issuhub.com

Reverse Engineering for Beginners

(avery) #1

APPENDIX A. X86 APPENDIX A. X86


For a detailed description, you can read more about the CMPSx (A.6.3 on page 890) and SCASx (A.6.2 on page 888)

instructions.

Instructions prefixed by REPE/REPNE are sensitive to the DF flag, which is used to set the direction.

A.6.2 Most frequently used instructions


These can be memorized in the first place.


ADC(add with carry) add values,incrementthe result if the CF flag is set. ADC is often used for the addition of large values,
for example, to add two 64-bit values in a 32-bit environment using two ADD and ADC instructions. For example:


; work with 64-bit values: add val1 to val2.

; .lo mean lowest 32 bits, .hi means highest.

ADD val1.lo, val2.lo

ADC val1.hi, val2.hi ; use CF set or cleared at the previous instruction

One more example:24 on page 379.

ADDadd two values


ANDlogical “and”


CALLcall another function:PUSH address_after_CALL_instruction; JMP label


CMPcompare values and set flags, the same asSUBbut without writing the result


DECdecrement. The CF flag is not modified.


IMULsigned multiply


INCincrement. The CF flag is not modified.


JCXZ, JECXZ, JRCXZ(M) jump if CX/ECX/RCX=0


JMPjump to another address. The opcode has ajump offset.


Jcc(where cc—condition code)


A lot of these instructions have synonyms (denoted with AKA), this was done for convenience. Synonymous instructions

are translated into the same opcode. The opcode has ajump offset.

JAEAKAJNC: jump if above or equal (unsigned): CF=0

JAAKAJNBE: jump if greater (unsigned): CF=0 and ZF=0

JBEjump if lesser or equal (unsigned): CF=1 or ZF=1

JBAKAJC: jump if below (unsigned): CF=1

JCAKAJB: jump if CF=1

JEAKAJZ: jump if equal or zero: ZF=1

JGEjump if greater or equal (signed): SF=OF

JGjump if greater (signed): ZF=0 and SF=OF

JLEjump if lesser or equal (signed): ZF=1 or SF≠OF

JLjump if lesser (signed): SF≠OF

JNAEAKAJC: jump if not above or equal (unsigned) CF=1

JNAjump if not above (unsigned) CF=1 and ZF=1

JNBEjump if not below or equal (unsigned): CF=0 and ZF=0

JNBAKAJNC: jump if not below (unsigned): CF=0

JNCAKAJAE: jump CF=0 synonymous to JNB.

JNEAKAJNZ: jump if not equal or not zero: ZF=0

JNGEjump if not greater or equal (signed): SF≠OF

JNGjump if not greater (signed): ZF=1 or SF≠OF

JNLEjump if not lesser (signed): ZF=0 and SF=OF

JNLjump if not lesser (signed): SF=OF

JNOjump if not overflow: OF=0
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.