The x86 INSTRUCTION SET B.1 Introduction B.1.1 Flags< B.1.2 Instruction Descriptions and Formats B.2 Instruction Set Details (Non Floating-Point) B.3 Floating-point Instructions B.1 Introduction This appendix is a quick guide to the most commonly used x86 instructions. It does riot cover sys- tem-mode instructions or instructions typically used only in operating system kernel code or protected-mode device drivers. B.1.1 Flags (EFIags) Each instruction description contains a series of boxes that describe how the instruction will affect the CPU status flags. Each flag is identified by a single letter: 0 Overflow S Sign P Parity D Direction Z Zero C Carry 1 Interrupt A Auxiliary Carry Inside the. boxes, the following notation shows how each instruction will affect the flags: 1 Sets the flag. 0 Clears the flag. ? May change the flag to an undetermined value. (blank) The flag is not changed. * Changes the flag according to specific rules associated with the flag. 620 B.I 621 For example, the following diagram of the CPU flags is taken from one of the instruction descriptions: GDI S Z A P C From the diagram, we see that the Overflow, Sign, Zero, and Parity flags will be changed to unknown values. The Auxiliary Carry and Carry flags will he modified according to rules associ- ated with the flags. The Direction and Interrupt flags will not be changed. B.1.2* Instruction Descriptions and Formats -^-^-^^-- -— When a reference to source and destination operands is made, we use the natural order of oper- ands in all x86 instructions, in which the first operand is the destination and the second is the source. In the MOV instruction, for example, the destination will be assigned a copy of the data in the source operand: MOV destination, source There may be several formats available for a single instruction. Table B-l contains a list of symbols used in instruction formats. In the descriptions of individual instructions, we use the natation "?;86" to indicate that an instruction or one of its variants is only available on processors in the 32-bit x86 family (Tnlel386 onw;ird). Similarly, the notation "(80286)" indicates that at least an Intel 80286 processor must be used. Register notations such as (E)CX, (E)SI, (E)DI, (E)SP, (E)BP, and (E)IP differentiate between x86 processors that use the 32-bit registers and all earlier processors that used 16-bit registers. B'l Symbols Used in Instruction Formats. L f * U lly Symbol1/; .' \ ^ \ ^Description^i 1 ^( * reg An 8-, 16-, or 32-bit general register from ihe following list: AH, AL, BH, BL, CH, CL, DH, DL, AX, BX, CX, DX, SI, DI, BP, SP, EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP. regS, reg!6, reg32 A general register, identified by its number of bits. A 16-bit segment register (CS, DS, ES, SS, FS, GS). accum AL, AX, or EAX. mem A memory operand, using any of the standard memory-addressing modes. mem8, mem} 6, mem32 A memory operand, identified by its number of bits. short label A location in the code segment within —128 to + 127 bytes of the current location. near label A location in the current code segment, identified by a label. farlabel A location in an external code segment, identified by a label. Symbol • Dascription .imm - An immediate operand imrn8, immlfj, imtn32 An immediate operand identified by its number of bits. instruction An 80x86 assembly language instruction. B.2 Instruction Set Details (Non Floating-Point) AAA ASCII Adjust After Addition O D I S Z A P C ? ? | Ll^ '•' *J Adjusts the result in AL after two ASCII digits have been added together. If AL > 9, the high digit of the result is placed in AH, and the Carry and Auxiliary Carry flags are set. Instruction format: AAA AAD ASCII Adjust Before Division GDI S Z A P C LL - I* V * ? Converts unpacked BCD digits in AH and AL to a single binary value in prL-puratiun for die DIV instruction. Instruction format: AAD AAM ASCll Adjust After Multiply O D I S Z A P C l'Wf«l~u- Adjusts the result in AX after two unpacked BCD digits have been multiplied together. Instruction format: AAM li.2 ioN SET oN FloAtiM,'Poiw) 62J AAS ASCII Adjust After Subtraction O D I S Z A P C ? ? ? * ? * I Adjusts the result in AX nfter a subtraction operation. If AL > 9, AAS decrements AH and sets .jhe^Cairy and Auxiliary Carry flags. .. Instruction format: AAS ADC Add Carry GDIS Z A P C EH • * * * * Adds both the source operand and tt c Carry flag m the destination operand. Operands must he the saniL" si/.e. Instruction formats: ADC" reg, reg ADC r.:;g, inirn ADC mem, reg- ADC mem, inun ADC reg, mem ADC accum, iiwn ADD Add 0 D I S Z A P C * A source operand is added to a destination operand, and the sum is stored in the destination. Operands must be the same SIM. Instruction formats: ADD reg, recr ADD reg, imm ADD mem, reg ADD mem, imm ADD reg, mem ADD accum, imm AND Logical AND O 15 I S Z A P C1 Lii_L • * ? * j 0 1 Each bit in the destination operand is ANDed with Ihe corresponding bit in the source operand. Instruction formats: AND reg, reg AND reg, imm AND mem, reg AND mem, imm AND reg,mejn AND accum, imm Verilies that a signed index value is within die bounds of an array. On the 80286 processor, die destination operand can be any 16-bit register containing the index to be checked. The source operand must be a 32-bit memory operand in which the high and low words contain the upper and lower bounds of the index value. On the x86 processor, the destination can be a 32-bit regis- ter and the source can be a 64-bit memory operand. Instruction formats: BOUND reglG,mem32 BOUND r32,niem64 BSF, Bit Scan (x86) BSR O D r S Z A P C 1 7 ? ? ? ? ? Scans an operand to find die first set bit. If Hie bit is found, the Zero flag is cleared, and die destination operand is assigned the bit number (index) of the first set bit encountered. If no set bit is found, ZF = 1 . BSF scans from bit 0 to the highest bit. and BSR starts at the highest bit and scans toward bit 0. Instruction formats (apply to both BSF and BSR): BSF regl6/r/ml6 BSF reg32,r/m32 BSWAP Byte Swap (x86) Reverses the byte order of a 32-bit destination register. Instruction format: BSWAP reg32 BT, Bit Tests (x86) BTC, O D I S z A P C ? 7 ? * BTR, CE ? BTS Copies a specified bit (n) into the Carry flag. The destinalion operand contains Ihe value in which die bit is located, and the source operand indicates die bit's position within the destination. BT copies bit n to the Carry flag. BTC copies bit n to the Carry flag and complements bit n in the destination operand. BTR copies bit n to the Carry flag and clears bit n in the destinalion. BTS copies bit n to the Carry flag and sets bit n in die destination. Instruction formats: BT r/ml6,imm8 BT r/ml6,rl6 BT r/m32,imm8 BT r/m32,r32 B.2 INSTRUCTION SET DEmils (NoN 625 CALL Call a Procedure GDI S 2 A P C Pushes the location of the next instruction on the stack and transfers to the destination location. If the procedure is near (in the same segment), only the offset of the next instruction is pushed; otherwise, hoth the segment and the offset arc pushed. Instruction formats: C7Vr,L, nea r 1 abol CALL meml 5 CALL fzrl abel CALL merr.3 2 CALL reg CBW Convert Byte to Word l) Extends the sign hit in AL throughout the AH register. Instruction format: CBW CDQ Convert Doubleword to Quadword (x86) O D 1 S 2. A P C L_ _J_ Extends the .sign bil in FLAX throughout the EDX register. Instruction format: CDQ CLC Clear Carry Flag O D I S 7, A \> C Clears the Carry flag lo /.cru. Instruction format: CLC CLD Clear Direction Flag O D J S 2 A P C 0 Clears the Direction fiag to zero. String primitive instructions will automatically increment (0)51 and (E)DI. Instruction format: CLD CLI Clear Interrupt Flag GDI S Z A P C 0 Clears the Interrupt flag to zero. This disables maskable hardware interrupts until an STI instruc- tion is executed. Instruction format: CLI CMC Complement Carry Flag GDI S Z A P C Toggles the current value of the Carry flag. Instruction form at: CMC CMP Compare O D I S Z A P C * ***** Compares the destination to the source by performing an implied subtraction of the source from the destination. Instruction formats: CMP reg, reg CMP reg, imm CMP mem, r&g CMP mem, imm CMP reg, mem CMP accum, imm IS.2 INSTRUCTION SFI DEtAik (NoN 627 CMPS, Compare Strings CMPSB, O D I 7. A CMPSW, CMPSD Compares strings in memory addressed by DS:(E)SI and ES:(E)DI. Carries out an implied sub- traction of the destination from the source. CMPSB compares bytes, CMPSW compares words, and CMPSD compares doublewords (on xS6 processors). (Ii)S! and (E)D1 are increased or decreased according to tlic operand size and the status of the Direction flag.