APPENDIX A. X86 APPENDIX A. X86
; copy 15 bytes from ESI to EDI
CLD ; set direction to "forward"
MOV ECX, 3
REP MOVSD ; copy 12 bytes
MOVSW ; copy 2 more bytes
MOVSB ; copy remaining byte( Supposedly, it works faster than copying 15 bytes using just one REP MOVSB).MOVSXload with sign extension see also: (15.1.1 on page 189)
MOVZXload and clear all other bits see also: (15.1.1 on page 189)
MOVload value. this instruction name is misnomer, resulting in some confusion (data is not moved but copied), in other
architectures the same instructions is usually named “LOAD” and/or “STORE” or something like that.
One important thing: if you set the low 16-bit part of a 32-bit register in 32-bit mode, the high 16 bits remains as
they were. But if you modify the low 32-bit part of the register in 64-bit mode, the high 32 bits of the register will be
cleared.Supposedly, it was done to simplify porting code to x86-64.MULunsigned multiply
NEGnegation:op=−op
NOPNOP. Its opcode is 0x90, it is in fact theXCHG EAX,EAXidle instruction. This implies that x86 does not have a
dedicatedNOPinstruction (as in manyRISC). This book has at least one listing where GDB shows NOP as 16-bit XCHG
instruction:6.1.1 on page 40.
More examples of such operations: (88 on page 854).NOPmay be generated by the compiler for aligning labels on a 16-byte boundary. Another very popular usage ofNOP
is to replace manually (patch) some instruction like a conditional jump toNOPin order to disable its execution.NOTop1:op1 =¬op 1. logical inversion Feature — the instruction doesn’t change flags.
ORlogical “or”
POPget a value from the stack:value=SS:[ESP]; ESP=ESP+4 (or 8)
PUSHpush a value into the stack:ESP=ESP-4 (or 8); SS:[ESP]=value
RETreturn from subroutine:POP tmp; JMP tmp.
In fact, RET is an assembly language macro, in Windows and *NIX environment it is translated into RETN (“return near”)
or, in MS-DOS times, where the memory was addressed differently (94 on page 868), into RETF (“return far”).RETcan have an operand. Then it works like this:POP tmp; ADD ESP op1; JMP tmp.RET with an operand
usually ends functions in thestdcallcalling convention, see also:64.2 on page 648.SAHFcopy bits from AH to CPU flags:
7 6 4 2 0
SFZF AF PF CFSBB(subtraction with borrow) subtract values,decrementthe result if the CF flag is set. SBB is often used for subtraction
of large values, for example, to subtract two 64-bit values in 32-bit environment using two SUB and SBB instructions.
For example:
; work with 64-bit values: subtract val2 from val1.
; .lo mean lowest 32 bits, .hi means highest.
SUB val1.lo, val2.lo
SBB val1.hi, val2.hi ; use CF set or cleared at the previous instructionOne more example:24 on page 379.SCASB/SCASW/SCASD/SCASQ(M) compare byte/ 16-bit word/ 32-bit word/ 64-bit word that’s stored in AX/EAX/RAX with a
variable whose address is in DI/EDI/RDI. Set flags asCMPdoes.
This instruction is often used with the REPNE prefix: continue to scan the buffer until a special value stored in
AX/EAX/RAX is found. Hence “NE” in REPNE: continue to scan while the compared values are not equal and stop
when equal.
It is often used like the strlen() C standard function, to determine anASCIIZstring’s length:Example: