1.5 Instructions
Intel instructions vary in size from one to fourteen bytes. The opcode (short for operation
code) is mandatory for them all and can be combined with other optional or mandatory
bytes to create advanced instructions. This is a vast topic and further reading is done at the
links below for those who want. If not, the disassembler will do the job for you, but it can be
good to know why opcode 83 sometimes is disassembled as an add and other times as an
and instruction when you look in your disassembler. Below links will explain that indirectly.
http://www.swansontec.com/sintel.html
http://ref.x86asm.net/coder32.html
Most instructions have two operators (like add eax , ebx ), but some have one ( not eax ) or
even three (" imul eax, edx, 64 "). Instructions that contain something with "dword ptr [eax]"
reference the double word (4 byte) value at memory offset [XXX]. Note that the bytes are
saved in reverse order in the memory as Intel uses Little Endian representation. That means
the most significant bit of every byte is the most left bit.