Aug 30, 2011 - Immediate Data. 0/1/2/4. S S I I I B B B. Element ... [ESI]+disp32. [BP]+disp16. [ESI]+disp8. [BP]+disp8.
FRAUNHOFER-INSTITUT FÜR KOMMUNIKATION, INFORMATIONSVERARBEITUNG UND ERGONOMIE FKIE
x86 Opcode Structure and Instruction Overview 0 1 2 3 4 5 6 7 8 9 AB CDE F 0 1 2 3 4 5 6 7 8 9 AB CDE F OR ADD 0 0 SBB SSE{1,2,3} ADC 1 1 SUB AND SSE{1,2} 2 2 MOV CR/DR XOR CMP 3 3 INC DEC CMOV 4 4 PUSH POP SSE{1,2} 5 5 MMX, SSE2 6 6 MMX, SSE{1,2,3}, VMX 7 7 MOV REG 8 8 XCHG EAX 9 9 A MOV EAX A MOV B B SSE{1,2} BSWAP C C MMX, SSE{1,2,3} FPU D D MMX, SSE{1,2} E E MMX, SSE{1,2,3} F F 2nd
2nd
1st
1st
TWO CS BYTE PUSH POP DS DS
ES ES PUSH POP SS SS ES
DAA
CS
SEGMENT OVERRIDE
PUSHAD POPAD BOUND
ARPL
FS
GS
SEGMENT OVERRIDE
JO
JNO
JB
JNB
JE
JNE
{L,S}LDT {L,S}GDT {L,S}TR {L,S}IDT VER{R,W} {L,S}MSW
LAR
LSL
CLTS
INVD Prefetch SSE1
AAA
OPERAND SIZE
ADDRESS SIZE
DS
PUSH IMUL PUSH IMUL
INS
NOP
HINT_NOP
DAS
SEGMENT OVERRIDE
SS
UD2
WBINVD
AAS
WRMSR RDTSC
GETSEC SMX
RDMSR RDPMC SYSENTER SYSEXIT
MOVBE / THREE BYTE
THREE BYTE SSE4
OUTS
SIZE OVERRIDE
JBE
JA
JS
JNS
JPE
JPO
JL
JGE
JLE
JG
MMX, SSE{2,3}
Jcc
ADD/ADC/AND/XOR OR/SBB/SUB/CMP
TEST
MOV MOV LEA POP SREG SREG
XCHG
NOP
CWD CDQ CALLF WAIT
PUSHFD POPFD
JO
JNO
JB
JNB
JE
JNE
JBE
JA
JS
JNS
JPE
JPO
JL
JGE
JLE
JG
SETNS
SETPE
SETPO
SETL
SETGE
SETLE
SETG
*FENCE
IMUL
Jcc SHORT
SETO
SAHF LAHF
SETNO
SETB
SETNB
SETE
SETNE
SETBE
SETA
SETS
SETcc
MOVS
CMPS
TEST
STOS
PUSH POP CPUID BT FS FS
SCAS
LODS
CMPXCHG
SHIFT IMM
RETN
SHIFT 1
SHIFT CL
ROL/ROR/RCL/RCR/SHL/SHR/SAL/SAR
LOOPNZ LOOPZ
LOOP
CONDITIONAL LOOP
LOCK
EXCLUSIVE ACCESS
ICE BP
REPNE
JECXZ REPE
CONDITIONAL REPETITION
Arithmetic & Logic
LES
LDS MOV IMM
ENTER
RETF
INT3
INT INTO IRETD IMM
BTR
LFS
LGS
MOVZX
XADD
POPCNT
BT BTS BTR BTC
UD
BTC
SHRD
BSF
BSR
MOVSX
CMPXCHG
AAM AAD SALC XLAT IN IMM
OUT IMM
HLT CMC
TEST/NOT/NEG [i]MUL/[i]DIV
Prefix
Memory
System & I/O
Stack
No Operation (NOP) / Multiple Instructions / Extended Instruction Set
CALL JMP JMPF CLC
STC
CLI
JMP SHORT
STI
IN DX
CLD
STD
OUT DX
INC DEC
INC/DEC CALL/JMP PUSH
Addressing Modes
General Opcode Structure Element Information # of bytes Bit structure
Control Flow & Conditional
LEAVE
LSS
PUSH POP RSM BTS GS GS
SHLD
Prefix
Opcode
0-4
1-3 O OO OO O D L
AddrMode (mod, reg, r/m) 0-1 MM R R R R R R O O E E E MMM D D G G G
Main Opcode bits Direction bit Operand length bit
v1.0 – 30.08.2011 Contact: Daniel Plohmann – +49 228 73 54 228 –
[email protected]
SIB Byte (scale, index, base) 0-1
Displacement
Immediate Data
0/1/2/4
0/1/2/4
mod
Base field Index field Scale field
r/m field Register/Opcode modifier, defined by primary opcode Addressing mode
SIB Byte Structure encoding
scale (2bit)
Index (3bit)
r/m
16bit
32bit
16bit
32bit
16bit
32bit
r/m // REG
000
20=1
[EAX]
EAX
000
[BX+SI]
[EAX]
[BX+SI]+disp8
[EAX]+disp8
[BX+SI]+disp16
[EAX]+disp32
AL / AX / EAX
001
21=2
[ECX]
ECX EDX
001
S S I I I B B B
00
01
10
11
2
Base (3bit)
[BX+DI]
[ECX]
[BX+DI]+disp8
[ECX]+disp8
[BX+DI]+disp16
[ECX]+disp32
CL / CX / ECX
010
2 =4
[EDX]
010
[BP+SI]
[EDX]
[BP+SI]+disp8
[EDX]+disp8
[BP+SI]+disp16
[EDX]+disp32
DL / DX / EDX
011
23=8
[EBX]
011
[BP+DI]
[EBX]
[BP+DI]+disp8
[EBX]+disp8
[BP+DI]+disp16
[EBX]+disp32
BL / BX / EBX
100
--
none
ESP
100
[SI]
SIB
[SI]+disp8
SIB+disp8
[SI]+disp16
SIB+disp32
AH / SP / ESP
101
--
[EBP]
disp32 / disp8+ [EBP] / disp32 + [EBP]
101
[DI]
disp32
[DI]+disp8
[EBP]+disp8
[DI]+disp16
[EBP]+disp32
CH / BP / EBP
110
--
[ESI]
ESI
110
disp16
[ESI]
[BP]+disp8
[ESI]+disp8
[BP]+disp16
[ESI]+disp32
DH / SI / ESI
111
--
[EDI]
EDI
111
[BX]
[EDI]
[BX]+disp8
[EDI]+disp8
[BX]+disp16
[EDI]+disp32
BH / DI / EDI
EBX
SIB value = index * scale + base
Source: Intel x86 Instruction Set Reference Opcode table presentation inspired by work of Ange Albertini
![Profile & Overview Structure - Zain [PDF]](https://m.moam.info/img/260x300/profile-overview-structure-zain-pdf_65069d22098a9e9d618b4578.jpg)
