780 likes | 1.17k Views
80386 Instruction Set. Operand-Size and Address-Size Attributes. The 80386 can address memory using either 16 or 32-bit addresses. Consequently, each instruction that uses memory addresses has associated with it an address-size attribute of either 16 or 32 bits.
E N D
Operand-Size and Address-Size Attributes • The 80386 can address memory using either 16 or 32-bit addresses. Consequently, each instruction that uses memory addresses has associated with it an address-size attribute of either 16 or 32 bits. • 16-bit addresses imply both the use of a 16-bit displacement in the instruction and the generation of a 16-bit address offset (segment relative address) as the result of the effective address calculation. • 32-bit addresses imply the use of a 32-bit displacement and the generation of a 32-bit address offset. • An instruction that accesses words (16 bits) or doublewords (32 bits) has an operand-size attribute of either 16 or 32 bits. SKNCOE
Data Movement Instructions • These instructions provide convenient methods for moving bytes, words, or doublewords of data between memory and the registers of the base architecture. They fall into the following classes: • General-purpose data movement instructions. • Stack manipulation instructions. • Type-conversion instructions. SKNCOE
General-Purpose Data Movement Instructions • MOV (Move) transfers a byte, word, or doubleword from the source operand to the destination operand. The MOV instruction is useful for transferring data along any of these paths. • To a Register from Memory • To Memory from a Register • Between General Registers • Immediate Data to a Register • Immediate Data to a Memory • The MOV instruction cannot move from memory to memory or from segment register to segment register are not allowed. • Memory-to-Memory moves can be performed, however, by the string move instruction MOVS. SKNCOE
General-Purpose Data Movement Instructions • XCHG (Exchange) swaps the contents of two operands. • XCHG is especially useful for implementing semaphores or similar data structures for process synchronization. • The XCHG instruction can swap two byte operands, two word operands, or two doubleword operands. • The operands for the XCHG instruction may be two register operands, or a register operand with a memory operand. SCOE/COMP/MA/MPW
Stack Manipulation Instructions - PUSH • PUSH decrements the stack pointer (ESP), then transfers the source operand to the top of stack indicated by ESP. PUSH is often used to place parameters on the stack before calling a procedure. • The PUSH instruction operates on memory operands, immediate operands, and register operands (including segment registers). SKNCOE
Stack Manipulation Instructions - PUSH PUSHAD (Push All Registers) saves the contents of the eight general registers on the stack. The processor pushes the general registers on the stack in the following order: EAX, ECX, EDX, EBX, the initial value of ESP before EAX was pushed, EBP, ESI, and EDI. SKNCOE
Stack Manipulation Instructions - POP POP (Pop) transfers the word or doubleword at the current top of stack (indicated by ESP) to the destination operand, and then increments ESP to point to the new top of stack. POP moves information from the stack to a general register, or to memory SKNCOE
Stack Manipulation Instructions - POPA POPAD (Pop All Registers) restores the registers saved on the stack by PUSHAD, except that it ignores the saved value of ESP. SKNCOE
Stack Manipulation Instructions - POPAD POPAD – instruction pops all eight 32-bit GP registers from the top of the stack. This is distinct from the POPA instruction, which pops 16-bit values. PUSHAD – instruction is the functional opposite of the POPAD inst. It causes all 32 bits of the eight GP registers to be pushed onto the stack. POPFD – instruction is equivalent to the POPF inst except that it pops all 32 bits of the EFLAGS register. PUSHFD – instruction pushes all 32 bits of the EFLAGS register onto the stack. SKNCOE
Type Conversion Instructions • The type conversion instructions convert bytes into words, words into doublewords, and doublewords into 64-bit items (quad-words). • These instructions are especially useful for converting signed integers, because they automatically fill the extra bits of the larger item with the value of the sign bit of the smaller item. This kind of conversion is called sign extension. SKNCOE
Type Conversion Instructions There are two classes of type conversion instructions: The forms CWD, CDQ, CBW, and CWDE which operate only on data in the EAX register. The forms MOVSX and MOVZX, which permit one operand to be in any general register while permitting the other operand to be in memory or in a register. SKNCOE
Type Conversion Instructions • CWD (Convert Word to Doubleword) and CDQ (Convert Doubleword to Quad-Word) double the size of the source operand. • CWD extends the sign of the word in register AX throughout register DX. CDQ extends the sign of the doubleword in EAX throughout EDX. • CWD can be used to produce a doubleword dividend from a word before a word division, and CDQ can be used to produce a quad-word dividend from a doubleword before doubleword division. • CBW (Convert Byte to Word) extends the sign of the byte in register AL throughout AX. SCOE/COMP/MA/MPW
Type Conversion Instructions • CWDE (Convert Word to Doubleword Extended) extends the sign of the word in register AX throughout EAX. • Example • MOV AX, 1234h ;AX gets positive number • CWDE • MOVSX (Move with Sign Extension) sign-extends an 8-bit value to a 16-bit value and a 8- or 16-bit value to 32-bit value. • MOVZX (Move with Zero Extension) extends an 8-bit value to a 16-bit value and an 8- or 16-bit value to 32-bit value by inserting high-order zeros. SCOE/COMP/MA/MPW
Addition and Subtraction Instructions • ADD (Add Integers) replaces the destination operand with the sum of the source and destination operands. Sets CF if overflow. • ADC (Add Integers with Carry) sums the operands, adds one if CF is set, and replaces the destination operand with the result. If CF is cleared, ADC performs the same operation as the ADD instruction. An ADD followed by multiple ADC instructions can be used to add numbers longer than 32 bits. • INC (Increment) adds one to the destination operand. INC does not affect CF. Use ADD with an immediate value of 1 if an increment that updates carry (CF) is needed. SCOE/COMP/MA/MPW
Operand-Size and Address-Size Attributes • SUB (Subtract Integers) subtracts the source operand from the destination operand and replaces the destination operand with the result. If a borrow is required, the CF is set. The operands may be signed or unsigned bytes, words, or doublewords. • SBB (Subtract Integers with Borrow) subtracts the source operand from the destination operand, subtracts 1 if CF is set, and returns the result to the destination operand. • DEC (Decrement) subtracts 1 from the destination operand. DEC does not update CF. Use SUB with an immediate value of 1 to perform a decrement that affects carry. SCOE/COMP/MA/MPW
Comparison and Sign Change Instruction • CMP (Compare) subtracts the source operand from the destination operand. It updates OF, SF, ZF, AF, PF, and CF but does not alter the source and destination operands. A subsequent Jcc or SETcc instruction can test the appropriate flags. • Example • CMP AX, 4357h ; compare AX to constant • JNE far_away ; jump if not equal • NEG (Negate) subtracts a signed integer operand from zero. The effect of NEG is to reverse the sign of the operand from positive to negative or from negative to positive. SCOE/COMP/MA/MPW
Multiplication Instruction • The 80386 has separate multiply instructions for unsigned and signed operands. • MUL operates on unsigned numbers, while IMUL operates on signed integers as well as unsigned. • Using IMUL it is possible to multiply any register by any other register or by a memory operand. Signed Multiplication • Example • MOV EBX, 12345678h • MOV ESI, 87654321h • IMUL EBX, ESI ;EBX = EBX*ESI SCOE/COMP/MA/MPW
Division Instruction • DIV - The 80386 performs an unsigned division. The dividend is implicit; only the divisor is given as an operand. SCOE/COMP/MA/MPW • IDIV - The 80386 performs an signed division. The dividend is implicit; only the divisor is given as an operand.
Logical Instruction • The group of logical instructions includes: • The Boolean Operation Instructions • Bit Test and Modify Instructions • Bit Scan Instructions • Rotate and Shift Instructions • Byte Set on condition SCOE/COMP/MA/MPW
Bit Test and Modify Instruction This group of instructions operates on a single bit which can be in memory or in a general register. The location of the bit is specified as an offset from the low-order end of the operand. The value of the offset either may be given by an immediate byte in the instruction or may be contained in a general register. These instructions first assign the value of the selected bit to CF, the carry flag. Then a new value is assigned to the selected bit, as determined by the operation. OF, SF, ZF, AF, PF are left in an undefined state. SCOE/COMP/MA/MPW
Bit Manipulation Instruction SCOE/COMP/MA/MPW
Bit Test and Modify Instruction BT (Bit Test ) – reports the status of a bit in the operand by setting or clearing CF to match it. The operand under test may be either a register or a memory location. The second operand specifies which bit in the first operand to test. Example BT EAX, 5 ; test bit 5 of EAX JC foo : jump if bit 5 was set SCOE/COMP/MA/MPW
Bit Test and Modify Instruction BTC (Bit Test & Complement ) – It operates exactly like the BT, except that the bit being tested is inverted after the test is performed, and its condition is saved in CF. Example BTC EAX, 9 ; test & invert bit 9 JC foo : jump if bit used to be 1 SCOE/COMP/MA/MPW
Bit Test and Modify Instruction BTR (Bit Test & Reset ) – the BTR instruction operates exactly like the BTC instruction, except that it always clears the bit being tested. Example BTR EAX , 0 ; test & clear bit 0 JC foo : jump if it was set SCOE/COMP/MA/MPW BTS (Bit Test & Set ) – The BTS instruction operates exactly like the BTC instruction, except that it always sets the bit being tested. Example BTR DWORD PTR DS:[840621], 3 ; test & set bit 3 JC foo : jump if it was set
Bit Test and Modify Instruction SCOE/COMP/MA/MPW
Bit Scan Instruction These instructions scan a word or doubleword for a one-bit and store the index of the first set bit into a register. The bit string being scanned may be either in a register or in memory. The ZF flag is set if the entire word is zero; ZF is cleared if a one-bit is found. If no set bit is found, the value of the destination register is undefined. BSF (Bit Scan Forward) scans from low-order to high-order (starting from bit index zero). BSR (Bit Scan Reverse) scans from high-order to low-order (starting from bit index 15 of a word or index 31 of a doubleword). SCOE/COMP/MA/MPW
Bit Scan Instruction BSF (Bit Scan Forward) finds first 1 bit in the source operand, starting from LSB to MSB. If the entire source operand has no 1 bits, that is, if it equals 0, ZF is set, and destination operand is undefined. Otherwise, ZF is cleared, and the destination operand gets the bit index of the first 1 bit Example MOV EAX, 03004000H ; LOAD CONSTANT INTO EAX BSF EBX, EAX ; EBX gets 14 JZ zero ; EAX= 0? SCOE/COMP/MA/MPW
Bit Scan Instruction BSR (Bit Scan Reverse)operates like BSF, except that it beings scanning from the MSB of the source operand and works to ward bit 0. Example MOV EAX, 00000F00H ; LOAD constant into EAX BSF EBX, EAX ; EBX gets 11 JZ zero ; EAX= 0? SCOE/COMP/MA/MPW
Bit Shift and Rotate Instructions SCOE/COMP/MA/MPW
Shift and Rotate Instruction SCOE/COMP/MA/MPW Shift Arithmetic Left / Shift Logical Left
Shift and Rotate Instruction SCOE/COMP/MA/MPW Shift Logical Right
Shift and Rotate Instruction SCOE/COMP/MA/MPW Shift Arithmetic Right
MOVE Instruction MOV MOVSX (Move with Sign Extend) instruction performs a MOV operation between two operands of dissimilar size. The source operand is sign-extended as it is copied into larger destination operand. Example MOV BL, 55h ; LOAD CONSTANT INTO EAX MOVSX ECX BL ; ECX = 00000055h SCOE/COMP/MA/MPW
MOVE Instruction MOV MOVZX (Move with Zero Extend) instruction operates just like a MOVSX instruction except that the source operand is zero-extended into the destination operand. If the source operand is positive this has the same effect as a MOVSX. Example MOV DH, 89h ; DH gets –ve number MOVZX EAX DH ; EAX = 00000089h SCOE/COMP/MA/MPW
Flag Operations LAHF: Load A register from Flags SAHF: Store A register in Flags PUSHF: Push flags onto stack POPF: Pop flags off stack PUSHFD :Push EFlags onto stack POPFD: Pop EFlags off stack CLC :Clear Carry Flag : set CF=0 CLD Clear Direction Flag: set DF=0 ,SI/DI incremented during string operation (MOVS,CMPS,SCANS) CMC Complement Carry Flag: If CF=0 then CF=1,If CF=1 then CF=0 STC Set Carry Flag: CF=1 STD Set Direction Flag : DF=0 SCOE/COMP/MA/MPW
NO Operations NOP : Performs no operation - causes the CPU to do nothing - increment EIP to point to the next instruction. SCOE/COMP/MA/MPW
INTERRUPTS INT : Interrupt INTO : Interrupt if overflow IRET : Return from Interrupt/Task CLI: Clear interrupt Enable STI: Set Interrupt Enable SCOE/COMP/MA/MPW
High Level Language Instructions BOUND : Check Array Bounds(checks the value of index register against predefined range of indexes. e.g. Bound Index, Range ENTER :Setup Parameter Block for Entering Procedure(create a stack frame) e.g. Enter 4,0 ( op1:dynamic storage space in bytes,op2 :level of the new procedure being entered LEAVE : Leave Procedure SCOE/COMP/MA/MPW
Processor Control Instructions HLT : Halt Processing (stop fetching and executing instruction WAIT: Wait until BUSY# negated -causes processor to wait till an interrupt is recognized ESC : Escape to external processor LOCK: Lock Bus during next instruction :allows a microprocessor to make sure that another processor does not take a control of the system bus SCOE/COMP/MA/MPW
Privileged Instructions These instructions must be executed when CPL is 0; otherwise 80386 generates general protection exception SCOE/COMP/MA/MPW
Special Protection Mode Instruction SCOE/COMP/MA/MPW
Control Transfer Instruction • The 80386 provides both conditional and unconditional control transfer instructions to direct the flow of execution. Conditional control transfers depend on the results of operations that affect the flag register. • Unconditional control transfers are always executed. • JMP (Jump) unconditionally transfers control to the target location. JMP is a one-way transfer of execution; it does not save a return address on the stack. SCOE/COMP/MA/MPW
Control Transfer Instruction • CALL (Call Procedure) activates an out-of-line procedure, saving on the stack the address of the instruction following the CALL for later use by a RET (Return) instruction. • CALL places the current value of EIP on the stack. • The RET instruction in the called procedure uses this address to transfer control back to the calling program. SCOE/COMP/MA/MPW
Return & Return-From-Interrupt Instruction • RET (Return From Procedure) terminates the execution of a procedure and transfers control through a back-link on the stack to the program that originally invoked the procedure. • RET restores the value of EIP that was saved on the stack by the previous CALL instruction. • IRET (Return From Interrupt) returns control to an interrupted procedure. • IRET differs from RET in that it also pops the flags from the stack into the flags register. The flags are stored on the stack by the interrupt mechanism. SCOE/COMP/MA/MPW
Conditional Jump Instructions SCOE/COMP/MA/MPW
Conditional Jump Instructions SCOE/COMP/MA/MPW
Loop Instructions The loop instructions are conditional jumps that use a value placed in ECX to specify the number of repetitions of a software loop. All loop instructions automatically decrement ECX and terminate the loop when ECX=0. LOOP (Loop While ECX Not Zero) is a conditional transfer that automatically decrements the ECX register before testing ECX for the branch condition. If ECX is non-zero, the program branches to the target label specified in the instruction. The LOOP instruction causes the repetition of a code section until the operation of the LOOP instruction decrements ECX to a value of zero. SCOE/COMP/MA/MPW
Loop Instructions • LOOPE (Loop While Equal) and LOOPZ (Loop While Zero) are synonyms for the same instruction. • If ECX is non-zero and ZF=1, the program branches to the target label specified in the instruction. If LOOPE or LOOPZ finds that ECX=0 or ZF=0, control transfers to the instruction immediately following the LOOPE or LOOPZ instruction. • LOOPNE (Loop While Not Equal) and LOOPNZ (Loop While Not Zero) are synonyms for the same instruction. • If ECX is non-zero and ZF=0, the program branches to the target label specified in the instruction. SCOE/COMP/MA/MPW