X86 asm command cheat sheet PDF

Preview

Summary

Download X86 asm command cheat sheet PDF

Description

FoCA

Common x86 Integer Instructions Guide*

Name

Operation

Operands ("Op" operand, ":=" assignment, "=" operand type)

MOV XCHG PUSH PUSHF PUSHA POP POPF POPA CBW CWD

Move (actually, copy) Exchange Push onto stack memory Push flag register Push all general registers Pop from stack memory Pop flag register Pop all general registers Convert byte to word Convert word to double

MOV Dest, Source XCHG Op1, Op2 PUSH Source PUSHF PUSHA POP Dest POPF POPA CBW CWD

Alternative: POPAD (dword sized registers) AX := AL (signed) EDX:EAX := EAX (signed)

IN OUT

Input Output

IN Dest, Port OUT Port, Source

AL / AX / EAX := byte/word/double of specified port Byte/word/double of specified port := AL / AX / EAX

ADD ADC SUB SBB DIV DIV IDIV IDIV MUL MUL IMUL IMUL INC DEC

Add Add with Carry Subtract Subtract with borrow Divide (unsigned) Divide (unsigned) Divide (signed) Divide (signed) Multiply (unsigned) Multiply (unsigned) Multiply (signed) Multiply (signed) Increment (deprecated) Decrement (deprecated)

ADD Dest, Source ADC Dest, Source SUB Dest, Source SBB Dest, Source DIV Op* DIV Op* IDIV Op* IDIV Op* MUL Op MUL Op IMUL Op IMUL Op INC Op DEC Op

Dest := Dest+Source Dest := Dest+Source+CF (CF is carry flag) Dest := Dest-Source Dest := Dest-(Source+CF) Op=byte: AL := AX / Op AH:=remainder *Op can't be a literal Op=dword: EAX := EDX:EAX / Op EDX:=remainder Op=byte: AL := AX / Op AH:=remainder Op=dword: EAX := EDX:EAX / Op EDX:=remainder Op=byte: AX := AL*Op if AH=0 Op=dword: EDX:EAX := EAX*Op Op=byte: AX := AL*Op if AL sufficient Op=dword: EDX:EAX := EAX*Op Op := Op+1 (Carry flag not affected) (Use ADD instead) Op := Op-1 (Carry flag not affected) (Use SUB instead)

CMP TEST SAL SHL SAR SHR RCL RCR ROL ROR

Compare Test Shift arithmetic left (SHL) Shift logical left (SAL) Shift arithmetic right Shift logical right Rotate left through Carry Rotate right through Carry Rotate left Rotate right

CMP Op1, Op2 TEST Op1, Op2 SAL Op, n or CL SHL Op, n or CL SAR Op, n or CL SHR Op, n or CL RCL Op, n or CL RCR Op, n or CL ROL Op, n or CL ROR Op, n or CL

Op1 - Op2 ( sets the flags accordingly) Op1 AND Op2 (sets zero flag if result = 0) n = number of bit positions to shift, ( "multiply by 2n") CL = LSByte of ECX. (Final bit shifted out of Op is in CF.) n/CL as for SAL/SHL ( Signed "divide by 2n") n/CL as for SAL/SHL ( Unsigned "divide by 2n") n/CL as for SAL/SHL, 0 - 31 only (rotate includes CF.) n/CL as for SAL/SHL, 0 - 31 only (rotate includes CF.) n/CL as for SAL/SHL, 0 - 31 only (CF = copy of rotated bit.) n/CL as for SAL/SHL, 0 - 31 only (CF = copy of rotated bit.)

NEG NOT AND OR XOR

Negate (two's-complement) Invert each bit Bitwise And Bitwise Or Bitwise Exclusive Or

NEG Op NOT Op AND Dest, Source OR Dest, Source XOR Dest, Source

Op := 0 - Op if Op=0 then CF:=0 else CF:=1 Op :=  Op (invert each bit) Dest := Dest ) Source Dest := Dest  Source Dest := Dest (XOR) Source

NOP LEA

No operation Load effective address

NOP LEA Dest, Source

No operation (!) (Surprisingly useful!) Dest := address of Source. Source can be "[ eff addr calc ]"

CALL RET

Call subroutine Return from subroutine

CALL label / addr / reg RET

LOOP

Decrement & Jump

LOOP Dest

ESP:=ESP-4; [ESP] := EIP; EIP := label / address / register EIP := [ESP]; ESP:=ESP+4. Variation: RET n (return and add 'n' to ESP.) ECX:=ECX-1, EIP:=Dest if ECX not zero (flags not affected.)

JMP

Unconditional Jump ( "Goto") JMP Dest

EIP:=Dest (flag values not used.)

Jcc

Conditional Jump ("cc" see below) Jcc Dest

EIP:=Dest (depending on flags - mainly SF, ZF, and CF.)

JE JZ JC JS JG JL JO JA JB JECXZ JNA JNB JNG JNL JPE

JNE JNZ JNC JNS JGE JLE JNO JAE JBE JCXZ JNAE JNBE JNGE JNLE JPO

Jump if equal (ZF=1). Jump if zero (ZF=1). Jump if carry (CF=1). Jump if sign (SF=1). Jump if greater (ZF=0 and SF=OF). Jump if less (SFOF). Jump if overflow (OF=1). Jump if above (CF=0 and ZF=0). Jump if below (CF=1). Jump if ECX register is 0. Jump if not above (CF=1 or ZF=1). Jump if not below (CF=0). Jump if not greater (ZF=1 or SFOF). Jump if not less (SF=OF). Jump if parity even (PF=1).

Destination := Source (i.e. copy right into left) Op1 := Op2 , Op2 := Op1 (i.e. swap values) Decrement ESP by 4, then [ESP] := Source Alternative: PUSHAD (dword sized registers) Dest := [ESP], increment ESP by 4

Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump

if not equal if not zero if not carry if not sign if greater or equal if less or equal if not overflow if above or equal if below or equal if CX register is 0. if not above or equal if not below or equal if not greater or equal if not less or equal if parity odd

(ZF=0). (ZF=0). (CF=0). (SF=0). (SF=OF). (ZF=1 or SFOF). OF=0). (CF=0). (CF=1 or ZF=1). (CF=1). (CF=0 and ZF=0). (SFOF). (ZF=0 and SF=OF). (PF=0).

*Many instructions have been omitted. Those shown highlighted represent those you will use and see most frequently; you do not need to learn all of the x86 instruction set. Always consult the full manual for details. Struck through instructions are now deprecated in favour of equivalent ones.

23

Jcc Conditional Jump Opcode

Mnemonic

Description

(for rel8 short jumps)

77 cb 73 cb 72 cb 76 cb 72 cb E3 cb E3 cb 74 cb 7F cb 7D cb 7C cb 7E cb 76 cb 72 cb 73 cb 77 cb 73 cb 75 cb 7E cb 7C cb 7D cb 7F cb 71 cb 7B cb 79 cb 75 cb 70 cb 7A cb 7A cb 7B cb 78 cb 74 cb

JA JAE JB JBE JC JCXZ JECXZ JE JG JGE JL JLE JNA JNAE JNB JNBE JNC JNE JNG JNGE JNL JNLE JNO JNP JNS JNZ JO JP JPE JPO JS JZ

Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest Dest

Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump Jump

if above (CF=0 and ZF=0). if above or equal (CF=0). if below (CF=1). if below or equal (CF=1 or ZF=1). if carry (CF=1). if CX register is 0. if ECX register is 0. if equal (ZF=1). if greater (ZF=0 and SF=OF). if greater or equal (SF=OF). if less (SFOF). if less or equal (ZF=1 or SFOF). if not above (CF=1 or ZF=1). if not above or equal (CF=1). if not below (CF=0). if not below or equal (CF=0 and ZF=0). if not carry (CF=0). if not equal (ZF=0). if not greater (ZF=1 or SFOF). if not greater or equal (SFOF). if not less (SF=OF). if not less or equal (ZF=0 and SF=OF). if not overflow (OF=0). if not parity (PF=0). if not sign (SF=0). if not zero (ZF=0). if overflow (OF=1). if parity (PF=1). if parity even (PF=1). if parity odd (PF=0). if sign (SF=1). if zero (ZF=1).

Description Checks the state of one or more of the status flags in the EFLAGS register (CF, OF, PF, SF, and ZF) and, if the flags are in the specified state (condition), performs a jump to the target instruction specified by the destination operand. A condition code (cc) is associated with each instruction to indicate the condition being tested for. If the condition is not satisfied, the jump is not performed and execution continues with the instruction following the Jcc instruction. The target instruction is specified with a relative offset (a signed offset relative to the current value of the instruction pointer in the EIP register). A relative offset (rel8, rel16, or rel32) is generally specified as a label in assembly code ('Dest' in the table above), but at the machine code level, it is encoded as a signed, 8-bit (AOshown as 'cb' in the table) or 32-bit immediate value, which is added to the instruction pointer. Instruction coding is most efficient for offsets of -128 to +127 (AOsuggesting that you should keep loops and IF…THEN structures compact for performance reasons). If the operand-size attribute is 16, the upper two bytes of the EIP register are cleared, resulting in a maximum instruction pointer size of 16 bits. The conditions for each Jcc mnemonic are given in the "{description}" column of the table. The terms "less" and "greater" are used for comparisons of signed integers and the terms "above" and "below" are used for unsigned integers. Because a particular state of the status flags can sometimes be interpreted in two ways, two mnemonics are defined for some opcodes. For example, the JA (jump if above) instruction and the JNBE (jump if not below or equal) instruction are alternate mnemonics for the opcode 77H. The Jcc instruction does not support far jumps (jumps to other code segments). When the target for the conditional jump is in a different segment, use the opposite condition from the condition being tested for the Jcc instruction, and then access the target with an unconditional far jump (JMP instruction) to the other segment. For example, the following conditional far jump is illegal: JZ FARLABEL; To accomplish this far jump, use the following two instructions: JNZ BEYOND; JMP FARLABEL; BEYOND: The JECXZ and JCXZ instructions differ from the other Jcc instructions because they do not check the status flags. Instead they check the contents of the ECX and CX registers, respectively, for 0. Either the CX or ECX register is chosen according to the address-size attribute. These instructions are useful at the beginning of a conditional loop that terminates with a conditional loop instruction (such as LOOPNE). They prevent entering the loop when the ECX or CX register is equal to 0, which would cause the loop to execut e 232 or 64K times, respectively, instead of zero times. All conditional jumps are converted to code fetches of one or two cache lines, regardless of jump address or cacheability.

24...