Scribd Logo
Upload

Welcome to Scribd!

  • x86 Opcode Structure and Instruction Overview

    Uploaded by

    jaro33s222
    401 views1 page
    ICE BP CONDITIONAL REPETITION STI INC / DEC CALL / JMP PUSH Arithmetic and Logic Memory Stack Control Flow and Conditional Prefix System and I / O / o.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ICE BP CONDITIONAL REPETITION STI INC / DEC CALL / JMP PUSH Arithmetic and Logic Memory Stack Control Flow and Conditional Prefix System and I / O / o.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    401 views1 page

    x86 Opcode Structure and Instruction Overview

    Uploaded by

    jaro33s222
    ICE BP CONDITIONAL REPETITION STI INC / DEC CALL / JMP PUSH Arithmetic and Logic Memory Stack Control Flow and Conditional Prefix System and I / O / o.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    FRAUNHOFER-INSTITUT FR KOMMUNIKATION, INFORMATIONSVERARBEITUNG UND ERGONOMIE FKIE

    x86 Opcode Structure and Instruction Overview 0 1 2 3 4 5 6 7 8 9 AB CDE F 0 1 2 3 4 5 6 7 8 9 AB CDE F OR ADD 0 0 SBB SSE{1,2,3} ADC 1 1 SUB AND SSE{1,2} 2 2 MOV CR/DR XOR CMP 3 3 INC DEC CMOV 4 4 PUSH POP SSE{1,2} 5 5 MMX, SSE2 6 6 MMX, SSE{1,2,3}, VMX 7 7 MOV REG 8 8 XCHG EAX 9 9 A MOV EAX A MOV B B SSE{1,2} BSWAP C C MMX, SSE{1,2,3} FPU D D MMX, SSE{1,2} E E MMX, SSE{1,2,3} F F
    2nd 2nd 1st 1st ES ES PUSH POP SS SS ES SS TWO CS BYTE PUSH POP DS DS CS DAS AAS
    {L,S}LDT {L,S}GDT {L,S}TR {L,S}IDT VER{R,W} {L,S}MSW

    LAR

    LSL

    CLTS

    INVD
    Prefetch SSE1

    WBINVD

    UD2

    NOP

    HINT_NOP

    DAA AAA

    SEGMENT OVERRIDE

    SEGMENT OVERRIDE

    DS

    WRMSR RDTSC

    RDMSR RDPMC SYSENTER SYSEXIT

    GETSEC SMX

    MOVBE / THREE BYTE

    THREE BYTE SSE4

    PUSHAD POPAD BOUND

    ARPL JNB

    FS JE

    GS

    OPERAND SIZE

    ADDRESS SIZE

    PUSH IMUL PUSH IMUL JS JNS JPE JPO

    INS

    OUTS

    SEGMENT OVERRIDE

    SIZE OVERRIDE

    JO

    JNO

    JB

    JNE

    JBE

    JA

    JL

    JGE

    JLE

    JG

    MMX, SSE{2,3} JGE JLE

    Jcc

    ADD/ADC/AND/XOR OR/SBB/SUB/CMP

    TEST

    XCHG

    MOV MOV LEA POP SREG SREG

    JO

    JNO

    JB

    JNB

    JE

    JNE

    JBE

    JA

    JS

    JNS

    JPE

    JPO

    JL

    JG

    Jcc SHORT

    NOP

    CWD CDQ CALLF WAIT TEST STOS

    PUSHFD POPFD

    SAHF LAHF SCAS

    SETO

    SETNO

    SETB

    SETNB

    SETE

    SETNE

    SETBE

    SETA

    SETS

    SETNS

    SETPE

    SETPO

    SETL

    SETGE

    SETLE

    SETG

    SETcc

    MOVS

    CMPS

    LODS

    PUSH POP CPUID BT FS FS CMPXCHG XADD LSS

    SHLD

    PUSH POP RSM BTS GS GS


    POPCNT

    SHRD

    *FENCE

    IMUL

    BTR

    LFS

    LGS

    MOVZX

    UD

    BT BTS BTR BTC

    BTC

    BSF

    BSR

    MOVSX

    SHIFT IMM SHIFT 1

    RETN

    LES

    LDS MOV IMM

    ENTER

    LEAVE

    RETF

    INT3

    INT INTO IRETD IMM

    CMPXCHG

    SHIFT CL

    ROL/ROR/RCL/RCR/SHL/SHR/SAL/SAR

    AAM AAD SALC XLAT IN IMM OUT IMM

    LOOPNZ LOOPZ

    LOOP

    CONDITIONAL LOOP

    JECXZ
    REPE

    CALL JMP JMPF CLC STC CLI

    JMP SHORT

    IN DX

    OUT DX

    LOCK

    EXCLUSIVE ACCESS

    ICE BP

    REPNE

    CONDITIONAL REPETITION

    HLT CMC

    TEST/NOT/NEG [i]MUL/[i]DIV

    STI

    CLD

    STD

    INC DEC

    INC/DEC CALL/JMP PUSH

    Arithmetic & Logic Memory Stack Control Flow & Conditional

    Prefix System & I/O

    General Opcode Structure


    Element Information # of bytes Bit structure Prefix 0-4 Opcode 1-3 O OO OO O D L AddrMode (mod, reg, r/m) 0-1 MM R R R R R R O O E E E MMM D D G G G SIB Byte (scale, index, base) 0-1 S S I I I B B B Displacement 0/1/2/4 Immediate Data 0/1/2/4

    Addressing Modes
    mod r/m 000 001 010 011 Base field Index field Scale field 100 101 110 111
    16bit
    [BX+SI] [BX+DI] [BP+SI] [BP+DI] [SI] [DI] disp16 [BX]

    SIB Byte Structure


    01 10
    32bit
    [EAX]+disp8 [ECX]+disp8 [EDX]+disp8 [EBX]+disp8 SIB+disp8 [EBP]+disp8 [ESI]+disp8 [EDI]+disp8

    00
    32bit
    [EAX] [ECX] [EDX] [EBX] SIB disp32 [ESI] [EDI]

    11
    32bit
    [EAX]+disp32 [ECX]+disp32 [EDX]+disp32 [EBX]+disp32 SIB+disp32 [EBP]+disp32 [ESI]+disp32 [EDI]+disp32

    encoding 000 001 010 011 100 101 110 111

    scale (2bit) 20=1 21=2 2 =4 23=8 ----2

    Index (3bit) [EAX] [ECX] [EDX] [EBX] none [EBP] [ESI] [EDI]

    Base (3bit) EAX ECX EDX EBX ESP


    disp32 / disp8+ [EBP] / disp32 + [EBP]

    16bit
    [BX+SI]+disp8 [BX+DI]+disp8 [BP+SI]+disp8 [BP+DI]+disp8 [SI]+disp8 [DI]+disp8 [BP]+disp8 [BX]+disp8

    16bit
    [BX+SI]+disp16 [BX+DI]+disp16 [BP+SI]+disp16 [BP+DI]+disp16 [SI]+disp16 [DI]+disp16 [BP]+disp16 [BX]+disp16

    r/m // REG
    AL / AX / EAX CL / CX / ECX DL / DX / EDX BL / BX / EBX AH / SP / ESP CH / BP / EBP DH / SI / ESI BH / DI / EDI

    No Operation (NOP) / Multiple Instructions / Extended Instruction Set

    Main Opcode bits Direction bit Operand length bit

    ESI EDI

    r/m field Register/Opcode modifier, defined by primary opcode Addressing mode

    SIB value = index * scale + base

    v1.0 30.08.2011 Contact: Daniel Plohmann +49 228 73 54 228 daniel.plohmann@fkie.fraunhofer.de

    Source: Intel x86 Instruction Set Reference Opcode table presentation inspired by work of Ange Albertini

    You might also like