You are on page 1of 123

X86 Assembly

From Wikibooks, the open-content textbooks collection

1 Introduction
1.1 Why Learn Assembly?
1.2 Who is This Book For?
1.3 Ho is This Book !r"ani#ed?
2 Basic FA$
2.1 Ho %oes the &om'uter (ead)*nderstand Assembly?
2.2 Is it the +ame !n Windos)%!+)Linu,?
2.3 Which Assembler is Best?
2.- %o I .eed to /no Assembly?
2.0 Ho +hould I Format my &ode?
3 123 Family
3.1 Intel ,23 4icro'rocessors
3.2 A4% ,23 &om'atible 4icro'rocessors
- 123 Architecture
-.1 ,23 Architecture
-.1.1 5eneral 6ur'ose (e"isters 756(8
-.1.2 +e"ment (e"isters
-.1.3 9FLA5+ (e"ister
-.1.- Instruction 6ointer
-.1.0 4emory
-.1.3 To:s com'lement re'resentation
-.1.; Addressin" modes
-.2 +tack
-.3 &6* !'eration 4odes
-.3.1 (eal 4ode
-.3.2 6rotected 4ode
-.3.2.1 Flat 4emory 4odel
-.3.2.2 4ulti<+e"mented 4emory 4odel
0 &omments
0.1 &omments
0.2 HLA &omments
3 13 32 and 3- Bits
3.1 The 2=23 (e"isters
3.1.1 9,am'le
3.2 The A2= 5ate +a"a
3.3 32<Bit Addressin"
; 123 Instructions
;.1 &on>entions
2 %ata Trans?er
2.1 %ata trans?er instructions
2.1.1 4o>e
2.1.2 %ata +a'
2.1.3 4o>e and 9,tend
2.1.- 4o>e by %ata +i#e
The Wikibook o?
,23 Assembly Lan"ua"e
x86 Assembly
Why Learn Assembly
Assembly is the most 'rimiti>e tool in the 'ro"rammers toolbo,. 9ntire so?tare 'ro@ects
can be ritten ithout e>er once lookin" at a sin"le line o? assembly code. +o the
Auestion arisesB hy learn assembly? Assembly lan"ua"e is the closest ?orm o?
communication that humans can en"a"e in ith a com'uter. *sin" assemblyC the
'ro"rammer can 'recisely track the ?lo o? data and e,ecution in a 'ro"ram. AlsoC
another bene?it to learnin" assemblyC is that once a 'ro"ram has been com'iledC it is
di??icult<<i? not im'ossible<<to decom'ile the code. That means that i? you ant to
e,amine a 'ro"ram that is already com'iledC you ill need to e,amine it in assembly
lan"ua"e. %ebu""ers also ill ?reAuently only sho the 'ro"ram code in assembly
lan"ua"e. I? nothin" elseC it can be bene?icial to learn to read assembly lan"ua"eC i? not
rite it.
Assembly lan"ua"e is also the 're?erred toolC i? not the only tool a>ailable ?or
im'lementin" some lo<le>el tasksC such as bootloadersC and lo<le>el kernel
com'onents. &ode ritten in assembly has less o>erhead than code ritten in hi"h<le>el
lan"ua"esC so assembly code ?reAuently ill run much ?aster than 'ro"rams ritten in
other lan"ua"es. &ode that is ritten in a hi"h<le>el lan"ua"e can be com'iled into
assemblyC and Dhand o'timi#edD to sAuee#e e>ery last bit o? s'eed out o? a section o?
code. As hardare manu?acturers such as Intel and A4% add ne ?eatures and ne
instructions to their 'rocessorsC o?ten times the only ay to access those ?eatures is to use
assembly routines. That isC at least until the ma@or com'iler >endors add su''ort ?or those
%e>elo'in" a 'ro"ram in assembly can be a >ery time consumin" 'rocessC hoe>er.
While it mi"ht not be a "ood idea to rite ne 'ro@ects in assembly lan"ua"eC it is
certainly >aluable to kno a little bit about assembly lan"ua"e anyay.
Who is !his "ook For
This book ill ser>e as an introduction to assembly lan"ua"eC but it ill also ser>e as a
"ood resource ?or 'eo'le ho already kno the to'icC but need some more in?ormation
on ,23 system architectureC and ad>anced uses o? ,23 assembly lan"ua"e. All readers are
encoura"ed to read 7and contribute to8 this bookC althou"h a 'rior knoled"e o?
'ro"rammin" ?undamentals ould be a de?inite bene?it.
#o$ is !his "ook %r&ani'ed
The ?irst section ill talk about the ,23 ?amily o? chi'sC and ill introduce the basic
instruction set. The second section ill talk about the di??erences beteen the synta, o?
di??erent assemblers. The third section ill talk about some o? the additional instruction
sets a>ailableC includin" the Floatin"<6oint o'erationsC the 441 o'erationsC and the ++9
The ?ourth section ill talk about some ad>anced to'ics in ,23 assemblyC includin" some
lo<le>el 'ro"rammin" tasks such as ritin" bootloaders. There are many tasks that
cannot be easily im'lemented in a hi"her<le>el lan"ua"e such as & or &EE. For e,am'leC
tasks such as enablin" and disablin" interru'tsC enablin" 'rotected modeC accessin" the
&ontrol (e"istersC creatin" a 5lobal %escri'tor TableC etc. all need to be handled in
assembly. The ?ourth section ill also talk about ho to inter?ace assembly lan"ua"e
ith & and other hi"h<le>el lan"ua"es. !nce a ?unction is ritten in Assembly 7a
?unction to enable 'rotected modeC ?or instance8C e can inter?ace that ?unction to a
lar"erC &<based 7or e>en &EE based8 kernel. The Fi?th section ill deal ith the standard
,23 chi'setC ill talk about the basic ,23 com'uter architectureC and ill "enerally deal
ith the hardare side o? thin"s.
The current layout o? the book is desi"ned to "i>e readers as much in?ormation as they
needC ithout "oin" o>erboard. (eaders ho ant to learn assembly lan"ua"e on a "i>en
assembler only need to read the ?irst section and the cha'ter in the second section that
directly relates to their assembler. 6ro"rammers lookin" to im'lement the 441 or ++9
instructions ?or di??erent al"orithms only really need to read section 3. 6ro"rammers
lookin" to im'lement bootloaders and kernelsC or other lo<le>el tasksC can read section
-. 6eo'le ho really ant to "et to the nitty<"ritty o? the ,23 hardare desi"n can
continue readin" on throu"h section 0.
"asic FA(
x86 Assembly
This 'a"e is "oin" to ser>e as a basic FA$ ?or 'eo'le ho are ne to assembly lan"ua"e
#o$ )oes the Computer *ead+,nderstand Assembly
The com'uter doesn:t really DreadD or DunderstandD anythin" per seC but that:s beside the
'oint. The ?act is that the com'uter cannot read the assembly lan"ua"e that you rite.
Four assembler ill con>ert the assembly lan"ua"e into a ?orm o? binary in?ormation
called Dmachine codeD that your com'uter uses to 'er?orm its o'erations. I? you don:t
assemble the codeC it:s com'lete "ibberish to the com'uter.
That saidC assembly is noted because each assembly instruction usually relates to @ust a
sin"le machine codeC and it is 'ossible ?or Dmere mortalsD to do this task directly ith
nothin" but a blank sheet o? 'a'erC a 'encilC and an assembly instruction re?erence book.
Indeed in the early days o? com'uters this as a common task and e>en reAuired in some
instances to Dhand assembleD machine instructions ?or some basic com'uter 'ro"rams. A
classical e,am'le o? this as done by +te>e Wo#niakC hen he hand assembled the entire
Inte"er BA+I& inter'reter into the 30=2 machine code ?or use on his initial A''le I
com'uter. It should be notedC hoe>erC that such tasks ?or commercially distributed
so?tare are such rarities that they deser>e s'ecial mention ?rom that ?act alone. GeryC
>ery ?e 'ro"rammers ha>e actually done this ?or more than a ?e instructionsC and e>en
then @ust ?or a classroom assi"nment.
Is it the -ame %n Windo$s+)%-+Linux
The ansers to this Auestion are yes and no. The basic ,23 machine code is de'endent
only on the 'rocessor. The ,23 >ersions o? Windos and Linu, are ob>iously built on the
,23 machine code. There are a ?e di??erences beteen Linu, and Windos
'ro"rammin" in ,23 AssemblyB
1. !n a Linu, com'uterC the most 'o'ular assembler is the 5A+ assemblerC hich
uses the ATHT synta, ?or ritin" codeC or .etide Assembler hich is also
knon as .A+4 hich uses a synta, similar to 4A+4.
2. !n a Windos com'uterC the most 'o'ular assembler is 4A+4C hich uses the
Intel synta,.
3. The list o? a>ailable so?tare interru'tsC and their ?unctionsC is di??erent on
Windos and Linu,.
-. The list o? a>ailable code libraries is di??erent on Windos and Linu,.
*sin" the same assemblerC the basic assembly code ritten on each !'eratin" +ystem is
basically the sameC e,ce't you interact ith Windos di??erently than you interact ith
Linu,C etc.
Which Assembler is "est
The short anser is that none o? the assemblers are better than the othersC it:s a matter o?
'ersonal 're?erence.
The lon" anser is that di??erent assemblers ha>e di??erent ca'abilitiesC drabacksC etc. I?
you only kno 5A+ synta,C then you ill 'robably ant to use 5A+. I? you kno Intel
synta, and are orkin" on a indos machineC you mi"ht ant to use 4A+4. I? you
don:t like some o? the Auirks or com'le,ities o? 4A+4 and 5A+C you mi"ht ant to try
FA+4 and .A+4. We ill co>er the di??erences beteen the di??erent assemblers in
section 2.
)o I .eed to /no$ Assembly
Fou don:t need to kno assembly ?or most com'uter tasksC but it certainly is nice.
Learnin" assembly is not about learnin" a ne 'ro"rammin" lan"ua"e. I? you are "oin"
to start a ne 'ro"rammin" 'ro@ect 7unless that 'ro@ect is a bootloader or a de>ice dri>er
or a kernel8C then you ill 'robably ant to a>oid assembly like the 'la"ue. An e,ce'tion
to this could be i? you absolutely need to sAuee#e the last bits o? 'er?ormance out o? a
con"ested inner loo' and your com'iler is 'roducin" subo'timal code. /ee' in mindC
thou"hC that 'remature o'timi#ation is the root o? all e>ilC althou"h some com'utin"<
intense realtime tasks can only easily be o'timi#ed su??iciently i? o'timi#ation techniAues
are understood and 'lanned ?or ?rom the start.
Hoe>erC learnin" assembly "i>es a 'articular insi"ht into ho your com'uter orks on
the inside. When you 'ro"ram in a hi"her<le>el lan"ua"e like &C or AdaC or e>en Ia>a and
6erlC all your code ill e>entually need to be con>erted into terms o? machine code
instructionsC so your com'uter can e,ecute them. *nderstandin" the limits o? e,actly
hat the 'rocessor can doC at the most basic le>elC ill also hel' hen 'ro"rammin" a
hi"her<le>el lan"ua"e.
#o$ -hould I Format my Code
4ost assemblers reAuire that assembly code instructions each a''ear on their on lineC
and are se'arated by a carria"e return. 4ost assemblers also allo ?or hites'ace to
a''ear beteen instructionsC o'erandsC etc. 9,actly ho you ?ormat code is u' to youC
althou"h there are some common aysB
!ne ay kee's e>erythin" lined u'B
mov ax, bx
add ax, bx
jmp Label3
mov ax, cx
Another ay kee's all the labels in one columnC and all the instructions in another
Label1: mov ax, bx
add ax, bx
jmp Label3
Label2: mov ax, cx
Another ay 'uts labels on their on linesC and indents instructions sli"htlyB
mov ax, bx
add ax, bx
jmp Label3
mov ax, cx
Fet another ay ill se'arate labels and instructions into se'arate columnsC A.% kee'
labels on their on linesB
mov ax, bx
add ax, bx
jmp Label3
mov ax, cx
+o there are a million di??erent ays to do itC but there are some "eneral rules that
assembly 'ro"rammers "enerally ?olloB
1. make your labels ob>iousC so other 'ro"rammers can see here they are
2. more structure 7indents8 ill make your code easier to read
3. use commentsC to e,'lain hat you are doin".
X86 Family
x86 Assembly
The ,23 ?amily o? micro'rocessors is a >ery lar"e ?amily o? chi's ith a lon" history.
This 'a"e ill talk about the s'eci?ics o? each di??erent 'rocessor in this ?amily. ,23
micro'rocessors are also called JIA<32K 'rocessors.
Intel x86 0icroprocessors
Wiki'edia has related in?ormation at List of Intel
2=23)2=2; 71L;28
The 2=23 as the ori"inal Intel 4icro'rocessorC ith the 2=2; as its ?loatin"<'oint
co'rocessor. The 2=23 as Intel:s ?irst 13<bit micro'rocessor.
2=22 71L;L8
A?ter the de>elo'ment o? the 2=23C Intel also created the loer<cost 2=22. The 2=22
as similar to the 2=23C but ith an 2<bit data bus instead o? a 13<bit bus.
2=123)2=12; 71L228
The 123 as the second Intel chi' in the ?amilyM the 2=12; as its ?loatin" 'oint
co'rocessor. 9,ce't ?or the addition o? some ne instructionsC o'timi#ation o?
some old onesC and an increase in the clock s'eedC this 'rocessor as identical to
the 2=23.
2=223)2=22; 71L228
The 223 as the third model in the ?amilyM the 2=22; as its ?loatin" 'oint
co'rocessor. The 223 introduced the J6rotected 4odeK mode o? o'erationC as
o''osed to the J(eal 4odeK that the earlier models used. All ,23 chi's can be
made to run in real mode or in 'rotected mode.
2=323 71L208
The 323 as the ?ourth model in the ?amily. It as the ?irst Intel micro'rocessor
ith a 32<bit ord. The 323%1 model as the ori"inal 323 chi'C and the 323+1
model as an economy model that used the same instruction setC but hich only
had a 13<bit bus. The 32391 model is still used today in embedded systems.
2=-23 71L2L8
The -23 as the ?i?th model in the ?amily. It had an inte"rated ?loatin" 'oint unit
?or the ?irst time in ,23 history. 9arly model 2=-23 %1 chi's ?ound to ha>e
de?ecti>e F6*:s ere 'hysically modi?ied to disconnect the F6* 'ortion o? the chi'
and sold as the -23+1 7-23<+110C -23<+12=C and -23<+1208. A -2; Dmath
co'rocessorD as a>ailable to -23+1 users and as essentially a -23%1 ith a
orkin" F6* and an e,tra 'in added. The arri>al o? the -23%1<0= 'rocessor sa
the ides'read introduction o? ?anless heat<sinks bein" used to kee' the 'rocessors
?rom o>erheatin".
6entium 71LL38
Intel called it the J6entiumK because they couldn:t trademark the code number
J2=023K. The ori"inal 6entium as a ?aster chi' than the -23 ith a ?e other
enhancementsM later models also inte"rated the 441 instruction set.
6entium 6ro 71LL08
The 6entium 6ro as the si,th<"eneration architecture micro'rocessorC ori"inally
intended to re'lace the ori"inal 6entium in a ?ull ran"e o? a''licationsC but later
reduced to a more narro role as a ser>er and hi"h<end deskto' chi'.
6entium II 71LL;8
The 6entium II as based on a modi?ed >ersion o? the 63 core ?irst used ?or the
6entium 6roC but ith im'ro>ed 13<bit 'er?ormance and the addition o? the 441
+I4% instruction setC hich had already been introduced on the 6entium 441.
6entium III 71LLL8
Initial >ersions o? the 6entium III ere >ery similar to the earlier 6entium IIC the
most notable di??erence bein" the addition o? ++9 instructions.
6entium - 72===8
The 6entium - had a ne ;th "eneration D.etBurstD architecture. It is currently the
?astest ,23 chi' on the market ith res'ect to clock s'eedC ca'able o? u' to 3.2
5H#. 6entium - chi's also introduced the notions JHy'er Threadin"KC and J4ulti<
&oreK chi's.
&ore 72==38
The architecture o? the &ore 'rocessors as actually an e>en more ad>anced
>ersion o? the 3th "eneration architecture datin" back to the 1LL0 6entium 6ro. The
limitations o? the .etBurst architectureC es'ecially in mobile a''licationsC ere too
"reat to @usti?y creation o? more .etBurst 'rocessors. The &ore 'rocessors ere
desi"ned to o'erate more e??iciently ith a loer clock s'eed. All &ore branded
'rocessors had to 'rocessin" coresM the &ore +olos had one core disabledC hile
the &ore %uos used both 'rocessors.
&ore 2 72==38
An u'"radedC 3-<bit >ersion o? the &ore architecture. All deskto' >ersions are
&eleron 7?irst model 1LL28
The &eleron chi' is actually a lar"e number o? di??erent chi' desi"nsC de'endin" on
'rice. &eleron chi's are the economy line o? chi'sC and are ?reAuently chea'er than
the 6entium chi'sNe>en i? the &eleron model in Auestion is based o?? a 6entium
1eon 7?irst model 1LL28
The 1eon 'rocessors are modern Intel 'rocessors made ?or ser>ersC hich ha>e a
much lar"er cache 7measured in me"abytes in com'arison to other chi's kilobyte
si#e cache8 than the 6entium micro'rocessors.
A0) x86 Compatible 0icroprocessors
Wiki'edia has related in?ormation at List of AMD
Athlon is the brand name a''lied to a series o? di??erent ,23 'rocessors desi"ned
and manu?actured by A4%. The ori"inal AthlonC or Athlon &lassicC as the ?irst
se>enth<"eneration ,23 'rocessor andC in a ?irstC retained the initial 'er?ormance
lead it had o>er Intel:s com'etin" 'rocessors ?or a si"ni?icant 'eriod o? time.
Turion 3- is the brand name A4% a''lies to its 3-<bit lo<'oer 7mobile8
'rocessors. Turion 3- 'rocessors 7but not Turion 3- 12 'rocessors8 are com'atible
ith A4%:s +ocket ;0- and are eAui''ed ith 012 or 1=2- /iB o? L2 cacheC a 3-<
bit sin"le channel on<die memory controllerC and an 2==4H# Hy'erTrans'ort bus.
The A4% %uron as an ,23<com'atible com'uter 'rocessor manu?actured by
A4%. It as released as a lo<cost alternati>e to A4%:s on Athlon 'rocessor
and the 6entium III and &eleron 'rocessor lines ?rom ri>al Intel.
+em'ron isC as o? 2==3C A4%:s entry<le>el deskto' &6*C re'lacin" the %uron
'rocessor and com'etin" a"ainst Intel:s &eleron % 'rocessor.
The A4% !'teron is the ?irst ei"hth<"eneration ,23 'rocessor 7/2 core8C and the
?irst o? A4%:s A4%3- 7,23<3-8 'rocessors. It is intended to com'ete in the ser>er
marketC 'articularly in the same se"ment as the Intel 1eon 'rocessor.
X86 Architecture
x86 Assembly
x86 Architecture
The ,23 architecture has 2 5eneral<6ur'ose (e"isters 756(8C 3 +e"ment (e"istersC 1
Fla"s (e"ister and an Instruction 6ointer.
Wiki'edia has related in?ormation at Processor
1eneral 2urpose *e&isters 312*4
The 2 56(s are B
1. 9A1 B Accumulator re"ister. *sed in arithmetic o'erations.
2. 9&1 B &ounter re"ister. *sed in shi?t)rotate instructions.
3. 9%1 B %ata re"ister. *sed in arithmetic o'erations and I)! o'erations.
-. 9B1 B Base re"ister. *sed as a 'ointer to data 7located in %+ in se"mented mode8.
0. 9+6 B +tack 6ointer re"ister. 6ointer to the to' o? the stack.
3. 9B6 B +tack Base 6ointer re"ister. *sed to 'oint to the base o? the stack.
;. 9+I B +ource re"ister. *sed as a 'ointer to a source in stream o'erations.
2. 9%I B %estination re"ister. *sed as a 'ointer to a destination in stream o'erations.
9ach o? the 56( are 32 bits ide and are said to be 9,tended (e"isters 7thus their 9,,
name8. Their 13 Least +i"ni?icant Bits 7L+Bs8 can be accessed usin" their une,tended
'artsC namely A1C &1C %1C B1C +6C B6C +IC and %I.
The e,tended re"isters can be se'arated into Dhi"hD 7the 13 4ost +i"ni?icant Bits8 and
DloD 7the 13 Least +i"ni?icant Bits8 'ortions. Thus an e,tended re"ister has the ?ormB
7HereC an H or an L denotes a sin"le bit.8 hich can also be e,'ressed asB
Where HW and LW denote DHi"h WordD and DLo WordD res'ecti>ely.
For the - ?irst re"isters 7A1C &1C %1C B18C the 2 4ost +i"ni?icant Bits 74+Bs8 and the 2
L+Bs o? their lo ord can also be accessed >ia AHC &HC %HC BH and ALC &LC %LC BL
AH is an abbre>iation ?or DA1 Hi"hD. This term ori"inates ?rom the ?act that the lo
ord o? the re"ister can be decom'osed into its hi"h and lo bytes. The &HC %HC and BH
mnemonics are to be inter'reted in a similar ?ashion.
LikeiseC AL is an abbre>iation ?or DA1 LoD. &LC %LC and BL are similiarily named.
-e&ment *e&isters
The 3 +e"ment (e"isters areB
++ B +tack +e"ment. 6ointer to the stack.
&+ B &ode +e"ment. 6ointer to the code.
%+ B %ata +e"ment. 6ointer to the data.
9+ B 9,tra +e"ment. 6ointer to e,tra data. 7:9: stands ?or D9,traD8
F+ B F +e"ment. 6ointer to more e,tra data. 7:F: comes a?ter :9:8
5+ B 5 +e"ment. 6ointer to still more e,tra data. 7:5: comes a?ter :F:8
4ost a''lications on most modern o'eratin" systems 7like Linu, or 4icroso?t Windos8
use a memory model that 'oints nearly all se"ment re"isters to the same 'lace 7and uses
'a"in" instead8C e??ecti>ely disablin" their use. Ty'ically F+ or 5+ is an e,ce'tion to this
ruleC to be used to 'oint at thread<s'eci?ic data.
5FLA1- *e&ister
The 9FLA5+ is a 32 bits re"ister used as a >ector to store and control the results o?
o'erations and the state o? the 'rocessor.
The names o? these bits areB
31 3= 2L 22 2; 23 20 2- 23 22 21 2= 1L 12 1; 13
= = = = = = = = = = I% GI6 GIF A& G4 (F
10 1- 13 12 11 1= L 2 ; 3 0 - 3 2 1 =
= .T I%2L !F %F IF TF +F RF = AF = 6F 1 &F
The bits named = and 1 are reser>ed bits and shouldn:t be modi?ied.
!he di66erent use o6 these 6la&s are7
&F B &arry Fla". +et i? the last arithmetic o'eration carried 7addition8 or borroed
7subtraction8 a bit beyond the si#e o? the re"ister. This is then checked hen the
o'eration is ?olloed ith an add<ith<carry or subtract<ith<borro to deal ith
>alues too lar"e ?or @ust one re"ister to contain.
6F B 6arity Fla". +et i? the number o? set bits in the least si"ni?icant byte is a
multi'le o? 2.
AF B Ad@ust Fla". &arry o? Binary &ode %ecimal 7B&%8 numbers arithmetic
3. RF B Rero Fla". +et i? the result o? an o'eration is Rero 7=8.
;. +F B +i"n Fla". +et i? the result o? an o'eration is ne"ati>e.
2. TF B Tra' Fla". +et i? ste' by ste' debu""in".
L. IF B Interru'tion Fla". +et i? interru'ts are enabled.
%F B %irection Fla". +tream direction. I? setC strin" o'erations ill decrement their
'ointer rather than incrementin" itC readin" memory backards.
!F B !>er?lo Fla". +et i? si"ned arithmetic o'erations result in a >alue too lar"e
?or the re"ister to contain.
I!6L B I)! 6ri>ile"e Le>el ?ield 72 bits8. I)! 6ri>ile"e Le>el o? the current 'rocess.
.T B .ested Task ?la". &ontrols chainin" o? interru'ts. +et i? the current 'rocess is
linked to the ne,t 'rocess.
13. (F B (esume Fla". (es'onse to debu" e,ce'tions.
1;. G4 B Girtual<2=23 4ode. +et i? in 2=23 com'atibility mode.
A& B Ali"nment &heck. +et i? ali"nment checkin" in o? memory re?erences are
1L. GIF B Girtual Interru't Fla". Girtual ima"e o? IF.
2=. GI6 B Girtual Interru't 6endin" ?la". +et i? an interru't is 'endin".
21. I% B Identi?ication Fla". +u''ort ?or &6*I% instruction i? can be set.
Instruction 2ointer
The 9I6 re"ister contains the address o? the next instruction to be e,ecuted i? no
branchin" is done.
9I6 can only be read throu"h the stack a?ter a call instruction.
The ,23 architecture is Little 9ndianC meanin" that multi<byte >alues are ritten least
si"ni?icant byte ?irst. This re?ers to the orderin" o? the bytesC not bits.
+o the 32 bit >alue B3B2B1B= on an ,23 ould be re'resented in memory asB
Little endian representation
Byte = Byte 1 Byte 2 Byte 3
For e,am'leC the 32 bits ord =,1BA023%- 7the 8x denotes he,adecimal8 ould be
ritten in memory asB
Little endian example
%- 23 A0 1B
Thus seen as =,%- =,23 =,A0 =,1B hen doin" a memory dum'.
!$o9s complement representation
To:s com'lement is the standard ay o? re'resentin" ne"ati>e inte"ers in binary. A
number:s si"n is chan"ed by in>ertin" all o? the bits and addin" one.
is in>erted toB
addin" one
===1 re'resent decimal 1
1111 re'resent decimal <1
Addressin& modes
Addressin" modesB indicates the manner in hich the o'erand is accessed
(e"ister Addressin"
7o'erand address ( is in the address ?ield8
mov ax, bx ; moves contents of register bx into ax
7actual >alue is in the ?ield8
mov ax, 1 ; moves value of 1 into register ax
mov ax, 0x010C ; moves value of 0x10C into register ax
%irect memory addressin"
7o'erand address is in the address ?ield8
mov ax, 102!" #ctual address is $%:0 & 102!
%irect o??set addressin"
7uses arithmetics to modi?y address8
b'te(tbl db 12,1),1*,22,..... ;+able of b'tes
mov al,b'te(tbl&2
mov al,b'te(tbl2" ; same as t!e former
(e"ister Indirect
7?ield 'oints to a re"ister that contains the o'erand address8
mov ax,di"
The re"isters used ?or indirect addressin" are B1C B6C +IC %I
Base %is'lacement
mov ax, arrbx" ,!ere bx is t!e displacement inside t!at arra'
mov ax,bx & di"
For e,am'leC i? e are talkin" about an arrayC b, is the base o? the addressC and di is
the inde, o? the array.
Base<inde, ith dis'lacement
mov ax,bx & di & 10"
The stack is a Last In First !ut 7LIF!8 stackM data is 'ushed onto it and 'o''ed o?? o? it
in the re>erse order.
mov ax, 00*#!
mov bx, -./#!
mov cx, 1120!
pus! ax
Fou 'ush the >alue in A1 onto the to' o? the stackC hich no holds the >alue S==3A
pus! bx
Fou do the same thin" to the >alue in B1M the stack no has S==3A and SF;LA
pus! cx
.o the stack has S==3AC SF;LAC and S112-
call do(stuff
%o some stu??. The ?unction is not ?orced to sa>e the re"isters it usesC hence us sa>in"
pop cx
6o' the last element 'ushed onto the stack into &1C S112-M the stack no has S==3A and
pop bx
6o' the last element 'ushed onto the stack into B1C SF;LAM the stack no has @ust S==3A
pop ax
6o' the last element 'ushed onto the stack into A1C S==3AM the stack is em'ty
The +tack is usually used to 'ass ar"uments to ?unctions or 'rocedures and also to kee'
track o? control ?lo hen the call instruction is used. The other common use o? the
+tack is tem'orarily sa>in" re"isters.
C2, %peration 0odes
*eal 0ode
(eal 4ode is a holdo>er ?rom the ori"inal Intel 2=23. Fou "enerally on:t need to kno
anythin" about it 7unless you are 'ro"rammin" ?or a %!+<based system orC most likelyC
ritin" a boot loader that is directly called by the BI!+8.
The Intel 2=23 accessed memory usin" 2=<bit addresses. ButC as the 'rocessor itsel? as
13<bitC Intel in>ented an addressin" scheme that 'ro>ided a ay o? ma''in" a 2=<bit
addressin" s'ace into 13<bit ords. Today:s ,23 'rocessors start in the so<called (eal
4odeC hich is an o'eratin" mode that mimics the beha>iour o? the 2=23C ith some
>ery tiny di??erencesC ?or backards com'atibility.
In (eal 4odeC a se"ment and an o??set re"ister are used to"ether to yield a ?inal memory
address. The >alue in the se"ment re"ister is multi'lied by 13 7or shi?ted - bits to the le?t8
and the o??set is added to the result. This 'ro>ides a usable s'ace o? 1 4B. Hoe>erC a
Auirk o? the addressin" scheme allos access 'ast the 1 4B limit i? a se"ment address o?
=,FFFF 7the hi"hest 'ossible8 is usedM on the 2=23 and 2=22C all accesses to this area
ra''ed around to the lo end o? memoryC but on the 2=223 and laterC u' to 3002= bytes
'ast the 14B mark can be addressed this ay i? the A2= address line is enabled. See: The
A20 Gate Saga
!ne bene?it shared by (eal 4ode se"mentation and by 6rotected 4ode 4ulti<+e"ment
4emory 4odel is that all addresses must be "i>en relati>e to another address 7this isC the
se"ment base address8. A 'ro"ram can ha>e its on address s'ace and com'letely i"nore
the se"ment re"istersC and thus no 'ointers ha>e to be relocated to run the 'ro"ram.
6ro"rams can 'er?orm near calls and @um's ithin the same se"mentC and data is alays
relati>e to se"ment base addresses 7hich in the (eal 4ode addressin" scheme are
com'uted ?rom the >alues loaded in the +e"ment (e"isters8.
This is hat the %!+ T.&!4 ?ormat doesM the contents o? the ?ile are loaded into
memory and blindly run. Hoe>erC due to the ?act that (eal 4ode se"ments are alays
3-/B lon"C &!4 ?iles could not be lar"er than that 7in ?actC they had to ?it into 3022=
bytesC since %!+ used the ?irst 203 o? a se"ment ?or housekee'in" data8M ?or many years
this asn:t a 'roblem.
2rotected 0ode
Flat 0emory 0odel
I? 'ro"rammin" in a modern o'eratin" system 7such as Linu,C Windos8C you are
basically 'ro"rammin" in ?lat 32<bit mode. Any re"ister can be used in addressin"C and it
is "enerally more e??icient to use a ?ull 32<bit re"ister instead o? a 13<bit re"ister 'art.
AdditionallyC se"ment re"isters are "enerally unused in ?lat modeC and it is "enerally a
bad idea to touch them.
0ulti--e&mented 0emory 0odel
x86 Assembly
When ritin" codeC it is >ery hel'?ul to use some comments to e,'lain hat is "oin" on.
A comment is a section o? re"ular te,t that the assembler i"nores hen turnin" the
assembly code into the machine code. In assemblyC comments are usually denoted ith a
semicolon DMD.
Here is an e,am'leB
mov ax, bx ;,e move bx into ax
add ax, bx ;add t!e contents of bx into ax
9>erythin" a?ter the semicolonC on the same lineC is i"nored. Let:s sho another e,am'leB
mov ax, bx
;mov cx, ax
HereC the assembler ne>er sees the second instruction Dmo> c,C a,DC because it i"nores
e>erythin" a?ter the semicolon.
#LA Comments
The HLA assembler also has the ability to rite comments in & or &EE styleC but e
can:t use the semicolons. This is because in HLAC the semicolons are used at the end o?
e>ery instructionB
mov1ax, bx2; 33+!is is a C&& comment.
34mov1cx, ax2; ever't!ing bet,een t!e slas!5stars is commented out.
+!is is a C comment43
&EE comments "o all the ay to the end o? the lineC but & comments "o on ?or many
lines ?rom the D)TD all the ay until the DT)D. For a better understandin" o? & and &EE
comments in HLAC see 6ro"rammin"B& or the &EE Wikibooks.
:6 ;< and 6= "its
x86 Assembly
,23 assembly has a number o? di??erences beteen architectures that are 13 bitsC 32 bitsC
and 3- bits. This 'a"e ill talk about some o? the basic di??erences beteen architectures
ith di??erent bit idths.
!he 8886 *e&isters
All the 2=23 re"isters ere 13<bit ide. The 2=23 re"isters are the ?olloin"B A1C B1C
&1C %1C B6C +6C %IC +IC &+C ++C 9+C %+C I6.
Also on any Windos<based systemC by enterin" into %!+ shell you can run a >ery
handy 'ro"ram called Ddebu".e,eDC >ery use?ul ?or learnin" about 2=23 and is shi''ed
alon" ith all Windos >ersions.
A1C B1C &1C %1
These re"isters can also be addressed as 2<bit re"isters. +o A1 U AH 7hi"h 2<bit8
and AL 7lo 2<bit8.
+o the 'roblem as thisB ho can a 2=<bit address s'ace be re?erred to by the 13<bit
re"isters? To sol>e this 'roblemC they came u' ith se"ment re"isters &+ 7&ode
+e"ment8C %+ 7%ata +e"ment8C 9+ 79,tra +e"ment8C and ++ 7+tack +e"ment8. To con>ert
a 2=<bit addressC one ould ?irst di>ide it by 13 and 'lace the Auotient in the se"ment
re"ister and remainder in the o??set re"ister. This as re'resented as &+BI6 7this meansC
&+ is the se"ment and I6 is the o??set8. LikeiseC hen an address is ritten ++B+6 it
means ++ is the se"ment and +6 is the o??set.
I? &+ U =,202& and I6 U =,==12 7the D=,D 're?i, denotes he,adecimal notation8C then
&+BI6 ill 'oint to a 2= bit address eAui>alent to D&+ T 13 E I6D hich ill be U =,202&
T =,1= E =,==12 7(ememberB 13 decimal U =,1=8
+o &+BI6 U &+,13 E I6 U =,202&T=,1= E =,==12 U =,202%2. The 2=<bit address is
knon as an Absolute address and the +e"mentB!??set re'resentation 7&+BI68 is knon as
a +e"mented Address.
It is im'ortant to note that there is not a one<to<one ma''in" o? 'hysical addresses to
se"mented addressesM ?or any 'hysical addressC there is more than one 'ossible
se"mented address. For e,am'leB consider the se"mented re'resentations B===B2=== and
B2==B3===. 9>aluatedC they both ma' to 'hysical address B2===. 7B===B2=== U
B===,1=E2=== U B====E2=== U B2=== and B2==B3=== U B2==,1=E3=== U
B2===E3=== U B2===8 Hoe>erC usin" an a''ro'riate ma''in" scheme a>oids this
'roblemB such a ma' a''lies a linear trans?ormation to the 'hysical addresses to create
'recisely one se"mented address ?or each. To re>erse the translationC the ma' O?7,8P is
sim'ly in>erted.
For e,am'leC i? the se"ment 'ortion is eAual to the 'hysical address di>ided by =,1= and
the o??set is eAual to the remainderC only one se"mented address ill be "enerated. 7.o
o??set ill be "reater than =,=?.8 6hysical address B2=== ma's to 7B2===)1=8B
7B2===V1=8 or B2==B=. This +e"mented re'resentation is "i>en a s'ecial nameB such
addresses are said to be D.ormali#ed AddressesD.
&+BI6 7&ode +e"mentB Instruction 6ointer8 re'resents the 2= bit address o? the 'hysical
memory ?rom here the ne,t instruction ?or e,ecution ill be 'icked u'. LikeiseC
++B+6 7+tack +e"mentB +tack 6ointer8 'oints to a 2= bit absolute address hich ill be
treated as +tack To' 72=23 uses this ?or 'ushin")'o''in" >alues8
!he A<8 1ate -a&a
Like said earlier alsoC the 2=23 'rocessor had 2= address lines 7?rom A= to A1L8C so the
total memory addressable by it as 14B 7or D2 to the 'oer 2=D8. But since it had only
13 bit re"istersC they came u' ith se"mentBo??set scheme or else usin" a sin"le 13<bit
re"ister they couldn:t ha>e 'ossibly accessed more than 3-/b 7or 2 to the 'oer 138 o?
memory. +o this made it 'ossible ?or a 'ro"ram to access the hole o? 14B o? memory.
But ith se"mentation scheme also came a side e??ect. .ot only could your code re?er to
the hole o? 14B ith this schemeC but actually a little more than that. Let:s see ho...
Let:s kee' in mindC ho e con>ert ?rom a +e"mentB!??set re'resentation to Linear 2=
bit re'resentation.
The &on>ersionB<
%egment:6ffset 7 %egment x 1* & 6ffset
.o to see the ma,imum amount o? memory that can be addressedC let:s ?ill in both
+e"ment and !??set to their ma,imum >alues and then con>ert that >alue to its 2=<bit
absolute 'hysical address.
+oC 4a, >alue ?or se"ment U FFFF H 4a, >alue ?or !??set U FFFF
.oC lets con>ertC FFFFBFFFF into its 2=<bit linear addressC bearin" in mind 13 is
re'resented as 1= in he,adecimal B<
.oteB FFFFF 3is hexadecimal4 and is e>ual to :0" 7one me"abyte8 and
FFF0 is equal to 64Kb minus 16 bytes.
0oral o6 the story7 From (eal mode a 'ro"ram can actually re?er to 714B E 3-/B < 138
bytes o? memory.
.otice the use o? the ord Dre?erD and not DaccessD. 6ro"ram can re?er to this much
memory but hether it can access it or not is de'endent on the number o? address lines
actually 'resent. +o ith the 2=23 this as de?initely not 'ossible because hen
'ro"rams made re?erences to 14B 'lus memoryC the address that as 'ut on the address
lines as actually more than 2=<bitsC and this resulted in ra''in" around o? the
For e,am'leC i? a code is re?errin" to 14b E 1C this ill "et ra''ed around and 'oint to
Reroth location in memoryC likeise 14BE2 ill ra' around to address 1 7or
.o there ere some su'er ?unky 'ro"rammers around that time ho mani'ulated this
?eature in their codeC that the addresses "et ra''ed around and made their code a little
?aster and a ?eer bytes shorter. *sin" this techniAue it as 'ossible ?or them to access
32kb o? to' memory area 7that is 32kb touchin" 14B boundary8 and 32kb memory o? the
bottom memory areaC ithout actually reloadin" their se"ment re"istersW
+im'le maths you seeC i? in +e"mentB!??set re'resentation you make +e"ment constantC
then since !??set is a 13<bit >alue there?ore you can roam around in a 3-/b 7or 2 to the
'oer 138 area o? memory. .o i? you make your se"ment re"ister 'oint to 32kb belo
14B mark you can access 32/B u'ards to touch 14B boundary and then 32kB ?urther
hich ill ultimately "et ra''ed to the bottom most 32kb.
.o these su'er ?unky 'ro"rammers o>erlooked the ?act that 'rocessors ith more
address lines ould be created. 7.oteB Bill 5ates has been attributed ith sayin"C DWho
ould need more than 3-=/B memory?DC these 'ro"rammers ere 'robably thinkin"
similarly8. In 1L22C @ust 2 years a?ter 2=23C Intel released the 2=223 'rocessor ith 2-
address lines. Thou"h it as theoretically backard com'atible ith le"acy 2=23
'ro"ramsC since it also su''orted (eal 4odeC many 2=23 'ro"rams did not ?unction
correctly because they de'ended on out<o?<bounds addresses "ettin" ra''ed around to
loer memory se"ments. +o ?or the sake o? com'atibility IB4 en"ineers routed the A2=
address line 72=23 had lines A= < A1L8 throu"h the /eyboard controller and 'ro>ided a
mechanism to enable)disable the A2= com'atibility mode. .o i? you are onderin"
hy the keyboard controllerC the anser is that it had an unused 'in. +ince the 2=223
ould ha>e been marketed as ha>in" com'lete com'atibility ith the 2=23 7that asn:t
e>en yet out >ery lon"8C u'"raded customers ould be ?urious i? the 2=223 as not bu"<
?or<bu" com'atible such that code desi"ned ?or the 2=23 ould o'erate @ust as ell on
the 2=223C but ?aster.
;<-"it Addressin&
32<bit addresses can co>er memory u' to -5b in si#e. This means that e don:t need to
use o??set addresses in 32<bit 'rocessors. InsteadC e use hat is called the DFlat
addressin"D schemeC here the address in the re"ister directly 'oints to a 'hysical
memory location. The se"ment re"isters are used to de?ine di??erent se"mentsC so that
'ro"rams don:t try to e,ecute the stack sectionC and they don:t try to 'er?orm stack
o'erations on the data section accidentally.
X86 Instructions
x86 Assembly
Wiki'edia has related in?ormation at X86 instruction
These 'a"es are "oin" to discussC in detailC the di??erent instructions a>ailable in the basic
,23 instruction set. For easeC and to decrease the 'a"e si#eC the di??erent instructions ill
be broken u' into "rou'sC and discussed indi>idually.
Wiki'edia has related in?ormation at X86 assembly
%ata Trans?er Instructions
&ontrol Flo Instructions
Arithmetic Instructions
Lo"ic Instructions
+hi?t and (otate Instructions
!ther Instructions
,23 Interru'ts
I? you need more in?oC "o to O1P.
The ?olloin" tem'late ill be used ?or instructions that take no o'erandsB
The ?olloin" tem'late ill be used ?or instructions that take 1 o'erandB
Instr ar"
The ?olloin" tem'late ill be used ?or instructions that take 2 o'erands. .otice ho the
?ormat o? the instruction is di??erent ?or di??erent com'ilers.
Instr srcC dest
1A- -yntax
Instr destC src
Intel syntax
)ata !rans6er
x86 Assembly
)ata trans6er instructions
mo? srcC dest
1A- -yntax
mo? destC src
Intel syntax
The mov instruction co'ies the src o'erand in the dest o'erand.
0odi6ied 6la&s
.o FLA5+ are modi?ied by this instruction
.long 2
.global (start
movl 8*, 9eax
: 9eax is no, *
mov, 9eax, value
: value is no, *
movl 0, 9ebx
: 9ebx is no, 0
movb 9al, 9bl
: 9ebx is no, *
movl value, 9ebx
: 9ebx is no, 2
movl 8value, 9esi
: 9esi is no, t!e address of value
mov, value1, 9ebx, 12, 9bx
: 9ebx is no, 0
: Linux s's(exit
mov 81, 9eax
xorl 9ebx, 9ebx
int 80x;0
)ata -$ap
xch& srcC dest
1A- -yntax
xch& destC src
Intel syntax
The xc!g instruction sa's the src o'erand ith the dest o'erand.
0odi6ied 6la&s
.o FLA5+ are modi?ied by this instruction
.long 2
.global (start
movl 8)0, 9ebx
xc!gl value, 9ebx
: 9ebx is no, 2
: value is no, )0
xc!g, 9ax, value
: <alue is no, 0
: 9eax is no, )0
xc!gb 9al, 9bl
: 9ebx is no, )0
: 9eax is no, 2
xc!g, value19eax2, 9a,
: value is no, 0x00020000 7 1310.2
: 9eax is no, 0
: Linux s's(exit
mov 81, 9eax
xorl 9ebx, 9ebx
int 80x;0
0o?e and 5xtend
mo?' srcC dest
1A- -yntax
mo?' destC src
Intel syntax
4o>e #ero e,tend
The mov= instruction co'ies the src o'erand in the dest o'erand and 'ads the
remainin" bits not 'ro>ided by src ith #eros 7=8.
This instruction is use?ul ?or co'yin" an unsi"ned small >alue to a bi""er re"ister.
0odi6ied 6la&s
.o FLA5+ are modi?ied by this instruction
.long 30000
.b'te 200
.global (start
mov=b, b'teval, 9ax
: 9eax is no, 200
mov=,l 9ax, value
: value is no, 200
mov=bl b'teval, 9esi
: 9esi is no, 200
: Linux s's(exit
mov 81, 9eax
xorl 9ebx, 9ebx
int 80x;0
mo?s srcC dest
1A- -yntax
mo?s destC src
Intel syntax
4o>e si"n e,tend.
The movs instruction co'ies the src o'erand in the dest o'erand and 'ads the
remainin" bits not 'ro>ided by src the si"n o? src.
This instruction is use?ul ?or co'yin" a si"ned small >alue to a bi""er re"ister.
0odi6ied 6la&s
.o FLA5+ are modi?ied by this instruction
.long 30000
.b'te 5200
.global (start
movsb, b'teval, 9ax
: 9eax is no, 5200
movs,l 9ax, value
: value is no, 5200
movsbl b'teval, 9esi
: 9esi is no, 5200
: Linux s's(exit
mov 81, 9eax
xorl 9ebx, 9ebx
int 80x;0
0o?e by )ata -i'e
4o>e byte
The movsb instruction co'ies one byte ?rom the location s'eci?ied in esi to the location
s'eci?ied in edi.
0odi6ied 6la&s
.o FLA5+ are modi?ied by this instruction
section .code
; cop' m'str into m'str2
mov esi, m'str
mov edi, m'str2
rep movsb
section .bss
m'str2: resb *
section .data
m'str db >?ello>, 0x0
4o>e ord
The movs, instruction co'ies one ord 7to bytes8 ?rom the location s'eci?ied in esi
to the location s'eci?ied in edi.
0odi6ied 6la&s
.o FLA5+ are modi?ied by this instruction
section .code
; cop' m'str into m'str2
mov esi, m'str
mov edi, m'str2
rep movs,
; due to endianess, t!e resulting m'str2 ,ould be a#b@cCA0a
section .bss
m'str2: resb ;
section .data
m'str db >#a@bCca>, 0x0
Control Flo$
x86 Assembly
Comparison Instructions
test ar"1C ar"2
1A- -yntax
test ar"1C ar"2
Intel syntax
'er?orms a bit<ise A.% on the to o'erands and sets the ?la"sC but does not store a
cmp ar"1C ar"2
1A- -yntax
cmp ar"1C ar"2
Intel syntax
'er?orms a subtraction beteen the to o'erands and sets the ?la"sC but does not store a
@ump Instructions
,nconditional @umps
Amp loc
loads 9I6 ith the s'eci?ied address 7i.e. the ne,t instruction e,ecuted ill be the one
s'eci?ied by @m'8.
@ump on 5>uality
Ae loc
Loads 9I6 ith the s'eci?ied addressC i? o'erands o? 're>ious &46 instruction are eAual.
For e,am'leB
mov ecx, )
mov edx, )
cmp ecx, edx
je eBual
; if it did not jump to t!e label eBual, t!en t!is means ) and ) are not eBual.
; if it jumped !ere, t!en t!is means ) and ) are eBual
Ane loc
Loads 9I6 ith the s'eci?ied addressC i? o'erands o? 're>ious &46 instruction are not
@ump i6 1reater
A& loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is
"reater than the second 7'er?orms si"ned com'arison8.
A&e loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is
"reater than or eAual to the second 7'er?orms si"ned com'arison8.
Aa loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is
"reater than the second. ja is the same as jgC e,ce't that it 'er?orms an unsi"ned
Aae loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is
"reater than or eAual to the second. jae is the same as jgeC e,ce't that it 'er?orms an
unsi"ned com'arison.
@ump i6 Less
Al loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less
than the second 7'er?orms si"ned com'arison8.
Ale loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less
than or eAual to the second 7'er?orms si"ned com'arison8.
Ab loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less
than the second. jb is the same as jlC e,ce't that is 'er?orms an unsi"ned com'arison.
Abe loc
Loads 9I6 ith the s'eci?ied addressC i? ?irst o'erand o? 're>ious &46 instruction is less
than or eAual to the second. jbe is the same as jleC e,ce't that is 'er?orms an unsi"ned
@ump on %?er6lo$
Ao loc
Loads 9I6 ith the s'eci?ied addressC i? the o>er?lo bit is set on a 're>ious arithmetic
@ump on Bero
An' loc
Loads 9I6 ith the s'eci?ied addressC i? the #ero bit is not set ?rom a 're>ious arithmetic
e,'ression. jn= is identical to jne.
A' loc
Loads 9I6 ith the s'eci?ied addressC i? the #ero bit is set ?rom a 're>ious arithmetic
e,'ression. j= is identical to je.
Function Calls
call 'roc
'ushes the >alue 9I6E- onto the to' o? the stackC and @um's to the s'eci?ied location.
This is used mostly ?or subroutines.
ret O>alP
Loads the ne,t >alue on the stack into 9I6C and then 'o's the stack the s'eci?ied number
o? times. I? val is not su''liedC the instruction ill not 'o' any >alues o?? the stack a?ter
Loop Instructions
loop ar"
The loop instruction decrements 9&1 and @um's to the address s'eci?ied by arg unless
decrementin" 9&1 caused its >alue to become #ero. For e,am'leB
mov ecx, )
; t!e code !ere ,ould be executed ) times
loop start(loop
loop does not set any ?la"s.
loopx ar"
These loo' instructions decrement 9&1 and @um' to the address s'eci?ied by arg i? their
condition is satis?iedC unless decrementin" 9&1 caused its >alue to become #ero.
5nter and Lea?e
enter ar"
&reates a stack ?rame ith the s'eci?ied amount o? s'ace allocated on the stack.
destroys the current stack ?rameC and restores the 're>ious ?rame
%ther Control Instructions
Halts the 'rocessor
D.o !'erationD. This instruction doesnt do anythin"C but astes an instruction cycle in
the 'rocessor. This instruction is o?ten translated to an XC#1 o'eration ith the
o'erands 5AX and 5AX.
asserts XL!&/
aits ?or the &6* to ?inish its last calculation
x86 Assembly
Arithmetic instructions
Arithmetic instructions take to o'erandsB a destination and a source. The destination
must be a re"ister or a memory location. The source may be either a memory locationC a
re"isterC or a constant >alue. .ote that at least one o? the to must be a re"isterC because
o'erations may not use a memory location as both a source and a destination.
add srcC dest
1A- -yntax
add destC src
Intel syntax
This adds src to dest. I? you are usin" the .A+4 synta,C then the result is stored in
the ?irst ar"umentC i? you are usin" the 5A+ synta,C it is stored in the second ar"ument.
sub srcC dest
1A- -yntax
sub destC src
Intel syntax
Like A%%C only it subtracts source ?rom tar"et instead.
mul ar"
This multi'lies Dar"D by the >alue o? corres'ondin" byte<len"th in the A re"isterC see
table belo.
o'erand si#e 1 byte 2 bytes - bytes
other o'erand AL A1 9A1
hi"her 'art o? result stored
AH %1 9%1
loer 'art o? result stored
AL A1 9A1
In the second caseC the tar"et is not 9A1 ?or backard com'atibility ith code ritten
?or older 'rocessors.
imul ar"
As 4*LC only si"ned.
di? ar"
This di>ides the >alue in the di>idend re"ister7s8 by Dar"DC see table belo.
di>isor si#e 1 byte 2 bytes - bytes
di>idend A1
remainder stored
AH %1 9%1
Auotient stored inB AL A1 9A1
I? Auotient does not ?it into Auotient re"isterC arithmetic o>er?lo interru't occurs. All
?la"s are in unde?ined state a?ter the o'eration.
idi? ar"
As %IGC only si"ned.
ne& ar"
Arithmetically ne"ates the ar"ument 7i.e. to:s com'lement ne"ation8.
Carry Arithmetic Instructions
adc srcC dest
1A- -yntax
adc destC src
Intel syntax
Add ith carry. Adds src E carr' flag to destC storin" result in dest. *sually
?ollos a normal add instruction to deal ith >alues tice as lar"e as the si#e o? the
sbb srcC dest
1A- -yntax
sbb destC src
Intel syntax
+ubtract ith borro. +ubtracts src E carr' flag ?rom destC storin" result in
dest. *sually ?ollos a normal sub instruction to deal ith >alues tice as lar"e as the
si#e o? the re"ister.
Increment and )ecrement
inc ar"
Increments the re"ister >alue in the ar"ument by 1. 6er?orms much ?aster than A)) ar&,
dec ar"
%ecrements the re"ister >alue in the ar"ument by 1.
x86 Assembly
Lo&ical instructions
The instructions on this 'a"e deal ith bit<ise lo"ical instructions. For more
in?ormation about bit<ise lo"icC see %i"ital &ircuits)Lo"ic !'erations.
and srcC dest
1A- -yntax
and destC src
Intel syntax
'er?orms a bit<ise A.% o? the to o'erandsC and stores the result in dest. For e,am'leB
movl 80x1, 9edx
movl 80x0, 9ecx
andl 9edx, 9ecx
; !ere ecx ,ould be 0 because 1 #C$ 0 7 0
or srcC dest
1A- -yntax
or destC src
Intel syntax
'er?orms a bit<ise !( o? the to o'erandsC and stores the result in dest. For e,am'leB
movl 80x1, 9edx
movl 80x0, 9ecx
orl 9edx, 9ecx
; !ere ecx ,ould be 1 because 1 6D 0 7 1
xor srcC dest
1A- -yntax
xor destC src
Intel syntax
'er?orms a bit<ise 1!( o? the to o'erandsC and stores the result in dest. For e,am'leB
movl 80x1, 9edx
movl 80x0, 9ecx
xorl 9edx, 9ecx
; !ere ecx ,ould be 1 because 1 E6D 0 7 1
not ar"
'er?orms a bit<ise in>ersion o? ar". For e,am'leB
movl 80x1, 9edx
notl 9edx
; !ere edx ,ould be 0x-------F because a bit,ise C6+ 0x00000001 7 0x-------F
-hi6t and *otate
x86 Assembly
Lo&ical -hi6t Instructions
In a lo"ical shi?t instructionC the bits that slide o?? the end disa''earC and the s'aces are
alays ?illed ith #eros. Lo"ical shi?t is best used ith unsi"ned numbers.
shr ar"
Lo"ical shi?ts ar" to the ri"ht
shl ar"
Lo"ical shi?t ar" to the le?t
Arithmetic -hi6t Instructions
In an arithmetic shi?tC the bits that Dslide o?? the endD disa''ear. The s'aces are ?illed in
such a ay to 'reser>e the si"n o? the number bein" slid. For this reasonC Arithmetic
+hi?ts are better suited ?or si"ned numbers in to:s com'lement ?ormat.
sar ar"
arithmetic shi?t to the ri"ht. s'aces are ?illed ith si"n bit 7to maintain si"n o? ori"inal
sal ar"
arithmetic shi?t to the le?t. s'aces are ?illed ith #eros
-hi6t With Carry Instructions
A Lo"ical +hi?tC and the bit that slides o?? the end "oes into the carry ?la".
scr ar"
shi?t ith carry to the ri"ht
scl ar"
shi?t ith carry to the le?t
*otate Instructions
In a rotate instructionC the bits that slide o?? the end o? the re"ister are ?ed back into the
ror ar"
rotate to the ri"ht
rol ar"
rotate to the le?t
%ther Instructions
x86 Assembly
-tack Instructions
push ar"
This instruction decrements the stack 'ointer and loads the data s'eci?ied as the ar"ument
into the location 'ointed to by the stack 'ointer.
pop ar"
This instruction loads the data stored in the location 'ointed to by the stack 'ointer into
the ar"ument s'eci?ied and then increments the stack 'ointer. For e,am'leB
mov eax, )
mov ebx, *
pus! eax
the stack ould beB O0P
pus! ebx
the stack ould beB O3P O0P
pop eax
the to'most item 7hich is 38 ould be stored in ea,. the stack ould
beB O0P
pop ebx
eb, ould be eAual to 0. the stack ould no be em'ty.
This instruction decrements the stack 'ointer and then loads the location 'ointed to by the
stack 'ointer ith the contents o? the ?la" re"ister.
This intruction loads the ?la" re"ister ith the contents o? the memory location 'ointed to
by the stack 'ointer and then increments the contents o? the stack 'ointer.
Fla&s instructions
Interrupt Fla&
+ets the interru't ?la". 6rocessor can acce't interru'ts ?rom 'eri'heral hardare. This
?la" should be ke't set under normal e,ecution.
&lears the interru't ?la". Hardare interru'ts cannot interru't e,ecution. 6ro"rams can
still "enerate interru'tsC called so?tare interru'tsC and chan"e the ?lo o? e,ecution.
.on<maskable interru'ts 7.4I8 cannot be blocked usin" this instruction.
)irection Fla&
+ets the direction ?la". .ormallyC hen usin" strin" instructions the data 'ointer "ets
incremented ith each iteration. When the direction ?la" is setC the data 'ointer is
decremented instead.
clears the direction ?la"
Carry Fla&
sets the carry ?la"
clears the carry ?la"
&om'lement the carry ?la"
+tores the content o? AH re"ister into the loer byte o? the ?la" re"ister.
Loads the AH re"ister ith the contents o? the loer byte o? the ?la" re"ister.
I+% Instructions
in srcC dest
1A- -yntax
in destC src
Intel syntax
The I. instruction almost alays has the o'erands A1 and %1 7or 9A1 and 9%18
associated ith it. %1 7src8 ?reAuently holds the 'ort address to readC and A1 7dest8
recei>es the data ?rom the 'ort. In 6rotected 4ode o'eratin" systemsC the I. instruction
is ?reAuently lockedC and normal users can:t use it in their 'ro"rams.
out srcC dest
1A- -yntax
out destC src
Intel syntax
The %,! instruction is >ery similar to the I. instruction. !*T out'uts data ?rom a "i>en
re"ister 7src8 to a "i>en out'ut 'ort 7dest8. In 'rotected modeC the !*T instruction is
?reAuently locked so normal users can:t use it.
-ystem Instructions
These instructions ere added ith the 6entium II.
This instruction causes the 'rocessor to enter 'rotected system mode.
This instruction causes the 'rocessor to lea>e 'rotected system modeC and enter user
X86 Interrupts
x86 Assembly
Interru'ts are s'ecial routines that are de?ined on a 'er<system basis. This means that the
interru'ts on one system mi"ht be di??erent ?rom the interru'ts on another system.
There?oreC it is usually a bad idea to rely hea>ily on interru'ts hen you are ritin" code
that needs to be 'ortable.
What is an Interrupt
Interru'ts do e,actly hat the name su""estsB they interru't the control ?lo o? the ,23
'rocessor. When an interru't is tri""eredC the current 'ro"ram sto'sC and the 'rocessor
@um's to a s'ecial 'ro"ram called an DInterru't +er>ice (outineD 7I+(8. 9ach I+( is a
'ro"ram in memory that handles a 'articular interru't. When the I+( is ?inishedC the
micro'rocessor normally @um's ri"ht back to here it as in the ori"inal 'ro"ram
7hoe>erC there are interru'ts that don:t do this8. In the case o? hardare interru'tsC the
'ro"ram doesn:t e>en ha>e to kno that it "ot interru'tedB the chan"e is seamless.
In modern o'eratin" systemsC the 'ro"rammer doesn:t o?ten need to use interru'ts. In
WindosC ?or e,am'leC the 'ro"rammer conducts business ith the Win32 A6I.
Hoe>erC these A6I calls ill inter?ace ith the kernelC and o?ten times the kernel ill
tri""er interru'ts to 'er?orm di??erent tasks. Hoe>erC in older o'eratin" systems
7s'eci?ically %!+8C the 'ro"rammer didn:t ha>e an A6I to useC and so they had to do all
their ork throu"h interru'ts.
Interrupt Instruction
int ar"
This instruction calls the s'eci?ied interru't. ?or instanceB
int 80x0#
Will call interru't 1= 7=,=A 7he,8 U 1= 7decimal88
!ypes o6 Interrupts
There are 3 ty'es o? interru'tsB Hardare Interru'tsC +o?tare Interru'ts and 9,ce'tions.
#ard$are Interrupts
Hardare interru'ts are tri""ered by hardare de>ices. For instanceC hen you ty'e on
your keyboardC the keyboard tri""ers a hardare interru't. The 'rocessor sto's hat it is
doin"C and e,ecutes the code that handles keyboard in'ut 7ty'ically readin" the key you
'ressed into a bu??er in memory8. Hardare interru'ts are ty'ically asynchronous < their
occurrance is unrelated to the instructions bein" e,ecuted at the time they are raised.
-o6t$are Interrupts
There are also a series o? so?tare interru'ts that are usually used to trans?er control to a
?unction in the o'eratin" system kernel. +o?tare interru'ts are tri""ered by the
instruction int. For e,am'leC the instruction Dint 1-hD tri""ers interru't =,1-. The
'rocessor then sto's the current 'ro"ramC and @um's to the code to handle interru't 1-.
When interru't handlin" is com'leteC the 'rocessor returns ?lo to the ori"inal 'ro"ram.
9,ce'tions are caused by e,ce'tional conditions in the code hich is e,ecutin"C ?or
e,am'le an attem't to di>ide by #ero or access a 'rotected memory area. The 'rocessor
ill detect this 'roblemC and trans?er control to a handler to ser>ice the e,ce'tion. This
handler may re<e,ecute the o??endin" code a?ter chan"in" some >alue 7?or e,am'leC the
#ero di>idend8 orC i? this cannot be doneC may terminate the 'ro"ram causin" the
Further *eadin&
A "reat list o? interru'ts 6or )%- and related systems is at (al'h Bron:s Interru't List.
x86 Assemblers
x86 Assembly
Wiki'edia has related in?ormation at
There are a number o? di??erent assemblers a>ailable ?or ,23 architectures. This 'a"e ill
list some o? themC and ill discuss here to "et the assemblersC hat they are "ood ?orC
and here they are used the most.
1., Assembler 31A-4
Wiki'edia has related in?ormation at GNU
The 5.* assembler is most common as the assembly back<end to the 5&& com'iler.
!ne o? the most com'ellin" reasons to learn to 'ro"ram 5A+ 7as it is ?reAuently
abbre>iated8 is because inline assembly instructions in the 5&& com'iler need to be in
5A+ synta,. 5A+ uses the ATHT synta, ?or ritin" the assembly lan"ua"eC hich some
'eo'le claim is more com'licatedC but other 'eo'le say it is more in?ormati>e.
0icroso6t 0acro Assembler 30A-04
Wiki'edia has related in?ormation at Microsoft Macro
4icroso?t:s 4acro AssemblerC 4A+4C has been in constant 'roduction ?or many many
years. 4any 'eo'le claim that 4A+4 isn:t bein" su''orted or im'ro>ed anymoreC but
4icroso?t denies thisB 4A+4 is maintainedC but is currently in a bu"<?i,in" mode. .o
ne ?eatures are currently bein" added. Hoe>erC 4icroso?t is shi''in" a 3-<bit >ersion
o? 4A+4 ith ne 3-<bit com'iler suites. 4A+4 can still be obtained ?rom microso?t
as either a donload ?rom 4+%.C or as 'art o? the 4icroso?t %%/. The currently
a>ailable >ersion o? 4A+4 is >ersion 2.,.
4A+4 uses the Intel synta, ?or its instructionsC hich stands in stark contrast to the
ATHT synta, used by the 5A+ assembler. 4ost notablyC 4A+4 instructions take their
o'erands in re>erse order ?rom 5A+. This one ?act is 'erha's the bi""est stumblin" block
?or 'eo'le tryin" to transition beteen the to assemblers.
4A+4 also has a >ery 'oer?ul macro en"ineC hich many 'ro"rammers use to
im'lement a hi"h<le>el ?eel in 4A+4 'ro"rams.
5xternal Links
.et$ide Assembler 3.A-04
Wiki'edia has related in?ormation at
The .etide AssemblerC .A+4C as started as an o'en<source initiati>e to create a ?reeC
retar"etable assembler ?or 2=,23 'lat?orms. When the .A+4 'ro@ect as startedC
4A+4 as still bein" sold by microso?t 74A+4 is currently ?ree8C and 5A+ contained
>ery little error checkin" ca'ability. 5A+ asC a?ter allC the backend to 5&&C and 5&&
alays ?eeds 5A+ synta,<correct code. For this reasonC 5A+ didn:t need to inter?ace ith
the user muchC and there?ore ritin" code ?or 5A+ as >ery tou"h.
.A+4 uses a synta, hich is Dsimilar to Intel:s but less com'le,D.
The .A+4 users manual is ?ound at
htt'B))nasm.source?or" .
&ross 'lat?ormB Like 5asC this assembler runs on nearly e>ery 'lat?ormC
su''osedly e>en on 6oer6& 4acs 7thou"h the code "enerated ill only run on
an ,23 'lat?orm8
!'en +ource
4acro lan"ua"e 7code that rites code8
Flat Assembler 3FA-04
Wiki'edia has related in?ormation at
Althou"h it as ritten in assemblyC it runs on se>eral o'eratin" systemsC includin"
%!+C %e,!+C Linu,C WindosC and B+%. Its synta, is similar to TA+4:s Dideal modeD
and .A+4:s but the macros in this assembler are done di??erently.
Written in itsel?M and there?ore its source code is an e,am'le o? ho to rite in
this assembler
&lean .A+4<like synta,
Gery >ery ?ast
Has 4acro lan"ua"e 7code that rites code8
Built<in I%9 ?or %!+ and Windos
&reates binaryC 4RC 69C 9LFC &!FF < no linker needed
5xternal Links
CA-0 Assembler
FA+4 is a "round<u' rerite o? .A+4 under the ne B+% licence. FA+4 is desi"ned
to understand multi'le synta,es nati>ely 7.A+4 and 5A+C currently8. The 'rimary ?ocus
o? FA+4 is to 'roduce DlibyasmDC a reusable library that can ork ith code at a lo
le>elC and can be easily inte"rated into other so?tare 'ro@ects.
5xternal Links
1A- -yntax
x86 Assembly
1eneral In6ormation
9,am'les in this article are created usin" the ATHT assembly synta, used in 5.* A+.
The main ad>anta"e o? usin" this synta, is its com'atibility ith the 5&& inline
assembly synta,. Hoe>erC this is not the only synta, that is used to re'resent ,23
o'erations. For e,am'leC .A+4 uses a di??erent synta, to re'resent assembly
mnemonicsC o'erands and addressin" modesC as do some Hi"h<Le>el Assemblers. The
ATHT synta, is the standard on *ni,<like systems but some assemblers use the Intel
synta,C or can acce't both.
5A+ instructions "enerally ha>e the ?orm mnemonic sourceC destination. For instanceC
the ?olloin" mo? instructionB
movb 80x0), 9al
ill mo>e the >alue 0 into the re"ister al.
%peration -u66ixes
5A+ assembly instructions are "enerally su??i,ed ith the letters DbDC DsDC DDC DlDC DAD or
DtD to determine hat si#e o'erand is bein" mani'ulated.
b U byte 72 bit8
s U short 713 bit inte"er8 or sin"le 732<bit ?loatin" 'oint8
U ord 713 bit8
l U lon" 732 bit inte"er or 3-<bit ?loatin" 'oint8
A U Auad 73- bit8
t U ten bytes 72=<bit ?loatin" 'oint8
I? the su??i, is not s'eci?iedC and there are no memory o'erands ?or the instructionC 5A+
in?ers the o'erand si#e ?rom the si#e o? the destination re"ister o'erand 7the ?inal
When re?erencin" a re"isterC the re"ister needs to be 're?i,ed ith a DVD. &onstant
numbers need to be 're?i,ed ith a DSD.
Introduction to the 1., as assembler
This section is ritten as a short introduction to 5.* as 7"as8C an assembler that can
assemble the ,23 assembly lan"ua"e. "as is 'art o? the 5.* 6ro@ectC hich "i>es it the
?olloin" nice 'ro'ertiesB
It is ?reely a>ailable.
It is a>ailable on many o'eratin" systems.
It inter?aces nicely ith the other 5.* 'ro"rammin" toolsC includin" the 5.* &
com'iler 7"cc8 and 5.* linker 7ld8.
I? you are usin" a com'uter ith the Linu, o'eratin" systemC chances are you already
ha>e "as installed on your system. I? you are usin" a com'uter ith the Windos
o'eratin" systemC you can install "as and other use?ul 'ro"rammin" utilities by installin"
&y"in or 4in". The remainder o? this introduction assumes you ha>e installed "as
and kno ho to o'en a command<line inter?ace and edit ?iles.
1eneratin& assembly 6rom C code
+ince assembly lan"ua"e corres'onds directly to the o'erations a &6* 'er?ormsC a
care?ully ritten assembly routine may be able to run much ?aster than the same routine
ritten in a hi"her<le>el lan"ua"eC such as &. !n the other handC assembly routines
ty'ically take more e??ort to rite than the eAui>alent routine in &. ThusC a ty'ical
method ?or Auickly ritin" a 'ro"ram that 'er?orms ell is to ?irst rite the 'ro"ram in a
hi"h<le>el lan"ua"e 7hich is easier to rite and debu"8C then rerite selected routines in
assembly lan"ua"e 7hich 'er?orms better8. A "ood ?irst ste' to reritin" a & routine in
assembly lan"ua"e is to use the & com'iler to automatically "enerate the assembly
lan"ua"e. .ot only does this "i>e you an assembly ?ile that com'iles correctlyC but it also
ensures that the assembly routine does e,actly hat you intended it to.
We ill no use the 5.* & com'iler to "enerate assembly codeC ?or the 'ur'oses o?
e,aminin" the "as assembly lan"ua"e synta,.
Here is the classic DHelloC orldD 'ro"ramC ritten in &B
:include Gstdio.!H
int main1void2 I
printf1>?ello, ,orldJAn>2;
return 0;
+a>e that in a ?ile called Dhello.cDC then ty'e at the 'rom'tB
gcc 5o !ello(c.exe !ello.c
This should com'ile the & ?ile and create an e,ecutable ?ile called DhelloYc.e,eD. I? you
"et an errorC make sure that the contents o? Dhello.cD are correct.
.o you should be able to ty'e at the 'rom'tB
and the 'ro"ram should 'rint DHelloC orldWD to the console.
.o that e kno that Dhello.cD is ty'ed in correctly and does hat e antC let:s
"enerate the eAui>alent ,23 assembly lan"ua"e. Ty'e the ?olloin" at the 'rom'tB
gcc 5% !ello.c
This should create a ?ile called Dhello.sD 7D.sD is the ?ile e,tension that the 5.* system
"i>es to assembly ?iles8. To com'ile the assembly ?ile into an e,ecutableC ty'eB
gcc 5o !ello(asm.exe !ello.s
7.ote that "cc calls the assembler 7as8 and the linker 7ld8 ?or us.8 .oC i? you ty'e the
?olloin" at the 'rom'tB
this 'ro"ram should also 'rint DHelloC orldWD to the console. .ot sur'risin"lyC it does the
same thin" as the com'iled & ?ile.
Let:s take a look at hat is inside Dhello.sDB
.file >!ello.c>
.def (((main; .scl 2; .t'pe 32; .endef
.ascii >?ello, ,orldJA12A0>
.globl (main
.def (main; .scl 2; .t'pe 32; .endef
pus!l 9ebp
movl 9esp, 9ebp
subl 8;, 9esp
andl 851*, 9esp
movl 80, 9eax
movl 9eax, 5019ebp2
movl 5019ebp2, 9eax
call ((alloca
call (((main
movl 8LC0, 19esp2
call (printf
movl 80, 9eax
.def (printf; .scl 2; .t'pe 32; .endef
The contents o? Dhello.sD may >ary de'endin" on the >ersion o? the 5.* tools that are
installedM this >ersion as "enerated ith &y"inC usin" "cc >ersion 3.3.1.
The lines be"innin" ith 'eriodsC like D.?ileDC or D.asciiD are assembler directi>es <<
commands that tell the assembler ho to assemble the ?ile. The lines be"innin" ith
some te,t ?olloed by a colonC like DYmainBDC are labelsC or named locations in the code.
The other lines are assembly instructions.
The D.?ileD and directi>es are ?or debu""in". We can lea>e them outB
.ascii >?ello, ,orldJA12A0>
.globl (main
pus!l 9ebp
movl 9esp, 9ebp
subl 8;, 9esp
andl 851*, 9esp
movl 80, 9eax
movl 9eax, 5019ebp2
movl 5019ebp2, 9eax
call ((alloca
call (((main
movl 8LC0, 19esp2
call (printf
movl 80, 9eax
DhelloEsD line-by-line
This line declares the start o? a section o? code. Fou can name sections usin" this
directi>eC hich "i>es you ?ine<"rained control o>er here in the e,ecutable the resultin"
machine code "oesC hich is use?ul in some casesC like ?or 'ro"rammin" embedded
systems. *sin" D.te,tD by itsel? tells the assembler that the ?olloin" code "oes in the
de?ault sectionC hich is su??icient ?or most 'ur'oses.
.ascii >?ello, ,orldJA12A0>
This code declares a labelC then 'laces some ra A+&II te,t into the 'ro"ramC startin" at
the label:s location. The DZ12D s'eci?ies a line<?eed characterC hile the DZ=D s'eci?ies a
null character at the end o? the strin"M & routines mark the end o? strin"s ith null
charactersC and since e are "oin" to call a & strin" routineC e need this character here.
.globl (main
This line tells the assembler that the label DYmainD is a "lobal labelC hich allos other
'arts o? the 'ro"ram to see it. In this caseC the linker needs to be able to see the DYmainD
labelC since the startu' code ith hich the 'ro"ram is linked calls DYmainD as a
This line declares the DYmainD labelC markin" the 'lace that is called ?rom the startu'
pus!l 9ebp
movl 9esp, 9ebp
subl 8;, 9esp
These lines sa>e the >alue o? 9B6 on the stackC then mo>e the >alue o? 9+6 into 9B6C
then subtract 2 ?rom 9+6. The DlD on the end o? each o'code indicates that e ant to use
the >ersion o? the o'code that orks ith Dlon"D 732<bit8 o'erandsM usually the assembler
is able to ork out the correct o'code >ersion ?rom the o'erandsC but @ust to be sa?eC it:s a
"ood idea to include the DlDC DDC DbDC or other su??i,. The 'ercent si"ns desi"nate re"ister
namesC and the dollar si"n desi"nates a literal >alue. This seAuence o? instructions is
ty'ical at the start o? a subroutine to sa>e s'ace on the stack ?or local >ariablesM 9B6 is
used as the base re"ister to re?erence the local >ariablesC and a >alue is subtracted ?rom
9+6 to reser>e s'ace on the stack 7since the Intel stack "ros ?rom hi"her memory
locations to loer ones8. In this caseC ei"ht bytes ha>e been reser>ed on the stack. We
shall see hy this s'ace is needed later.
andl 851*, 9esp
This code DandDs 9+6 ith =,FFFFFFF=C ali"nin" the stack ith the ne,t loest 13<byte
boundary. An e,amination o? 4in":s source code re>eals that this may be ?or +I4%
instructions a''earin" in the DYmainD routineC hich o'erate only on ali"ned addresses.
+ince our routine doesn:t contain +I4% instructionsC this line is unnecessary.
movl 80, 9eax
movl 9eax, 5019ebp2
movl 5019ebp2, 9eax
This code mo>es #ero into 9A1C then mo>es 9A1 into the memory location 9B6<-C
hich is in the tem'orary s'ace e reser>ed on the stack at the be"innin" o? the
'rocedure. Then it mo>es the memory location 9B6<- back into 9A1M clearlyC this is not
o'timi#ed code. .ote that the 'arentheses indicate a memory locationC hile the number
in ?ront o? the 'arentheses indicates an o??set ?rom that memory location.
call ((alloca
call (((main
These ?unctions are 'art o? the & library setu'. +ince e are callin" ?unctions in the &
libraryC e 'robably need these. The e,act o'erations they 'er?orm >ary de'endin" on
the 'lat?orm and the >ersion o? the 5.* tools that are installed.
movl 8LC0, 19esp2
call (printf
This code 7?inallyW8 'rints our messa"e. FirstC it mo>es the location o? the A+&II strin" to
the to' o? the stack. It seems that the & com'iler has o'timi#ed a seAuence o?
D'o'l Vea,M 'ushl SL&=D into a sin"le mo>e to the to' o? the stack. ThenC it calls the
Y'rint? subroutine in the & library to 'rint the messa"e to the console.
movl 80, 9eax
This line stores #eroC our return >alueC in 9A1. The & callin" con>ention is to store return
>alues in 9A1 hen e,itin" a routine.
This lineC ty'ically ?ound at the end o? subroutinesC ?rees the s'ace sa>ed on the stack by
co'yin" 9B6 into 9+6C then 'o''in" the sa>ed >alue o? 9B6 back to 9B6.
This line returns control to the callin" 'rocedure by 'o''in" the sa>ed instruction 'ointer
?rom the stack.
Communicatin& directly $ith the operatin& system
.ote that e only ha>e to call the & library setu' routines i? e need to call ?unctions in
the & libraryC like D'rint?D. We could a>oid callin" these routines i? e instead
communicate directly ith the o'eratin" system. The disad>anta"e o? communicatin"
directly ith the o'eratin" system is that e lose 'ortabilityM our code ill be locked to a
s'eci?ic o'eratin" system. For instructional 'ur'osesC thou"hC let:s look at ho one mi"ht
do this under Windos. Here is the & source codeC com'ilable under 4in" or &y"inB
:include G,indo,s.!H
int main1void2 I
LL%+D text 7 >?ello, ,orldJAn>;
$M6D$ c!arsMritten;
?#C$LF !%tdout;
!%tdout 7 Net%td?andle1%+$(6O+LO+(?#C$LF2;
Mrite-ile1!%tdout, text, 10, Pc!arsMritten, COLL2;
return 0;
IdeallyC you:d ant check the return codes o? D5et+tdHandleD and DWriteFileD to make
sure they are orkin" correctlyC but this is su??icient ?or our 'ur'oses. Here is hat the
"enerated assembly looks likeB
.file >!ello2.c>
.def (((main; .scl 2; .t'pe 32; .endef
.ascii >?ello, ,orldJA12A0>
.globl (main
.def (main; .scl 2; .t'pe 32; .endef
pus!l 9ebp
movl 9esp, 9ebp
subl 800, 9esp
andl 851*, 9esp
movl 80, 9eax
movl 9eax, 51*19ebp2
movl 51*19ebp2, 9eax
call ((alloca
call (((main
movl 8LC0, 5019ebp2
movl 8511, 19esp2
call (Net%td?andleQ0
subl 80, 9esp
movl 9eax, 51219ebp2
movl 80, 1*19esp2
leal 5;19ebp2, 9eax
movl 9eax, 1219esp2
movl 810, ;19esp2
movl 5019ebp2, 9eax
movl 9eax, 019esp2
movl 51219ebp2, 9eax
movl 9eax, 19esp2
call (Mrite-ileQ20
subl 820, 9esp
movl 80, 9eax
9>en thou"h e ne>er use the & standard libraryC the "enerated code initiali#es it ?or us.
AlsoC there is a lot o? unnecessary stack mani'ulation. We can sim'li?yB
.ascii >?ello, ,orldJA12>
.globl (main
pus!l 9ebp
movl 9esp, 9ebp
subl 80, 9esp
pus!l 8511
call (Net%td?andleQ0
pus!l 80
leal 5019ebp2, 9ebx
pus!l 9ebx
pus!l 810
pus!l 8LC0
pus!l 9eax
call (Mrite-ileQ20
movl 80, 9eax
Analy#in" line<by<lineB
pus!l 9ebp
movl 9esp, 9ebp
subl 80, 9esp
We sa>e the old 9B6 and reser>e ?our bytes on the stackC since the call to WriteFile needs
somehere to store the number o? characters rittenC hich is a -<byte >alue.
pus!l 8511
call (Net%td?andleQ0
We 'ush the constant >alue +T%Y!*T6*TYHA.%L9 7<118 to the stack and call
5et+tdHandle. The returned handle >alue is in 9A1.
pus!l 80
leal 5019ebp2, 9ebx
pus!l 9ebx
pus!l 810
pus!l 8LC0
pus!l 9eax
call (Mrite-ileQ20
We 'ush the 'arameters to WriteFile and call it. .ote that the Windos callin"
con>ention is to 'ush the 'arameters ?rom ri"ht<to<le?t. The load<e??ecti>e<address 7DleaD8
instruction adds <- to the >alue o? 9B6C "i>in" the location e sa>ed on the stack ?or the
number o? characters 'rintedC hich e store in 9B1 and then 'ush onto the stack. Also
note that 9A1 still holds the return >alue ?rom the 5et+tdHandle callC so e @ust 'ush it
movl 80, 9eax
Here e set our 'ro"ram:s return >alue and restore the >alues o? 9B6 and 9+6 usin" the
Dlea>eD instruction.
From The 5A+ manual:s ATHT +ynta, Bu"s sectionB
The *ni,Ware assemblerC and 'robably other ATHT deri>ed i,23 *ni, assemblersC
"enerate ?loatin" 'oint instructions ith re>ersed source and destination re"isters in
certain cases. *n?ortunatelyC "cc and 'ossibly many other 'ro"rams use this re>ersed
synta,C so e:re stuck ith it.
For e,am'le
fsub 9st,9st132
results in 9st132 bein" u'dated to 9st 5 9st132 rather than the e,'ected 9st132
5 9st. This ha''ens ith all the non<commutati>e arithmetic ?loatin" 'oint o'erations
ith to re"ister o'erands here the source re"ister is 9st and the destination re"ister is
.ote that e>en ob@dum' <d <4 intel still uses re>ersed o'codesC so use a di??erent
disassembler to check this. +ee htt'B))bu"s.debian.or")3;2022 ?or more in?o.
Additional &as readin&
Fou can read more about "as at the 5.* "as documentation 'a"eB
(e>erse 9n"ineerin")&allin" &on>entions
0A-0 -yntax
x86 Assembly
This 'a"e ill e,'lain ,23 6ro"rammin" usin" 4A+4 synta,C and ill also discuss ho
to use the macro ca'abilities o? 4A+4. !ther assemblersC such as .A+4 and FA+4C
use synta, di??erent ?rom 4A+4C similar only in usa"e o? o'erands order and instruction
Instruction %rder
4A+4 instructions ty'ically ha>e o'erands re>ersed ?rom 5A+ instructions. ?or
instanceC instructions are ty'ically ritten as Instruction )estination, -ource.
The mo? instructionC ritten as ?ollosB
mov al, 0x0)
ill mo>e the >alue 0 into the al re"ister.
Instruction -u66ixes
4A+4 does not use instruction su??i,es to di??erentiate beteen si#es 7byteC ordC
dordC etc8.
4A+4 is knon as either the D4acro AssemblerDC or the D4icroso?t AssemblerDC
de'endin" on ho you talk to. But no matter here your ansers are comin" ?romC the
?act is that 4A+4 has a 'oer?ul macro en"ineC and a number o? built<in macros
a>ailable immediately.
0A-0 directi?es
4A+4 has a lar"e number o? directi>es that can control certain settin"s and beha>iorsC it
has more o? them com'ared to .A+4 or FA+4 ?or e,am'le.
#LA -yntax
x86 Assembly
#LA -yntax
HLA is an assembler ?ront<end created by (andall Hyde. HLA acce'ts assembly ritten
usin" a hi"h<le>el ?ormatC and con>erts the code into another ?ormat 74A+4 or 5A+C
usually8. Another assembler 74A+4 or 5A+8 ill then assemble the instructions into
machine code.
In 4A+4C ?or instanceC e could rite the ?olloin" codeB
mov F#E, 0x0)
In HLAC this code ould becomeB
mov10x0), F#E2;
HLA uses the same order<o?<o'erations as 5A+ synta,C but doesnt reAuire any o? the
name decoration o? 5A+. AlsoC HLA uses the 'arenthesis notation to call an instruction.
HLA terminates its lines ith a semicolonC similar to & or 6ascal.
#i&h-Le?el Constructs
+ome 'eo'le critici#e HLA because it Disn:t lo<le>el enou"hD. This is ?alseC because
HLA can be as lo<le>el as 4A+4 or 5A+C but it also o??ers the o'tions to use some
hi"her<le>el abstractions. For instanceC HLA can use the ?olloin" synta, to 'ass ea, as
an ar"ument to the Function1 ?unctionB
But HLA also allos the 'ro"rammer to sim'li?y the 'rocessC i? they antB
This is called the D'arenthesis notationD ?or callin" ?unctions.
HLA also contains a number o? di??erent loo's 7do<hileC ?orC untilC etc..8 and control
structures 7i?<then<elseC sitch<case8 that the 'ro"rammer can use. Hoe>erC these hi"h<
le>el constructs come ith a ca>eatB *sin" them may be sim'leC but they translate into
4A+4 code instructions. It is usually ?aster to im'lement the loo's by hand.
!he Art o6 Assembly
HLA as ?irst 'o'ulari#ed in the book by (andal HydeC named DThe Art o? AssemblyD.
That book is a>ailable at most bookstores.
FA-0 -yntax
x86 Assembly
!his book or module has been nominated 6or cleanup because7
'a"e needs "eneral ork
6lease edit this module to im'ro>e it. +ee this module:s talk 'a"e ?or discussion.
FA-0 is an assembler ?or the IA<32 architecture. The name stands ?or D?lat assemblerD.
FA+4 itsel? is ritten in assembly lan"ua"e and is also a>ailable on %!+C %e,!+C
Linu,C WindosC and 4enuet!+ systems. It shatters the Dassembly is not 'ortable at allD
myth. FA+4 has some ?eatures that are ad>anced ?or assembly lan"ua"esC such as
macrosC structuresC and D>irtual dataD. FA+4 contains bindin"s to the 4+Windos 5*I
and !'en5L.
FFFFF 8x6666 6666h
FA+4 su''orts all 'o'ular synta,es o? he, numbers.
GG G6 Gb
Anonymous labels are su''orted. 9,am'leB
QQ: inc eax
pus! eax
jmp Qb ; +!is ,ill result in a stacR fault sooner or later

S describes current location. *se?ul ?or determinin" the si#e o? a block o? code or data.
9,am'le o? useB
m'string db >+!is is m' string>, 0
m'string.lengt! eBu 85m'string
Local Labels
Local LabelsC hich be"in ith a . 7a 'eriod8
Fou can re?erence local labels ?rom their "lobal label. For e,am'leB
4acros in FA+4 are described in a &<like manner and are created like thisB
macro 1name2 1parameters2 I
macro code.
For e,am'leC the ?olloin" could be used to o>erload the mov instruction to acce't three
'arameters in FA+4B
macro mov op1,op2,op3
if op3 eB
mov op1,op2
mov op1,op2
mov op2,op3
end if
i? o'3 eA means DI? the 3rd 'arameter 7o'38 eAuals nothin"C or blankD then do a normal
mo> o'eration. 9lseC do the 3 ay mo>e o'eration.
5xternal links
FA+4 ebsite
FA+4 o??icial manual
.A-0 -yntax
x86 Assembly
This section of the x86 Assembly book is a stb! "o can help by expanding this
.A-0 -yntax
Wiki'edia has related in?ormation at
.A+4 synta, looks likeB
mov ax, /
This loads the number L into re"ister a,. .otice that the instruction ?ormat is DdestC srcD.
This ?ollos the Intel style ,23 instruction ?ormattin"C as o''osed to the ATHT style
used by the 5.* Assembler. .ote ?or 'eo'le usin" "db ith nasmC you can set "db to
use Intel<style disassembly by issuin" the commandB
set disassembl'5flavor intel
.A-0 Comments
A sin"le semi<colon is used ?or commentsC and can be used like a double slash in &)&EE.
5xample I+% 3Linux4
To 'ass the kernel a sim'le in'ut command on Linu,C you ould 'ass >alues to the
?olloin" re"isters and then send the kernel an interru't si"nal. To read in a sin"le
character ?rom standard in'ut 7such as ?rom a user at their keyboard8C do the ?olloin"B
; read a b'te from stdin
mov eax, 3 ; 3 is recogni=ed b' t!e s'stem as meaning >input>
mov edx, 1 ; input lengt! 1one b'te2
mov ecx, variable ; address to pass to
mov ebx, 1 ; read from standard input
int 0x;0 ; call t!e Rernel
!ut'uttin" ?ollos a similar con>entionB
mov eax, 0 ; t!e s'stem interprets 0 as >output>
mov ecx, variable ; pointer to t!e value being passed
mov ebx, 1 ; standard output 1print to terminal2
mov edx, 0 ; lengt! of output 1in b'tes2
int 0x;0
6assin" >alues to the re"isters in di??erent orders on:t a??ect the e,ecution hen the
kernel is calledC but decidin" on a methodolo"y can make it drastically easier to read.
Floatin& 2oint
x86 Assembly
x8H Coprocessor
The ori"inal ,23 ?amily members had a se'arate math co'rocessor that ould handle the
?loatin" 'oint arithmetic. The ori"inal co'rocessor as the 2=2;C and all F6*s since ha>e
been dubbed D,2;D chi's. Later >ariants inte"rated the ?loatin" 'oint unit 7F6*8 into the
micro'rocessor itsel?. Ha>in" the ca'ability to mana"e ?loatin" 'oint numbers means a
?e thin"sB
1. The micro'rocessor must ha>e s'ace to store ?loatin" 'oint numbers
2. The micro'rocessor must ha>e instructions to mani'ulate ?loatin" 'oint numbers
This 'a"e ill talk about these 2 'oints in detail. The F6*C e>en hen it is inte"rated into
an ,23 chi' is still called the D,2;D sectionC e>en thou"h it is 'art o? the ,23 chi'. For
instanceC literature on the sub@ect ill ?reAuently call the F6* (e"ister +tack the D,2;
+tackDC and the F6* o'erations ill ?reAuently be called the D,2; instruction setD.
F2, *e&ister -tack
The F6* has 2 re"istersC ?ormed into a stack. .umbers are 'ushed onto the stack ?rom
memoryC and are 'o''ed o?? the stack back to memory. F6* instructions "enerally ill
'o' the ?irst to items o?? the stackC act on themC and 'ush the anser back on to the to'
o? the stack.
?loatin" 'oint numbers may "enerally be either 32 bits lon" 7& D?loatD ty'e8C or 3- bits
lon" 7& DdoubleD ty'e8. Hoe>erC in order to reduce round<o?? errorsC the F6* stack
re"isters are all 2= bits ide.
Floatin&-2oint Instruction -et
%ri&inal 888H instructions
F2141C FAB+C FA%%C FA%%6C FBL%C FB+T6C F&H+C F&L91C F&!4C F&!46C
F&!466C F%9&+T6C F%I+IC F%IGC F%IG6C F%IG(C F%IG(6C F9.IC FF(99C FIA%%C
FL%L52C FL%L.2C FL%6IC FL%RC F4*LC F4*L6C F.&L91C F.%I+IC F.9.IC
F.+T+WC F6ATA.C F6(94C F6TA.C F(.%I.TC F(+T!(C F(+T!(WC F+AG9C
Added in speci6ic processors
Added $ith 88<8H
Added $ith 88;8H
F&!+C FL%9.G%C F.+AG9%C F.+T9.G%C F6(941C F(+T!(%C F+AG9%C F+I.C
F+I.&!+C F+T9.G%C F*&!4C F*&!46C F*&!466
Added $ith 2entium 2ro
F&4!GBC F&4!GB9C F&4!G9C F&4!G.BC F&4!G.B9C F&4!G.9C
F&4!G.*C F&4!G*C F&!4IC F&!4I6C F*&!4IC F*&!4I6C F1(+T!(C
Added $ith 2entium = supportin& --5;
as part of the SS#$ branding
FI+TT6 7,2; to inte"er con>ersion8
Further *eadin&
(e>erse 9n"ineerin")Floatin" 6oint .umbers
Floatin" 6oint
x86 Assembly
-aturation Arithmetic
Wiki'edia has related in?ormation at
In an 2<bit "rayscale 'ictureC 200 is the >alue ?or 'ure hiteC and = is the >alue ?or 'ure
black. In a re"ular re"ister 7A1C B1C &1 ...8 i? e add one to hiteC e "et blackW This is
because the re"ular re"isters Droll<o>erD to the ne,t >alue. 441 re"isters "et around this
by a techniAue called D+aturation ArithmeticD. In saturation arithmeticC the >alue o? the
re"ister ne>er rolls o>er to = a"ain. This means that in the 441 orldC e ha>e the
?olloin" eAuationsB
2)) & 100 7 2))
200 & 100 7 2))
0 5 100 7 0;
// 5 100 7 0;
This may seem counter<intuiti>e at ?irst to 'eo'le ho are used to their re"isters rollin"
o>erC but it makes "ood senseB i? e make hite bri"hterC it shouldnt become black.
-in&le Instruction 0ultiple )ata 3-I0)4 Instructions
441 re"isters are 3- bits ideC but they can be broken don as ?ollosB
2 32 bit values
0 1* bit values
; ; bit values
The 441 re"isters cannot easily be used ?or 3- bit arithmeticC so it:s a aste o? time to
e>en try. Let:s say that e ha>e - Bytes loaded in an 441 re"isterB 1=C 20C 122C 200. We
ha>e them arran"ed as suchB
SS0: T 10 T 2) T 12; T 2)) T
And e do the ?olloin" 'seudo code o'erationB
SS0 & 10
We ould "et the ?olloin" resultB
SS0: T10&10T2)&10T12;&10T2))&10T 7 T 20 T 3) T 13; T 2)) T
(emember that in the last bo,C our arithmetic DsaturatesDC and doesn:t "o o>er 200.
*sin" 441C e are essentially 'er?ormin" - additionsC in the time it takes to 'er?orm 1
addition usin" the re"ular re"isters. The 'roblem is that the 441 instructions run
sli"htly sloer then the re"ular arithmetic instructionsC the F6* can:t be used hen the
441 re"ister is runnin"C and 441 re"isters use saturation arithmetic.
00X *e&isters
There are 2 3-<bit 441 re"isters. These re"isters o>erlay the F6* stack re"ister. !he
00X instructions and the F2, instructions cannot be used simultaneously. 441
re"isters are addressed directlyC and do not need to be accessed by 'ushin" and 'o''in"
in the same ay as the F6* re"isters.
44; 443 440 44- 443 442 441 44=
These re"isters corres'ond to to same numbered F6* re"isters on the F6* stack.
*sually hen you initiate an assembly block in your code that contains 441
instructionsC the &6* automatically ill disallo ?loatin" 'oint instructions. To re<allo
F6* o'erations you must end all 441 code ith emms here is an e,am'le o? a &
routine callin" assembly lan"ua"e ith 441 code 7.!T9B Borland com'atible &EE
33 # simple example using SSE to cop' ; b'tes of data
33 -rom source s2 to destination s1
void ((fastcall Cop'Semor';1c!ar 4s1, const c!ar 4s22
pus! edx
mov ecx, s2
mov edx, s1
movB mm0, ecx "
movB edx ", mm0
pop edx
x86 Assembly
This section of the x86 Assembly book is a stb! "o can help by expanding this
Wiki'edia has related in?ormation at Streaming SIMD
++9 stands ?or -treamin& -I0) 5xtensions. ++9 is essentially the ?loatin"<'oint
eAui>alent o? the 441 instructions. ++9 re"isters are 122 bitsC and can be used to
'er?orm o'erations on either to 3- bit ?loatin" 'oint numbers 7& double8C or - 32<bit
?loatin" 'oint numbers 7& ?loat8.
122<bit re"isters
144= 1441 1442 1443 144- 1440 1443 144;
+ame as 441 and ++9
+ame as 441 and ++9
;) .o$
x86 Assembly
This section of the x86 Assembly book is a stb! "o can help by expanding this
Wiki'edia has related in?ormation at #DNo$
;d .o$I is A4%:s e,tension o? the 441 instruction set 7/3<2 and more recent8 ?or
ith ?loatin"<'oint instruction. This 'a"e ill talk about the 3% .oW instruction setC and
ho it is used.
Ad?anced x86
x86 Assembly
The cha'ters in the ,23 Assembly ikibook labled DAd>anced ,23D cha'ters are all
s'eciali#ed to'ics that mi"ht not be o? interest to the a>era"e assembly 'ro"rammer.
Hoe>erC these cha'ters ill be o? some interest to 'eo'le ho ould like to ork on
lo<le>el 'ro"rammin" tasksC such as bootloadersC de>ice dri>ersC and !'eratin" +ystem
kernels. A reader does not need to read the ?olloin" cha'ters to say they Dkno
assemblyDC althou"h they certainly are interestin".
#i&h-Le?el Lan&ua&es
x86 Assembly
The ?irst com'ilers ere sim'ly te,t translators that con>erted a hi"h<le>el lan"ua"e into
assembly lan"ua"e. The assembly lan"ua"e code as then ?ed into an assemblerC to
create the ?inal machine code out'ut. The 5&& com'iler still 'er?orms this seAuence
7code is com'iled into assemblyC and ?ed to the A+ assembler8. Hoe>erC many modern
com'ilers ill ski' the assembly lan"ua"e and create the machine code directly.
Assembly lan"ua"e code has the bene?it that it has a one<to<one correlation ith the
underlyin" machine code. 9ach machine instruction is ma''ed directly to a sin"le
Assembly instruction. Because o? thisC e>en hen a com'iler directly creates the machine
codeC it is still 'ossible to inter?ace that code ith an assembly lan"ua"e 'ro"ram. The
im'ortant 'art is knoin" e,actly ho the lan"ua"e im'lements its data structuresC
control structuresC and ?unctions. The method in hich ?unction calls are im'lemented by
a hi"h<le>el lan"ua"e com'iler is called a callin& con?ention.
C Callin& Con?entions
In most & com'ilersC the &%9&L callin" con>ention is the de ?acto standard. Hoe>erC
the 'ro"rammer can s'eci?y that a ?unction be im'lemented usin" &%9&L by 're'endin"
the ?unction declaration ith the keyord JJcdecl. +ometimes a com'iler can be
instructed to o>erride cdecl as the de?ault callin" con>entionC and this declaration ill
?orce the com'iler not to o>erride the de?ault settin".
&%9&L callin" con>ention s'eci?ies a number o? di??erent reAuirementsB
1. Function ar"uments are 'assed on the stackC in ri&ht-to-le6t order.
2. Function result is stored in 9A1)A1)AL
3. The ?unction name is 're'ended ith an underscore.
&%9&L ?unctions are ca'able o? acce'tin" >ariable ar"ument lists.
+T%&ALL is the callin" con>ention that is used hen inter?acin" ith the Win32 A6I on
4icroso?t Windos systems. +T%&ALL as created by 4icroso?tC and there?ore isn:t
alays su''orted by non<microso?t com'ilers. +T%&ALL ?unctions can be declared
usin" the JJstdcall keyord on many com'ilers. +T%&ALL has the ?olloin"
1. Function ar"uments are 'assed on the stack in ri"ht<to<le?t order.
2. Function result is stored in 9A1)A1)AL
3. Function name is 're'ended ith an underscore
-. Function name is su??i,ed ith an D[D si"nC ?olloed by the number o? bytes o?
ar"uments bein" 'assed to it.
+T%&ALL ?unctions are not ca'able o? acce'tin" >ariable ar"ument lists.
For e,am'leC the ?olloin" ?unction declaration in &B
(stdcall void S'-unction1int, int, s!ort2;
ould be accessed in assembly usin" the ?olloin" ?unction labelB
(ememberC on a 32 bit machineC 'assin" a 13 bit ar"ument on the stack 7& DshortD8 takes
u' a ?ull 32 bits o? s'ace.
FA+T&ALL ?unctions can ?reAuently be s'eci?ied ith the JJ6astcall keyord in many
com'ilers. FA+T&ALL ?unctions 'ass the ?irst to ar"uments to the ?unction in re"istersC
so that the time<consumin" stack o'erations can be a>oided. FA+T&ALL has the
?olloin" reAuirementsB
1. The ?irst 32<bit 7or smaller8 ar"ument is 'assed in 9A1)A1)AL
2. The second 32<bit 7or smaller8 ar"ument is 'assed in 9%1)%1)%L
3. The remainin" ?unction ar"uments 7i? any8 are 'assed on the stack in ri"ht<to<le?t
-. The ?unction result is returned in 9A1)A1)AL
0. The ?unction name is a''ended ith an D[D symbol
3. The ?unction name is su??i,ed ith an D[D symbolC ?olloed by the si#e o? 'assed
ar"umentsC in bytes.
CKK Callin& Con?entions 3!#I-CALL4
The &EE THI+&ALL callin" con>ention is the standard callin" con>ention ?or &EE. In
THI+&ALLC the ?unction is called almost identically to the &%9&L con>entionC but the
this 'ointer 7the 'ointer to the current class8 must be 'assed.
The ay that the this 'ointer is 'assed is com'iler<de'endent. 4icroso?t Gisual &EE
'asses it in 9&1. 5&& 'asses it as i? it ere the ?irst 'arameter o? the ?unction. 7i.e.
beteen the return address and the ?irst ?ormal 'arameter.8
Ada Callin& Con?entions
2ascal Callin& Con?entions
Th 6ascal con>ention is essentially identical to cdeclC di??erin" only in thatB
1. The 'arameters are 'ushed le?t to ri"ht 7lo"ical estern<orld readin" order8
2. The routine bein" called must clean the stack be?ore returnin"
AdditionallyC each 'arameter on the 32<bit stack must use all ?our bytes o? the %W!(%C
re"ardless o? the actual si#e o? the datum.
This is the main callin" method used by Windos A6I routinesC as it is sli"htly more
e??icient ith re"ard to memory usa"eC stack access and callin" s'eed.
.oteB the 6ascal con>ention is .!T the same as the Borland 6ascal con>entionC hich is
a ?orm o? ?astcallC usin" re"isters 7ea,C ed,C ec,8 to 'ass the ?irst three 'arametersC and
also knon as (e"ister &on>ention.
Fortran Callin& Con?entions
Inline Assembly
Further *eadin&
For an in de'th discussion as to ho hi"h<le>el 'ro"rammin" constructs are translated
into assembly lan"ua"eC see (e>erse 9n"ineerin".
& 6ro"rammin"
(e>erse 9n"ineerin")&allin" &on>entions
(e>erse 9n"ineerin")9,am'les)&allin" &on>entions
0achine Lan&ua&e Con?ersion
x86 Assembly
*elationship to 0achine Code
,23 assembly instructions ha>e a one<to<one relationshi' ith the underlyin" machine
instructions. This means that essentially e can con>ert assembly instructions into
machine instructions ith a look<u' table. This 'a"e ill talk about some o? the
con>ersions ?rom assembly lan"ua"e to machine lan"ua"e.
CI-C and *I-C
The ,23 architecture is a complex instruction set computer 7&I+&8 architecture.
Amon"st other thin"sC this means that the instructions ?or the ,23 architecture are o?
>aryin" len"ths. This can make the 'rocesses o? assemblyC disassembly and instruction
decodin" more com'licatedC because the instruction len"th needs to be calculated ?or
each instruction.
,23 instructions can be anyhere beteen 1 and 10 bytes lon". The len"th is de?ined
se'arately ?or each instructionC de'endin" on the a>ailable modes o? o'eration o? the
instructionC the number o? reAuired o'erands and more.
8886 instruction 6ormat 3:6 bit4
This is the "eneral instruction ?orm ?or the 2=23B
!'code % W
4!% (e" ()4
%is'lacement or data
!'tional 're?i,es hich chan"e the o'eration o? the instruction
71 bit8 !'eration si#e. 1 U WordC = U byte.
71 bit8 %irection. 1 U (e"ister is %estinationC = U (e"ister is source.
the o'code is a 3 bit Auantity that determines hat instruction ?amily the code is
72 bits8 (e"ister mode.
73 bits8 (e"ister. 9ach re"ister has an identi?ier.
73 bits8 (e"ister)4emory o'erand
.ot all instructions ha>e W or % bitsM in some casesC the idth o? the o'eration is either
irrele>ant or im'licitC and ?or other o'erations the data direction is irrele>ant.
.otice that Intel instruction ?ormat is little<endianC hich means that the loest<
si"ni?icance bytes are closest to absolute address =. ThusC ords are stored lo<byte ?irstM
the >alue 123-H is stored in memory as 3-H 12H. By con>entionC most<si"ni?icant bits
are alays shon to the le?t ithin the byteC so 3-H ould be ==11=1==B.
A?ter the initial 2 bytesC each instruction can ha>e many additional addressin")immediate
data bytes.
0od + *e& + *+0 tables
4od %is'lacement
I? r)m is 11=C %is'lacement 713 bits8 is addressM otheriseC no
=1 9i"ht<bit dis'lacementC si"n<e,tended to 13 bits
1= 13<bit dis'lacement
11 r)m is treated as a second Dre"D ?ield
(e" W U = W U 1
=== AL A1
==1 &L &1
=1= %L %1
=11 BL B1
1== AH +6
1=1 &H B6
11= %H +I
111 BH %I
r)m !'erand address
=== 7B18 E 7+I8 E dis'lacement
==1 7B18 E 7%I8 E dis'lacement
=1= 7B68 E 7+I8 E dis'lacement
=11 7B68 E 7%I8 E dis'lacement
1== 7+I8 E dis'lacement
1=1 7%I8 E dis'lacement
7B68 E dis'lacement unless mod U == 7see mod
111 7B18 E dis'lacement
.ote the s'ecial meanin" o? 4!% ==C r)m 11=. .ormallyC this ould be e,'ected to be
the o'erand OB6P. Hoe>erC instead the 13<bit dis'lacement is treated as the absolute
address. To encode the >alue OB6PC you ould use mod U =1C r)m U 11=C 2<bit
dis'lacement U =.
5xample7 Absolute addressin&
Let:s translate the ?olloin" instruction into bytecodeB
E6D CL, 12?"
.ote that this is 1!(in" &L ith the contents o? address 12H \ the sAuare brackets are a
common indirection indicator. The o'code ?or 1!( is D==11==dD. % is 1 because the
&L re"ister is the destination. W is = because e ha>e a byte o? data. !ur ?irst byte
there?ore is D==11==1=D.
.oC e kno that the code ?or &L is ==1. (e" thus has the >alue ==1. The address is
s'eci?ied as a sim'le dis'lacementC so the 4!% >alue is == and the ()4 is 11=. Byte 2 is
thus 7== ==1 11=b8.
Byte 3 and - contain the e??ecti>e addressC lo<order byte ?irstC ==12H as 12H ==HC or
7===1==1=b8 7========b8
All to"etherC
E6D CL, 12?" 7 00110010 00001110 00010010 00000000 7 32? 0F? 12? 00?
5xample7 Immediate operand
.oC i? e ere to ant to use an immediate o'erandC as ?ollosB
E6D CL, 12?
In this caseC because there are no sAuare bracketsC 12H is immediateB it is the number e
are "oin" to 1!( a"ainst. The o'code ?or an immediate 1!( is 1======M in this caseC
e are usin" a byteC so is =. +o our ?irst byte is 71=======b8.
The second byteC ?or an immediate o'erationC takes the ?orm Dmod 11= r)mD. +ince the
destination is a re"isterC mod is 11C makin" the r)m ?ield a re"ister >alue. We already
kno that the re"ister >alue ?or &L is ==1C so our second byte is 711 11= ==1b8.
The third byte 7and ?ourth byteC i? this ere a ord o'eration8 are the immediate data. As
it is a byteC there is only one byte o? dataC 12H U 7===1==1=b8.
All to"etherC thenB
E6D CL, 12? 7 10000000 11110001 00010010 7 ;0? -1? 12?
x86-;< Instructions 3;< bit4
The 32<bit instructions are encoded in a >ery similar ay to the 13<bit instructionsC
e,ce't 7by de?ault8 they act u'on dord Auantities rather than ords. AlsoC they su''ort a
much more ?le,ible memory addressin" ?ormatC hich is made 'ossible by the addition o?
an +IB Dscale<inde,<baseD byteC hich ?ollos the 4od()4 byte.
x86-6= Instructions 36= bit4
2rotected 0ode
x86 Assembly
This 'a"e is "oin" to discuss the di??erences beteen real mode and 'rotected mode
o'erations in the ,23 'rocessors. This 'a"e ill also discuss ho to enter 'rotected
modeC and ho to e,it 'rotected mode. 4odern !'eratin" +ystems 7WindosC *ni,C
Linu,C B+%C etc...8 all o'erate in 'rotected modeC so most assembly lan"ua"e
'ro"rammers on:t need this in?ormation. Hoe>erC this in?ormation ill be 'articularly
use?ul to 'eo'le ho are tryin" to 'ro"ram kernels or bootloaders.
*eal 0ode %peration
Wiki'edia has related in?ormation at X86 assembly programming in real
When an ,23 'rocessor is 'oered u' or resetC it is in real mode. In real modeC the ,23
'rocessor essentially acts like a >ery ?ast 2=23. !nly the base instruction set o? the
'rocessor can be used. (eal mode memory address s'ace is limited to 14iB o?
addressable memoryC and each memory se"ment is limited to 3-/iB. (eal 4ode is
'ro>ided essentially to 'ro>ide backards<com'atability ith 2=23 and 2=123 'ro"rams.
2rotected 0ode %peration
Wiki'edia has related in?ormation at X86 assembly programming in protecte(
In 'rotected mode o'erationC the ,23 can address 13 4b or - 5B o? address s'ace. This
may ma' directly onto the 'hysical (A4 7in hich caseC i? there is less than - 5B o?
(A4C some address s'ace is unused8C or 'a"in" may be used to arbitrarily translate
beteen >irtual addresses and 'hysical addresses. In 6rotected modeC the se"ments in
memory can be assi"ned 'rotectionC and attem'ts to >iolate this 'rotection cause a
D5eneral 6rotectionD e,ce'tion.
6rotected mode in the 323C amon"st other thin"sC is controlled by the Control *e&istersC
hich are labelled &(=C &(2C &(3C and &(-.
6rotected mode in the 223 is controlled by the 0achine -tatus Word.
Lon& 0ode
Wiki'edia has related in?ormation at X86 assembly programming in long
mo(e .
Lon" mode as introduced by A4% ith the ad>ent o? the Athlon3- 'rocessor. Lon"
mode allos the micro'rocessor to access 3-<bit memory s'aceC and access 3-<bit lon"
re"isters. 4any 13 and 32<bit instructions do not ork 7or ork correctly8 in Lon" 4ode.
,23<3- 'rocessors in (eal mode act e,actly the like 13 bit chi'sC and ,23<3- chi's in
'rotected mode act e,actly like 32<bit 'rocessors. To unlock the 3-<bit ca'abilities o? the
chi'C the chi' must be sitched into Lon" 4ode.
5nterin& 2rotected 0ode
The loest 0 bits o? the control re"ister &(= contain 0 ?la"s that determine ho the
system is "oin" to ?unction. This status re"ister has 1 ?la" that e are 'articularly
interested inB the D6rotected 4ode 9nableD ?la" 7698. Here are the "eneral ste's to
enterin" 'rotected modeB
1. &reate a Galid 5%T 75lobal %escri'tor Table8
2. &reate a 3 byte 'seudo<descri'tor to 'oint to the 5%T
3. I? 'a"in" is "oin" to be usedC load &(3 ith a >alid 'a"e tableC 6%6(C or 64L-.
-. I? 6A9 76hysical Address 9,tension8 is "oin" to be usedC set &(-.6A9 U 1.
0. I? sitchin" to lon" modeC set IA32Y9F9(.L49 U 1.
3. %isable Interru'ts 7&LI8.
;. Load an I%T 'seudo<descri'tor that has a null limit 7this 're>ents the real mode
I%T ?rom bein" used in 'rotected mode8
2. +et the 69 bit 7and the 65 bit i? 'a"in" is "oin" to be enabled8 o? the 4+W or
&(= re"ister
L. 9,ecute a ?ar @um' 7in case o? sitchin" to lon" modeC e>en i? the destination
code se"ment is a 3-<bit code se"mentC the o??set must not e,ceed 32<bit since the
?ar @um' instruction is e,ecuted in com'atibility mode8
1=.Load data se"ment re"isters ith >alid selector7s8 to 're>ent 56 e,ce'tions hen
interru'ts ha''en
11.Load ++B798+6 ith a >alid stack
12.Load an I%T 'seudo<descri'tor that 'oints to the I%T
13.9nable Interru'ts.
Folloin" cha'ters ill talk more about these ste's.
5nterin& Lon& 0ode
To enter Lon" 4ode on an 3-<bit ,23 'rocessor 7,23<3-8B
1. I? 'a"in" is enabledC disable 'a"in".
2. I? &(-.6A9 is not already setC set it.
3. +et IA32Y9F9(.L49 U 1.
-. Load &(3 ith a >alid 64L- table.
0. 9nable 'a"in".
3. At this 'oint you ill be in com'atiblity mode. A ?ar @um' may be e,ecuted to
sitch to lon" mode. Hoe>erC the o??set must not e,ceed 32<bit.
,sin& the C* *e&isters
The &( re"isters may only be accessed in 'rotected mode. For this reasonC 'a"in" and
task<sitchin" can only be 'er?ormed by the 'rocessor hen in 'rotected mode.
The &(= (e"ister has 3 bits that are o? interest to us. The lo 0 bits o? the &(= re"isterC
and the hi"hest bit. Here is a re'resentation o? &(=B
We reco"ni#e the 69 ?la" as bein" the ?la" that 'uts the system into 'rotected mode.
The 65 ?la" turns on memory 'a"in". We ill talk more about that in a second.
The D4onitor &o'rocessorD ?la". This ?la" controls the o'eration o? the DWAITD
The 9,tension Ty'e Fla". 9T 7also called D(D8 tells us hich ty'e o? co'rocessor is
installed. I? 9T U =C an 2=22; is installed. i? 9T U 1C an 2=32; is installed.
The 9mulate Fla". When this ?la" is setC co'rocessor instructions ill "enerate an
The Task +itched ?la". This ?la" is set automatically hen the 'rocessor sitches
to a ne task.
&(2 contains a >alue called the 2a&e Fault Linear Address 76FLA8. When a 'a"e ?ault
occursC the address accessed is stored in &(2.
The u''er 2= bits o? &(3 are called the 2a&e )irectory "ase *e&ister 76%B(8. The
6%B( holds the 'hysical address o? the 'a"e directory.
&(- contains se>eral ?la"s controllin" ad>anced ?eatures o? the 'rocessor.
6a"in" is a s'ecial @ob that the micro'rocessor ill 'er?ormC in order to make the
a>ailable amount o? memory in a system a''ear lar"er than it actually isC and be more
dynamic than it actually is. In a 'a"in" systemC a certain amount o? s'ace is laid aside on
the harddri>e 7or on any secondary stora"e8 called the pa&in& 6ile 7or s$ap partition8.
The 'hysical (A4C combined ith this 'a"in" ?ile are called the ?irtual memory o? the
The total >irtual memory is broken don into chunks or pa&es o? memoryC each usually
bein" -=L3 bytes 7althou"h this number can be di??erent on di??erent systems8. These
'a"es can then be mo>ed around throu"hout the >irtual memoryC and all 'ointers inside
those 'a"es ill be automatically u'dated to 'oint to the ne locations by re?erencin"
them to a "lobal 'a"in" directoryC that the micro'rocessor maintains. The 'ointer to the
current 'a"in" directory is stored in the &(3 re"ister.
'a"es that aren:t in ?reAuent use may be mo>ed to the 'a"in" ?ile on the harddisk dri>eC to
?ree u' s'ace in the 'hysical (A4 ?or 'a"es that need to be accessed more ?reAuentlyC or
that reAuire ?aster access. (eadin" and ritin" 'a"es to the harddri>e is a slo o'erationC
and ?reAuent 'a"in" may increase the strain on the diskC so in some systems ith older
dri>esC it may be a "ood 'recaution to turn the 'a"in" ca'abilities o? the 'rocessor o??.
This is accom'lished by to""lein" the 65 ?la" in the &(= re"ister.
A pa&e 6ault occurs hen the system attem'ts to read ?rom a 'a"e that is marked as Dnot
'resentD in the 'a"in" directory)tableC hen the system attem'ts to rite data beyond the
boundaries o? a currently a>ailable 'a"eC or hen any number o? other errors occur in the
'a"in" system. When a 'a"e ?ault occursC the accessed memory address is stored in the
&(2 re"ister.
%ther 0odes
In addition to realC 'rotectedC and lon" modesC there are other modes that ,23 'rocessors
can enterC ?or di??erent uses B
< Girtual 4odeB This is a mode in hich a''lication so?tare that as ritten to run in
real mode is e,ecuted under the su'er>ision o? a 'rotected<modeC multi<taskin" !+.
< +ystem 4ana"ement 4odeB This mode enables the 'rocessor to 'er?orm system tasksC
?or instance 'oer mana"ement relatedC ithout disru'tin" the o'eratin" system or other
1lobal )escriptor !able
x86 Assembly
The 5lobal %escri'tor Table 75%T8 is a table in memory that de?ines the actions o? the
'rocessor se"ment re"isters. The 5%T ill de?ine the characteristics o? the di??erent
se"ment re"istersC it ill de?ine the characteristics o? "lobal memoryC and it hel's to
ensure that the 'rotected mode o'erates smoothly.
The 5%T is 'ointed to by a s'ecial re"ister in the ,23 chi'C the 1)! *e&isterC or sim'ly
the 5%T(. The 5%T( is -2 bits lon". The loer 13 bits tell the si#e o? the 5%TC and the
u''er 32 bits tell the location o? the 5%T in memory. Here is a layout o? the 5%T(B
LI4IT is the si#e o? the 5%TC and BA+9 is the startin" address. LI4IT is 1 less than the
len"th o? the tableC so i? LI4IT has the >alue 10C then the 5%T is 13 bytes lon".
To load the 5%T(C the instruction L1)! is usedB
lgdt gdtr"
.ote that to com'lete the 'rocess o? loadin" a ne 5%TC the se"ment re"isters need to be
reloaded. The C- re"ister must be loaded usin" a ?ar @um'B
lgdt gdtr"
jmp 0x0;:complete(flus!
mov ax, 0x10
mov ds, ax
mov es, ax
mov fs, ax
mov gs, ax
mov ss, ax
The 5%T table contains a number o? entries called -e&ment )escriptors. 9ach is 2 bytes
lon" and contains in?ormation on the startin" 'oint o? the se"mentC the len"th o? the
se"mentC and the access ri"hts o? the se"ment.
The ?olloin" .A+4<synta, code re'resents a sin"le 5%T entryB
struc gdt(entr'(struct
limit(lo,: resb 2
base(lo,: resb 2
base(middle: resb 1
access: resb 1
granularit': resb 1
base(!ig!: resb 1
9ach se'arate 'ro"ram ill recei>eC ?rom the o'eratin" systemC a number o? di??erent
memory se"ments ?or use. The characteristics o? each local memory se"ment are stored
in a data structure called the Local )escriptor !able 7L%T8. The 5%T contains 'ointers
to each L%T.
Ad?anced Interrupts
x86 Assembly
In the cha'ter on Interru'tsC e mentioned the ?act that there are such a thin" as so?tare
interru'tsC and they can be installed by the system. This 'a"e ill "o more in<de'th about
that 'rocessC and ill talk about ho I+(s are installedC ho the system ?inds the I+(C
and ho the 'rocessor actually 'er?orms an interru't.
Wiki'edia has related in?ormation at
Interrupt -er?ice *outines
The actual code that is in>oked hen an interru't occurs is called the Interrupt -er?ice
*outine 7I+(8. When an e,ce'tion occursC or a 'ro"ram in>okes an interru'tC or the
hardare raises an interru'tC the 'rocessor ill use one o? se>eral methods 7to be
discussed8 to trans?er control to the I+(C hilst alloin" the I+( to sa?ely return control
to hate>er it interru'ted. At leastC FLA5+ and &+BI6 ill be sa>edC and the I+(:s &+BI6
ill be loadedC hoe>er some mechanisms cause a ?ull task sitch to occur be?ore the
I+( be"ins 7and another task sitch hen it ends8.
!he Interrupt Lector !able
In the ori"inal 2=23 'rocessor 7the same holds ?or all ,23 'rocessors in (eal 4ode8C the
Interrupt Lector !able controlled the ?lo into an I+(. The IGT started at memory
address =,==C and could "o as hi"h as =,3FFC ?or a ma,imum number o? 203 I+(s
7ran"in" ?rom interru't = to 2008. 9ach entry in the IGT contained 2 ords o? dataB A
>alue ?or I6C and a >alue ?or &+ 7in that order8. For e,am'leC let:s say that e ha>e the
?olloin" interru'tB
int 10!
When e tri""er the interru'tC the 'rocessor "oes to the 2=th location in the IGT 71-h U
2=8. +ince each table entry is - bytes 72 bytes I6C 2 bytes &+8C the micro'rocessor ould
"o to location O-T1-HPUO0=HP. At location 0=H ould be the ne I6 >alueC and at
location 02H ould be the ne &+ >alue. Hardare and so?tare interru'ts ould all be
stored in the IGTC so installin" a ne I+( is as easy as ritin" a ?unction 'ointer into the
IGT. In neer ,23 modelsC the IGT as re'laced ith the Interru't %escri'tor Table.
When interru'ts occur in real modeC the FLA5+ re"ister is 'ushed onto the stackC
?olloed by &+C then I6. The iret instruction restores &+BI6 and FLA5+C alloin" the
interru'ted 'ro"ram to continue una??ected. For hardare interru'tsC all other re"isters
7includin" the "eneral<'ur'ose re"isters8 mst be e,'licitly 'reser>ed 7e.". i? an interru't
routine makes use o? A1C it should 'ush A1 hen it be"ins and 'o' A1 hen it ends8. It
is "ood 'ractice ?or so?tare interru'ts to 'reser>e all re"isters e,ce't those containin"
return >alues. 4ore im'ortantlyC any re"isters that are modi?ed must be documented.
!he Interrupt )escriptor !able
+ince the 223 but e,tended on the 323C interru'ts may be mana"ed by a table in memory
called the Interrupt )escriptor !able 7I%T8. The I%T only comes into 'lay hen the
'rocessor is in 'rotected mode. 4uch like the IGTC the I%T contains a listin" o? 'ointers
to the I+( routinesC hoe>erC there are no three ays to in>oke I+(sB
Task 5atesB These cause a task sitchC alloin" the I+( to run in its on conte,t
7ith its on L%TC etc.8. .ote that I(9T may still be used to return ?rom the I+(C
since the 'rocessor sets a bit in the I+(:s task se"ment that causes I(9T to
'er?orm a task sitch to return to the 're>ious task.
Interru't 5atesB These are similar to the ori"inal interru't mechanismC 'lacin"
9FLA5+C &+ and 9I6 on the stack. The I+( may be located in a se"ment o? eAual
or hi"her 'ri>ile"e to the currently e,ecutin" se"mentC but not o? loer 'ri>ile"e
7hi"her 'ri>ile"es are nmerically lo%erC ith le>el = bein" the hi"hest 'ri>ile"e8.
Tra' 5atesB These are identical to interru't "atesC e,ce't do not clear the interru't
The ?olloin" .A+4 structure re'resents an I%T entryB
struc idt(entr'(struct
base(lo,: resb 2
sel: resb 2
al,a's0: resb 1
flags: resb 1
base(!ig!: resb 2
Field Interrupt 1ate !rap 1ate !ask 1ate
Lo ord o? entry address o? I+( *nused
sel +e"ment selector o? I+( T++ descri'tor
Bits 0C 3C and ; should be =. Bits =<- are unused
and can be le?t as #ero.
*nusedC can be le?t as
Lo 0 bits are 74+B
?irst8B =111=C bits 0 and
3 ?orm the %6LC bit ; is
the 6resent bit.
Lo 0 bits are 74+B
?irst8B =1111C bits 0 and
3 ?orm the %6LC bit ; is
the 6resent bit.
Lo 0 bits are 74+B
?irst8B ==1=1C bits 0 and 3
?orm the %6LC bit ; is
the 6resent bit.
Hi"h ord o? entry address o? I+( *nused
%6L is the %escri'tor 6ri>ile"e Le>el 7= to 3C ith = bein" hi"hest 'ri>ile"e8
The 6resent bit indicates hether the se"ment is 'resent in (A4. I? this bit is =C a
-e&ment .ot 2resent ?ault 79,ce'tion 118 ill ensue i? the interru't is tri""ered.
These I+(s are usually installed and mana"ed by the o'eratin" system. !nly tasks ith
su??icient 'ri>ile"e to modi?y the I%T:s contents may directly install I+(s.
The I+( itsel? must be 'laced in a''ro'riate se"ments 7andC i? usin" task "atesC the
a''ro'riate T++ must be set u'8C 'articularly so that the 'ri>ile"e is ne>er loer than that
o? e,ecutin" code. I+(s ?or un'redictable interru'ts 7such as hardare interru'ts8 should
be 'laced in 'ri>ile"e le>el = 7hich is the hi"hest 'ri>ile"e8C so that this rule is not
>iolated hile a 'ri>ile"e<= task is runnin".
.ote that I+(sC 'articularly hardare<tri""ered onesC should al%ays be 'resent in
memory unless there is a "ood reason ?or them not to be. 4ost hardare interru'ts need
to be dealt ith 'rom'tlyC and sa''in" causes si"ni?icant delay. AlsoC some hardare
I+(s 7such as the hard disk I+(8 mi"ht be re&ired durin" the sa''in" 'rocess. +ince
hardare<tri""ered I+(s interru't 'rocesses at un'redictable timesC de>ice dri>er
'ro"rammers are encoura"ed to kee' I+(s >ery short. !?ten an I+( sim'ly or"anises ?or
a kernel task to do the necessary orkM this kernel task ill be run at the ne,t suitable
o''ortunity. As a result o? thisC hardare<tri""ered I+(s are "enerally >ery small and
little is "ained by sa''in" them to the disk.
Hoe>erC it may be desirable to set the 'resent bit to =C e>en thou"h the I+( actually is
'resent in (A4. The !+ can use the +e"ment .ot 6resent handler ?or some other
?unctionC ?or instance to monitor interru't calls.
I)! *e&ister
The ,23 contains a re"ister hose @ob is to kee' track o? the I%T. This re"ister is called
the I)! *e&isterC or sim'ly DI%T(D. the I%T re"ister is -2 bits lon". The loer 13 bits
are called the LI4IT section o? the I%T(C and the u''er 32 bits are called the BA+9
section o? the I%T(B
The BA+9 is the base address o? the I%T in memory. The I%T can be located anyhere
in memoryC so the BA+9 needs to 'oint to it. The LI4IT ?ield contains the current len"th
o? the I%T.
To load the I%T(C the instruction LI)! is usedB
lidt idtr"
Interrupt Instructions
int ar"
calls the s'eci?ied interru't
into 8x8=
calls interru't - i? the o>er?lo ?la" is set
returns ?rom an interru't ser>ice routine 7I+(8.
)e6ault I-*
A "ood 'ro"rammin" 'ractice is to 'ro>ide a de?ault I+( that can be used as 'laceholder
?or unused interru'ts. This is to 're>ent e,ecution o? random code i? an unreco"ni#ed
interru't is raised. The de?ault I+( can be as sim'le as a sin"le iret instruction.
.ote hoe>er that under %!+ 7hich is in real mode8C certain IGT entries contain
'ointers to im'ortantC but not necessarily e,ecutableC locations. For instanceC entry =,1%
is a ?ar 'ointer to a >ideo initialisation 'arameter table ?or >ideo controllersC entry =,1F is
a 'ointer to the "ra'hical character bitma' table.
)isablin& Interrupts
In ,23C interru'ts can be disabled usin" the cli command. This command takes no
ar"uments. To enable interru'tsC the 'ro"rammer can use the sti command. Interru'ts
need to be disabled hen 'er?ormin" im'ortant system tasksC because you don:t ant the
'rocessor to o'erate in an unknon state. For instanceC hen enterin" 'rotected modeC
e ant to disable interru'tsC because e ant the 'rocessor to sitch to 'rotected mode
be?ore anythin" else ha''ens. Another thin" you may ant to do is load an I%T 'seudo<
descri'tor ith a null limit i? ?or e,am'leC you are sitchin" to real<mode to 'rotected
mode because the I%T ?ormat is di??erent beteen the to modes.
x86 Assembly
Wiki'edia has related in?ormation at
When a com'uter is turned onC there is some bee'in"C and some ?lashin" li"htsC and then
a loadin" screen a''ears. And then ma"icallyC the o'eratin" system loads into memory.
The Auestion is then raisedC ho does the o'eratin" system load u'? What "ets the ball
rollin"? The anser is DBootloadersD.
What is a "ootloader
Bootloaders are small 'ieces o? so?tare that 'lay a role in "ettin" an o'eratin" system
loaded and ready ?or e,ecution hen a com'uter is turned on. The ay this ha''ens
>aries beteen di??erent com'uter desi"ns 7early com'uters o?ten reAuired a 'erson to
manually set the com'uter u' hene>er it as turned on8C and o?ten there are se>eral
sta"es in the 'rocess o? boot loadin".
!n IB4 6& com'atiblesC the ?irst 'ro"ram to load is the Basic In'ut)!ut'ut +ystem
7BI!+8. The BI!+ 'er?orms many tests and initialisationsC then the BI!+ boot loader
be"ins. Its 'ur'ose is to load another boot loaderW It selects a disk 7or some other stora"e
media8 ?rom hich it loads a secondary boot loader.
This boot loader ill either load yet another boot loader somehere elseC or load enou"h
o? an !'eratin" +ystem to start runnin" it. The main ?ocus o? this article ill be the ?inal
sta"e be?ore the !+ is loaded.
+ome tasks that this last boot loader may 'er?ormB
Allocate more stack s'ace
9stablish a 5%T
9nter 6rotected 4ode
Load the /ernel
Bootloaders are almost e,clusi>ely ritten in assembly lan"ua"e 7or e>en machine code8C
because they need to be com'actC they don:t ha>e access to !+ routines 7such as memory
allocation8 that other lan"ua"es mi"ht reAuireC they need to ?ollo some unusual
reAuirementsC and they bene?it ?rom 7or reAuire8 access to some lo<le>el ?eatures. 4any
bootloaders ill be >ery sim'leC and ill only load the kernel into memoryC lea>in" the
kernel:s initialisation 'rocedure to create a 5%T and enter 'rotected mode. I? the 5%T is
>ery lar"e or com'licatedC the bootloader may not be 'hysically lar"e enou"h to create it.
+ome boot loaders are hi"hly !+<s'eci?icC hile others are less so < certainly the BI!+
boot loader is not !+<s'eci?ic. The 4+<%!+ boot loader 7hich as 'laced on all 4+<
%!+ ?ormatted ?lo''y disks8 sim'ly checks i? the ?iles I%E-C- and 0-)%-E-C- e,istM
i? they are not 'resent it dis'lays the error D.on<+ystem disk or disk errorD otherise it
loads and be"ins e,ecution o? I%E-C-.
!he "ootsector
The ?irst 012 bytes o? a disk are knon as the bootsector or 0aster "oot *ecord. The
boot sector is an area o? the disk reser>ed ?or bootin" 'ur'oses. I? the bootsector o? a disk
contains a >alid boot sector 7the last ord o? the sector must contain the si"nature
=,AA008C then the disk is treated by the BI!+ as bootable.
!he "oot 2rocess
When sitched on or resetC an ,23 'rocessor be"ins e,ecutin" the instructions it ?inds at
address F===BFFF= 7at this sta"e it is o'eratin" in *eal 0ode8. In IB4 6& com'atiblesC
this address is ma''ed to a (!4 chi' that contains the com'uter:s Basic In'ut)!ut'ut
+ystem 7BI!+8 code. The BI!+ is res'onsible ?or many tests and initialisationsM ?or
instance the BI!+ may 'er?orm a memory testC initialise the 6I& and system timerC and
test that these de>ices are orkin".
9>entually the actual boot loadin" be"ins < ?irst the BI!+ searches ?or and initialises
a>ailable stora"e media 7such as ?lo''y dri>esC hard disksC &% dri>es8C then it decides
hich o? these it ill attem't to boot ?rom. It checks each de>ice ?or a>ailability 7e.".
ensurin" a ?lo''y dri>e contains a disk8C then the =,AA00 si"natureC in some 'rede?ined
order 7o?ten the order is con?i"urable usin" the BI!+ setu' tool8. It loads the ?irst sector
o? the ?irst bootable de>ice it comes across into (A4C and initiates e,ecution.
IdeallyC this ill be another boot loaderC and it ill continue the @obC makin" a ?e
're'arationsC then 'assin" control to somethin" else.
While BI!+es remains com'atible ith 2= year old so?tareC they ha>e also become
more so'histicated o>er time. 9arly BI!+es could not boot ?rom &% dri>esC but no &%
and e>en %G% bootin" are becomin" standard BI!+ ?eatures. Bootin" ?rom *+B stora"e
de>ices is also 'ossibleC and some systems can boot ?rom o>er the netork. To achie>e
such ad>anced ?unctionin"C BI!+es sometimes enter 'rotected mode and the likeM but
then return to real mode in order to be com'atible ith le"acy boot loaders. This creates a
chicken<and<e"" 'roblemB bootloaders are ritten to ork ith the ubiAuitous BI!+C and
BI!+es are ritten to su''ort all those bootloadersC 're>entin" much in the ay o? ne
?eatures in the ay o? boot loadin".
Hoe>erC a ne bootstra' technolo"yC the 9FIC is be"innin" to "ain momentum. It is
much more so'histicated and ill not be discussed in this article.
.ote also that other com'uter systems < e>en some that use ,23 'rocessors < may boot in
di??erent ays. IndeedC some embedded systems hose so?tare is com'act enou"h to be
stored on (!4 chi's may not need bootloaders at all.
A bootloader runs under certain conditions that the 'ro"rammer must a''reciate in order
to make a success?ul bootloader. The ?olloin" 'ertains to bootloaders initiated by the
6& BI!+B
1. The ?irst sector o? a dri>e contains its boot loader.
2. !ne sector is 012 bytes < the last to bytes mst be =,AA00 7i.e. =,00 ?olloed
by =,AA8C or else the BI!+ ill treat the dri>e as unbootable.
3. I? e>erythin" is in orderC said ?irst sector ill be 'laced at (A4 address
====B;&==C and the BI!+:s role is o>er as it trans?ers control to ====B;&==. 7I.e. it
I46s to that address8
-. &+C %+ and 9+ ill be set to ====.
0. There are some con>entions that need to be res'ected i? the disk is to be readable
under certain o'eratin" systems. For instance you may ish to include a BI!+
6arameter Block on a ?lo''y disk to render the disk readable under most 6&
o'eratin" systems 7thou"h you must also ensure the rest o? the disk holds a >alid
FAT12 ?ile system as ell8.
3. While standard routines installed by the BI!+ are a>ailable to the bootloaderC the
o'eratin" system has not been loaded yetC and you cannot rely on loaders or !+
memory mana"ement. Any data the boot loader needs must either be included in
the ?irst sector 7be care?ul not to e,ecute itW8 or manually loaded ?rom another
sector o? the diskC to somehere in (A4. Because the !+ is not runnin" yetC most
o? the (A4 ill be unusedC hoe>er you must take care not to inter?ere ith
(A4 that may be reAuired by interru'ts.
;. The !+ code itsel? 7or the ne,t bootloader8 ill need to loaded somehere into
(A4 as ell.
2. The 012<byte stack allocated by the BI!+ may be too small ?or some 'ur'oses
7remember that unless interru'ts are disabledC they can ha''en at any time8. It
may be necessary to create a lar"er stack.
4ost assemblers ill ha>e a command or directi>e similar to !(5 ;&==h that in?orms
the assembler that the code ill be loaded startin" at o??set ;&==h. The assembler ill
take this into account hen calculatin" instruction and data addresses. *sin" this ill
make it easier to use 'rocedures and data ithin the bootloader 7you ill not need to add
;&== to all the addresses8. Another o'tion is to set some se"ment re"isters to =;&=hC so
that the o??sets actually start at = relati>e to those se"ment. AlsoC some bootloaders co'y
themsel>es to other locations in (A4.
*suallyC the bootloader ill load the kernel into memoryC and then @um' to the kernel.
The kernel ill then be able to reclaim the memory used by the bootloader 7because it has
already 'er?ormed its @ob8. Hoe>er it is not im'ossible to include !+ code ithin the
boot sector and kee' it resident a?ter the !+ be"ins.
Here is a sim'le boot sector demo desi"ned ?or .A+4B
6DN .C00!
VSL s!ort %+#D+ ;Vump over t!e data 1t!e Ws!ortW Re',ord maRes t!e VSL code smaller2
$@ >?ello MorldJ >
S6< CE, 1 ;Mrite 1 c!aracter
S6< @E, 000-! ;Colour attribute 1) 1,!ite2
E6D $E, $E ;%tart at top left corner
S6< %U, S%N ;Loads t!e address of t!e first b'te of t!e message 1Un t!is case, .C02!2
S6< #?, 02
UC+ 10! ;%et cursor position
L6$%@ ;Load a b'te of t!e message into #L.
;Demember t!at $% is 0 and %U !olds t!e
;offset of one of t!e b'tes of t!e message.
S6< #?, /
UC+ 10! ;Mrite c!aracter
UCC $L ;#dvance cursor
CSL $L, ;0 ;Mrap around edge of screen
E6D $L, $L
UCC $?
CSL $?, 2) ;Mrap around bottom of screen
E6D $?, $?
;Uf ,eWre not at end of message, continue
;loading c!aracters ot!er,ise return %U
;to t!e start of t!e message
+USF% 0200! 5 2 5 18 5 882 $@ 0 ;Yerofill up to )10 b'tes
$M 0##))! ;@oot %ector signature
;+o Yerofill up to t!e si=e of a standard 1.00S@, 3.)> flopp' disR
;+USF% 10.0)*0 5 18 5 882 $@ 0
To com'ile the abo>e ?ileC su''ose it is called :?lo''y.asm:C you can use ?olloin"
nasm 5f bin 5o flopp'.img flopp'.asm
While strictly s'eakin" this is not a bootloaderC it is bootableC and demonstrates se>eral
Ho to include and access data in the boot sector
Ho to ski' o>er included data 7this is reAuired ?or a BI!+ 6arameter Block8
Ho to 'lace the =,AA00 si"nature at the end o? the sector 7also .A+4 ill
issue an error i? there is too much code to ?it in a sector8
The use o? BI!+ interru'ts
!n Linu,C you can issue a command like
cat flopp'.img H 3dev3fd0
to rite the ima"e to the ?lo''y disk 7the ima"e may be smaller than the si#e o? the disk
in hich case only as much in?ormation as is in the ima"e ill be ritten to the disk8.
*nder Windos you can use so?tare such as (AW(IT9.
#ard disks
Hard disks usually add an e,tra layer to this 'rocessC since they may be 'artitioned. The
?irst sector o? a hard disk is knon as the 4aster Boot (ecord 74B(8. &on>entionallyC
the 'artition in?ormation ?or a hard disk is included at the end o? the 4B(C @ust be?ore the
=,AA00 si"nature.
The role o? the BI!+ is no di??erent to be?oreB to read the ?irst sector o? the disk 7that isC
the 4B(8 into (A4C and trans?er e,ecution to the ?irst byte o? this sector. The BI!+ is
obli>ious to 'artitionin" schemes < all it checks ?or is the 'resence o? the =,AA00
While this means that one can use the 4B( in any ay one ould like 7?or instanceC omit
or e,tend the 'artition table8 this is seldom done. %es'ite the ?act that the 'artition table
desi"n is >ery old and limited < it is limited to ?our 'artitions < >irtually all o'eratin"
systems ?or IB4 6& com'atibles assume that the 4B( ill be ?ormatted like this.
There?ore to break ith con>ention is to render your disk ino'erable e,ce't to o'eratin"
systems s'eci?ically desi"ned to use it.
In 'racticeC the 4B( usually contains a boot loader hose 'ur'ose is to load another
boot loader < to be ?ound at the start o? one o? the 'artitions. This is o?ten a >ery sim'le
'ro"ram hich ?inds the ?irst 'artition marked ActiveC loads its ?irst sector into (A4C and
commences its e,ecution. +ince by con>ention the ne boot loader is also loaded to
adress ;&==hC the old loader may need to relocate all or 'art o? itsel? to a di??erent
location be?ore doin" this. AlsoC 9+B+I is e,'ected to contain the address in (A4 o? the
'artition tableC and %L the boot dri>e number. Breakin" such con>entions may render a
bootloader incom'atible ith other bootloaders.
Hoe>erC many boot mana"ers Oso?tare that enables the user to select a 'artitionC and
sometimes e>en kernelC to boot ?romP use custom 4B( code hich loads the remainder
o? the boot mana"er code ?rom somehere on diskC then 'ro>ides the user ith o'tions
on ho to continue the bootstra' 'rocess. It is also 'ossible ?or the boot mana"er to
reside ithin a 'artitionC in hich case it must ?irst be loaded by another boot loader.
4ost boot mana"ers su''ort chain loadin" 7that isC startin" another boot loader >ia the
usual ?irst<sector<o?<'artition<to<address<;&== 'rocess8 and this is o?ten used ?or systems
such as %!+ and Windos. Hoe>erC some boot mana"ers 7notably 5(*B8 su''ort the
loadin" o? a user<selected kernel ima"e. This can be used ith systems such as
5.*)Linu, and +olarisC alloin" more ?le,ibility in startin" the system. The mechanism
may di??er somehat ?rom that o? chain loadin".
&learlyC the 'artition table 'resents a chicken<and<e"" 'roblem that is 'lacin"
unreasonable limitations on 'artitionin" schemes. !ne solution "ainin" momentum is the
5*I% 6artition TableM it uses a dummy 4B( 'artition table so that le"acy o'eratin"
systems ill not inter?ere ith the 56TC hile neer o'eratin" systems can take
ad>anta"e o? the many im'ro>ements o??ered by the system.
5xample o6 a "oot Loader -- Linux /ernel ?8E8:
T boot.s
T boot.s is loaded at 0x.c00 b' t!e bios5startup routines, and moves itself
T out of t!e ,a' to address 0x/0000, and jumps t!ere.
T Ut t!en loads t!e s'stem at 0x10000, using @U6% interrupts. +!ereafter
T it disables all interrupts, moves t!e s'stem do,n to 0x0000, c!anges
T to protected mode, and calls t!e start of s'stem. %'stem t!en must
T DF5initiali=e t!e protected mode in itWs o,n tables, and enable
T interrupts as needed.
T C6+FJ currentl' s'stem is at most ;4*))3* b'tes long. +!is s!ould be no
T problem, even in t!e future. U ,ant to Reep it simple. +!is )12 R@
T Rernel si=e s!ould be enoug! 5 in fact more ,ould mean ,eWd !ave to move
T not just t!ese start5up routines, but also do somet!ing about t!e cac!e5
T memor' 1blocR U6 devices2. +!e area left over in t!e lo,er *00 R@ is meant
T for t!ese. Co ot!er memor' is assumed to be >p!'sical>, ie all memor'
T over 1Sb is demand5paging. #ll addresses under 1Sb are guaranteed to matc!
T t!eir p!'sical addresses.
T C6+F1 abouve is no longer valid in itWs entiret'. cac!e5memor' is allocated
T above t!e 1Sb marR as ,ell as belo,. 6t!er,ise it is mainl' correct.
T C6+F 2J +!e boot disR t'pe must be set at compile5time, b' setting
T t!e follo,ing eBu. ?aving t!e boot5up procedure !unt for t!e rig!t
T disR t'pe is severe brain5damage.
T +!e loader !as been made as simple as possible 1!ad to, to get it
T in )12 b'tes ,it! t!e code to move to protected mode2, and continuos
T read errors ,ill result in a unbreaRable loop. Deboot b' !and. Ut
T loads prett' fast b' getting ,!ole sectors at a time ,!enever possible.
T 1.00Sb disRs:
sectors 7 1;
T 1.2Sb disRs:
T sectors 7 1)
T .20R@ disRs:
T sectors 7 /
.globl begtext, begdata, begbss, endtext, enddata, endbss
@66+%FN 7 0x0.c0
UCU+%FN 7 0x/000
%Z%%FN 7 0x1000 T s'stem loaded at 0x10000 1*))3*2.
FC$%FN 7 %Z%%FN & %Z%%UYF
entr' start
mov ax,:@66+%FN
mov ds,ax
mov ax,:UCU+%FN
mov es,ax
mov cx,:2)*
sub si,si
sub di,di
jmpi go,UCU+%FN
go: mov ax,cs
mov ds,ax
mov es,ax
mov ss,ax
mov sp,:0x000 T arbitrar' value HH)12
mov a!,:0x03 T read cursor pos
xor b!,b!
int 0x10

mov cx,:20
mov bx,:0x000. T page 0, attribute . 1normal2
mov bp,:msg1
mov ax,:0x1301 T ,rite string, move cursor
int 0x10
T oR, ,eWve ,ritten t!e message, no,
T ,e ,ant to load t!e s'stem 1at 0x100002
mov ax,:%Z%%FN
mov es,ax T segment of 0x010000
call read(it
call Rill(motor
T if t!e read ,ent ,ell ,e get current cursor position ans save it for
T posterit'.
mov a!,:0x03 T read cursor pos
xor b!,b!
int 0x10 T save it in Rno,n place, con(init fetc!es
mov )10",dx T it from 0x/0)10.

T no, ,e ,ant to move to protected mode ...
cli T no interrupts allo,ed J
T first ,e move t!e s'stem to itWs rig!tful place
mov ax,:0x0000
cld T WdirectionW70, movs moves for,ard
mov es,ax T destination segment
add ax,:0x1000
cmp ax,:0x/000
j= end(move
mov ds,ax T source segment
sub di,di
sub si,si
mov cx,:0x;000
j do(move
T t!en ,e load t!e segment descriptors
mov ax,cs T rig!t, forgot t!is at first. didnWt ,orR :52
mov ds,ax
lidt idt(0; T load idt ,it! 0,0
lgdt gdt(0; T load gdt ,it! ,!atever appropriate
T t!at ,as painless, no, ,e enable #20
call empt'(;002
mov al,:0x$1 T command ,rite
out :0x*0,al
call empt'(;002
mov al,:0x$- T #20 on
out :0x*0,al
call empt'(;002
T ,ell, t!at ,ent oR, U !ope. Co, ,e !ave to reprogram t!e interrupts :51
T ,e put t!em rig!t after t!e intel5reserved !ard,are interrupts, at
T int 0x2050x2-. +!ere t!e' ,onWt mess up an't!ing. %adl' U@S reall'
T messed t!is up ,it! t!e original LC, and t!e' !avenWt been able to
T rectif' it after,ards. +!us t!e bios puts interrupts at 0x0;50x0f,
T ,!ic! is used for t!e internal !ard,are interrupts as ,ell. Me just
T !ave to reprogram t!e ;2)/Ws, and it isnWt fun.
mov al,:0x11 T initiali=ation seBuence
out :0x20,al T send it to ;2)/#51
.,ord 0x00eb,0x00eb T jmp 8&2, jmp 8&2
out :0x#0,al T and to ;2)/#52
.,ord 0x00eb,0x00eb
mov al,:0x20 T start of !ard,are intWs 10x202
out :0x21,al
.,ord 0x00eb,0x00eb
mov al,:0x2; T start of !ard,are intWs 2 10x2;2
out :0x#1,al
.,ord 0x00eb,0x00eb
mov al,:0x00 T ;2)/51 is master
out :0x21,al
.,ord 0x00eb,0x00eb
mov al,:0x02 T ;2)/52 is slave
out :0x#1,al
.,ord 0x00eb,0x00eb
mov al,:0x01 T ;0;* mode for bot!
out :0x21,al
.,ord 0x00eb,0x00eb
out :0x#1,al
.,ord 0x00eb,0x00eb
mov al,:0x-- T masR off all interrupts for no,
out :0x21,al
.,ord 0x00eb,0x00eb
out :0x#1,al
T ,ell, t!at certainl' ,asnWt fun :51. ?opefull' it ,orRs, and ,e donWt
T need no steenRing @U6% an',a' 1except for t!e initial loading :52.
T +!e @U6%5routine ,ants lots of unnecessar' data, and itWs less
T >interesting> an',a'. +!is is !o, DF#L programmers do it.
T Mell, no,Ws t!e time to actuall' move into protected mode. +o maRe
T t!ings as simple as possible, ,e do no register set5up or an't!ing,
T ,e let t!e gnu5compiled 325bit programs do t!at. Me just jump to
T absolute address 0x00000, in 325bit protected mode.
mov ax,:0x0001 T protected mode 1LF2 bit
lms, ax T +!is is itJ
jmpi 0,; T jmp offset 0 of segment ; 1cs2
T +!is routine c!ecRs t!at t!e Re'board command Bueue is empt'
T Co timeout is used 5 if t!is !angs t!ere is somet!ing ,rong ,it!
T t!e mac!ine, and ,e probabl' couldnWt proceed an',a'.
.,ord 0x00eb,0x00eb
in al,:0x*0 T ;002 status port
test al,:2 T is input buffer full[
jn= empt'(;002 T 'es 5 loop
T +!is routine loads t!e s'stem at address 0x10000, maRing sure
T no *0R@ boundaries are crossed. Me tr' to load it as fast as
T possible, loading ,!ole tracRs ,!enever ,e can.
T in: es 5 starting address segment 1normall' 0x10002
T +!is routine !as to be recompiled to fit anot!er drive t'pe,
T just c!ange t!e >sectors> variable at t!e start of t!e file
T 1originall' 1;, for a 1.00Sb drive2
sread: .,ord 1 T sectors read of current tracR
!ead: .,ord 0 T current !ead
tracR: .,ord 0 T current tracR
mov ax,es
test ax,:0x0fff
die: jne die T es must be at *0R@ boundar'
xor bx,bx T bx is starting address ,it!in segment
mov ax,es
cmp ax,:FC$%FN T !ave ,e loaded all 'et[
jb oR1(read
mov ax,:sectors
sub ax,sread
mov cx,ax
s!l cx,:/
add cx,bx
jnc oR2(read
je oR2(read
xor ax,ax
sub ax,bx
s!r ax,:/
call read(tracR
mov cx,ax
add ax,sread
cmp ax,:sectors
jne oR3(read
mov ax,:1
sub ax,!ead
jne oR0(read
inc tracR
mov !ead,ax
xor ax,ax
mov sread,ax
s!l cx,:/
add bx,cx
jnc rp(read
mov ax,es
add ax,:0x1000
mov es,ax
xor bx,bx
jmp rp(read
pus! ax
pus! bx
pus! cx
pus! dx
mov dx,tracR
mov cx,sread
inc cx
mov c!,dl
mov dx,!ead
mov d!,dl
mov dl,:0
and dx,:0x0100
mov a!,:2
int 0x13
jc bad(rt
pop dx
pop cx
pop bx
pop ax
bad(rt: mov ax,:0
mov dx,:0
int 0x13
pop dx
pop cx
pop bx
pop ax
jmp read(tracR
4 +!is procedure turns off t!e flopp' drive motor, so
4 t!at ,e enter t!e Rernel in a Rno,n state, and
4 donWt !ave to ,orr' about it later.
pus! dx
mov dx,:0x3f2
mov al,:0
pop dx
.,ord 0,0,0,0 T dumm'
.,ord 0x0.-- T ;Sb 5 limit7200. 1200;400/*7;Sb2
.,ord 0x0000 T base address70
.,ord 0x/#00 T code read3exec
.,ord 0x00C0 T granularit'700/*, 3;*
.,ord 0x0.-- T ;Sb 5 limit7200. 1200;400/*7;Sb2
.,ord 0x0000 T base address70
.,ord 0x/200 T data read3,rite
.,ord 0x00C0 T granularit'700/*, 3;*
.,ord 0 T idt limit70
.,ord 0,0 T idt base70L
.,ord 0x;00 T gdt limit7200;, 2)* N$+ entries
.,ord gdt,0x/ T gdt base 7 0E/xxxx

.b'te 13,10
.ascii >Loading s'stem ...>
.b'te 13,10,13,10
6urther readin&
9mbedded +ystems)Bootloaders and Bootsectors describes bootloaders ?or a
>ariety o? embedded systems. 74ost embedded systems do not ha>e a ,23
x86 Chipset
x86 Assembly
The ori"inal IB4 com'uter as based around the 2=22 micro'rocessorC althou"h the
2=22 alone as not enou"h to handle all the com'le, tasks reAuired by the system. A
number o? other chi's ere de>elo'ed to su''ort the micro'rocessor unit 746*8C and
many o? these other chi's<<in one ay or another<<sur>i>e to this day. The cha'ters in
this section ill talk about some o? the additional chi's in the standard ,23 chi'setC
includin" the %4A chi'C the interru't controllerC and the Timer.
This section currently only contains 'a"es about the 'ro"rammable 'eri'heral chi'sC
althou"h e>entually it could also contain 'a"es about the non<'ro"rammable com'onents
o? the ,23 architectureC such as the (A4C the .orthbrid"eC etc.
4any o? the com'onents discussed in these cha'ters ha>e been inte"rated onto lar"er die
throu"h the years. The %4A and 6I& controllersC ?or instanceC are both usually inte"rated
into the +outhbrid"e A+I&. I? the 6&I 9,'ress standard becomes ides'readC many o?
these same ?unctions could be inte"rated into the 6&I 9,'ress controllerC instead o? into
the traditional .orthbrid"e)+outhbrid"e chi's.
)irect 0emory Access
x86 Assembly
)irect 0emory Access
The )irect 0emory Access chi' 7%4A8 as an im'ortant 'art o? the ori"inal IB4 6&C
and it has become an essential com'onent o? modern com'uter systems. %4A allos
other com'uter com'onents to access the main memory directlyC ithout ha>in" to
mana"e the data ?lo throu"h the 'rocessor. This is an im'ortant ?unctionalityC because
in many systemsC the 'rocessor is a data<?lo bottleneckC and it ould slo don the
system considerably to ha>e the 46* ha>e to handle e>ery memory transaction.
The ori"inal %4A chi' as knon as the 223;<A chi'C althou"h modern >ariants may be
one o? many di??erent models.
)0A %peration
The %4A chi' can be used to mo>e lar"e blocks o? data beteen to memory locationsC
or it can be used to mo>e blocks o? data ?rom a 'eri'heral de>ice to memory. For
instanceC %4A is used ?reAuently to mo>e data beteen the 6&I bus to the e,'ansion
cardsC and it is also used to mana"e data transmissions beteen 'rimary memory 7(A48
and the secondary memory 7H%%8. While the %4A is o'erationalC it has control o>er the
memory busC and the 46* may not access the bus ?or any reason. The 46* may
continue o'eratin" on the instructions that are stored in it:s cachesC but once the caches
are em'tyC or once a memory access instruction is encounteredC the 46* must ait ?or
the %4A o'eration to com'lete. The %4A can mana"e memory o'erations much more
Auickly than the 46* canC so the ait times are usually not a lar"e s'eed 'roblem.
)0A Channels
The %4A chi' has u' to 2 %4A channelsC and one o? these channels can be used to
cascade a second %4A chi' ?or a total o? 1- channels a>ailable. 9ach channel can be
'ro"rammed to read ?rom a s'eci?ic sourceC to rite to a s'eci?ic sourceC etc. Because o?
thisC the %4A has a number o? dedicated I)! addresses a>ailableC ?or ritin" to the
necessary control re"isters. The %4A uses addresses =,====<=,===F ?or standard
control re"istersC and =,==2=<=,==23 ?or 'a"e re"isters.
2ro&rammable Interrupt Controller
x86 Assembly
This section of the x86 Assembly book is a stb! "o can help by expanding this
The ori"inal IB4 6& contained a chi' knon as the 2ro&rammable Interrupt
Controller to handle the incomin" interru't reAuests ?rom the systemC and to send them
in an orderly ?ashion to the 46* ?or 'rocessin". The ori"inal interru't controller as the
220L<A chi'C althou"h modern com'uters ill ha>e a more modern >ariant. The most
common re'lacement is the A6I&OO2PP 7Ad>anced 6ro"rammale Inerru't &ontroller8
hich is essentially an e,tended >ersion o? the old 6I& chi' to maintain backards
2ro&rammable Interrupt !imer
x86 Assembly
This section of the x86 Assembly book is a stb! "o can help by expanding this
The 2ro&rammable Interrupt !imer 76IT8 is an essential com'onent o? modern
com'utersC and is an essential 'art o? a multi<taskin" en>ironment. The 6IT chi' can be
made<<by settin" >arious re"ister >alues<<to count u' or donC at certain ratesC and to
tri""er interru'ts at certain times. The timer can be set into a cyclic modeC so that hen it
tri""ers it automatically starts countin" a"ainC or it can be set into a one<time<only
countdon mode.
2ro&rammable 2arallel Inter6ace
x86 Assembly
This section of the x86 Assembly book is a stb! "o can help by expanding this
The !ri"inal ,23 6& had another 'eri'heral chi' onboard knon as the 2200A
2ro&rammable 2eripheral Inter6ace 766I8. The 2200AC and >ariants 722&00AC
22B00AC etc.8 controlled the communications tasks ith the outside orld. The 66I chi's
can be 'ro"rammed to o'erate in di??erent I)! modes.
x86 Assembly
Wikimedia -ources
Wiki'edia has related in?ormation at Assembly
Wiki'edia has related in?ormation at
Wiki'edia Assembler Article
& 6ro"rammin"
&EE 6ro"rammin"
!'eratin" +ystem %esi"n
9mbedded +ystems
,23 %isassembly
Floatin" 6oint
&arterC 6aulC D6& Assembly TutorialD. !nline book. htt'B)).dr'
HydeC (andallC DThe Art o? Assembly Lan"ua"eDC .o +tarch 6ressC 2==3. I+B.
1223-11L;2. htt'B)).arto?
Triebel and +i"nhC DThe 2=22 and 2=23 4icro'rocessorsB 6ro"rammin"C
Inter?acin"C +o?tareC HardareC and A''licationsDC -th 9ditionC 6rentice HallC
2==3. I+B. =13=L3=21-
Ionathan BartlettC D6ro"rammin" ?rom the 5round *'DC Bartlett 6ublishin"C Iuly
31C 2==-. I+B. =L;02232-;. A>ailable online at
TambeC 6ratikC D6rimiti>easmB Learn Assembly Lan"ua"e in 10 daysWWWDC 1st
9dition. 6resently ?ree cha'ters A>ailable online. 9book in 'ro"ressC
Web *esources
A4%:s A4%3- documentation on &%<(!4 7*.+. and &anada only8 and
donloadable 6%F ?ormat < maybe not inde'endent but com'lete descri'tion o?
A4%3- throu"h Assembly. htt'B))<
%ther Assembly Lan&ua&es
Assembly Lan&ua&e
,23 Assembly
The Assembly Lan"ua"e used by 32<bit Intel 4achines includin"
the 323C -23C and 6entium Family.
A &ommon (I+& assembly set that is both 'oer?ulC and relati>ely
easy to learn
The Assembly lan"ua"e used by the 4otorola 32=== series o?
The Assembly lan"ua"e used by the IB4 6oer6& architecture
The Assembly lan"ua"e used by +6A(& +ystems and main?rames
The 30=2 is a 'o'ular 2<bit microcontroller that is chea' and easy
to use.
TI 23 6lus
This is the instruction set used ith the TI 23 6lus brand o?
'ro"rammable "ra'hin" calculators.
33= Assembly
This is the instruction set used ith the IB4 33= ) 3;= ) L3,, and #)
+ystem brand o? 4ain?rame com'uters.
This is the instruction set used ith most 32<bit embedded &6*sC
includin" most 6%AsC 463 'layersC and handheld "amin" units.
7edit tem'late8
x86 Assembly
6ermission is "ranted to co'yC distribute and)or modi?y this document under the
terms o? the 1., Free )ocumentation LicenseC Gersion 1.2 or any later
>ersion 'ublished by the Free +o?tare FoundationM ith no In>ariant +ectionsC
no Front<&o>er Te,tsC and no Back<&o>er Te,ts. A co'y o? the license is
included in the section entitled D5.* Free %ocumentation License.D
1., Free )ocumentation License
Gersion 1.2C .o>ember 2==2
Cop'rig!t 1C2 2000,2001,2002 -ree %oft,are -oundation, Unc.
)1 -ranRlin %t, -ift! -loor, @oston, S# 0211051301 O%#
Fver'one is permitted to cop' and distribute verbatim copies
of t!is license document, but c!anging it is not allo,ed.
8E 2*5A0"L5
The 'ur'ose o? this License is to make a manualC te,tbookC or other ?unctional and use?ul
document D?reeD in the sense o? ?reedomB to assure e>eryone the e??ecti>e ?reedom to
co'y and redistribute itC ith or ithout modi?yin" itC either commercially or
noncommercially. +econdarilyC this License 'reser>es ?or the author and 'ublisher a ay
to "et credit ?or their orkC hile not bein" considered res'onsible ?or modi?ications
made by others.
This License is a kind o? Dco'yle?tDC hich means that deri>ati>e orks o? the document
must themsel>es be ?ree in the same sense. It com'lements the 5.* 5eneral 6ublic
LicenseC hich is a co'yle?t license desi"ned ?or ?ree so?tare.
We ha>e desi"ned this License in order to use it ?or manuals ?or ?ree so?tareC because
?ree so?tare needs ?ree documentationB a ?ree 'ro"ram should come ith manuals
'ro>idin" the same ?reedoms that the so?tare does. But this License is not limited to
so?tare manualsM it can be used ?or any te,tual orkC re"ardless o? sub@ect matter or
hether it is 'ublished as a 'rinted book. We recommend this License 'rinci'ally ?or
orks hose 'ur'ose is instruction or re?erence.
:E A22LICA"ILI!C A.) )5FI.I!I%.-
This License a''lies to any manual or other orkC in any mediumC that contains a notice
'laced by the co'yri"ht holder sayin" it can be distributed under the terms o? this
License. +uch a notice "rants a orld<ideC royalty<?ree licenseC unlimited in durationC to
use that ork under the conditions stated herein. The D%ocumentDC beloC re?ers to any
such manual or ork. Any member o? the 'ublic is a licenseeC and is addressed as DyouD.
Fou acce't the license i? you co'yC modi?y or distribute the ork in a ay reAuirin"
'ermission under co'yri"ht la.
A D4odi?ied GersionD o? the %ocument means any ork containin" the %ocument or a
'ortion o? itC either co'ied >erbatimC or ith modi?ications and)or translated into another
A D+econdary +ectionD is a named a''endi, or a ?ront<matter section o? the %ocument
that deals e,clusi>ely ith the relationshi' o? the 'ublishers or authors o? the %ocument
to the %ocument:s o>erall sub@ect 7or to related matters8 and contains nothin" that could
?all directly ithin that o>erall sub@ect. 7ThusC i? the %ocument is in 'art a te,tbook o?
mathematicsC a +econdary +ection may not e,'lain any mathematics.8 The relationshi'
could be a matter o? historical connection ith the sub@ect or ith related mattersC or o?
le"alC commercialC 'hiloso'hicalC ethical or 'olitical 'osition re"ardin" them.
The DIn>ariant +ectionsD are certain +econdary +ections hose titles are desi"natedC as
bein" those o? In>ariant +ectionsC in the notice that says that the %ocument is released
under this License. I? a section does not ?it the abo>e de?inition o? +econdary then it is
not alloed to be desi"nated as In>ariant. The %ocument may contain #ero In>ariant
+ections. I? the %ocument does not identi?y any In>ariant +ections then there are none.
The D&o>er Te,tsD are certain short 'assa"es o? te,t that are listedC as Front<&o>er Te,ts
or Back<&o>er Te,tsC in the notice that says that the %ocument is released under this
License. A Front<&o>er Te,t may be at most 0 ordsC and a Back<&o>er Te,t may be at
most 20 ords.
A DTrans'arentD co'y o? the %ocument means a machine<readable co'yC re'resented in a
?ormat hose s'eci?ication is a>ailable to the "eneral 'ublicC that is suitable ?or re>isin"
the document strai"ht?orardly ith "eneric te,t editors or 7?or ima"es com'osed o?
'i,els8 "eneric 'aint 'ro"rams or 7?or drain"s8 some idely a>ailable drain" editorC
and that is suitable ?or in'ut to te,t ?ormatters or ?or automatic translation to a >ariety o?
?ormats suitable ?or in'ut to te,t ?ormatters. A co'y made in an otherise Trans'arent
?ile ?ormat hose marku'C or absence o? marku'C has been arran"ed to thart or
discoura"e subseAuent modi?ication by readers is not Trans'arent. An ima"e ?ormat is
not Trans'arent i? used ?or any substantial amount o? te,t. A co'y that is not
DTrans'arentD is called D!'aAueD.
9,am'les o? suitable ?ormats ?or Trans'arent co'ies include 'lain A+&II ithout
marku'C Te,in?o in'ut ?ormatC LaTe1 in'ut ?ormatC +54L or 14L usin" a 'ublicly
a>ailable %T%C and standard<con?ormin" sim'le HT4LC 6ost+cri't or 6%F desi"ned ?or
human modi?ication. 9,am'les o? trans'arent ima"e ?ormats include 6.5C 1&F and
I65. !'aAue ?ormats include 'ro'rietary ?ormats that can be read and edited only by
'ro'rietary ord 'rocessorsC +54L or 14L ?or hich the %T% and)or 'rocessin" tools
are not "enerally a>ailableC and the machine<"enerated HT4LC 6ost+cri't or 6%F
'roduced by some ord 'rocessors ?or out'ut 'ur'oses only.
The DTitle 6a"eD meansC ?or a 'rinted bookC the title 'a"e itsel?C 'lus such ?olloin"
'a"es as are needed to holdC le"iblyC the material this License reAuires to a''ear in the
title 'a"e. For orks in ?ormats hich do not ha>e any title 'a"e as suchC DTitle 6a"eD
means the te,t near the most 'rominent a''earance o? the ork:s titleC 'recedin" the
be"innin" o? the body o? the te,t.
A section D9ntitled 1FRD means a named subunit o? the %ocument hose title either is
'recisely 1FR or contains 1FR in 'arentheses ?olloin" te,t that translates 1FR in
another lan"ua"e. 7Here 1FR stands ?or a s'eci?ic section name mentioned beloC such
as DAcknoled"ementsDC D%edicationsDC D9ndorsementsDC or DHistoryD.8 To D6reser>e the
TitleD o? such a section hen you modi?y the %ocument means that it remains a section
D9ntitled 1FRD accordin" to this de?inition.
The %ocument may include Warranty %isclaimers ne,t to the notice hich states that this
License a''lies to the %ocument. These Warranty %isclaimers are considered to be
included by re?erence in this LicenseC but only as re"ards disclaimin" arrantiesB any
other im'lication that these Warranty %isclaimers may ha>e is >oid and has no e??ect on
the meanin" o? this License.
<E L5*"A!I0 C%2CI.1
Fou may co'y and distribute the %ocument in any mediumC either commercially or
noncommerciallyC 'ro>ided that this LicenseC the co'yri"ht noticesC and the license notice
sayin" this License a''lies to the %ocument are re'roduced in all co'iesC and that you
add no other conditions hatsoe>er to those o? this License. Fou may not use technical
measures to obstruct or control the readin" or ?urther co'yin" o? the co'ies you make or
distribute. Hoe>erC you may acce't com'ensation in e,chan"e ?or co'ies. I? you
distribute a lar"e enou"h number o? co'ies you must also ?ollo the conditions in section
Fou may also lend co'iesC under the same conditions stated abo>eC and you may 'ublicly
dis'lay co'ies.
;E C%2CI.1 I. (,A.!I!C
I? you 'ublish 'rinted co'ies 7or co'ies in media that commonly ha>e 'rinted co>ers8 o?
the %ocumentC numberin" more than 1==C and the %ocument:s license notice reAuires
&o>er Te,tsC you must enclose the co'ies in co>ers that carryC clearly and le"iblyC all
these &o>er Te,tsB Front<&o>er Te,ts on the ?ront co>erC and Back<&o>er Te,ts on the
back co>er. Both co>ers must also clearly and le"ibly identi?y you as the 'ublisher o?
these co'ies. The ?ront co>er must 'resent the ?ull title ith all ords o? the title eAually
'rominent and >isible. Fou may add other material on the co>ers in addition. &o'yin"
ith chan"es limited to the co>ersC as lon" as they 'reser>e the title o? the %ocument and
satis?y these conditionsC can be treated as >erbatim co'yin" in other res'ects.
I? the reAuired te,ts ?or either co>er are too >oluminous to ?it le"iblyC you should 'ut the
?irst ones listed 7as many as ?it reasonably8 on the actual co>erC and continue the rest onto
ad@acent 'a"es.
I? you 'ublish or distribute !'aAue co'ies o? the %ocument numberin" more than 1==C
you must either include a machine<readable Trans'arent co'y alon" ith each !'aAue
co'yC or state in or ith each !'aAue co'y a com'uter<netork location ?rom hich the
"eneral netork<usin" 'ublic has access to donload usin" 'ublic<standard netork
'rotocols a com'lete Trans'arent co'y o? the %ocumentC ?ree o? added material. I? you
use the latter o'tionC you must take reasonably 'rudent ste'sC hen you be"in distribution
o? !'aAue co'ies in AuantityC to ensure that this Trans'arent co'y ill remain thus
accessible at the stated location until at least one year a?ter the last time you distribute an
!'aAue co'y 7directly or throu"h your a"ents or retailers8 o? that edition to the 'ublic.
It is reAuestedC but not reAuiredC that you contact the authors o? the %ocument ell be?ore
redistributin" any lar"e number o? co'iesC to "i>e them a chance to 'ro>ide you ith an
u'dated >ersion o? the %ocument.
=E 0%)IFICA!I%.-
Fou may co'y and distribute a 4odi?ied Gersion o? the %ocument under the conditions
o? sections 2 and 3 abo>eC 'ro>ided that you release the 4odi?ied Gersion under 'recisely
this LicenseC ith the 4odi?ied Gersion ?illin" the role o? the %ocumentC thus licensin"
distribution and modi?ication o? the 4odi?ied Gersion to hoe>er 'ossesses a co'y o? it.
In additionC you must do these thin"s in the 4odi?ied GersionB
AE *se in the Title 6a"e 7and on the co>ersC i? any8 a title distinct ?rom that o? the
%ocumentC and ?rom those o? 're>ious >ersions 7hich shouldC i? there ere anyC
be listed in the History section o? the %ocument8. Fou may use the same title as a
're>ious >ersion i? the ori"inal 'ublisher o? that >ersion "i>es 'ermission.
"E List on the Title 6a"eC as authorsC one or more 'ersons or entities res'onsible ?or
authorshi' o? the modi?ications in the 4odi?ied GersionC to"ether ith at least ?i>e
o? the 'rinci'al authors o? the %ocument 7all o? its 'rinci'al authorsC i? it has ?eer
than ?i>e8C unless they release you ?rom this reAuirement.
CE +tate on the Title 'a"e the name o? the 'ublisher o? the 4odi?ied GersionC as the
)E 6reser>e all the co'yri"ht notices o? the %ocument.
5E Add an a''ro'riate co'yri"ht notice ?or your modi?ications ad@acent to the other
co'yri"ht notices.
FE IncludeC immediately a?ter the co'yri"ht noticesC a license notice "i>in" the
'ublic 'ermission to use the 4odi?ied Gersion under the terms o? this LicenseC in
the ?orm shon in the Addendum belo.
1E 6reser>e in that license notice the ?ull lists o? In>ariant +ections and reAuired
&o>er Te,ts "i>en in the %ocument:s license notice.
#E Include an unaltered co'y o? this License.
IE 6reser>e the section 9ntitled DHistoryDC 6reser>e its TitleC and add to it an item
statin" at least the titleC yearC ne authorsC and 'ublisher o? the 4odi?ied Gersion as
"i>en on the Title 6a"e. I? there is no section 9ntitled DHistoryD in the %ocumentC
create one statin" the titleC yearC authorsC and 'ublisher o? the %ocument as "i>en on
its Title 6a"eC then add an item describin" the 4odi?ied Gersion as stated in the
're>ious sentence.
@E 6reser>e the netork locationC i? anyC "i>en in the %ocument ?or 'ublic access to
a Trans'arent co'y o? the %ocumentC and likeise the netork locations "i>en in
the %ocument ?or 're>ious >ersions it as based on. These may be 'laced in the
DHistoryD section. Fou may omit a netork location ?or a ork that as 'ublished
at least ?our years be?ore the %ocument itsel?C or i? the ori"inal 'ublisher o? the
>ersion it re?ers to "i>es 'ermission.
/E For any section 9ntitled DAcknoled"ementsD or D%edicationsDC 6reser>e the
Title o? the sectionC and 'reser>e in the section all the substance and tone o? each o?
the contributor acknoled"ements and)or dedications "i>en therein.
LE 6reser>e all the In>ariant +ections o? the %ocumentC unaltered in their te,t and in
their titles. +ection numbers or the eAui>alent are not considered 'art o? the section
0E %elete any section 9ntitled D9ndorsementsD. +uch a section may not be
included in the 4odi?ied Gersion.
.E %o not retitle any e,istin" section to be 9ntitled D9ndorsementsD or to con?lict in
title ith any In>ariant +ection.
%E 6reser>e any Warranty %isclaimers.
I? the 4odi?ied Gersion includes ne ?ront<matter sections or a''endices that Auali?y as
+econdary +ections and contain no material co'ied ?rom the %ocumentC you may at your
o'tion desi"nate some or all o? these sections as in>ariant. To do thisC add their titles to
the list o? In>ariant +ections in the 4odi?ied Gersion:s license notice. These titles must be
distinct ?rom any other section titles.
Fou may add a section 9ntitled D9ndorsementsDC 'ro>ided it contains nothin" but
endorsements o? your 4odi?ied Gersion by >arious 'arties<<?or e,am'leC statements o?
'eer re>ie or that the te,t has been a''ro>ed by an or"ani#ation as the authoritati>e
de?inition o? a standard.
Fou may add a 'assa"e o? u' to ?i>e ords as a Front<&o>er Te,tC and a 'assa"e o? u' to
20 ords as a Back<&o>er Te,tC to the end o? the list o? &o>er Te,ts in the 4odi?ied
Gersion. !nly one 'assa"e o? Front<&o>er Te,t and one o? Back<&o>er Te,t may be
added by 7or throu"h arran"ements made by8 any one entity. I? the %ocument already
includes a co>er te,t ?or the same co>erC 're>iously added by you or by arran"ement
made by the same entity you are actin" on behal? o?C you may not add anotherM but you
may re'lace the old oneC on e,'licit 'ermission ?rom the 're>ious 'ublisher that added
the old one.
The author7s8 and 'ublisher7s8 o? the %ocument do not by this License "i>e 'ermission to
use their names ?or 'ublicity ?or or to assert or im'ly endorsement o? any 4odi?ied
ME C%0"I.I.1 )%C,05.!-
Fou may combine the %ocument ith other documents released under this LicenseC
under the terms de?ined in section - abo>e ?or modi?ied >ersionsC 'ro>ided that you
include in the combination all o? the In>ariant +ections o? all o? the ori"inal documentsC
unmodi?iedC and list them all as In>ariant +ections o? your combined ork in its license
noticeC and that you 'reser>e all their Warranty %isclaimers.
The combined ork need only contain one co'y o? this LicenseC and multi'le identical
In>ariant +ections may be re'laced ith a sin"le co'y. I? there are multi'le In>ariant
+ections ith the same name but di??erent contentsC make the title o? each such section
uniAue by addin" at the end o? itC in 'arenthesesC the name o? the ori"inal author or
'ublisher o? that section i? knonC or else a uniAue number. 4ake the same ad@ustment to
the section titles in the list o? In>ariant +ections in the license notice o? the combined
In the combinationC you must combine any sections 9ntitled DHistoryD in the >arious
ori"inal documentsC ?ormin" one section 9ntitled DHistoryDM likeise combine any
sections 9ntitled DAcknoled"ementsDC and any sections 9ntitled D%edicationsD. Fou
must delete all sections 9ntitled D9ndorsements.D
6E C%LL5C!I%.- %F )%C,05.!-
Fou may make a collection consistin" o? the %ocument and other documents released
under this LicenseC and re'lace the indi>idual co'ies o? this License in the >arious
documents ith a sin"le co'y that is included in the collectionC 'ro>ided that you ?ollo
the rules o? this License ?or >erbatim co'yin" o? each o? the documents in all other
Fou may e,tract a sin"le document ?rom such a collectionC and distribute it indi>idually
under this LicenseC 'ro>ided you insert a co'y o? this License into the e,tracted
documentC and ?ollo this License in all other res'ects re"ardin" >erbatim co'yin" o?
that document.
HE A11*51A!I%. WI!# I.)525.)5.! W%*/-
A com'ilation o? the %ocument or its deri>ati>es ith other se'arate and inde'endent
documents or orksC in or on a >olume o? a stora"e or distribution mediumC is called an
Da""re"ateD i? the co'yri"ht resultin" ?rom the com'ilation is not used to limit the le"al
ri"hts o? the com'ilation:s users beyond hat the indi>idual orks 'ermit. When the
%ocument is included in an a""re"ateC this License does not a''ly to the other orks in
the a""re"ate hich are not themsel>es deri>ati>e orks o? the %ocument.
I? the &o>er Te,t reAuirement o? section 3 is a''licable to these co'ies o? the %ocumentC
then i? the %ocument is less than one hal? o? the entire a""re"ateC the %ocument:s &o>er
Te,ts may be 'laced on co>ers that bracket the %ocument ithin the a""re"ateC or the
electronic eAui>alent o? co>ers i? the %ocument is in electronic ?orm. !therise they
must a''ear on 'rinted co>ers that bracket the hole a""re"ate.
8E !*A.-LA!I%.
Translation is considered a kind o? modi?icationC so you may distribute translations o? the
%ocument under the terms o? section -. (e'lacin" In>ariant +ections ith translations
reAuires s'ecial 'ermission ?rom their co'yri"ht holdersC but you may include translations
o? some or all In>ariant +ections in addition to the ori"inal >ersions o? these In>ariant
+ections. Fou may include a translation o? this LicenseC and all the license notices in the
%ocumentC and any Warranty %isclaimersC 'ro>ided that you also include the ori"inal
9n"lish >ersion o? this License and the ori"inal >ersions o? those notices and disclaimers.
In case o? a disa"reement beteen the translation and the ori"inal >ersion o? this License
or a notice or disclaimerC the ori"inal >ersion ill 're>ail.
I? a section in the %ocument is 9ntitled DAcknoled"ementsDC D%edicationsDC or
DHistoryDC the reAuirement 7section -8 to 6reser>e its Title 7section 18 ill ty'ically
reAuire chan"in" the actual title.
NE !5*0I.A!I%.
Fou may not co'yC modi?yC sublicenseC or distribute the %ocument e,ce't as e,'ressly
'ro>ided ?or under this License. Any other attem't to co'yC modi?yC sublicense or
distribute the %ocument is >oidC and ill automatically terminate your ri"hts under this
License. Hoe>erC 'arties ho ha>e recei>ed co'iesC or ri"htsC ?rom you under this
License ill not ha>e their licenses terminated so lon" as such 'arties remain in ?ull
:8E F,!,*5 *5LI-I%.- %F !#I- LIC5.-5
The Free +o?tare Foundation may 'ublish neC re>ised >ersions o? the 5.* Free
%ocumentation License ?rom time to time. +uch ne >ersions ill be similar in s'irit to
the 'resent >ersionC but may di??er in detail to address ne 'roblems or concerns. +ee
9ach >ersion o? the License is "i>en a distin"uishin" >ersion number. I? the %ocument
s'eci?ies that a 'articular numbered >ersion o? this License Dor any later >ersionD a''lies
to itC you ha>e the o'tion o? ?olloin" the terms and conditions either o? that s'eci?ied
>ersion or o? any later >ersion that has been 'ublished 7not as a dra?t8 by the Free
+o?tare Foundation. I? the %ocument does not s'eci?y a >ersion number o? this LicenseC
you may choose any >ersion e>er 'ublished 7not as a dra?t8 by the Free +o?tare
(etrie>ed ?rom Dhtt'B))en.ikibooks.or")iki)123YAssembly)6rintYGersionD. Last
modi?ied on 2; Iune 2==;C at 12B=0.