-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPartIII-instrref.txt
900 lines (731 loc) · 43.2 KB
/
PartIII-instrref.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
A S S E M B L Y L A N G U A G E R E F E R E N C E
Compiled by
M E N A C H E M A. S A L O M O N
Assembly Language Reference
for the 80x86 Series of Intel Microchips
This is a reference for the Intel x86 microchip series through the
80486 (8086/8088, 80186/80188, 80286, 80386, and 80486. At the time of
writing, a reference manual for the Pentium series (Intel's name for the
80586) was not available.
In recent years, the PC microchips manufactured by Intel have been
referred to as the IA-32 (Intel Architecture, 32-bit) and IA-64 family.
The information in this reference is adapted from the Borland Turbo
Assembler Quick Reference Guide (cite note).
NOTE: Hexadecimal numbers are given in C format.
PART I - INSTRUCTION FORMAT:
(PartI-instrfmt.txt)
Note: FROM HERE ON, MUCH OF THE INFORMATION COMES FROM "THE IA-32
PROGRAMMER'S GUIDE, VOLUME 2: INSTRUCTION REFERENCE" (C) INTEL,
PROVIDED FREE OF CHARGE. THE INFORMATION, HOWEVER, ONLY DESCRIBES
THE BEHAVIOR OF PROCESSORS UP TO THE '486.
The Pentium and later processors essentially use the same format,
with many added capabilities.
PART II: EXPLANATION OF REFERENCE FORMAT:
(PartII-reffmt.txt)
PART III: INSTRUCTION REFERENCE:
1) ASCII Adjustments: Operate on unpacked binary coded decimal (BCD) numbers in
AX. Convert to ASCII numerals by following the operation (and subsequent
division, for AAD) with an OR AL, 0x30.
AAA ; 37 [8086] | ASCII Adjustment after Addition
AAD ; D5 0A [8086] | ASCII Adjust before Division (Base 10)
AAD imm8 ; D5 ib [8086] | Generalized ASCII Adjust before Division
AAM ; D4 0A [8086] | ASCII Adjust after Multiplication (Base 10)
AAM imm8 ; D4 ib [8086] | Generalized ASCII Adjust for Multiplication
AAS ; 3F [8086] | ASCII Adjustment after Subtraction
Description:
a) AAA: If, because of a previous addition, the lower nibble (4 bits) of AL
now contains a value greater than 9 (so it cannot be represented by a
decimal digit), implement a carry: increment AH (which holds the next
digit - this is unpacked BCD) and subtract 9 from AL. The CF and AF
flags indicate whether a carry was performed. (The upper nibble of AL
is cleared, regardless of whether or not a carry was performed.)
b) AAD: Division cannot be performed on BCD numbers, so the unpacked BCD
number (tens place in AH, ones place in AL) must be converted to normal
two's complement form first: multiply AH by 10 (0xA) and add AL; the
result is stored in AL and AH is cleared. FLAGS{SF, ZF, PF} are set or
cleared to reflect the result.
The immediate form is undocumented; it performs the same operation with
a base other than 10.
c) AAM: Multiplication performed on unpacked BCD numbers may leave a result
in AH that now needs to be converted from normal two's complement form
to unpacked BCD form: Divide AL by 10 (0xA); put the integer part of
the result (tens place) into AH and the remainder part of the result
(ones place) into AL. FLAGS{SF, ZF, PF} are set or cleared to reflect
the result.
The immediate form is undocumented; it performs the same operation with
a base other than 10.
d) AAS: If, because of a previous subtraction, the lower nibble of AL now
contains a value greater than 9 (representing an invalid decimal digit),
implement a borrow: decrement AH and subtract 6 from AL. The CF and AF
flags indicate whether a carry (borrow) was performed. (The upper
nibble of AL is cleared, regardless of whether or not a borrow was
performed.)
FLAGS{OF, SF, ZF, AF, PF, CF}: Some flags are set or cleared as indicated.
The others ({OF, SF, ZF, PF} for AAA and AAS, {OF, AF, CF} for AAD and
AAM) are left in an undefined state.
2) ADC - ADD with Carry Flag: Calculate the sum of the two operands and the CF
flag (an extra 1 or 0), and store the result into the destination operand.
This is used to propogate a carry across multi-byte or multi-word addition.
ADC r/m8, r8 ; 10 /r | ADC r/m8, imm8 ; 80 /2 ib
ADC r/m16, r16 ; o16 11 /r | ADC r/m16, imm16 ; o16 81 /2 iw
ADC r/m32, r32 ; o32 11 /r | ADC r/m32, imm32 ; o32 81 /2 id
ADC r8, r/m8 ; 12 /r | (*) [ADC r/m8, sx(imm8) ; 82 /2 ib]
ADC r16, r/m16 ; o16 13 /r | ADC r/m16, sx(imm8) ; o16 83 /2 ib
ADC r32, r/m32 ; o32 13 /r | ADC r/m32, sx(imm8) ; o32 83 /2 ib
ADC AL, imm8 ; 14 ib |
ADC AX, imm16 ; o16 15 iw |
ADC EAX, imm32 ; o32 15 id |
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
3) ADD - ADD two operands: Standard Addition - calculate the sum of the two
operands, and store the result into the destination operand.
ADD r/m8, r8 ; 00 /r | ADD r/m8, imm8 ; 80 /0 ib
ADD r/m16, r16 ; o16 01 /r | ADD r/m16, imm16 ; o16 81 /0 iw
ADD r/m32, r32 ; o32 01 /r | ADD r/m32, imm32 ; o32 81 /0 id
ADD r8, r/m8 ; 02 /r | (*) [ADD r/m8, sx(imm8) ; 82 /0 ib]
ADD r16, r/m16 ; o16 03 /r | ADD r/m16, sx(imm8) ; o16 83 /0 ib
ADD r32, r/m32 ; o32 03 /r | ADD r/m32, sx(imm8) ; o32 83 /0 ib
ADD AL, imm8 ; 04 ib |
ADD AX, imm16 ; o16 05 iw |
ADD EAX, imm32 ; o32 05 id |
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
4) AND - Logical AND of two operands: Calculate the bitwise logical AND of two
operands, and store the result into the destination operand. Each bit of
the result is set if and only if the corresponding bits of both operands is
set.
AND r/m8, r8 ; 20 /r | AND r/m8, imm8 ; 80 /4 ib
AND r/m16, r16 ; o16 21 /r | AND r/m16, imm16 ; o16 81 /4 iw
AND r/m32, r32 ; o32 21 /r | AND r/m32, imm32 ; o32 81 /4 id
AND r8, r/m8 ; 22 /r | (*) [AND r/m8, sx(imm8) ; 82 /4 ib]
AND r16, r/m16 ; o16 23 /r | AND r/m16, sx(imm8) ; o16 83 /4 ib
AND r32, r/m32 ; o32 23 /r | AND r/m32, sx(imm8) ; o32 83 /4 ib
AND AL, imm8 ; 24 ib |
AND AX, imm16 ; o16 25 iw |
AND EAX, imm32 ; o32 25 id |
FLAGS{OF, SF, ZF, AF, PF, CF}: OF and CF are cleared, AF is undefined.
SF, ZF, and PF are modified to reflect the result of the operation.
5) ARPL - Adjust RPL (Requested Privilege Level) of selector: If the RPL (bits
0 and 1) of the segment selector in the destination operand is less (more
privileged) than the RPL of the segment selector in the source operand, the
RPL of the destination is increased to match the RPL of the source. This
instruction is generally of use to code that is part of the OS or other
system software, to ensure that an application cannot request an operation
that requires more privilege that it is entitled to, based on its CPL (the
RPL of its Code Segment), but its use is not protected from applications.
ARPL r/m16, r16 ; 63 /r [80286, OS, PM]
FLAGS{ZF}: ZF indicates whether an RPL adjustment was performed.
6) BOUND - Check that value is within BOUNDs: Check that an array index, in a
register, has a value that is within the bounds of an array. The array
bounds structure is a pair of numbers, in memory, that specify the lower
and upper bounds (addresses), respectively, of the array. If the index is
not within the limits (inclusive), a #BR (INT 5) is generated; the return
address is the BOUND instruction, which will be re-executed (hopefully with
the index now within bounds).
BOUND r16, m16&16 ; o16 62 /r | BOUND r32, m32&32 ; o32 62 /r
Introduced in the 80286 processor. No FLAGS are changed.
7) BSF/BSR - Bit Scan Forward/Reverse: Scan the operand for the first bit that
is set. Scanning begins from the LSB (least significant bit, bit 0) for
forward-scanning, or from the MSB (most significant bit, bit 15 or 31) for
reverse-scanning. The result is the index of the first 1-bit in the source
operand; if the operand is 0 (all bits clear), the result is undefined.
BSF r16, r/m16 ; o16 0F BC /r | Forward Bit Scan on r/m16 -> r16
BSF r32, r/m32 ; o32 0F BC /r | Forward Bit Scan on r/m32 -> r32
BSR r16, r/m16 ; o16 0F BD /r | Reverse Bit Scan on r/m16 -> r16
BSR r32, r/m32 ; o32 0F BD /r | Reverse Bit Scan on r/m32 -> r32
FLAGS{ZF} indicates whether or not a 1-bit was found.
Introduced in the 80386 processor. FLAGS{OF, SF, AF, PF, CF} are undefined.
8) BSWAP - Byte SWAP: Rearrange the bytes in a 32-bit register, swapping bytes
0 and 3, and bytes 2 and 4, switching between little-endian (low-order byte
lowest in memory) and big-endian (high-order byte lowest in memory) form.
(If the operand is a 16-bit register, the result is undefined. To swap the
bytes of a 16-bit value, use XCHG r8, r8 instead.)
BSWAP r32 ; (o32) 0F C8 +r | Uses opcodes 0F C8 - 0F CF.
Introduced in the 80486 processor. No FLAGS are changed.
9) BT/BTC/BTR/BTS - Bit Test (and Complement, Reset, or Set): Check if the
specified bit in the operand is set (equal to 1) or clear (equal to 0), and
store the bit's value in the Carry Flag. The base (first operand) is the
address or location of the byte string containing the bit, and the offset
(second operand) is the index of the bit within the string.
After saving the bit's value, the bit can be: BTR - reset (cleared, or set
to 0); BTS - set (to 1); BTC - complemented (negated: set if clear, or
cleared if set); or BT - left unchanged.
BT r/m16, r16 ; o16 0F A3 /r | BT r/m16, imm8 ; o16 0F BA /4 ib
BT r/m32, r32 ; o32 0F A3 /r | BT r/m32, imm8 ; o32 0F BA /4 ib
BTC r/m16, r16 ; o16 0F BB /r | BTC r/m16, imm8 ; o16 0F BA /7 ib
BTC r/m32, r32 ; o32 0F BB /r | BTC r/m32, imm8 ; o32 0F BA /7 ib
BTR r/m16, r16 ; o16 0F B3 /r | BTR r/m16, imm8 ; o16 0F BA /6 ib
BTR r/m32, r32 ; o32 0F B3 /r | BTR r/m32, imm8 ; o32 0F BA /6 ib
BTS r/m16, r16 ; o16 0F AB /r | BTS r/m16, imm8 ; o16 0F BA /5 ib
BTS r/m32, r32 ; o32 0F AB /r | BTS r/m32, imm8 ; o32 0F BA /5 ib
FLAGS{CF} contains the saved value of the desired bit.
Introduced in the 80386 Processor. (FLAGS{OF, SF, AF, PF} are undefined.)
10) CALL - Call a subprocedure, pushing the return address on the stack for a
future RET instruction. The block of code being called may be in the same
code segment (a near call), in another code segment of the same privilege
level (a far call - this applies to all far calls in real-mode or V86-mode),
in a code segment of a different privilege level, accessed through a call
gate, or in another task, accessed through a task gate. Near calls can be
absolute (the operand contains the exact address of the target instruction)
or relative: the location of the target instruction is found by adding a
displacement (an immediate word or dword) to the address of the instruction
immediately following the CALL instruction.
CALL rel16 ; o16 E8 cw | CALL near, relative - PUSH IP, JMP [IP + cw]
CALL rel32 ; o32 E8 cd | CALL near, relative - PUSH EIP, JMP [EIP + cd]
CALL r/m16 ; o16 FF /2 | CALL near, absolute - 16-bit addr. in reg/mem
CALL r/m32 ; o32 FF /2 | CALL near, absolute - 32-bit addr. in reg/mem
CALL ptr16:16 ; o16 9A cd | CALL far - full segment/offset in 32-bit imm.
CALL ptr16:32 ; o32 9A cp | CALL far - full segment/offset in 48-bit imm.
CALL m16:16 ; o16 FF /3 | CALL far - 32-bit segment/offset at r/m mem.
CALL m16:32 ; o32 FF /3 | CALL far - 48-bit segment/offset at r/m mem.
For near calls, the (E)IP register, pointing to the first byte of the next
instruction (IP if o16, EIP if o32), is pushed onto the stack. Then, the
the operand is either added to eIP (for relative calls), or eIP is set to
its value (for absolute calls). The CS register is unchanged.
For far calls, first the CS register is pushed onto the stack (the upper
word padded with 0's if o32), followed by (E)IP. In real or V86 mode, the
CS register is loaded with the segment part (16 high-order bits) of the far
pointer in the operand, and (E)IP is loaded with with the offset part of
the pointer (the low-order 16 or 32 bits).
In protected mode, the segment selector part of the far call operand (which
are the 16 bits lowest in memory) are an index to a descriptor (in the GDT
or LDT) which MUST describe describe one of the following:
a) A code segment of the same privilege level. The target instruction is
the offset part of the operand, offset to the base address given in the
code segment descriptor. The offset may not exceed the segment limit.
The CS register and the (E)IP register are loaded with the selector and
offset from the operand.
b) A conforming code segment of a more privileged level (the descriptor's
DPL is less than the CPL, bits 0-1 of CS). The target is the specified
offset within the requested code segment. The CS and (E)IP registers
are loaded with the selector and offset from the operand, except that
the CPL remains unchanged.
c) A call gate. This is a descriptor that contains a code segment selector,
segment offset, and parameter count. The CS and (E)IP registers are
loaded from the values in the call gate; the offset part of the operand
is ignored. If the permissions in the call gate (DPLs and RPLs of the
gate and its indicated code segment) indicate that the CPL is to change,
then a stack switch occurs: SS and (E)SP are set to point to the stack
for the new privilege level (from the TSS), and the old SS:(E)SP values,
the parameters, and the return CS:(E)IP values are copied to the new
stack.
d) A Task State Segment (TSS), or a task gate. This is a descriptor that
contains a pointer to a TSS. Either of these indicate that the called
code is to be executed as a different task, and a task-switch occurs
(with nesting). In either case, the CS and (E)IP registers are loaded
from the values stored in the TSS; the offset part of the operand is
ignored.
If any of the permission checks fail, or if any segment, offset, or gate is
invalid, an exception is generated. In most cases, this is a #GP (INT 13),
but it can also be an #SS (INT ?), #NP (INT ?), or #TS (INT ??).
No FLAGS are changed, unless a task-switch occurs, in which case all FLAGS
are restored to their previous values from the TSS.
11) Size Conversions: Sign-extend a smaller value to a larger value.
CBW ; o16 98 | Convert Byte to Word: AX = sx(AL)
CWDE ; o32 99 | Convert Word to Doubleword (EAX reg.): EAX = sx(AX)
CWD ; o16 99 | Convert Word to Doubleword: DX:AX = sx(AX)
CDQ ; 032 99 | Convert Doubleword to Quadword: EDX:EAX = sx(EAX)
No FLAGS are changed.
12) FLAG Operations (1): Change the value of the specified bit in (E)FLAGS.
Only the specified flag bit is changed; all others are left unmodified.
CLC ; F8 | Clear Carry Flag: CF = 0
CLD ; FC | Clear Direction Flag: DF = 0 (String instructions advance)
CLI ; FA | Clear Interrupt-enable Flag: IF = 0 (disable interrupts)
CMC ; F5 | Complement Carry Flag: CF = ~CF
CLTS ; 0F 06 | Clear Task-switched (TS) flag (bit 3 of CR0/MSW)
The IF (Interrupt-enabled Flag) can only be changed if the CPL is at least
as privileged as the IOPL (CPL <= IOPL). (IOPL is bits 12-13 of (E)FLAGS.)
The TS flag is set when a task-switch occurs, to enable the OS to save the
x87 state in the TSS. It can only be cleared by code running at a CPL of 0.
13) CMP - CoMPare two operands: Calculate the difference of the first and the
second operand. Do not store the result, just reflect it in the state of
the processor status flags. This is generally followed by an instruction
that is conditional on the state of the flags, such as conditional jumps.
CMP r/m8, r8 ; 38 /r | CMP r/m8, imm8 ; 80 /7 ib
CMP r/m16, r16 ; o16 39 /r | CMP r/m16, imm16 ; o16 81 /7 iw
CMP r/m32, r32 ; o32 39 /r | CMP r/m32, imm32 ; o32 81 /7 id
CMP r8, r/m8 ; 3A /r | (*) [ADC r/m8, sx(imm8) ; 82 /7 ib]
CMP r16, r/m16 ; o16 3B /r | CMP r/m16, sx(imm8) ; o16 83 /7 ib
CMP r32, r/m32 ; o32 3B /r | CMP r/m32, sx(imm8) ; o32 83 /7 ib
CMP AL, imm8 ; 3C ib |
CMP AX, imm16 ; o16 3D iw |
CMP EAX, imm32 ; o32 3D id |
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
15) CMPXCHG - CoMPare and eXCHanGe: Implement the basic semaphore lock
operation, comparing the accumulator (AL, AX, or EAX) with the destination
(first) operand. If they are the same, the destination operand is loaded
with the value from the source (second) operand. If they are not the same,
the accumulator is loaded from the destination operand so they are now the
same. This is commonly used as the atomic synchronization operation.
CMPXCHG r/m8, r8 ; 0F B0 /r | AL == r/m ? r/m = r : AL = r/m
CMPXCHG r/m16, r16 ; o16 0F B1 /r | AX == r/m ? r/m = r : AX = r/m
CMPXCHG r/m32, r32 ; o32 0F B1 /r | EAX == r/m ? r/m = r : EAX = r/m
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
ZF being set after the instruction means that the destination was loaded.
This instruction was introduced in the 80486 processor.
Note: It seems that on the '486, the opcodes may have been 0F A6 and 0F A7.
16) Decimal Adjustments: Operate on packed 2-digit BCD (binary coded decimal)
numbers in AL. An ADD or SUB instruction on packed BCD may leave a value in
AL that is no longer valid BCD; these instructions correct the result.
DAA ; 27 [8086] | Decimal Adjustment after Addition
DAS ; 2F [8086] | Decimal Adjustment after Subtraction
Description:
a) DAA: If (as a result of an addition) either nibble (4 bits) of AL now
contains a value greater than 9, perform a carry as appropriate. For
each nibble, the AF flag (indicating a carry out of the lower nibble in
the previous operation) or the CF flag (indicating a previous carry out
of the upper nibble) is checked, and the carry is performed regardless
of the value in that nibble. The operation is as follows:
if (AL & 0x0F > 0x09 || AF) AL += 6, AF = 1;
if (AL & 0xF0 > 0x90 || CF) AL += 0x60, CF = 1;
b) DAS: If (as a result of a packed BCD subtraction) either nibble of AL
needs to be adjusted so it does not contain a value greater than 9,
perform borrows as appropriate. For each nibble, the AF flag
(indicating a borrow for the lower nibble of AL was needed) or the CF
flag (indicating a borrow for the upper nibble was needed) is also
checked. The operation is as follows:
if (AL & 0x0F > 0x09 || AF) AL -=6, AF = 1;
if (AL & 0xF0 > 0x90 || CF) AL -= 0x60, CF = 1;
FLAGS{OF, SF, ZF, AF, PF, CF}: {AF, CF} are set as indicate,; {SF, ZF, PF}
reflect the result of the operation, and {OF} is undefined.
17) DEC - DECrement operand by 1. The operand is both source and destination.
DEC r/m8 ; FE /1 | DEC r16 ; o16 48 +iw
DEC r/16 ; o16 FF /1 | DEC r32 ; o32 48 +rd
DEC r/m32 ; o32 FF /1 | // Uses opcodes 0x48 through 0x4F
FLAGS{OF, SF, ZF, AF, PF}: Reflect the result of the operation.
Note: The Carry Flag (CF) is not modified by this instruction.
18) DIV - Unsigned DIVide: Divide the extended accumulator pair (AH:AL, DX:AX,
or EDX:EAX) by the operand, and store the result back into the extended
accumulator: the (truncated) quotient in the accumulator (AL, AX, or EAX),
and the remainder in the extension (AH, DX, or EDX).
DIV r/m8 ; F6 /6 | AL = AX / src, AH = AX % src
DIV r/16 ; o16 F7 /6 | AX = DX:AX / src, DX = DX:AX % src
DIV r/m32 ; o32 F7 /6 | EAX = EDX:EAX / src, EDX = EDX:EAX % src
FLAGS{OF, SF, ZF, AF, PF, CF}: Undefined, do not reflect the result.
If the the divisor (src) is 0, or if the quotient does not fit into the
destination register, a #DE (INT 0: Divide error) exception is generated.
19) ENTER - Construct a stack frame upon ENTERing a procedure: This instruction
sets up a stack frame for a procedure, allocating space on the stack for
local (automatic) variables and, optionally, copying previous frame pointers
to allow a nested function access to the local variables and stack frame of
the calling function.
First, the current (caller's) frame pointer is saved (PUSHed) on the stack,
so it can be recovered by a corresponding LEAVE instruction. The value of
the stack pointer (SP or ESP, for 16-bit and 32-bit stack-size attribute,
respectively) at this point is the current procedure's frame pointer, and
will be the value of the frame pointer register (BP/EBP) through the course
of this function.
Then, for each nesting level above 1, a frame pointer is copied from the
caller's frame to the current frame by being pushed onto the stack, and
lastly (for nesting level 1) the current frame pointer is pushed onto the
stack, so it can in turn be accessed by a more deeply nested procedure. The
stack pointer (SP/ESP) is updated appropriately.
Finally, the frame pointer register (BP/EBP) is loaded with the current
procedure's frame pointer, and space for local storage is allocated on the
stack by decrementing the stack pointer by the number given in the first
operand. The layout of the frame is thus:
(a) Positive offsets from the frame pointer - Arguments passed on the stack
to this procedure, if any (depending on the calling mechanism).
(b) Just above the frame pointer - the return address of the caller.
(c) At the frame pointer - The saved caller's frame pointer.
(d) Negative offsets from the frame pointer, up to the nesting level (for
nesting levels greater than 0) - Frame pointers of previous callers, the
highest in the nesting hierarchy right below the frame pointer, with
deeper nesting levels lower until the current frame pointer furthest
from the frame pointer.
(e) Negative offsets from the frame pointer, with offsets greater than the
nesting level - local memory storage, allocated on the stack.
(f) The current top of stack, which the stack pointer currently points to,
and the stack available for any subsequent use.
The stack-size attribute (address-size of the SS register) indicates whether
SP or ESP is used as the stack pointer, and whether BP or EBP is used as the
frame pointer. The operand-size attribute (which may be overriden by an
operand-size override prefix) specifies the size, 16 or 32 bits, of each
value PUSHed onto the stack.
ENTER imm16, imm8 ; C8 iw ib | (ib is masked to 5 bits)
The first operand (imm16) is the number of bytes of local storage to
allocate. The second operand (imm8) is the nesting level; it is masked to
5 bits, giving a maximum nesting level of 31.
No FLAGS are modified by this instruction.
20) HLT - HaLT the processor: The processor stops executing any further
instructions and may enter a HALT state. An external interrupt (or NMI, if
interrupts are disabled) or certain signals cause the processor to resume
operation from the instruction following the HLT instruction.
This instruction is privileged, and may only be executed by code running at
a CPL of 0.
HLT ; F4 | Cease execution until external signal received.
21) IDIV -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
22) IMUL -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
23) IN -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
24) INC -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
25) INS -
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
26) INT -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
27) INVD -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
28) INVLPG -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
29) IRET -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
30) Conditional Jumps:
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
31) JMP -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
32) LAHF -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
33) LAR -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
34) LEA -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
37) LxS -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
35) LEAVE -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
36) Load Special Register - Load Protected Mode, Operating System registers.
These instructions are privileged, and cannot be executed unless the
processor is running at a CPL of 0.
LGDT m16&32 ; 0F 01 /2 | Load Global Descriptor Table register
LIDT m16&32 ; 0F 01 /3 | Load Interrupt Descriptor Table register
LLDT r/m16 ; 0F 00 /2 | Load Local Descriptor Table register
LTR r/m16 ; 0F 03 /3 | Load Task Register
LMSW r/m16 ; 0F 01 /6 | Load Machine Status Word (CR0[15:0])
No FLAGS are modified as a result of these instructions.
40) LOCK -
41) LODS -
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
42) LOOP/LOOPcc -
43) LSL -
45) MOV -
46) MOV (2) -
47) MOVS -
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
48) MOVxX
49) MUL
50) NEG/NOT -
51) NOP
52) OR - Logical OR: Calculate the bitwise logical inclusive OR of the two
operands, and store the result in the destination operand. Each bit of the
result is set if the corresponding bit in either of the operands is set.
OR r/m8, r8 ; 08 /r | OR r/m8, imm8 ; 80 /1 ib
OR r/m16, r16 ; o16 09 /r | OR r/m16, imm16 ; o16 81 /1 iw
OR r/m32, r32 ; o32 09 /r | OR r/m32, imm32 ; o32 81 /1 id
OR r8, r/m8 ; 0A /r | (*) [OR r/m8, sx(imm8) ; 82 /1 ib]
OR r16, r/m16 ; o16 0B /r | OR r/m16, sx(imm8) ; o16 83 /1 ib
OR r32, r/m32 ; o32 0B /r | OR r/m32, sx(imm8) ; o32 83 /1 ib
OR AL, imm8 ; 0C ib |
OR AX, imm16 ; o16 0D iw |
OR EAX, imm32 ; o32 0D id |
FLAGS{OF, SF, ZF, AF, PF, CF}: OF and CF are cleared, AF is undefined.
SF, ZF, and PF are modified to reflect the result of the operation.
53) OUT -
54) OUTS
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
55) POP -
56) PUSH -
57) ROR/ROL/RCR/RCL -
58) REP, REPcc
59) RET -
60) SAHF -
61) SHR/SHL/SAR/SAL -
62) SBB - SuBtract with Borrow: Calculate the difference of two operands,
including a potential borrow. The source (second) operand, incremented if
the Carry Flag (CF) is set (indicating a "borrow" was required by a previous
subtraction operation) is subtracted from the destination (first) operand,
and the result is stored back into the destination (first) operand.
The extra use of CF can be used to propogate a borrow across multi-byte or
multi-word subtraction.
SBB r/m8, r8 ; 18 /r | SBB r/m8, imm8 ; 80 /3 ib
SBB r/m16, r16 ; o16 19 /r | SBB r/m16, imm16 ; o16 81 /3 iw
SBB r/m32, r32 ; o32 19 /r | SBB r/m32, imm32 ; o32 81 /3 id
SBB r8, r/m8 ; 1A /r | (*) [SBB r/m8, sx(imm8) ; 82 /3 ib]
SBB r16, r/m16 ; o16 1B /r | SBB r/m16, sx(imm8) ; o16 83 /3 ib
SBB r32, r/m32 ; o32 1B /r | SBB r/m32, sx(imm8) ; o32 83 /3 ib
SBB AL, imm8 ; 1C ib |
SBB AX, imm16 ; o16 1D iw |
SBB EAX, imm32 ; o32 1D id |
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
63) SCAS -
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
64) SETcc -
65) Store Special Registers: Store Protected Mode, Operating System registers.
Though these instructions are not generally of use to user programs, they
are not privileged and can be run at any CPL.
SGDT m16&32 ; 0F 01 /0 | Store Global Descriptor Table register
SIDT m16&32 ; 0F 01 /1 | Store Interrupt Descriptor Table register
SLDT r/m16 ; 0F 00 /0 | Store Local Descriptor Table register
STR r/m16 ; 0F 00 /1 | Store Task Register
SMSW r/m16 ; 0F 01 /4 | Store Machine Status Word (CR0[15:0])
No FLAGS are modified as a result of these instructions.
66) SHLD/SHRD
67) SLDT
68) SMSW
69) FLAG Operations (2): Change the value of the specified bit in (E)FLAGS.
Only the specified flag bit is changed; all others are left unmodified.
STC ; F8 | Set Carry Flag: CF = 1
STD ; FC | Set Direction Flag: DF = 1 (String instructions reverse)
STI ; FA | Set Interrupt-enable Flag: IF = 1 (enable interrupts)
The IF (Interrupt-enabled Flag) can only be changed if the CPL is at least
as privileged as the IOPL (CPL <= IOPL). (IOPL is bits 12-13 of (E)FLAGS.)
70) STOS
14) CMPS - CoMPare String operands: Compare two data items and set the FLAGS
based on the result. The bytes, words, or double-words at DS:(E)SI and
ES:(E)DI are compared, the FLAGS being set accordingly but the difference
being otherwise discarded. The index registers (E)SI and (E)DI are then
advanced to point to the next element in the string.
CMPS m8, m8 ; A6 | CMPSB ; A6
CMPS m16, m16 ; o16 A7 | CMPSW ; o16 A7
CMPS m32, m32 ; o32 A7 | CMPSD ; o32 A7
The operands are always the index registers DS:(E)SI (the DS segment register
can be overriden by the appropriate segment override prefix) and ES:(E)DI
(the ES segment register cannot be overriden), which must have been
pre-loaded with the correct addresses. The operand versions merely allow
the assembler to choose the correct instruction based on the original
definition of the data objects.
After comparing the data, the index registers are advanced to the next
element in the string: by 1 for CMPSB, 2 for CMPSW, or 4 for CMPSD. The
direction of this advance is based on the Direction Flag (DF): forward if
the flag is clear, or backward if the flag is set. The set of registers
are the 16-bit SI/DI if the address-size attribute is 16 bits, or the 32-bit
ESI/EDI if the address-size attribute is 32 bits.
CMPS can be preceded by a REPE/REPZ (0xF3) or REPNE/REPNZ (0xF2) prefix, to
continually compare elements in a string. At each repetition, the (E)CX
register is decremented, the loop ending when it reaches 0 or the condition
fails (ZF is set/clear based on the comparison). The JeCXZ instruction can
be used to differentiate between the two cases.
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the comparison.
71) STR
72) SUB - Normal SUBtraction: Calculate the difference of two operands. The
source (second) operand is subtracted from the destination (first) operand,
and the result is stored back into the destination operand.
SUB r/m8, r8 ; 28 /r | SUB r/m8, imm8 ; 80 /5 ib
SUB r/m16, r16 ; o16 29 /r | SUB r/m16, imm16 ; o16 81 /5 iw
SUB r/m32, r32 ; o32 29 /r | SUB r/m32, imm32 ; o32 81 /5 id
SUB r8, r/m8 ; 2A /r | (*) [SUB r/m8, sx(imm8) ; 82 /5 ib]
SUB r16, r/m16 ; o16 2B /r | SUB r/m16, sx(imm8) ; o16 83 /5 ib
SUB r32, r/m32 ; o32 2B /r | SUB r/m32, sx(imm8) ; o32 83 /5 ib
SUB AL, imm8 ; 2C ib |
SUB AX, imm16 ; o16 2D iw |
SUB EAX, imm32 ; o32 2D id |
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
73) TEST - TEST operand against bitmask: Perform a bitwise logical AND of the
two operands (each bit of the result is set if and only if the corresponding
bits in both operands is set), setting the FLAGS based on the operation but
otherwise discarding the result.
Unlike CMP, which performs a subtraction, in which the order of the operands
is significant, TEST performs a commutative operation, so the order of the
operands is irrelevant. Accordingly, some operand forms normally available
in other binary operations would be redundant. These include the (r, r/m)
forms and the sign-extend of immediate forms.
TEST r/m8, r8 ; 84 /r | TEST r/m8, imm8 ; F6 /0 ib
TEST r/m16, r16 ; o16 85 /r | TEST r/m16, imm16 ; o16 F7 /0 iw
TEST r/m32, r32 ; o32 85 /r | TEST r/m32, imm32 ; o32 F7 /0 id
TEST AL, imm8 ; A8 ib |
TEST AX, imm16 ; o16 A9 iw |
TEST EAX, imm32 ; o32 A9 id |
FLAGS{OF, SF, ZF, AF, PF, CF}: OF and CF are cleared, AF is undefined.
SF, ZF, and PF are modified to reflect the result of the operation.
74) VERR/VERW
75) WAIT
76) WBINVD
77) XADD
78) XCHG - eXCHanGe operands: The values in the two operands are exchanged. The
form of this operand that encodes XCHG AX, AX is explicitly recognized as a
NOP (no-op) operation. If one of the operands is in memory, the processor
asserts a #LOCK, even when no LOCK prefix is specified.
XCHG r/m8, r8 / XCHG r8, r/m8 ; 86 /r
XCHG r/m16, r16 / XCHG r16, r/m16 ; o16 87 /r
XCHG r/m32, r32 / XCHG r32, r/m32 ; o32 87 /r
XCHG AX, r16 / XCHG r16, AX ; o16 90 +r
XCHG EAX, r32 / XCHG r32, EAX ; o32 90 +r
No FLAGS are modified by this instruction.
79) XLAT
80) XOR - Logical eXclusive OR: Calculate the logical exclusive OR of the two
operands and store the result in the destination (first) operand. Each bit
of the result is set if and only if exactly one of the corresponding bits of
the two operands is set.
XOR r/m8, r8 ; 30 /r | XOR r/m8, imm8 ; 80 /6 ib
XOR r/m16, r16 ; o16 31 /r | XOR r/m16, imm16 ; o16 81 /6 iw
XOR r/m32, r32 ; o32 31 /r | XOR r/m32, imm32 ; o32 81 /6 id
XOR r8, r/m8 ; 32 /r | (*) [XOR r/m8, sx(imm8) ; 82 /6 ib]
XOR r16, r/m16 ; o16 33 /r | XOR r/m16, sx(imm8) ; o16 83 /6 ib
XOR r32, r/m32 ; o32 33 /r | XOR r/m32, sx(imm8) ; o32 83 /6 ib
XOR AL, imm8 ; 34 ib |
XOR AX, imm16 ; o16 35 iw |
XOR EAX, imm32 ; o32 35 id |
FLAGS{OF, SF, ZF, AF, PF, CF}: OF and CF are cleared, AF is undefined.
SF, ZF, and PF are modified to reflect the result of the operation.
i486: Cache operations
27) INVD -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
28) INVLPG -
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
2) ADC: ADD with Carry Flag: Calculate the sum of the two operands and the SF
flag (an extra 1 or 0), and store the result into the destination operand.
This is used to propogate a carry across multi-byte or multi-word addition.
ADC r/m8, r8 ; 10 /r | ADC r/m8, imm8 ; 80 /2 ib
ADC r/m16, r16 ; o16 11 /r | ADC r/m16, imm16 ; o16 81 /2 iw
ADC r/m32, r32 ; o32 11 /r | ADC r/m32, imm32 ; o32 81 /2 id
ADC r8, r/m8 ; 12 /r | (*) [ADC r/m8, sx(imm8) ; 82 /2 ib]
ADC r16, r/m16 ; o16 13 /r | ADC r/m16, sx(imm8) ; o16 83 /2 ib
ADC r32, r/m32 ; o32 13 /r | ADC r/m32, sx(imm8) ; o32 83 /2 ib
ADC AL, imm8 ; 14 ib |
ADC AX, imm16 ; o16 15 iw |
ADC EAX, imm32 ; o32 15 id |
FLAGS{OF, SF, ZF, AF, PF, CF}: Reflect the result of the operation.
FLAGS{OF, SF, ZF, AF, PF, CF}: OF and CF are cleared, AF is undefined.
SF, ZF, and PF are modified to reflect the result of the operation.