then CF and
OF are both cleared to 0

mul Instruction Example

Before
EAX: 00000005
EBX: 00000002
EDX: ????????
Instruction
mul ebx
After
EAX: 0000000A
EBX: 00000002
EDX: 00000000
CF=OF=0

imul Instruction Formats

imul source
imul register, source
imul register, source, immediate

imul source
Similar to mul source except for signed
operands
CF=OF=0 if each bit in the high-order half
is the same as the sign bit in the low-order
half
CF=OF=1 otherwise (the bits in the highorder half are significant)

imul Example 1
Before
AX: ??05
byte at Factor: FF
Instruction
imul Factor
After
AX: FFFB
CF=OF=0

imul register,source
Source operand can be in a register, in
memory, or immediate
Register contains other factor, and also
specifies the destination
Both operands must be word-size or
doubleword-size, not byte-size
Product must fit in destination register
CF and OF are cleared to 0 if result fits
CF and OF are set to 1 if it doesnt fit

imul Example 2
Before
EBX: 0000000Ah
Instruction
imul ebx, 10 ;10 is a decimal no.
After
EBX: 00000064h
CF=OF=0

imul register,source,immediate
The two factors are given by the immediate
value and source (in register or memory)
The first operand, a register, specifies the
destination for the product
Operands register and source are the same
size, both 16-bit or both 32-bit (not 8-bit)
If the product will fit in the destination
register, then CF and OF are cleared to 0; if
not, they are set to 1

imul Example 3
Before
word at Value: 08F2 h
BX: ????
Instruction
imul bx, Value, 1000d
After
BX: F150
CF=OF=1

3.4 Division Instructions

Division Instruction Formats

idiv source
for signed operands
div source
for unsigned operands
source identifies the divisor
Byte, word or doubleword
In memory or register, but not immediate

Implicit Dividend for div and idiv

Byte source divided into word in AX
Word source divided into doubleword in
DX:AX
Doubleword source divided into quadword
in EDX:EAX

Results of div and idiv

Byte-size divisor:
quotient in AL and remainder in AH
Word-size divisor:
quotient in AX and remainder in DX
Doubleword-size divisor:
quotient in EAX and remainder in EDX
dividend = quotient*divisor + remainder
For signed division remainder will have same
sign as dividend

Flag Settings
Division instructions do not set flags to any
meaningful values
They may change previously set values of
AF, CF, OF, PF, SF or ZF

Unsigned Division Example

Before
EDX: 00 00 00 00
EAX: 00 00 00 64
EBX: 00 00 00 0D
Instruction
div ebx
; 100/13
After
EDX: 00000009
100 = 7 * 13 + 9
EAX: 00000007

Signed Division Example

Before
EDX: FF FF FF FF
EAX: FF FF FF 9C
ECX: 00 00 00 0D
Instruction
idiv ecx ; -100/13
After
EDX: FFFFFFF7
100 = (7) * 13 + (9)
EAX: FFFFFFF9

Errors in Division
Caused by
Dividing by 0, or
Quotient too large to fit in destination

Triggers an exception
The interrupt handler routine that services this
exception may vary from system to system
When a division error occurs for a program
running under Windbg, the program hangs

Preparing for Division

Dividend must be extended to double
length
Example
Copy a doubleword dividend to EAX
Extend dividend to EDX:EAX
For unsigned division, use mov edx, 0
For signed division, use cdq instruction

Finally use div or idiv instruction

Convert Instructions
No operand
cbw
sign extends the byte in AL to the word in AX
cwd
sign extends the word in AX to the doubleword in
DX:AX
cdq
sign extends the doubleword in EAX to the
quadword in EDX:EAX