Quick x86 Assembly Info

This topic was published by and viewed 631 times since "". The last page revision was "".

Viewing 1 post (of 1 total)
  • Author
    Posts
  • DevynCJohnson
    DevynCJohnson
    Keymaster
    • Topics - 444
    • @devyncjohnson

    Datatype Suffixes

    • z - zword; 512-bits
    • u - upper-word; yword or zword
    • y- yword; 256-bits
    • h - half-word; qword, oword, or yword
    • o - oword; 128-bits
    • f - fourth-word; dword, qword, or oword
    • n - normal-word; oword, yword, or zword
    • x - xword; oword or yword
    • t - ten-bytes; 80-bit float-point
    • q - quadword; 64-bits
    • l - longword/doubleword; 32-bit integer or 64-bit float-point
    • w - word; 16-bits
    • e - eighth-word; word, dword, or qword
    • s - short; 16-bit integer or 32-bit float-point
    • b - byte; 8-bits

    Condition Codes

    CodeBit 3Bit 2Bit 1Bit 0Condition
    O0000overflow
    NO0001no overflow
    B (NAE, C)0010below (not above or equal, carry)
    NB (AE, NC)0011not below (above or equal, no carry)
    E (Z)0100equal (zero)
    NE (NZ)0101not equal (not zero)
    NA (BE)0110not above (below or equal)
    A (NBE)0111above (not below or equal)
    S1000sign
    NS1001no sign
    P (PE)1010parity (parity even)
    NP (PO)1011no parity (parity odd)
    L (NGE)1100less than (not greater than or equal)
    NL (GE)1101not less than (greater than or equal)
    NG (LE)1110not greater than (less than or equal)
    G (NLE)1111greater than (not less than or equal)

    Control Registers

    Control registers change or control the general behavior of the CPU, co-processor, or other digital device. Behaviors include interrupts, addressing mode, paging, and more.

    • CR0
      • 0 (PE) - Protected Mode Enabled; If 1, then system is in protected mode, else the system is in real mode
      • 1 (MP) - Monitor co-processor; Controls interaction of WAIT/FWAIT instructions with TS flag in CR0
      • 2 (EM) - Emulation; If set, no x87 floating point unit present, if clear, x87 FPU present
      • 3 (TS) - Task Switched; Allows saving x87 task context upon a task switch only after x87 instruction used
      • 4 (ET) - Extension Type; On the 386, specify whether the external math co-processor IS an 80287 or 80387
      • 5 (NE) - Numeric Error; Enable internal x87 floating point error reporting when set, else enables PC style x87 error detection
      • 16 (WP) - Write Protect; When set, the CPU can not write to read-only pages when privilege level is 0
      • 18 (AM) - Alignment mask; Alignment check enabled if AM set, AC flag (in EFLAGS register) set, and privilege level is 3
      • 29 (NW) - Not-write through; Globally enables/disable write-through caching
      • 30 (CD) - Cache Disable; Globally enables/disable the memory cache
      • 31 (PG) - Paging; If 1, enable paging and use the CR3 register, else disable paging
    • CR1 - Reserved
    • CR2 - Page Fault Linear Address (PFLA); When a page fault occurs, the address the program attempted to access is stored in the CR2 register.
    • CR3 (PDBR) - Page Directory Base Register (Upper 20 bits). Used when virtual addressing is enabled to translate linear addresses into physical addresses by locating the page directory and page tables for the current task
    • CR4 - Used in protected mode to control operations such as virtual-8086 support, enabling I/O breakpoints, page size extension and machine check exceptions.
      • 0 (VME) - Virtual 8086 Mode Extensions; If set, enables support for the virtual interrupt flag (VIF) in virtual-8086 mode
      • 1 (PVI) - Protected-mode Virtual Interrupts; If set, enables support for the virtual interrupt flag (VIF) in protected mode
      • 2 (TSD) - Time Stamp Disable; If set, RDTSC instruction can only be executed when in ring 0, otherwise RDTSC can be used at any privilege level
      • 3 (DE) - Debugging Extensions; If set, enables debug register based breaks on I/O space access
      • 4 (PSE) - Page Size Extension; If unset, page size is 4 KiB, else page size is increased to 4 MiB (or 2 MiB with PAE set)
      • 5 (PAE) - Physical Address Extension; If set, changes page table layout to translate 32-bit virtual addresses into extended 36-bit physical addresses
      • 6 (MCE) - Machine Check Exception; If set, enables machine check interrupts to occur
      • 7 (PGE) - Page Global Enabled; If set, address translations (PDE or PTE records) may be shared between address spaces
      • 8 (PCE) - Performance-Monitoring Counter enable; If set, RDPMC can be executed at any privilege level, else RDPMC can only be used in ring 0
      • 9 (OSFXSR) - Operating system support for FXSAVE and FXRSTOR instructions; If set, enables SSE instructions and fast FPU save & restore
      • 10 (OSXMMEXCPT) - Operating System Support for Unmasked SIMD Floating-Point Exceptions; If set, enables unmasked SSE exceptions
      • 13 (VMXE) - Virtual Machine Extensions Enable
      • 14 (SMXE) - Safer Mode Extensions Enable; Trusted Execution Technology (TXT)
      • 16 (FSGSBASE) - Enables the instructions RDFSBASE, RDGSBASE, WRFSBASE, and WRGSBASE
      • 17 (PCIDE) - PCID Enable; If set, enables process-context identifiers (PCIDs)
      • 18 (OSXSAVE) - XSAVE and Processor Extended States Enable
      • 20 (SMEP) - Supervisor Mode Execution Protection Enable; If set, execution of code in a higher ring generates a fault
      • 21 (SMAP) - Supervisor Mode Access Protection Enable; If set, access of data in a higher ring generates a fault
      • 22 (PKE) - Protection Key Enable
    • EFER (MSR 0xC0000080) - Extended Feature Enable Register; x86-64 only
      • 0 (SCE) - System Call Extensions
      • 8 (LME) - Long Mode Enable
      • 10 (LMA) - Long Mode Active
      • 11 (NXE) - No-Execute Enable
      • 12 (SVME) - Secure Virtual Machine Enable
      • 13 (LMSLE) - Long Mode Segment Limit Enable
      • 14 (FFXSR) - Fast FXSAVE/FXRSTOR
      • 15 (TCE) - Translation Cache Extension
    • CR5-CR7 - Reserved
    • CR8 (TPR) - Task-Priority Register; Prioritize external interrupts; x86-64 only
    • CR9-CR15 - Reserved

    Branching and Conditionals

    MnemonicOperand 1Operand 2Operand 3DescriptionFlags Modified
    BOUNDlimitsrcArray index in source register is checked against upper and lower bounds in memory source. The first word located at "limit" is the lower boundary and the word at "limit+2" is the upper array bound. Interrupt 5 occurs if the source value is less than or higher than the source.
    BTsrcdestThe destination bit indexed by the source value is copied into the Carry Flag.CF
    BTCsrcdestThe destination bit indexed by the source value is copied into the Carry Flag after being complimented (inverted).CF
    BTRsrcdestThe destination bit indexed by the source value is copied into the Carry Flag and then cleared in the destination.CF
    BTSsrcdestThe destination bit indexed by the source value is copied into the Carry Flag and then set in the destination.CF
    CALLdestPushes Instruction Pointer (and Code Segment for far calls) onto stack and loads Instruction Pointer with the address of the procedure.
    CMOVccsrcdestConditional move; CMOVA, CMOVAE, CMOVB, CMOVBE, CMOVC, CMOVE, CMOVG, CMOVGE, CMOVL, CMOVLE, CMOVNA, CMOVNAE, CMOVNB, CMOVNBE, CMOVNC, CMOVNE, CMOVNG, CMOVNGE, CMOVNL, CMOVNLE, CMOVNO, CMOVNP, CMOVNS, CMOVNZ, CMOVO, CMOVP, CMOVPE, CMOVPO, CMOVS, CMOVZ
    CMPsrcdestSubtracts source from destination and updates the flags but does not save result. Flags can subsequently be checked for conditions.AF, CF, OF, PF, SF, ZF
    CMPSsrcdestSubtracts destination value from source without saving results. Updates flags based on the subtraction and the index registers (E)SI and (E)DI are incremented or decremented depending on the state of the Direction Flag. CMPSB inc/decrements the index registers by 1, CMPSW inc/decrements by 2, while CMPSD increments or decrements by 4.AF, CF, OF, PF, SF, ZF
    CMPSQsrcdestCoMPare String Quadword
    CMPXCHGsrcdestCompares the accumulator with "dest". If equal the "dest" is loaded with "src", otherwise the accumulator is loaded with "dest".AF, CF, OF, PF, SF, ZF
    CMPXCHG16BCoMPare and eXCHanGe 16 Bytes
    ENTERlevellocalModifies stack for entry to procedure for high level language. Operand "locals" specifies the amount of storage to be allocated on the stack. "Level" specifies the nesting level of the routine. Paired with the LEAVE instruction, this is an efficient method of entry and exit to procedures.
    ESCsrcimmediateProvides access to the data bus for other resident processors. The CPU treats it as a NOP but places memory operand on bus.
    HLTHalts CPU until RESET line is activated, NMI or maskable interrupt received. The CPU becomes dormant but retains the current CS:IP for later restart.
    INTint_numInitiates a software interrupt by pushing the flags, clearing the Trap and Interrupt Flags, pushing CS followed by IP and loading CS:IP with the value found in the interrupt vector table. Execution then begins at the location addressed by the new CS:IPIF, TF
    INTOIf the Overflow Flag is set this instruction generates an INT 4 which causes the code addressed by 0000:0010 to be executed.IF, TF
    IRETReturns control to point of interruption by popping IP, CS and then the Flags from the stack and continues execution at this location. CPU exception interrupts will return to the instruction that cause the exception because the CS:IP placed on the stack during the interrupt is the address of the offending instruction.AF, CF, DF, IF, PF, SF, TF, ZF
    IRETQ64-bit Return from Interrupt
    JAJump if Above; CF=0 and ZF=0
    JAEJump if Above or Equal; CF=0
    JBJump if Below; CF=1
    JBEJump if Below or Equal; CF=1 or ZF=1
    JCJump if Carry; CF=1
    JCXZJump if CX Zero;CX=0
    JEJump if Equal; ZF=1
    JGJump if Greater (signed); ZF=0 and SF=OF
    JGEJump if Greater or Equal (signed); SF=OF
    JLJump if Less (signed); SF != OF
    JLEJump if Less or Equal (signed); ZF=1 or SF != OF
    JMPUnconditional Jump
    JNAJump if Not Above; CF=1 or ZF=1
    JNAEJump if Not Above or Equal; CF=1
    JNBJump if Not Below; CF=0
    JNBEJump if Not Below or Equal; CF=0 and ZF=0
    JNCJump if Not Carry; CF=0
    JNEJump if Not Equal; ZF=0
    JNGJump if Not Greater (signed); ZF=1 or SF != OF
    JNGEJump if Not Greater or Equal (signed); SF != OF
    JNLJump if Not Less (signed); SF=OF
    JNLEJump if Not Less or Equal (signed); ZF=0 and SF=OF
    JNOJump if Not Overflow (signed); OF=0
    JNPJump if No Parity; PF=0
    JNSJump if Not Signed (signed); SF=0
    JNZJump if Not Zero; ZF=0
    JOJump if Overflow (signed); OF=1
    JPJump if Parity; PF=1
    JPEJump if Parity Even; PF=1
    JPOJump if Parity Odd; PF=0
    JRCXZJump if RCX is zero
    JSJump if Signed (signed); SF=1
    JZJump if Zero; ZF=1
    LEAVEReleases the local variables created by the previous ENTER instruction by restoring SP and BP to their condition before the procedure stack frame was initialized.
    LOCKThis instruction is a prefix that causes the CPU assert bus lock signal during the execution of the next instruction. Used to avoid two processors from updating the same data location. The 286 always asserts lock during an XCHG with memory operands. This should only be used to lock the bus prior to XCHG, MOV, IN and OUT instructions.
    LOOPlabelDecrements CX by 1 and transfers control to "label" if CX is not Zero. The "label" operand must be within -128 or 127 bytes of the instruction following the loop instruction.
    LOOPE/LOOPZlabelDecrements CX by 1 (without modifying the flags) and transfers control to "label" if CX != 0 and the Zero Flag is set. The "label" operand must be within -128 or 127 bytes of the instruction following the loop instruction.
    LOOPNZ/LOOPNElabelDecrements CX by 1 (without modifying the flags) and transfers control to "label" if CX != 0 and the Zero Flag is clear. The "label" operand must be within -128 or 127 bytes of the instruction following the loop instruction.
    MONITOREDXECXEAXSetup Monitor Address; Sets up a linear address range to be monitored by hardware and activates the monitor.
    MWAITECXEAXMonitor Wait; Processor hint to stop instruction execution and enter an implementation-dependent optimized state until occurrence of a class of events.
    NOPDo nothing
    PAUSEProvides a hint to the processor that the following code is a spin loop; used for cacheability
    REPRepeats execution of string instructions while CX != 0. After each string operation, CX is decremented and the Zero Flag is tested.
    REPE/REPZRepeats execution of string instructions while CX != 0 and the Zero Flag is set. CX is decremented and the Zero Flag tested after each string operation.
    REPNE/REPNZRepeats execution of string instructions while CX != 0 and the Zero Flag is clear. CX is decremented and the Zero Flag tested after each string operation.
    RET/RETF/RETNnum_bytesTransfers control from a procedure back to the instruction address saved on the stack. "num_bytes" is an optional number of bytes to release. Far returns pop the IP followed by the CS, while near returns pop only the IP register.
    RSMThis was introduced by the i386SL and later and is also in the i486SL and later. Resumes from System Management Mode (SMM).
    SCASCompares value at ES:DI (even if operand is specified) from the accumulator and sets the flags similar to a subtraction. DI is incremented/decremented based on the instruction format (or operand size) and the state of the Direction Flag.AF, CF, OF, PF, SF, ZF
    SETAE/SETNBdestSets the byte in the operand to 1 if the Carry Flag is clear otherwise sets the operand to 0.
    SETB/SETNAEdestSets the byte in the operand to 1 if the Carry Flag is set otherwise sets the operand to 0.
    SETBE/SETNAdestSets the byte in the operand to 1 if the Carry Flag or the Zero Flag is set, otherwise sets the operand to 0.
    SETE/SETZdestSets the byte in the operand to 1 if the Zero Flag is set, otherwise sets the operand to 0.
    SETNE/SETNZdestSets the byte in the operand to 1 if the Zero Flag is clear, otherwise sets the operand to 0.
    SETL/SETNGEdestSet if Less / Set if Not Greater or Equal
    SETGE/SETNLdestSets the byte in the operand to 1 if the Sign Flag equals the Overflow Flag, otherwise sets the operand to 0.
    SETLE/SETNGdestSets the byte in the operand to 1 if the Zero Flag is set or the Sign Flag is not equal to the Overflow Flag, otherwise sets the operand to 0.
    SETG/SETNLEdestSets the byte in the operand to 1 if the Zero Flag is clear or the Sign Flag equals to the Overflow Flag, otherwise sets the operand to 0.
    SETSdestSets the byte in the operand to 1 if the Sign Flag is set, otherwise sets the operand to 0.
    SETNSdestSets the byte in the operand to 1 if the Sign Flag is clear, otherwise sets the operand to 0.
    SETCdestSets the byte in the operand to 1 if the Carry Flag is set, otherwise sets the operand to 0.
    SETNCdestSets the byte in the operand to 1 if the Carry Flag is clear, otherwise sets the operand to 0.
    SETOdestSets the byte in the operand to 1 if the Overflow Flag is set, otherwise sets the operand to 0.
    SETNOdestSets the byte in the operand to 1 if the Overflow Flag is clear, otherwise sets the operand to 0.
    SETP/SETPEdestSets the byte in the operand to 1 if the Parity Flag is set, otherwise sets the operand to 0.
    SETNP/SETPOdestSets the byte in the operand to 1 if the Parity Flag is clear, otherwise sets the operand to 0.
    STISets the Interrupt Flag to 1, which enables recognition of all hardware interrupts. If an interrupt is generated by a hardware device, an End of Interrupt (EOI) must also be issued to enable other hardware interrupts of the same or lower priority.IF
    TESTsrcdestPerforms a logical AND of the two operands updating the flags register without saving the result.AF, CF, OF, PF, SF, ZF
    UD2Undefined Instruction; Generates an invalid opcode. This instruction is provided for software testing to explicitly generate an invalid opcode. The opcode for this instruction is reserved for this purpose.
    VERRsrcVerifies the specified segment selector is valid and is readable at the current privilege level. If the segment is readable, the Zero Flag is set, otherwise it is cleared.ZF
    VERWsrcVerifies the specified segment selector is valid and is writable at the current privilege level. If the segment is writable, the Zero Flag is set, otherwise it is cleared.ZF
    WAIT/FWAITCPU enters wait state until the coprocessor signals it has finished its operation. This instruction is used to prevent the CPU from accessing memory that may be temporarily in use by the coprocessor. WAIT and FWAIT are identical.
    WBINVDFlushes internal cache, then signals the external cache to write back current data followed by a signal to flush the external cache.

    Data Manipulation

    MnemonicOperand 1Operand 2Operand 3DescriptionFlags Modified
    AAAASCII adjust AL after addition; used when unpacked binary coded decimalAF, CF, OF, PF, SF, ZF
    AADASCII adjust AX before divisionAF, CF, OF, PF, SF, ZF
    AAMASCII adjust AX after multiplicationAF, CF, OF, PF, SF, ZF
    AASASCII adjust AL after subtractionAF, CF, OF, PF, SF, ZF
    ADCsrcdestAdd with carryAF, CF, OF, PF, SF, ZF
    ADDsrcdestAddAF, CF, OF, PF, SF, ZF
    ANDsrcdestLogical ANDAF, CF, OF, PF, SF, ZF
    ARPLsrcdestAdjusted Requested Privilege Level of Selector; Compares the RPL bits of "dest" against "src". If the RPL bits of "dest" are less than "src", the destination RPL bits are set equal to the source RPL bits and the Zero Flag is set. Otherwise the Zero Flag is cleared.ZF
    BSFsrcdestScans source operand for first bit set. Sets ZF if a bit is found set and loads the destination with an index to first set bit. Clears ZF if no bits are found set.ZF
    BSRsrcdestScans source operand for first bit set. Sets ZF if a bit is found set and loads the destination with an index to first set bit. Clears ZF if no bits are found set.ZF
    BSWAP32-bit RegChanges the byte order of a 32 bit register from big endian to little endian or vice versa. Result left in destination register is undefined if the operand is a 16 bit register.
    CBWConvert byte in AL to a word in AX
    CDQConverts a signed dword in EAX to a signed quadword in EDX:EAX
    CDQESign extend EAX into RAX
    CLCClear the carry bitCF
    CLDClear the direction flagDF
    CLIDisables the maskable hardware interrupts by clearing the Interrupt flag. NMI's and software interrupts are not inhibited.IF
    CLTSClears the Task Switched Flag in the Machine Status Register. This is a privileged operation and is generally used only by operating system code.IF
    CMCToggle the carry flagCF
    CQOSign extend RAX into RDX:RAX
    CWDExtends sign of word in register AX throughout register DX forming a doubleword quantity in DX:AX.
    CWDEConverts a signed word in AX to a signed doubleword in EAX by extending the sign bit of AX throughout EAX.
    DAACorrects result (in AL) of a previous BCD addition operation. Contents of AL are changed to a pair of packed decimal digits.AF, CF, OF, PF, SF, ZF
    DASCorrects result (in AL) of a previous BCD subtraction operation. Contents of AL are changed to a pair of packed decimal digits.AF, CF, OF, PF, SF, ZF
    DECdestDecrementAF, OF, PF, SF, ZF
    DIVsrcUnsigned binary divisionAF, CF, OF, PF, SF, ZF
    IDIVsrcSigned binary divisionAF, CF, OF, PF, SF, ZF
    IMULimmediate || srcsrc (! immediate)destSigned multiplicationAF, CF, OF, PF, SF, ZF
    INportaccumulatorA byte, word or dword is read from "port" and placed in AL, AX or EAX respectively. If the port number is in the range of 0-255 it can be specified as an immediate, otherwise the port number must be specified in DX. Valid port ranges on the PC are 0-1024, though values through 65535 may be specified and recognized by third party vendors and PS/2's.
    INCdestIncrementAF, OF, PF, SF, ZF
    INSportdestLoads data from port to the destination ES:(E)DI (even if a destination operand is supplied). (E)DI is adjusted by the size of the operand and increased if the Direction Flag is cleared and decreased if the Direction Flag is set. For INSB, INSW, INSD no operands are allowed and the size is determined by the mnemonic.
    INVDFlushes CPU internal cache. Issues special function bus cycle which indicates to flush external caches. Data in write-back external caches is lost.
    INVLPGInvalidates a single page table entry in the Translation Look-Aside Buffer.
    MULsrcUnsigned multiply of the accumulator by the source. If "src" is a byte value, then AL is used as the other multiplicand and the result is placed in AX. If "src" is a word value, then AX is multiplied by "src" and DX:AX receives the result. If "src" is a double word value, then EAX is multiplied by "src" and EDX:EAX receives the result.CF, OF, AF, PF, SF, ZF
    NEGdestSubtracts the destination from 0 and saves the 2s complement of "dest" back into "dest".CF, OF, AF, PF, SF, ZF
    NOTdestInverts the bits of the "dest" operand forming the 1s complement.
    ORsrcdestLogical inclusive OR of the two operands returning the result in the destination.CF, OF, AF, PF, SF, ZF
    RCLcountdestRotates the bits in the destination to the left "count" times with all data pushed out the left side re-entering on the right. The Carry Flag holds the last bit rotated out.CF, OF
    RCRcountdestRotates the bits in the destination to the right "count" times with all data pushed out the right side re-entering on the left. The Carry Flag holds the last bit rotated out.CF, OF
    ROLcountdestRotates the bits in the destination to the left "count" times with all data pushed out the left side re-entering on the right. The Carry Flag will contain the value of the last bit rotated out.CF, OF
    RORcountdestRotates the bits in the destination to the right "count" times with all data pushed out the right side re-entering on the left. The Carry Flag will contain the value of the last bit rotated out.CF, OF
    SAL/SHLcountdestShifts the destination left by "count" bits with zeros shifted in on right. The Carry Flag contains the last bit shifted out.AF, CF, OF, PF, SF, ZF
    SARcountdestShifts the destination right by "count" bits with the current sign bit replicated in the leftmost bit. The Carry Flag contains the last bit shifted out.AF, CF, OF, PF, SF, ZF
    SBBsrcdestSubtracts the source from the destination, and subtracts 1 extra if the Carry Flag is set. Results are returned in "dest".AF, CF, OF, PF, SF, ZF
    SCASQSCAn String Quadword
    SHRcountdestShifts the destination right by "count" bits with zeros shifted in on the left. The Carry Flag contains the last bit shifted out.AF, CF, OF, PF, SF, ZF
    SHLD/SHRDcountsrcdestSHLD shifts "dest" to the left "count" times and the bit positions opened are filled with the most significant bits of "src". SHRD shifts "dest" to the right "count" times and the bit positions opened are filled with the least significant bits of the second operand. Only the 5 lower bits of "count" are used.AF, CF, OF, PF, SF, ZF
    STCSets the Carry Flag to 1.CF
    STDSets the Direction Flag to 1 causing string instructions to auto-decrement SI and DI instead of auto-increment.DF
    SUBsrcdestThe source is subtracted from the destination and the result is stored in the destination.AF, CF, OF, PF, SF, ZF
    XADDsrcdestExchanges the first operand with the second operand, then loads the sum of the two values into the destination operand.
    XORsrcdestPerforms a bitwise exclusive OR of the operands and returns the result in the destination.AF, CF, OF, PF, SF, ZF

    Data Transfer

    MnemonicOperand 1Operand 2DescriptionFlags Modified
    CLFLUSHCache Line Flush; Invalidates the cache line that contains the linear address specified with the source operand from all levels of the processor cache hierarchy
    LAHFCopies flags AF, CF, PF, SF, and ZF into AH
    LARsrcdestThe high byte of the of the destination register is overwritten by the value of the access rights byte and the low order byte is zeroed depending on the selection in the source operand. The Zero Flag is set if the load operation is successful.ZF
    LDSsrcdestLoads 32-bit pointer from memory source to destination register and DS. The offset is placed in the destination register and the segment is placed in DS. To use this instruction the word at the lower memory address must contain the offset and the word at the higher address must contain the segment. This simplifies the loading of far pointers from the stack and the interrupt vector table.
    LEAsrcdestTransfers offset address of "src" to the destination register.
    LESsrcdestLoads 32-bit pointer from memory source to destination register and ES. The offset is placed in the destination register and the segment is placed in ES. To use this instruction the word at the lower memory address must contain the offset and the word at the higher address must contain the segment. This simplifies the loading of far pointers from the stack and the interrupt vector table.
    LFENCELoad fence; Serializes load operations
    LFSsrcdestLoads 32-bit pointer from memory source to destination register and FS. The offset is placed in the destination register and the segment is placed in FS. To use this instruction the word at the lower memory address must contain the offset and the word at the higher address must contain the segment. This simplifies the loading of far pointers from the stack and the interrupt vector table.
    LGDTsrcLoads a value from an operand into the Global Descriptor Table (GDT) register.
    LIDTsrcLoads a value from an operand into the Interrupt Descriptor Table (IDT) register.
    LGSsrcdestLoads 32-bit pointer from memory source to destination register and GS. The offset is placed in the destination register and the segment is placed in GS. To use this instruction the word at the lower memory address must contain the offset and the word at the higher address must contain the segment. This simplifies the loading of far pointers from the stack and the interrupt vector table.
    LLDTsrcLoads a value from an operand into the Local Descriptor Table Register (LDTR).
    LMSWsrcLoads the Machine Status Word (MSW) from data found at "src".
    LODSTransfers string element addressed by DS:SI (even if an operand is supplied) to the accumulator. SI is incremented based on the size of the operand or based on the instruction used. If the Direction Flag is set SI is decremented, if the Direction Flag is clear SI is incremented. Use with REP prefixes.
    LODSQLOaD String Quadword
    LSLsrcdestLoads the segment limit of a selector into the destination register if the selector is valid and visible at the current privilege level. If loading is successful the Zero Flag is set, otherwise it is cleared.ZF
    LSSsrcdestLoads 32-bit pointer from memory source to destination register and SS. The offset is placed in the destination register and the segment is placed in SS. To use this instruction the word at the lower memory address must contain the offset and the word at the higher address must contain the segment. This simplifies the loading of far pointers from the stack and the interrupt vector table.
    LTRsrcLoads the current task register with the value specified in "src".
    MASKMOVDQUMasked Move of Double Quadword Unaligned; Stores selected bytes from the source operand (first operand) into a 128-bit memory location
    MASKMOVQMasked Move of Quadword; Selectively write bytes from MM1 to memory location using the byte mask in MM2
    MFENCEMemory Fence; Performs a serializing operation on all load and store instructions that were issued prior the MFENCE instruction.
    MOVsrcdestCopies byte or word from the source operand to the destination operand.
    MOVNTDQMove Double Quadword Non-Temporal; Move double quadword from XMM to M128, minimizing pollution in the cache hierarchy.
    MOVNTIMove Doubleword Non-Temporal; Move doubleword from r32 to m32, minimizing pollution in the cache hierarchy.
    MOVNTPDMove Packed Double-Precision Floating-Point Values Non-Temporal; Move packed double-precision floating-point values from xmm to m128, minimizing pollution in the cache hierarchy.
    MOVNTPSMove Aligned Four Packed Single-FP Non Temporal; Move packed single-precision floating-point values from XMM to M128, minimizing pollution in the cache hierarchy.
    MOVNTQMove Quadword Non-Temporal
    MOVSsrcdestCopies data from addressed by DS:SI (even if operands are given) to the location ES:DI destination and updates SI and DI based on the size of the operand or instruction used. SI and DI are incremented when the Direction Flag is cleared and decremented when the Direction Flag is Set.
    MOVSXsrcdestCopies the value of the source operand to the destination register with the sign extended.
    MOVSXDsrcdestMOV with Sign Extend 32-bit to 64-bit
    MOVZXsrcdestCopies the value of the source operand to the destination register with the zeros extended.
    OUTaccumportTransfers byte in AL,word in AX or dword in EAX to the specified hardware port address. If the port number is in the range of 0-255 it can be specified as an immediate. If greater than 255 then the port number must be specified in DX. Since the PC only decodes 10 bits of the port address, values over 1023 can only be decoded by third party vendor equipment and also map to the port range 0-1023.
    OUTSsrcportsTransfers a byte, word or doubleword from "src" to the hardware port specified in DX. For instructions with no operands the "src" is located at DS:SI and SI is incremented or decremented by the size of the operand or the size dictated by the instruction format. When the Direction Flag is set SI is decremented, when clear, SI is incremented. If the port number is in the range of 0-255 it can be specified as an immediate. If greater than 255 then the port number must be specified in DX. Since the PC only decodes 10 bits of the port address, values over 1023 can only be decoded by third party vendor equipment and also map to the port range 0-1023.
    POPdestTransfers word at the current stack top (SS:SP) to the destination then increments SP by two to point to the new stack top. CS is not a valid destination.
    POPA/POPADPops the top 8 words off the stack into the 8 general purpose 16/32 bit registers. Registers are popped in the following order: (E)DI, (E)SI, (E)BP, (E)SP, (E)DX, (E)CX and (E)AX. The (E)SP value popped from the stack is actually discarded.
    POPF/POPFDPops word/doubleword from stack into the Flags Register and then increments SP by 2 (for POPF) or 4 (for POPFD).
    POPFQPOP RFLAGS Register
    PREFETCH0Prefetch into all cache levels
    PREFETCH1Prefetch into all cache levels EXCEPT L1
    PREFETCH2Prefetch into all cache levels EXCEPT L1 and L2
    PREFETCHNTAPrefetch into all cache levels to non-temporal cache structure
    PUSHsrc || immediateDecrements SP by the size of the operand (two or four, byte values are sign extended) and transfers one word from source to the stack top (SS:SP).
    PUSHA/PUSHADPushes all general purpose registers onto the stack in the following order: (E)AX, (E)CX, (E)DX, (E)BX, (E)SP, (E)BP, (E)SI, (E)DI. The value of SP is the value before the actual push of SP.
    PUSHF/PUSHFDTransfers the Flags Register onto the stack. PUSHF saves a 16 bit value while PUSHFD saves a 32 bit value.
    PUSHFQPUSH RFLAGS Register
    RDMSRLoad MSR specified by ECX into EDX:EAX.
    RDPMCRead the PMC [Performance Monitoring Counter]; Specified in the ECX register into registers EDX:EAX
    RDTSCReturns the number of processor ticks since the processor being "ONLINE" (since the last power on of system).
    RDTSCPReaD Time Stamp Counter and Processor ID
    SAHFTransfers bits 0-7 of AH into the Flags Registers AF, CF, PF, SF, and ZF.AF, CF, PF, SF, ZF
    SFENCEProcessor hint to make sure all store operations that took place prior to the SFENCE call are globally visible
    SGDTdestStores the Global Descriptor Table (GDT) Register into the specified operand.
    SIDTdestStores the Interrupt Descriptor Table (IDT) Register into the specified operand.
    SLDTdestStores the Local Descriptor Table (LDT) Register into the specified operand.
    SMSWdestStore Machine Status Word (MSW) into "dest".
    STOSdestStores value in accumulator to location at ES:(E)DI (even if operand is given). (E)DI is incremented/decremented based on the size of the operand (or instruction format) and the state of the Direction Flag.
    STOSQSTOre String Quadword
    STRdestStores the current Task Register to the specified operand.
    SWAPGSExchange GS base with KernelGSBase MSR
    WRMSRWrite the value in EDX:EAX to MSR specified by ECX.
    XCHGsrcdestExchanges contents of source and destination.
    XLAT/XLATBReplaces the byte in AL with byte from a user table addressed by BX. The original value of AL is the index into the translate table. The best way to describe this is MOV AL,[BX+AL]

    x87 Floating-Point Instructions

    MnemonicDescription
    F2XM12x-1
    FABSAbsolute value
    FADDAdd
    FADDPAdd and pop
    FBLDLoad BCD
    FBSTPStore BCD and pop
    FCHSChange sign
    FCLEXClear exceptions
    FCOMCompare
    FCOMPCompare and pop
    FCOMPPCompare and pop twice
    FCOSCosine
    FDECSTPDecrement floating-point stack pointer
    FDISIDivide
    FDIVDivide
    FDIVPDivide and pop
    FDIVRDivide reversed
    FDIVRPDivide reversed and pop
    FENIEnable interrupts; 8087 only, otherwise FNOP
    FFREEFree Register
    FIADDInteger add
    FICOMInteger compare
    FICOMPInteger compare and pop
    FIDIVInteger divide
    FIDIVRInteger divide reversed
    FILDLoad integer
    FIMULInteger multiply
    FINCSTPIncrement floating point stack pointer
    FINITInitialize floating point processor
    FISTStore integer
    FISTPStore integer and pop
    FISTTPx87 to integer truncation conversion regardless of status word; SSE3
    FISUBInteger subtract
    FISUBRInteger subtract reversed
    FLDFloating point load
    FLD1Load 1.0 onto stack
    FLDCWLoad control word
    FLDENVLoad environment state
    FLDENVDLoad environment state, 32-bit
    FLDENVWLoad environment state, 16-bit
    FLDL2ELoad log2(e) onto stack
    FLDL2TLoad log2(10) onto stack
    FLDLG2Load log10(2) onto stack
    FLDLN2Load ln(2) onto stack
    FLDPILoad π onto stack
    FLDZLoad 0.0 onto stack
    FMULMultiply
    FMULPMultiply and pop
    FNCLEXClear exceptions, no wait
    FNDISIDisable interrupts, no wait; 8087 only, otherwise FNOP
    FNENIEnable interrupts, no wait; 8087 only, otherwise FNOP
    FNINITInitialize floating point processor, no wait
    FNOPNo operation
    FNSAVESave FPU state, no wait, 8-bit
    FNSAVEWSave FPU state, no wait, 16-bit
    FNSTCWStore control word, no wait
    FNSTENVStore FPU environment, no wait
    FNSTENVWStore FPU environment, no wait, 16-bit
    FNSTSWStore status word, no wait
    FPATANPartial arctangent
    FPREMPartial remainder
    FPREM1Partial remainder
    FPTANPartial tangent
    FRNDINTRound to integer
    FRSTORRestore saved state
    FRSTORDRestore saved state, 32-bit
    FRSTORWRestore saved state
    FSAVESave FPU state
    FSAVEDSave FPU state, 32-bit
    FSAVEWSave FPU state, 16-bit
    FSCALEScale by factor of 2
    FSETPMSet protected mode; 80287 only, otherwise FNOP
    FSINSine
    FSINCOSSine and cosine
    FSQRTSquare root
    FSTFloating point store
    FSTCWStore control word
    FSTENVStore FPU environment
    FSTENVDStore FPU environment, 32-bit
    FSTENVDStore FPU environment, 32-bit
    FSTENVWStore FPU environment, 16-bit
    FSTPStore and pop
    FSTSWStore status word
    FSUBSubtract
    FSUBPSubtract and pop
    FSUBRReverse subtract
    FSUBRPReverse subtract and pop
    FTSTTest for zero
    FUCOMUnordered compare
    FUCOMPUnordered compare and pop
    FUCOMPPUnordered compare and pop twice
    FWAITWait while FPU is executing
    FXAMExamine condition flags
    FXCHExchange registers
    FXTRACTExtract exponent and significand
    FYL2Xy*log2(x)
    FYL2XP1y*log2(x+1)

    FCMOV Variants: FCMOVB, FCMOVBE, FCMOVE, FCMOVNB, FCMOVNBE, FCMOVNE, FCMOVNU, FCMOVU

    FCOMI Variants: FCOMI, FCOMIP, FUCOMI, FUCOMIP

    MMX Instructions

    MnemonicDescription
    EMMSEmpty MMX Technology State; Marks all x87 FPU registers for use by FPU
    MOVDMove doubleword
    MOVQMove quadword
    PACKSSDWPack doubleword to word (signed with saturation)
    PACKSSWBPack word to byte (signed with saturation)
    PACKUSWBPack word to byte (signed with unsaturation)
    PADDBAdd packed byte integers
    PADDWAdd packed word integers
    PADDDAdd packed doubleword integers
    PADDSBAdd packed signed byte integers and saturate
    PADDSWAdd packed signed word integers and saturate
    PADDUSBAdd packed unsigned byte integers and saturate
    PADDUSWAdd packed unsigned word integers and saturate
    PANDBitwise AND
    PANDNBitwise AND NOT
    PORBitwise OR
    PXORBitwise XOR
    PCMPEQBCompare packed byte integers for equality
    PCMPEQWCompare packed word integers for equality
    PCMPEQDCompare packed doubleword integers for equality
    PCMPGTBCompare packed signed byte integers for greater than
    PCMPGTWCompare packed signed word integers for greater than
    PCMPGTDCompare packed signed doubleword integers for greater than
    PMADDWDMultiply packed word integers, add adjacent doubleword results
    PMULHWMultiply packed signed word integers, store high 16 bit results
    PMULLWMultiply packed signed word integers, store low 16 bit results
    PSLLWShift left word, shift in zeros
    PSLLDShift left doubleword, shift in zeros
    PSLLQShift left quadword, shift in zeros
    PSRADShift right doubleword, shift in sign bits
    PSRAWShift right word, shift in sign bits
    PSRLWShift right word, shift in zeros
    PSRLDShift right doubleword, shift in zeros
    PSRLQShift right quadword, shift in zeros
    PSUBBSubtract packed byte integers
    PSUBWSubtract packed word integers
    PSUBDSubtract packed doubleword integers
    PSUBSBSubtract packed signed byte integers with saturation
    PSUBSWSubtract packed signed word integers with saturation
    PSUBUSBSubtract packed unsigned byte integers with saturation
    PSUBUSWSubtract packed unsigned word integers with saturation
    PUNPCKHBWUnpack and interleave high-order bytes
    PUNPCKHWDUnpack and interleave high-order words
    PUNPCKHDQUnpack and interleave high-order doublewords
    PUNPCKLBWUnpack and interleave low-order bytes
    PUNPCKLDQUnpack and interleave low-order words
    PUNPCKLWDUnpack and interleave low-order doublewords

    SSE Instructions

    • SSE SIMD Floating-Point Instructions: ADDPS, ADDSS, CMPPS, CMPSS, COMISS, CVTPI2PS, CVTPS2PI, CVTSI2SS, CVTSS2SI, CVTTPS2PI, CVTTSS2SI, DIVPS, DIVSS, LDMXCSR, MAXPS, MAXSS, MINPS, MINSS, MOVAPS, MOVHLPS, MOVHPS, MOVLHPS, MOVLPS, MOVMSKPS, MOVNTPS, MOVSS, MOVUPS, MULPS, MULSS, RCPPS, RCPSS, RSQRTPS, RSQRTSS, SHUFPS, SQRTPS, SQRTSS, STMXCSR, SUBPS, SUBSS, UCOMISS, UNPCKHPS, UNPCKLPS
    • SSE SIMD Integer Instructions: ANDNPS, ANDPS, ORPS, PAVGB, PAVGW, PEXTRW, PINSRW, PMAXSW, PMAXUB, PMINSW, PMINUB, PMOVMSKB, PMULHUW, PSADBW, PSHUFW, XORPS
    • SSE2 SIMD Floating-Point Instructions: ADDPD, ADDSD, ANDNPD, ANDPD, CMPPD, CMPSD*, COMISD, CVTDQ2PD, CVTDQ2PS, CVTPD2DQ, CVTPD2PI, CVTPD2PS, CVTPI2PD, CVTPS2DQ, CVTPS2PD, CVTSD2SI, CVTSD2SS, CVTSI2SD, CVTSS2SD, CVTTPD2DQ, CVTTPD2PI, CVTTPS2DQ, CVTTSD2SI, DIVPD, DIVSD, MAXPD, MAXSD, MINPD, MINSD, MOVAPD, MOVHPD, MOVLPD, MOVMSKPD, MOVSD*, MOVUPD, MULPD, MULSD, ORPD, SHUFPD, SQRTPD, SQRTSD, SUBPD, SUBSD, UCOMISD, UNPCKHPD, UNPCKLPD, XORPD
    • SSE3 SIMD Floating-Point Instructions: ADDSUBPD, ADDSUBPS, HADDPD, HADDPS, HSUBPD, HSUBPS, MOVDDUP, MOVSHDUP, MOVSLDUP
    • SSE3 SIMD Integer Instructions: LDDQU
    • SSSE3 Instructions: PSIGNW, PSIGND, PSIGNB, PSHUFB, PMULHRSW, PMADDUBSW, PHSUBW, PHSUBSW, PHSUBD, PHADDW, PHADDSW, PHADDD, PALIGNR, PABSW, PABSD, PABSB
    • SSE4.1 SIMD Floating-Point Instructions: DPPS, DPPD, BLENDPS, BLENDPD, BLENDVPS, BLENDVPD, ROUNDPS, ROUNDSS, ROUNDPD, ROUNDSD, INSERTPS, EXTRACTPS
    • SSE4.1 SIMD Integer Instructions: MPSADBW, PHMINPOSUW, PMULLD, PMULDQ, PBLENDVB, PBLENDW, PMINSB, PMAXSB, PMINUW, PMAXUW, PMINUD, PMAXUD, PMINSD, PMAXSD, PINSRB, PINSRD/PINSRQ, PEXTRB, PEXTRW, PEXTRD, PEXTRQ, PMOVSXBW, PMOVZXBW, PMOVSXBD, PMOVZXBD, PMOVSXBQ, PMOVZXBQ, PMOVSXWD, PMOVZXWD, PMOVSXWQ, PMOVZXWQ, PMOVSXDQ, PMOVZXDQ, PTEST, PCMPEQQ, PACKUSDW, MOVNTDQA
    • SSE4a Instructions: EXTRQ, INSERTQ, MOVNTSD, MOVNTSS
    • SSE4.2 Instructions: CRC32, PCMPESTRI, PCMPESTRM, PCMPISTRI, PCMPISTRM, PCMPGTQ

    FMA Instructions

    MnemonicDescription
    VFMADDPDFused Multiply-Add of Packed Double-Precision Floating-Point Values; VFMADDPD xmm0, xmm1, xmm2, xmm3
    VFMADDPSFused Multiply-Add of Packed Single-Precision Floating-Point Values
    VFMADDSDFused Multiply-Add of Scalar Double-Precision Floating-Point Values
    VFMADDSSFused Multiply-Add of Scalar Single-Precision Floating-Point Values
    VFMADDSUBPDFused Multiply-Alternating Add/Subtract of Packed Double-Precision Floating-Point Values
    VFMADDSUBPSFused Multiply-Alternating Add/Subtract of Packed Single-Precision Floating-Point Values
    VFMSUBADDPDFused Multiply-Alternating Subtract/Add of Packed Double-Precision Floating-Point Values
    VFMSUBADDPSFused Multiply-Alternating Subtract/Add of Packed Single-Precision Floating-Point Values
    VFMSUBPDFused Multiply-Subtract of Packed Double-Precision Floating-Point Values
    VFMSUBPSFused Multiply-Subtract of Packed Single-Precision Floating-Point Values
    VFMSUBSDFused Multiply-Subtract of Scalar Double-Precision Floating-Point Values
    VFMSUBSSFused Multiply-Subtract of Scalar Single-Precision Floating-Point Values
    VFNMADDPDFused Negative Multiply-Add of Packed Double-Precision Floating-Point Values
    VFNMADDPSFused Negative Multiply-Add of Packed Single-Precision Floating-Point Values
    VFNMADDSDFused Negative Multiply-Add of Scalar Double-Precision Floating-Point Values
    VFNMADDSSFused Negative Multiply-Add of Scalar Single-Precision Floating-Point Values
    VFNMSUBPDFused Negative Multiply-Subtract of Packed Double-Precision Floating-Point Values
    VFNMSUBPSFused Negative Multiply-Subtract of Packed Single-Precision Floating-Point Values
    VFNMSUBSDFused Negative Multiply-Subtract of Scalar Double-Precision Floating-Point Values
    VFNMSUBSSFused Negative Multiply-Subtract of Scalar Single-Precision Floating-Point Values

    AES Instructions

    MnemonicDescription
    AESENCPerform one round of an AES encryption flow
    AESENCLASTPerform the last round of an AES encryption flow
    AESDECPerform one round of an AES decryption flow
    AESDECLASTPerform the last round of an AES decryption flow
    AESKEYGENASSISTAssist in AES round key generation
    AESIMCAssist in AES Inverse Mix Columns

    Miscellaneous Instructions

    Intel VT-x: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, VMXON

    ABM: LZCNT, POPCNT

    BMI1: ANDN, BEXTR, BLSI, BLSMSK, BLSR, TZCNT

    BMI2: BZHI, MULX, PDEP, PEXT, RORX, SARX, SHRX, SHLX

    TBM: BEXTR, BLCFILL, BLCI, BLCIC, BLCMASK, BLCS, BLSFILL, BLSIC, T1MSKC, TZMSK

    Further Reading

Viewing 1 post (of 1 total)