Scribd
Upload
2K views1 page

x86 Opcode Structure and Instruction Overview

This document provides an overview of the x86 opcode structure and instruction set. It details the bit structure of opcodes, addressing modes, registers, and instruction prefixes. Additionally, it includes tables that define values for the SIB byte, r/m fields, and register encoding. The document was created by Fraunhofer FKIE and provides a technical reference for the x86 instruction set.

Uploaded by

jaro33s222
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views1 page

x86 Opcode Structure and Instruction Overview

This document provides an overview of the x86 opcode structure and instruction set. It details the bit structure of opcodes, addressing modes, registers, and instruction prefixes. Additionally, it includes tables that define values for the SIB byte, r/m fields, and register encoding. The document was created by Fraunhofer FKIE and provides a technical reference for the x86 instruction set.

Uploaded by

jaro33s222
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

FRAUNHOFER-INSTITUT FR KOMMUNIKATION, INFORMATIONSVERARBEITUNG UND ERGONOMIE FKIE

x86 Opcode Structure and Instruction Overview 0 1 2 3 4 5 6 7 8 9 AB CDE F 0 1 2 3 4 5 6 7 8 9 AB CDE F OR ADD 0 0 SBB SSE{1,2,3} ADC 1 1 SUB AND SSE{1,2} 2 2 MOV CR/DR XOR CMP 3 3 INC DEC CMOV 4 4 PUSH POP SSE{1,2} 5 5 MMX, SSE2 6 6 MMX, SSE{1,2,3}, VMX 7 7 MOV REG 8 8 XCHG EAX 9 9 A MOV EAX A MOV B B SSE{1,2} BSWAP C C MMX, SSE{1,2,3} FPU D D MMX, SSE{1,2} E E MMX, SSE{1,2,3} F F
2nd 2nd 1st 1st ES ES PUSH POP SS SS ES SS TWO CS BYTE PUSH POP DS DS CS DAS AAS
{L,S}LDT {L,S}GDT {L,S}TR {L,S}IDT VER{R,W} {L,S}MSW

LAR

LSL

CLTS

INVD
Prefetch SSE1

WBINVD

UD2

NOP

HINT_NOP

DAA AAA

SEGMENT OVERRIDE

SEGMENT OVERRIDE

DS

WRMSR RDTSC

RDMSR RDPMC SYSENTER SYSEXIT

GETSEC SMX

MOVBE / THREE BYTE

THREE BYTE SSE4

PUSHAD POPAD BOUND

ARPL JNB

FS JE

GS

OPERAND SIZE

ADDRESS SIZE

PUSH IMUL PUSH IMUL JS JNS JPE JPO

INS

OUTS

SEGMENT OVERRIDE

SIZE OVERRIDE

JO

JNO

JB

JNE

JBE

JA

JL

JGE

JLE

JG

MMX, SSE{2,3} JGE JLE

Jcc

ADD/ADC/AND/XOR OR/SBB/SUB/CMP

TEST

XCHG

MOV MOV LEA POP SREG SREG

JO

JNO

JB

JNB

JE

JNE

JBE

JA

JS

JNS

JPE

JPO

JL

JG

Jcc SHORT

NOP

CWD CDQ CALLF WAIT TEST STOS

PUSHFD POPFD

SAHF LAHF SCAS

SETO

SETNO

SETB

SETNB

SETE

SETNE

SETBE

SETA

SETS

SETNS

SETPE

SETPO

SETL

SETGE

SETLE

SETG

SETcc

MOVS

CMPS

LODS

PUSH POP CPUID BT FS FS CMPXCHG XADD LSS

SHLD

PUSH POP RSM BTS GS GS


POPCNT

SHRD

*FENCE

IMUL

BTR

LFS

LGS

MOVZX

UD

BT BTS BTR BTC

BTC

BSF

BSR

MOVSX

SHIFT IMM SHIFT 1

RETN

LES

LDS MOV IMM

ENTER

LEAVE

RETF

INT3

INT INTO IRETD IMM

CMPXCHG

SHIFT CL

ROL/ROR/RCL/RCR/SHL/SHR/SAL/SAR

AAM AAD SALC XLAT IN IMM OUT IMM

LOOPNZ LOOPZ

LOOP

CONDITIONAL LOOP

JECXZ
REPE

CALL JMP JMPF CLC STC CLI

JMP SHORT

IN DX

OUT DX

LOCK

EXCLUSIVE ACCESS

ICE BP

REPNE

CONDITIONAL REPETITION

HLT CMC

TEST/NOT/NEG [i]MUL/[i]DIV

STI

CLD

STD

INC DEC

INC/DEC CALL/JMP PUSH

Arithmetic & Logic Memory Stack Control Flow & Conditional

Prefix System & I/O

General Opcode Structure


Element Information # of bytes Bit structure Prefix 0-4 Opcode 1-3 O OO OO O D L AddrMode (mod, reg, r/m) 0-1 MM R R R R R R O O E E E MMM D D G G G SIB Byte (scale, index, base) 0-1 S S I I I B B B Displacement 0/1/2/4 Immediate Data 0/1/2/4

Addressing Modes
mod r/m 000 001 010 011 Base field Index field Scale field 100 101 110 111
16bit
[BX+SI] [BX+DI] [BP+SI] [BP+DI] [SI] [DI] disp16 [BX]

SIB Byte Structure


01 10
32bit
[EAX]+disp8 [ECX]+disp8 [EDX]+disp8 [EBX]+disp8 SIB+disp8 [EBP]+disp8 [ESI]+disp8 [EDI]+disp8

00
32bit
[EAX] [ECX] [EDX] [EBX] SIB disp32 [ESI] [EDI]

11
32bit
[EAX]+disp32 [ECX]+disp32 [EDX]+disp32 [EBX]+disp32 SIB+disp32 [EBP]+disp32 [ESI]+disp32 [EDI]+disp32

encoding 000 001 010 011 100 101 110 111

scale (2bit) 20=1 21=2 2 =4 23=8 ----2

Index (3bit) [EAX] [ECX] [EDX] [EBX] none [EBP] [ESI] [EDI]

Base (3bit) EAX ECX EDX EBX ESP


disp32 / disp8+ [EBP] / disp32 + [EBP]

16bit
[BX+SI]+disp8 [BX+DI]+disp8 [BP+SI]+disp8 [BP+DI]+disp8 [SI]+disp8 [DI]+disp8 [BP]+disp8 [BX]+disp8

16bit
[BX+SI]+disp16 [BX+DI]+disp16 [BP+SI]+disp16 [BP+DI]+disp16 [SI]+disp16 [DI]+disp16 [BP]+disp16 [BX]+disp16

r/m // REG
AL / AX / EAX CL / CX / ECX DL / DX / EDX BL / BX / EBX AH / SP / ESP CH / BP / EBP DH / SI / ESI BH / DI / EDI

No Operation (NOP) / Multiple Instructions / Extended Instruction Set

Main Opcode bits Direction bit Operand length bit

ESI EDI

r/m field Register/Opcode modifier, defined by primary opcode Addressing mode

SIB value = index * scale + base

v1.0 30.08.2011 Contact: Daniel Plohmann +49 228 73 54 228 [Link]@[Link]

Source: Intel x86 Instruction Set Reference Opcode table presentation inspired by work of Ange Albertini

You might also like