Welcome to our diverse blog where we explore a wide range of fascinating topics that span the realms of exam preparation, science, business, technology, web development, administration, and health. Whether you're a student, a tech enthusiast, an entrepreneur, or simply someone seeking to enhance your knowledge, this blog is designed to provide you with insightful and engaging content.
Wednesday, 8 February 2017
X86 INSTRUCTIONS::: CARRY AIRTHMETIC INSTRUCTION
Syntax 1 :
adc src, dest #GAS Syntax
adc dest, src #Intel syntax
Add with carry. Adds src + carry flag to dest, storing result in dest. Usually follows a normal add instruction to deal with values twice as large as the size of the register.
In the following example, source contains a 64-bit number which will be added to destination.
Example :
mov eax, [source] ; read low 32 bits
mov edx, [source+4] ; read high 32 bits
add [destination], eax ; add low 32 bits
adc [destination+4], edx ; add high 32 bits, plus carry
Syntax 2 :
sbb src, dest #GAS Syntax
sbb dest, src #Intel syntax
Subtract with borrow. Subtracts src + carry flag from dest, storing result in dest. Usually follows a normal sub instruction to deal with values twice as large as the size of the register.
X86 INSTRUCTIONS:::AIRTHMETIC INSTRUCTION
Arithmetic instructions take two operands: a destination and a source.
The destination must be a register or a memory location.
The source may be either a memory location, a register, or a constant value.
Atleast one of the two must be a register, because operations may not use a memory location as both a source and a destination.
Syntax 1 :
add src, dest #GAS Syntax
add dest, src #Intel syntax
This adds src to dest. If you are using the MASM syntax, then the result is stored in the first argument, if you are using the GAS syntax, it is stored in the second argument.
Syntax 2 :
sub src, dest #GAS Syntax
sub dest, src #Intel syntax
Like ADD, only it subtracts source from destination instead. In C: dest -= src;
Syntax 3 :
mul arg
This multiplies "arg" by the value of corresponding byte-length in the AX register.
operand size 1 byte 2 bytes 4 bytes
other operand AL AX EAX
higher part of result stored in: AH DX EDX
lower part of result stored in: AL AX EAX
In the second case, the target is not EAX for backward compatibility with code written for older processors.
Syntax 4 :
imul arg
As MUL, only signed. The IMUL instruction has the same format as MUL, but also accepts two other formats like so:
Syntax 5 :
imul src, dest #GAS Syntax
imul dest, src #Intel syntax
This multiplies src by dest. If you are using the NASM syntax, then the result is stored in the first argument, if you are using the GAS syntax, it is stored in the second argument.
Syntax 6 :
imul aux, src, dest #GAS Syntax
imul dest, src, aux #Intel syntax
This multiplies src by aux and places it into dest. If you are using the NASM syntax, then the result is stored in the first argument, if you are using the GAS syntax, it is stored in the third argument.
Syntax 7 :
div arg
This divides the value in the dividend register(s) by "arg", see table below.
divisor size 1 byte 2 bytes 4 bytes
dividend AX DX:AX EDX:EAX
remainder stored in: AH DX EDX
quotient stored in: AL AX EAX
The colon (:) means concatenation. With divisor size 4, this means that EDX are the bits 32-63 and EAX are bits 0-31 of the input number (with lower bit numbers being less significant, in this example).
As you typically have 32-bit input values for division, you often need to use CDQ to sign-extend EAX into EDX just before the division.
If quotient does not fit into quotient register, arithmetic overflow interrupt occurs. All flags are in undefined state after the operation.
Syntax 8 :
idiv arg
As DIV, only signed.
Syntax 9 :
neg arg
Arithmetically negates the argument (i.e. two's complement negation).
X86 INSTRUCTIONS:::CONTROL FLOW:::JUMP INSTRUCTION:::OTHER CONTROL INSTRUCTION
Syntax 1 :
hlt
Halts the processor. Execution will be resumed after processing next hardware interrupt, unless IF is cleared.
Syntax 2 :
nop
No operation. This instruction doesn't do anything, but wastes an instruction cycle in the processor. This instruction is often represented as an XCHG operation with the operands EAX and EAX.
Syntax 3 :
lock
Asserts #LOCK prefix on next instruction.
Syntax 4 :
wait
Waits for the FPU to finish its last calculation.
X86 INSTRUCTIONS:::CONTROL FLOW:::JUMP INSTRUCTION:::ENTER AND LEAVE
Syntax 1 :
enter arg
Creates a stack frame with the specified amount of space allocated on the stack.
Syntax 2 :
leave
Destroys the current stack frame, and restores the previous frame. Using Intel syntax this is equivalent to:
Syntax 3 :
mov esp, ebp
pop ebp
This will set EBP and ESP to their respective value before the function prologue began therefore reversing any modification to the stack that took place during the prologue.
X86 INSTRUCTIONS:::CONTROL FLOW::: JUMP INSTRUCTIONS:::LOOP INSTRUCTION
Syntax :
loop arg
The loop instruction decrements ECX and jumps to the address specified by arg unless decrementing ECX caused its value to become zero.
Example
mov ecx, 5
start_loop:
; the code here would be executed 5 times
loop start_loop
loop does not set any flags.
Syntax :
loopx arg
These loop instructions decrement ECX and jump to the address specified by arg if their condition is satisfied (that is, a specific flag is set), unless decrementing ECX caused its value to become zero.
loope loop if equal
loopne loop if not equal
loopnz loop if not zero
loopz loop if zero
X86 INSTRUCTIONS:::CONTROL FLOW:::JUMP INSTRUCTION::: FUNCTION CALLS
Syntax :
call proc
Pushes the address of the next opcode onto the top of the stack, and jumps to the specified location. This is used mostly for subroutines.
Syntax :
ret [val]
Loads the next value on the stack into EIP, and then pops the specified number of bytes off the stack. If val is not supplied, the instruction will not pop any values off the stack after returning
X86 INSTRUCTIONS:::CONTROL FLOW:::: JUMP INSTRUCTIONS
The Jump Instructions allow the programmer to (indirectly) set the value of the EIP register. The location passed as the argument is usually a label. The first instruction executed after the jump is the instruction immediately following the label.
All of the jump instructions, with the exception of jmp, are conditional jumps, meaning that program flow is diverted only if a condition is true.
These instructions are often used after a comparison instruction, but since many other instructions set flags, this order is not required.
Unconditional Jumps :
Syntax :
jmp loc
Loads EIP with the specified address (i.e. the next instruction executed will be the one specified by jmp).
Jump on Equality :
Syntax :
je loc
ZF = 1
Loads EIP with the specified address, if operands of previous CMP instruction are equal.
mov $5, ecx
mov $5, edx
cmp ecx, edx
je equal
; if it did not jump to the label equal, then this means ecx and edx are not equal.
equal:
; if it jumped here, then this means ecx and edx are equal
Jump on Inequality :
Syntax :
jne loc
ZF = 0
Loads EIP with the specified address, if operands of previous CMP instruction are not equal.
Jump if Greater :
Syntax 1 :
jg loc
ZF = 0 and SF = OF
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second (performs signed comparison).
Syntax 2 :
jge loc
SF = OF
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second (performs signed comparison).
Syntax 3 :
ja loc
CF = 0 and ZF = 0
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second. ja is the same as jg, except that it performs an unsigned comparison.
Syntax 4 :
jae loc
CF = 0
Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second. jae is the same as jge, except that it performs an unsigned comparison.
Jump if Less :
Syntax 1 :
jl loc
The criteria required for a JL is that SF <> OF, loads EIP with the specified address, if the criteria is meet. So either SF or OF can be set but not both in order to satisfy this criteria. If we take the SUB(which is basically what a CMP does) instruction as an example, we have:
arg2 - arg1
With respect to SUB and CMP there are several cases that fulfill this criteria:
arg2 < arg1 and the operation does not have overflow
arg2 > arg1 and the operation has an overflow
In case 1) SF will be set but not OF and in case 2) OF will be set but not SF since the overflow will reset the most significant bit to zero and thus preventing SF being set. The SF <> OF criteria avoids the cases where:
arg2 > arg1 and the operation does not have overflow
arg2 < arg1 and the operation has an overflow
arg2 == arg1
In case 1) neither SF nor OF are set, in case 2) OF will be set and SF will be set since the overflow will reset the most significant bit to one and in case 3) neither SF nor OF will be set.
The example code below runs the five cases outlined above and prints out whether SF and OF are equal or not:
;
; nasm -felf32 -g jlFlagsCheck.asm
; gcc -o jlFlagsCheck jlFlagsCheck.o
;
global main
extern printf
section .data
sfneofStr: db 'SF <> OF', 0xA, 0
sfeqofStr: db 'SF == OF', 0xA, 0
section .bss
section .text
main:
;
; Functions will follow the cdecl call convention
;
;
; arg2 < arg1 and no overflow
;
mov eax, 1
cmp eax, 2
call checkSFNEOF
;
; arg2 < arg1 and overflow
;
mov al, -2
cmp al, 127
call checkSFNEOF
;
; arg2 > arg1 and no overflow
;
mov eax, 2
cmp eax, 1
call checkSFNEOF
;
; arg2 > arg1 and overflow
;
mov al, 127
cmp al, -1
call checkSFNEOF
;
; arg2 == arg1
;
mov eax, 2
cmp eax, 2
call checkSFNEOF
call exit
;
; Check if SF <> OF, which means the condition for jump less would be meet.
;
checkSFNEOF:
push ebp
mov ebp, esp
jl SFNEOF
jmp SFEQOF
SFNEOF:
push dword sfneofStr
call printf
jmp checkSFNEOFDone
SFEQOF:
push dword sfeqofStr
call printf
checkSFNEOFDone:
leave
ret
exit:
;
; Call exit(3) syscall
; void exit(int status)
;
mov ebx, 0 ; Arg one: the status
mov eax, 1 ; Syscall number:
int 0x80
Output :
SF <> OF
SF <> OF
SF == OF
SF == OF
SF == OF
Syntax 2 :
jb loc
CF = 1
Loads EIP with the specified address, if first operand of previous CMP instruction is less than the second. jb is the same as jl, except that it performs an unsigned comparison.
Syntax 3 :
jbe loc
CF = 1 or ZF = 1
Loads EIP with the specified address, if first operand of previous CMP instruction is less than or equal to the second. jbe is the same as jle, except that it performs an unsigned comparison.
Jump on Overflow :
Syntax 1 :
jo loc
OF = 1
Loads EIP with the specified address, if the overflow bit is set on a previous arithmetic expression.
Syntax 2 :
jno loc
OF = 0
Loads EIP with the specified address, if the overflow bit is not set on a previous arithmetic expression.
Jump on Zero :
Syntax 1 :
jz loc
ZF = 1
Loads EIP with the specified address, if the zero bit is set from a previous arithmetic expression. jz is identical to je.
Syntax 2 :
jnz loc
ZF = 0
Loads EIP with the specified address, if the zero bit is not set from a previous arithmetic expression. jnz is identical to jne.
Jump on Sign :
Syntax 1 :
js loc
SF = 1
Loads EIP with the specified address, if the sign bit is set from a previous arithmetic expression.
Syntax 2 :
jns loc
SF = 0
Loads EIP with the specified address, if the sign bit is not set from a previous arithmetic expression.
X86 INSTRUCTIONS:::CONTROL FLOW::: comparison instruction
Performs a bit-wise logical AND on arg1 and arg2 the result of which we will refer to as Temp and sets the ZF(zero), SF(sign) and PF(parity) flags based on Temp. Temp is then discarded.
Syntax
test arg1, arg2 #GAS Syntax
test arg2, arg1 #Intel syntax
Operands
arg1
Register
Immediate
arg2
AL/AX/EAX (only if arg1 is immediate)
Register
Memory
Modified flags
SF <- MostSignificantBit(Temp)
If Temp == 0 ZF <- 1 else ZF <- 0
PF <- BitWiseXorNor(Temp[Max-1:0])
CF <- 0
OF <- 0
AF is undefined
Performs a comparison operation between arg1 and arg2. The comparison is performed by a (signed) subtraction of arg2 from arg1, the results of which can be called Temp. Temp is then discarded. If arg2 is an immediate value it will be sign extended to the length of arg1. The EFLAGS register is set in the same manner as a sub instruction.
Syntax
cmp arg2, arg1 #GAS Syntax
cmp arg1, arg2 #Intel syntax
the GAS/AT&T syntax can be rather confusing, as for example cmp $0, %rax followed by jl branch will branch if %rax < 0 (and not the opposite as might be expected from the order of the operands).
Operands
arg1
AL/AX/EAX (only if arg2 is immediate)
Register
Memory
arg2
Register
Immediate
Memory
Modified flags
SF <- MostSignificantBit(Temp)
If Temp == 0 ZF <- 1 else ZF <- 0
PF <- BitWiseXorNor(Temp[Max-1:0])
CF, OF and AF<- 0
X86 INSTRUCTIONS:::CONTROL FLOW:::INTRODUCTION
Almost all programming languages have the ability to change the order in which statements are evaluated, and assembly is no exception. The instruction pointer (EIP) register contains the address of the next instruction to be executed. To change the flow of control, the programmer must be able to modify the value of EIP. This is where control flow functions come in.
mov eip, label ; wrong
jmp label ; right
DATA TRANSFER INSTRUCTION FOR 8086 MICROPROCESSOR
General purpose byte or word transfer instructions:
Instruction Description
MOV copy byte or word from specified source to specified destination
PUSH copy specified word to top of stack
POP copy word from top of stack to specified location
PUSHA copy all registers to stack
POPA copy words from stack to all registers
XCHG Exchange bytes or exchange words
XLAT translate a byte in AL using a table in memory
These are I/O port transfer instructions:
Instruction Description
IN copy a byte or word from specific port to accumulator
OUT copy a byte or word from accumulator to specific port
Special address transfer Instructions:
Instruction Description
LEA load effective address of operand into specified register
LDS load DS register and other specified register from memory
LES load ES register and other specified register from memory
Flag transfer instructions:
Instruction Description
LAHF load AH with the low byte of flag register
SAHF Stores AH register to low byte of flag register
PUSHF copy flag register to top of stack
POPF copy top of stack word to flag register
X86 INSTRUCTIONS:::DATA TRANSFER INSTRUCTION:::6-LOAD EFFECTIVE ADDRESS
Load Effective Address :
Syntax :
lea src, dest #GAS Syntax
lea dest, src #Intel syntax
The lea instruction calculates the address of the src operand and loads it into the dest operand.
Operands
src
Immediate
Register
Memory
dest
Register
Modified flags
No FLAGS are modified by this instruction
Load Effective Address calculates its src operand in the same way as the mov instruction does, but rather than loading the contents of that address into the dest operand, it loads the address itself.
lea can be used not only for calculating addresses, but also general-purpose unsigned integer arithmetic (with the caveat and possible advantage that FLAGS are unmodified). This can be quite powerful, since the src operand can take up to 4 parameters: base register, index register, scalar multiplier and displacement, e.g. [eax + edx*4 -4] (Intel syntax) or -4(%eax, %edx, 4) (GAS syntax). The scalar multiplier is limited to constant values 1, 2, 4, or 8 for byte, word, double word or quad word offsets respectively. This by itself allows for multiplication of a general register by constant values 2, 3, 4, 5, 8 and 9, as shown below (using NASM syntax):
Example :
lea ebx, [ebx*2] ; Multiply ebx by 2
lea ebx, [ebx*8+ebx] ; Multiply ebx by 9, which totals ebx*18
X86 INSTRUCTIONS::: DATA TRANSFER INSTRUCTIONS:::5-MOVE STRING
Move byte
Syntax :
movsb
The movsb instruction copies one byte from the memory location specified in esi to the location specified in edi. If the direction flag is cleared, then esi and edi are incremented after the operation. Otherwise, if the direction flag is set, then the pointers are decremented. In that case the copy would happen in the reverse direction, starting at the highest address and moving toward lower addresses until ecx is zero.
Operands
None.
Modified flags
No FLAGS are modified by this instruction
Example :
section .text
; copy mystr into mystr2
mov esi, mystr ; loads address of mystr into esi
mov edi, mystr2 ; loads address of mystr2 into edi
cld ; clear direction flag (forward)
mov ecx,6
rep movsb ; copy six times
section .bss
mystr2: resb 6
section .data
mystr db "Hello", 0x0
Move Word
Syntax :
movsw
The movsw instruction copies one word (two bytes) from the location specified in esi to the location specified in edi. It basically does the same thing as movsb, except with words instead of bytes.
Operands
None.
Modified flags
No FLAGS are modified by this instruction
Example :
section .code
; copy mystr into mystr2
mov esi, mystr
mov edi, mystr2
cld
mov ecx,4
rep movsw
; mystr2 is now AaBbCca\0
section .bss
mystr2: resb 8
section .data
mystr db "AaBbCca", 0x0
X86 INSTRUCTIONS::: DATA TRANSFER INSTRUCTION:::4-MOVE SIGN EXTEND
Move sign extend :
Syntax :
movs src, dest #GAS Syntax
movsx dest, src #Intel syntax
The movs instruction copies the src operand in the dest operand and pads the remaining bits not provided by src with the sign bit (the MSB) of src. This instruction is useful for copying a signed small value to a bigger register.
Operands
src
Register
Memory
dest
Register
Modified flags
No FLAGS are modified by this instruction
Example :
.data
byteval:
.byte -24 # = 0xe8
.text
.global _start
_start:
movsbw byteval, %ax
# %ax is now -24 = 0xffe8
movswl %ax, %ebx
# %ebx is now -24 = 0xffffffe8
movsbl byteval, %esi
# %esi is now -24 = 0xffffffe8
# Linux sys_exit
mov $1, %eax
xorl %ebx, %ebx
int $0x80
X86 INSTRUCTIONS:::DATA TRANSFER INSTRUCTION:::3- MOVE WITH ZERO EXTEND
Move Zero Extend :
Syntax :
movz src, dest #GAS Syntax
movzx dest, src #Intel syntax
The movz instruction copies the src operand in the dest operand and pads the remaining bits not provided by src with zeros (0). This instruction is useful for copying a small, unsigned value to a bigger register.
Operands
arg1
Register
Memory
arg2
Register
Modified flags
No FLAGS are modified by this instruction
Example :
.data
byteval:
.byte 204
.text
.global _start
_start:
movzbw byteval, %ax
# %eax is now 204
movzwl %ax, %ebx
# %ebx is now 204
movzbl byteval, %esi
# %esi is now 204
# Linux sys_exit
mov $1, %eax
xorl %ebx, %ebx
int $0x80
X86 INSTRUCTIONS::::::DATA TRANSFER INSTRUCTION::::2- DATA SWAP
Exchange :
Syntax :
xchg src, dest #GAS Syntax
xchg dest, src #Intel syntax
The xchg instruction swaps the src operand with the dest operand. It's like doing three move operations: from dest to a temporary (another register), then from src to dest, then from the temporary to src, except that no register needs to be reserved for temporary storage.
If one of the operands is a memory address, then the operation has an implicit LOCK prefix, that is, the exchange operation is atomic. This can have a large performance penalty.
It's also worth noting that the common NOP (no op) instruction, 0x90, is the opcode for xchgl %eax, %eax.
Operands
src
Register
Memory
dest
Register
Memory
However, only one operand can be in memory: the other must be a register.
Modified flags
No FLAGS are modified by this instruction
Example :
.data
value:
.long 2
.text
.global _start
_start:
movl $54, %ebx
xorl %eax, %eax
xchgl value, %ebx
# %ebx is now 2
# value is now 54
xchgw %ax, value
# Value is now 0
# %eax is now 54
xchgb %al, %bl
# %ebx is now 54
# %eax is now 2
xchgw value(%eax), %ax
# value is now 0x00020000 = 131072
# %eax is now 0
# Linux sys_exit
mov $1, %eax
xorl %ebx, %ebx
int $0x80
Compare and exchange :
Syntax :
cmpxchg arg2, arg1 #GAS Syntax
cmpxchg arg1, arg2 #Intel syntax
The cmpxchg instruction has two implicit operands AL/AX/EAX(depending on the size of arg1) and ZF(zero) flag. The instruction compares arg1 to AL/AX/EAX and if they are equal sets arg1 to arg2 and sets the zero flag, otherwise it sets AL/AX/EAX to arg1 and clears the zero flag. Unlike xchg there is not an implicit lock prefix and if the instruction is required to be atomic then lock must be prefixed.
Operands
arg1
Register
Memory
arg2
Register
Modified flags
The ZF flag is modified by this instruction
In order to assemble, link and run the program we need to do the following:
$ nasm -felf32 -g cmpxchgSpinLock.asm
$ gcc -o cmpxchgSpinLock cmpxchgSpinLock.o -lpthread
$ ./cmpxchgSpinLock
X86 INSTRUCTIONS:::::DATA TRANSFER INSTRUCTION::::::1- MOVE
Data Transfer
Some of the most important and most frequently used instructions are those that move data. Without them, there would be no way for registers or memory to even have anything in them to operate on.
Data Transfer Instructions
Move
Syntax :
mov src, dest #GAS Syntax
mov dest, src #Intel syntax
Move :
The mov instruction copies the src operand into the dest operand.
Operands
src
Immediate
Register
Memory
dest
Register
Memory
Modified flags
No FLAGS are modified by this instruction
Example :
.data
value:
.long 2
.text
.global _start
_start:
movl $6, %eax
# %eax is now 6
movw %ax, value
# value is now 6
movl $0, %ebx
# %ebx is now 0
movb %al, %bl
# %ebx is now 6
movl value, %ebx
# %ebx is now 6
movl $value, %esi
# %esi is now the address of value
xorl %ebx, %ebx
# %ebx is now 0
movw value(, %ebx, 1), %bx
# %ebx is now 6
# Linux sys_exit
mov $1, %eax
xorl %ebx, %ebx
int $0x80
X86 INSTRUCTIONS:::::::INTRODUCTION
The different instructions are broken up into groups as follows :
Data Transfer Instructions
Control Flow Instructions
Arithmetic Instructions
Logic Instructions
Shift and Rotate Instructions
Other Instructions
x86 Interrupts
Conventions
The following template will be used for instructions that take no operands:
Syntax :
Instr
The following template will be used for instructions that take 1 operand:
Syntax :
Instr arg
The following template will be used for instructions that take 2 operands. Notice how the format of the instruction is different for different assemblers.
Syntax :
Instr src, dest #GAS Syntax
Instr dest, src #Intel syntax
The following template will be used for instructions that take 3 operands. Notice how the format of the instruction is different for different assemblers.
Syntax :
Instr aux, src, dest #GAS Syntax
Instr dest, src, aux #Intel syntax
Suffixes
Some instructions, especially when built for non-Windows platforms (i.e. Unix, Linux, etc.), require the use of suffixes to specify the size of the data which will be the subject of the operation. Some possible suffixes are:
b (byte) = 8 bits
w (word) = 16 bits
l (long) = 32 bits
q (quad) = 64 bits
Example of the usage with the mov instruction on a 32-bit architecture, GAS syntax:
Syntax :
# Store the value F into the eax register
movl $0x000F, %eax
On Intel Syntax you don't have to use the suffix. Based on the register name and the used immediate value the compiler knows which data size to use.
Syntax :
MOV EAX, 0x000F
Subscribe to:
Posts (Atom)
"Exploring the Intersections: Insights into Exam Prep, Science, Business,Tech,Web-dev,Admin&Health
काबिज नजूल : आबादी भूमि पर बने मकान को विक्रय करते समय बिक्रीनामा तैयार करने की प्रक्रिया-Occupied Nazul or populated land
काबिज नजूल अथवा आबादी भूमि पर बने मकान को विक्रय करते समय बिक्रीनामा तैयार करने की प्रक्रिया: 1. दस्तावेज इकट्ठा करना: विक्रेता और खरीदार ...
-
There are several home remedies that can help alleviate headache pain. Here are a few:👍 Drink plenty of water: Dehydration can often lea...
-
Sebi Sahara Refund Application form 2023 Sebi-Sahara Refund Online Application Form 2023 सार (Summary) सहारा समूह की सहकारी समितियों के वास्...
-
MSP RATE DECLARED BY GOVERNMENT OF INDIA भारत सरकार द्वारा, रबी 2020-21 के लिए MSP घोषित कर दी गयी है | गेहूँ का समर्थन मूल्य 50 रूपए बढ़ाक...