Wednesday, 8 February 2017


Rotate Instructions In a rotate instruction, the bits that slide off the end of the register are fed back into the spaces. Rotate dest to the right by src bits. Syntax 1 : ror src, dest #GAS Syntax ror dest, src #Intel syntax Rotate dest to the left by src bits. Syntax 2 : rol src, dest #GAS Syntax rol dest, src #Intel syntax Rotate With Carry Instructions Like with shifts, the rotate can use the carry bit as the "extra" bit that it shifts through. Rotate dest to the right by src bits with carry. Syntax 1 : rcr src, dest #GAS Syntax rcr dest, src #Intel syntax Rotate dest to the left by src bits with carry. Syntax 2 : rcl src, dest #GAS Syntax rcl dest, src #Intel syntax Number of arguments Unless stated, these instructions can take either one or two arguments. If only one is supplied, it is assumed to be a register or memory location and the number of bits to shift/rotate is one (this may be dependent on the assembler in use, however). shrl $1, %eax is equivalent to shrl %eax (GAS syntax).


Logical Shift Instructions In a logical shift instruction (also referred to as unsigned shift), the bits that slide off the end disappear (except for the last, which goes into the carry flag), and the spaces are always filled with zeros. Logical shifts are best used with unsigned numbers. Syntax 1 : shr src, dest #GAS Syntax shr dest, src #Intel syntax Logical shift dest to the right by src bits. Syntax 2 : shl src, dest #GAS Syntax shl dest, src #Intel syntax Logical shift dest to the left by src bits. Example (GAS Syntax) : /*ax=1111.1111.0000.0000 (0xff00, unsigned 65280, signed -256)*/ movw $ff00,%ax /*ax=0001.1111.1110.0000 (0x1fe0, signed and unsigned 8160)*/ shrw $3,%ax /*(logical shifting unsigned numbers right by 3 is like integer division by 8)*/ /*ax=0011.1111.1100.0000 (0x3fc0, signed and unsigned 16320)*/ shlw $1,%ax /*(logical shifting unsigned numbers left by 1 is like multiplication by 2)*/ Arithmetic Shift Instructions In an arithmetic shift (also referred to as signed shift), like a logical shift, the bits that slide off the end disappear (except for the last, which goes into the carry flag). But in an arithmetic shift, the spaces are filled in such a way to preserve the sign of the number being slid. For this reason, arithmetic shifts are better suited for signed numbers in two's complement format. Syntax 1 : sar src, dest #GAS Syntax sar dest, src #Intel syntax Arithmetic shift dest to the right by src bits. Spaces are filled with sign bit (to maintain sign of original value), which is the original highest bit. Syntax 2 : sal src, dest #GAS Syntax sal dest, src #Intel syntax Arithmetic shift dest to the left by src bits. The bottom bits do not affect the sign, so the bottom bits are filled with zeros. This instruction is synonymous with SHL. Example (GAS Syntax) : /*ax=1111.1111.0000.0000 (0xff00, unsigned 65280, signed -256)*/ movw $ff00,%ax /*ax=1111.1100.0000.0000 (0xfc00, unsigned 64512, signed -1024)*/ salw $2,%ax /*(arithmetic shifting left by 2 is like multiplication by 4 for negative numbers, but has an impact on positives with most significant bit set (i.e. set bits shifted out))*/ /*ax=1111.1111.1110.0000 (0xffe0, unsigned 65504, signed -32)*/ sarw $5,%ax /*(arithmetic shifting right by 5 is like integer division by 32 for negative numbers)*/ Extended Shift Instructions The names of the double precision shift operations are somewhat misleading, hence they are listed as extended shift instructions on this page. They are available for use with 16- and 32-bit data entities (registers/memory locations). The src operand is always a register, the dest operand can be a register or memory location, the cnt operand is an immediate byte value or the CL register. In 64-bit mode it is possible to address 64-bit data as well. The operation performed by shld is to shift the most significant cnt bits out of dest, but instead of filling up the least significant bits with zeros, they are filled with the most significant cnt bits of src. Syntax 1 : shld cnt, src, dest #GAS Syntax shld dest, src, cnt #Intel syntax Likewise, the shrd operation shifts the least significant cnt bits out of dest, and fills up the most significant cnt bits with the least significant bits of the src operand. Syntax 2 : shrd cnt, src, dest #GAS Syntax shrd dest, src, cnt #Intel syntax Intel's nomenclature is misleading, in that the shift does not operate on double the basic operand size (i.e. specifying 32-bit operands doesn't make it a 64-bit shift): the src operand always remains unchanged. Also, Intel's manual states that the results are undefined when cnt is greater than the operand size, but at least for 32- and 64-bit data sizes it has been observed that shift operations are performed by (cnt mod n), with n being the data size. Example (GAS Syntax) : # ax=0000.0000.0000.0000 (0x0000) xorw %ax,%ax # ax=1111.1111.1111.1111 (0xffff) notw %ax # bx=0101.0101.0000.0000 movw $0x5500,%bx # bx=1111.0101.0101.0000 (0xf550), ax is still 0xffff shrdw $4,%ax,%bx # ax=1111.1111.1111.0101 (0xfff5), bx is still 0xf550 shldw $8,%bx,%ax Example : (decimal numbers are used instead of binary number to explain the concept) : # ax = 1234 5678 # bx = 8765 4321 shrd $3, %ax, %bx # ax = 1234 5678 bx = 6788 7654 # ax = 1234 5678 # bx = 8765 4321 shld $3, %ax, %bx # bx = 5432 1123 ax = 1234 5678


The instructions are of bit-wise logical instructions. Bit-wise AND Syntax : and src, dest #GAS Syntax and dest, src #Intel syntax Performs a bit-wise AND of the two operands, and stores the result in dest. Example : movl $0x1, %edx movl $0x0, %ecx andl %edx, %ecx ; here ecx would be 0 because 1 AND 0 = 0 Bit-wise OR Syntax : or src, dest #GAS Syntax or dest, src #Intel syntax Performs a bit-wise OR of the two operands, and stores the result in dest. Example : movl $0x1, %edx movl $0x0, %ecx orl %edx, %ecx ; here ecx would be 1 because 1 OR 0 = 1 Bit-wise XOR Syntax : xor src, dest #GAS Syntax xor dest, src #Intel syntax Performs a bit-wise XOR of the two operands, and stores the result in dest. Example : movl $0x1, %edx movl $0x0, %ecx xorl %edx, %ecx ; here ecx would be 1 because 1 XOR 0 = 1 Bit-wise Inversion Syntax : not arg Performs a bit-wise inversion of arg. Example : movl $0x1, %edx notl %edx /*here edx would be 0xFFFFFFFE because a bitwise NOT 0x00000001 = 0xFFFFFFFE*/


Syntax 1 : adc src, dest #GAS Syntax adc dest, src #Intel syntax Add with carry. Adds src + carry flag to dest, storing result in dest. Usually follows a normal add instruction to deal with values twice as large as the size of the register. In the following example, source contains a 64-bit number which will be added to destination. Example : mov eax, [source] ; read low 32 bits mov edx, [source+4] ; read high 32 bits add [destination], eax ; add low 32 bits adc [destination+4], edx ; add high 32 bits, plus carry Syntax 2 : sbb src, dest #GAS Syntax sbb dest, src #Intel syntax Subtract with borrow. Subtracts src + carry flag from dest, storing result in dest. Usually follows a normal sub instruction to deal with values twice as large as the size of the register.


Arithmetic instructions take two operands: a destination and a source. The destination must be a register or a memory location. The source may be either a memory location, a register, or a constant value. Atleast one of the two must be a register, because operations may not use a memory location as both a source and a destination. Syntax 1 : add src, dest #GAS Syntax add dest, src #Intel syntax This adds src to dest. If you are using the MASM syntax, then the result is stored in the first argument, if you are using the GAS syntax, it is stored in the second argument. Syntax 2 : sub src, dest #GAS Syntax sub dest, src #Intel syntax Like ADD, only it subtracts source from destination instead. In C: dest -= src; Syntax 3 : mul arg This multiplies "arg" by the value of corresponding byte-length in the AX register. operand size 1 byte 2 bytes 4 bytes other operand AL AX EAX higher part of result stored in: AH DX EDX lower part of result stored in: AL AX EAX In the second case, the target is not EAX for backward compatibility with code written for older processors. Syntax 4 : imul arg As MUL, only signed. The IMUL instruction has the same format as MUL, but also accepts two other formats like so: Syntax 5 : imul src, dest #GAS Syntax imul dest, src #Intel syntax This multiplies src by dest. If you are using the NASM syntax, then the result is stored in the first argument, if you are using the GAS syntax, it is stored in the second argument. Syntax 6 : imul aux, src, dest #GAS Syntax imul dest, src, aux #Intel syntax This multiplies src by aux and places it into dest. If you are using the NASM syntax, then the result is stored in the first argument, if you are using the GAS syntax, it is stored in the third argument. Syntax 7 : div arg This divides the value in the dividend register(s) by "arg", see table below. divisor size 1 byte 2 bytes 4 bytes dividend AX DX:AX EDX:EAX remainder stored in: AH DX EDX quotient stored in: AL AX EAX The colon (:) means concatenation. With divisor size 4, this means that EDX are the bits 32-63 and EAX are bits 0-31 of the input number (with lower bit numbers being less significant, in this example). As you typically have 32-bit input values for division, you often need to use CDQ to sign-extend EAX into EDX just before the division. If quotient does not fit into quotient register, arithmetic overflow interrupt occurs. All flags are in undefined state after the operation. Syntax 8 : idiv arg As DIV, only signed. Syntax 9 : neg arg Arithmetically negates the argument (i.e. two's complement negation).


Syntax 1 : hlt Halts the processor. Execution will be resumed after processing next hardware interrupt, unless IF is cleared. Syntax 2 : nop No operation. This instruction doesn't do anything, but wastes an instruction cycle in the processor. This instruction is often represented as an XCHG operation with the operands EAX and EAX. Syntax 3 : lock Asserts #LOCK prefix on next instruction. Syntax 4 : wait Waits for the FPU to finish its last calculation.


Syntax 1 : enter arg Creates a stack frame with the specified amount of space allocated on the stack. Syntax 2 : leave Destroys the current stack frame, and restores the previous frame. Using Intel syntax this is equivalent to: Syntax 3 : mov esp, ebp pop ebp This will set EBP and ESP to their respective value before the function prologue began therefore reversing any modification to the stack that took place during the prologue.


Syntax : loop arg The loop instruction decrements ECX and jumps to the address specified by arg unless decrementing ECX caused its value to become zero. Example mov ecx, 5 start_loop: ; the code here would be executed 5 times loop start_loop loop does not set any flags. Syntax : loopx arg These loop instructions decrement ECX and jump to the address specified by arg if their condition is satisfied (that is, a specific flag is set), unless decrementing ECX caused its value to become zero. loope loop if equal loopne loop if not equal loopnz loop if not zero loopz loop if zero


Syntax : call proc Pushes the address of the next opcode onto the top of the stack, and jumps to the specified location. This is used mostly for subroutines. Syntax : ret [val] Loads the next value on the stack into EIP, and then pops the specified number of bytes off the stack. If val is not supplied, the instruction will not pop any values off the stack after returning


The Jump Instructions allow the programmer to (indirectly) set the value of the EIP register. The location passed as the argument is usually a label. The first instruction executed after the jump is the instruction immediately following the label. All of the jump instructions, with the exception of jmp, are conditional jumps, meaning that program flow is diverted only if a condition is true. These instructions are often used after a comparison instruction, but since many other instructions set flags, this order is not required. Unconditional Jumps : Syntax : jmp loc Loads EIP with the specified address (i.e. the next instruction executed will be the one specified by jmp). Jump on Equality : Syntax : je loc ZF = 1 Loads EIP with the specified address, if operands of previous CMP instruction are equal. mov $5, ecx mov $5, edx cmp ecx, edx je equal ; if it did not jump to the label equal, then this means ecx and edx are not equal. equal: ; if it jumped here, then this means ecx and edx are equal Jump on Inequality : Syntax : jne loc ZF = 0 Loads EIP with the specified address, if operands of previous CMP instruction are not equal. Jump if Greater : Syntax 1 : jg loc ZF = 0 and SF = OF Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second (performs signed comparison). Syntax 2 : jge loc SF = OF Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second (performs signed comparison). Syntax 3 : ja loc CF = 0 and ZF = 0 Loads EIP with the specified address, if first operand of previous CMP instruction is greater than the second. ja is the same as jg, except that it performs an unsigned comparison. Syntax 4 : jae loc CF = 0 Loads EIP with the specified address, if first operand of previous CMP instruction is greater than or equal to the second. jae is the same as jge, except that it performs an unsigned comparison. Jump if Less : Syntax 1 : jl loc The criteria required for a JL is that SF <> OF, loads EIP with the specified address, if the criteria is meet. So either SF or OF can be set but not both in order to satisfy this criteria. If we take the SUB(which is basically what a CMP does) instruction as an example, we have: arg2 - arg1 With respect to SUB and CMP there are several cases that fulfill this criteria: arg2 < arg1 and the operation does not have overflow arg2 > arg1 and the operation has an overflow In case 1) SF will be set but not OF and in case 2) OF will be set but not SF since the overflow will reset the most significant bit to zero and thus preventing SF being set. The SF <> OF criteria avoids the cases where: arg2 > arg1 and the operation does not have overflow arg2 < arg1 and the operation has an overflow arg2 == arg1 In case 1) neither SF nor OF are set, in case 2) OF will be set and SF will be set since the overflow will reset the most significant bit to one and in case 3) neither SF nor OF will be set. The example code below runs the five cases outlined above and prints out whether SF and OF are equal or not: ; ; nasm -felf32 -g jlFlagsCheck.asm ; gcc -o jlFlagsCheck jlFlagsCheck.o ; global main extern printf section .data sfneofStr: db 'SF <> OF', 0xA, 0 sfeqofStr: db 'SF == OF', 0xA, 0 section .bss section .text main: ; ; Functions will follow the cdecl call convention ; ; ; arg2 < arg1 and no overflow ; mov eax, 1 cmp eax, 2 call checkSFNEOF ; ; arg2 < arg1 and overflow ; mov al, -2 cmp al, 127 call checkSFNEOF ; ; arg2 > arg1 and no overflow ; mov eax, 2 cmp eax, 1 call checkSFNEOF ; ; arg2 > arg1 and overflow ; mov al, 127 cmp al, -1 call checkSFNEOF ; ; arg2 == arg1 ; mov eax, 2 cmp eax, 2 call checkSFNEOF call exit ; ; Check if SF <> OF, which means the condition for jump less would be meet. ; checkSFNEOF: push ebp mov ebp, esp jl SFNEOF jmp SFEQOF SFNEOF: push dword sfneofStr call printf jmp checkSFNEOFDone SFEQOF: push dword sfeqofStr call printf checkSFNEOFDone: leave ret exit: ; ; Call exit(3) syscall ; void exit(int status) ; mov ebx, 0 ; Arg one: the status mov eax, 1 ; Syscall number: int 0x80 Output : SF <> OF SF <> OF SF == OF SF == OF SF == OF Syntax 2 : jb loc CF = 1 Loads EIP with the specified address, if first operand of previous CMP instruction is less than the second. jb is the same as jl, except that it performs an unsigned comparison. Syntax 3 : jbe loc CF = 1 or ZF = 1 Loads EIP with the specified address, if first operand of previous CMP instruction is less than or equal to the second. jbe is the same as jle, except that it performs an unsigned comparison. Jump on Overflow : Syntax 1 : jo loc OF = 1 Loads EIP with the specified address, if the overflow bit is set on a previous arithmetic expression. Syntax 2 : jno loc OF = 0 Loads EIP with the specified address, if the overflow bit is not set on a previous arithmetic expression. Jump on Zero : Syntax 1 : jz loc ZF = 1 Loads EIP with the specified address, if the zero bit is set from a previous arithmetic expression. jz is identical to je. Syntax 2 : jnz loc ZF = 0 Loads EIP with the specified address, if the zero bit is not set from a previous arithmetic expression. jnz is identical to jne. Jump on Sign : Syntax 1 : js loc SF = 1 Loads EIP with the specified address, if the sign bit is set from a previous arithmetic expression. Syntax 2 : jns loc SF = 0 Loads EIP with the specified address, if the sign bit is not set from a previous arithmetic expression.

X86 INSTRUCTIONS:::CONTROL FLOW::: comparison instruction

Performs a bit-wise logical AND on arg1 and arg2 the result of which we will refer to as Temp and sets the ZF(zero), SF(sign) and PF(parity) flags based on Temp. Temp is then discarded. Syntax test arg1, arg2 #GAS Syntax test arg2, arg1 #Intel syntax Operands arg1 Register Immediate arg2 AL/AX/EAX (only if arg1 is immediate) Register Memory Modified flags SF <- MostSignificantBit(Temp) If Temp == 0 ZF <- 1 else ZF <- 0 PF <- BitWiseXorNor(Temp[Max-1:0]) CF <- 0 OF <- 0 AF is undefined Performs a comparison operation between arg1 and arg2. The comparison is performed by a (signed) subtraction of arg2 from arg1, the results of which can be called Temp. Temp is then discarded. If arg2 is an immediate value it will be sign extended to the length of arg1. The EFLAGS register is set in the same manner as a sub instruction. Syntax cmp arg2, arg1 #GAS Syntax cmp arg1, arg2 #Intel syntax the GAS/AT&T syntax can be rather confusing, as for example cmp $0, %rax followed by jl branch will branch if %rax < 0 (and not the opposite as might be expected from the order of the operands). Operands arg1 AL/AX/EAX (only if arg2 is immediate) Register Memory arg2 Register Immediate Memory Modified flags SF <- MostSignificantBit(Temp) If Temp == 0 ZF <- 1 else ZF <- 0 PF <- BitWiseXorNor(Temp[Max-1:0]) CF, OF and AF<- 0


Almost all programming languages have the ability to change the order in which statements are evaluated, and assembly is no exception. The instruction pointer (EIP) register contains the address of the next instruction to be executed. To change the flow of control, the programmer must be able to modify the value of EIP. This is where control flow functions come in. mov eip, label ; wrong jmp label ; right


General purpose byte or word transfer instructions: Instruction Description MOV copy byte or word from specified source to specified destination PUSH copy specified word to top of stack POP copy word from top of stack to specified location PUSHA copy all registers to stack POPA copy words from stack to all registers XCHG Exchange bytes or exchange words XLAT translate a byte in AL using a table in memory These are I/O port transfer instructions: Instruction Description IN copy a byte or word from specific port to accumulator OUT copy a byte or word from accumulator to specific port Special address transfer Instructions: Instruction Description LEA load effective address of operand into specified register LDS load DS register and other specified register from memory LES load ES register and other specified register from memory Flag transfer instructions: Instruction Description LAHF load AH with the low byte of flag register SAHF Stores AH register to low byte of flag register PUSHF copy flag register to top of stack POPF copy top of stack word to flag register


Load Effective Address : Syntax : lea src, dest #GAS Syntax lea dest, src #Intel syntax The lea instruction calculates the address of the src operand and loads it into the dest operand. Operands src Immediate Register Memory dest Register Modified flags No FLAGS are modified by this instruction Load Effective Address calculates its src operand in the same way as the mov instruction does, but rather than loading the contents of that address into the dest operand, it loads the address itself. lea can be used not only for calculating addresses, but also general-purpose unsigned integer arithmetic (with the caveat and possible advantage that FLAGS are unmodified). This can be quite powerful, since the src operand can take up to 4 parameters: base register, index register, scalar multiplier and displacement, e.g. [eax + edx*4 -4] (Intel syntax) or -4(%eax, %edx, 4) (GAS syntax). The scalar multiplier is limited to constant values 1, 2, 4, or 8 for byte, word, double word or quad word offsets respectively. This by itself allows for multiplication of a general register by constant values 2, 3, 4, 5, 8 and 9, as shown below (using NASM syntax): Example : lea ebx, [ebx*2] ; Multiply ebx by 2 lea ebx, [ebx*8+ebx] ; Multiply ebx by 9, which totals ebx*18


Move byte Syntax : movsb The movsb instruction copies one byte from the memory location specified in esi to the location specified in edi. If the direction flag is cleared, then esi and edi are incremented after the operation. Otherwise, if the direction flag is set, then the pointers are decremented. In that case the copy would happen in the reverse direction, starting at the highest address and moving toward lower addresses until ecx is zero. Operands None. Modified flags No FLAGS are modified by this instruction Example : section .text ; copy mystr into mystr2 mov esi, mystr ; loads address of mystr into esi mov edi, mystr2 ; loads address of mystr2 into edi cld ; clear direction flag (forward) mov ecx,6 rep movsb ; copy six times section .bss mystr2: resb 6 section .data mystr db "Hello", 0x0 Move Word Syntax : movsw The movsw instruction copies one word (two bytes) from the location specified in esi to the location specified in edi. It basically does the same thing as movsb, except with words instead of bytes. Operands None. Modified flags No FLAGS are modified by this instruction Example : section .code ; copy mystr into mystr2 mov esi, mystr mov edi, mystr2 cld mov ecx,4 rep movsw ; mystr2 is now AaBbCca\0 section .bss mystr2: resb 8 section .data mystr db "AaBbCca", 0x0


Move sign extend : Syntax : movs src, dest #GAS Syntax movsx dest, src #Intel syntax The movs instruction copies the src operand in the dest operand and pads the remaining bits not provided by src with the sign bit (the MSB) of src. This instruction is useful for copying a signed small value to a bigger register. Operands src Register Memory dest Register Modified flags No FLAGS are modified by this instruction Example : .data byteval: .byte -24 # = 0xe8 .text .global _start _start: movsbw byteval, %ax # %ax is now -24 = 0xffe8 movswl %ax, %ebx # %ebx is now -24 = 0xffffffe8 movsbl byteval, %esi # %esi is now -24 = 0xffffffe8 # Linux sys_exit mov $1, %eax xorl %ebx, %ebx int $0x80


Move Zero Extend : Syntax : movz src, dest #GAS Syntax movzx dest, src #Intel syntax The movz instruction copies the src operand in the dest operand and pads the remaining bits not provided by src with zeros (0). This instruction is useful for copying a small, unsigned value to a bigger register. Operands arg1 Register Memory arg2 Register Modified flags No FLAGS are modified by this instruction Example : .data byteval: .byte 204 .text .global _start _start: movzbw byteval, %ax # %eax is now 204 movzwl %ax, %ebx # %ebx is now 204 movzbl byteval, %esi # %esi is now 204 # Linux sys_exit mov $1, %eax xorl %ebx, %ebx int $0x80

&quot;Exploring the Intersections: Insights into Exam Prep, Science, Business,Tech,Web-dev,Admin&amp;Health

काबिज नजूल : आबादी भूमि पर बने मकान को विक्रय करते समय बिक्रीनामा तैयार करने की प्रक्रिया-Occupied Nazul or populated land

काबिज नजूल अथवा आबादी भूमि पर बने मकान को विक्रय करते समय बिक्रीनामा तैयार करने की प्रक्रिया:   1. दस्तावेज इकट्ठा करना: विक्रेता और खरीदार ...