imul unpcklps inc repnz sbb bswapcmovna sysenter pmaxsw mov jnle psubq stccmp subss fsqrt stosd

fincstp fstp outsw mfence leave retn phaddsw psadbwidiv cmovpe str smsw fxam finit fcmovnbe out jnle push verr ror shrd mulss cvtpi2pd rdtsc daa sal fiadd bts sgdt fnsave nop cwde int fbld psllq add pushad movsxd emms hlt xor fldlg2 sub phaddd pmovmskb fldz aaa wait cvttss2si fnclex movq movntpd setnge fsubrbsf xlatb movlhps fstenv addsubpd cdq movddup lsl haddpd subps fabs comisd jp lidt jnae scasw movntdq clflush not divps pmuludq lss rcl jrcxz rcpps xchg pop sar orpd

X86 Opcode Reference 32-bit Edition

general, system, x87 FPU, MMX, SSE(1), SSE2, SSE3, SSSE3 opcodes

ref.x86asm.net

Advertisement

X86 Opcode Reference, 32-bit Edition general, system, x87 FPU, MMX, SSE(1), SSE2, SSE3, SSSE3 opcodes Copyright MazeGen First Edition, July 2008 Errata: http://ref.x86asm.net/errata/32/opcode Karel Lejska Bayerova 8 Brno 60200 Czech Republic Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe. For comments, suggestions, questions or bug reports, please contact mazegen@gmail.com For booking a computer-related ad in this reference, please contact mazegen@gmail.com

Quick Guide mnemonic: Instruction mnemonic itself. If the mnemonic is set up using italic, there is no oficial mnemonic and the present one is just a suggested one op1op4: Up to four instruction operands. Implicate operands are set up using italic. Modified operands are bold. Implicate SS:[eSP] operand is not indicated. If the op4 column contains only three dots '...', there are more than four operands pf: Prefix value, or if Primary opcode is present, fixed extraordinary prefix 0F: Dedicated for 0x0F two-byte prefix po: Primary opcode. Second opcode byte in case of multi-byte opcodes. +r means a register code, from 0 through 7, added to the value so: Secondary opcode. Fixed appended value to the primary opcode o: Register/Opcode field. Either the value of an opcode extension (values from 0 through 7) or r indicates that the ModR/M byte contains a register operand and an r/m operand proc: Indicates the instruction's introductory processor. If the column is empty, it means 8086 processor. st: Indicates how is the instruction documented in the Intel manuals. D means fully documented. M means documented only marginally. U undocumented at all. Empty column means D m: Indicates the mode in which is the instruction valid. Virtual-8086 Mode and SMM is not taken into account. R applies for real and protected mode. P applies for protected mode. If this column is empty, it means R rl: The ring level, which is the instruction valid from (3 or 0). f indicates that the level depends on further flag(s) x: For general instructions, L indicates that the instruction is basically valid with LOCK (0xF0) prefix. For x87 FPU instructions, s incidates that the opcode performs additional push of a value to the register stack, p incidates that the opcode performs additional pop of the register stack, P pops twice iext: The instruction extension group, which was the opcode released on tested f, modif f, def f, undef f: For EFlags register, indicates these flags using odiszapc pattern. Present flag fits in with the appropriate group. For x87 FPU flags, indicates these flags using 1234 x87 FPU flag pattern. Present flag fits in with the appropriate group. f values: For EFlags register, indicates the values of flags, which are always set or cleared, using casesensitive odiszapc flag pattern. Lowercase flag means cleared flag, uppercase means set flag. For x87 FPU flags, indicates these flags using 1234 x87 FPU flag pattern. Present flag holds its value description, notes: Generic description

Credits: Christian Ludloff, Martin Mocko (vid), Anthony Lopes, Aquila, EliCZ, Cephexin ISBN 978-80-254-2349-3

ref.x86asm.net

Visit http://ref.x86asm.net for detailed guide.

One-byte General and System Instructions

pf 0F po so o proc st m rl x mnemonic 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 26 27 28 r P4+ r r r r r r r r r r r r 02+ r r r r r r r r L ADD L ADD ADD ADD ADD ADD PUSH POP L OR L OR OR OR OR OR PUSH op1 r/m8, r/m16/32, r8, r16/32, AL, eAX, ES ES r/m8, r/m16/32, r8, r16/32, AL, eAX, CS r8 r16/32 r/m8 r/m16/32 imm8 imm16/32 r8 r16/32 r/m8 r/m16/32 imm8 imm16/32 op2 op3 op4 iext tested f modif f def f undef f f values description, notes Add Add Add Add Add Add Push Word, Doubleword or Quadword Onto the Stack Pop a Value from the Stack o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR Push Word, Doubleword or Quadword Onto the Stack o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc

Two-byte Instructions L ADC L ADC ADC ADC ADC ADC PUSH POP L SBB L SBB SBB SBB SBB SBB PUSH POP L AND L AND AND AND AND AND ES r/m8, r/m16/32, r8, r16/32, AL, eAX, SS SS r/m8, r/m16/32, r8, r16/32, AL, eAX, DS DS r/m8, r/m16/32, r8, r16/32, AL, eAX, ES r8 r16/32 r/m8 r/m16/32 imm8 imm16/32 r8 r16/32 r/m8 r/m16/32 imm8 imm16/32 .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc r8 r16/32 r/m8 .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc Add with Carry Add with Carry Add with Carry

ref.x86asm.net
r/m16/32 .......c o..szapc o..szapc Add with Carry imm8 .......c o..szapc o..szapc Add with Carry imm16/32 .......c o..szapc o..szapc Add with Carry Pop a Value from the Stack Integer Subtraction with Borrow Integer Subtraction with Borrow Integer Subtraction with Borrow Integer Subtraction with Borrow Integer Subtraction with Borrow Integer Subtraction with Borrow Pop a Value from the Stack o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND ES segment override prefix

Push Word, Doubleword or Quadword Onto the Stack

Push Word, Doubleword or Quadword Onto the Stack

undefined DAA L SUB AL r/m8, r8 .....a.c o..szapc ...szapc o....... o..szapc o..szapc

(use with any branch instruction is reserved) Decimal Adjust AL after Addition Subtract

pf 0F po so o proc st m rl x mnemonic 29 2A 2B 2C 2D 2E 2E 2F 30 31 32 33 34 35 36 36 37 38 39 3A 3B 3C 3D 3E 3E 3F 40+r 48+r 50+r 58+r 60 60 61 61 62 63 64 64 65 65 66 66 67 P4+ M 01+ 03+ 01+ 03+ r 01+ r 02+ 03+ P4+ 03+ P4+ f P4+ r r r r P4+ r r r r P4+ r r r L SUB SUB SUB SUB SUB CS NTAKEN DAS L XOR L XOR XOR XOR XOR XOR SS AL r8,

op1 r/m16/32,

op2 r16/32 r/m8 r/m16/32 imm8 imm16/32

op3

op4 iext tested f modif f

def f

undef f f values description, notes Subtract Subtract Subtract Subtract Subtract CS segment override prefix Branch not taken prefix (used only with Jcc instructions)

o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc

r16/32, AL, eAX, CS

.....a.c o..szapc ...szapc o....... r8 r16/32 r/m8 r/m16/32 imm8 imm16/32

Decimal Adjust AL after Subtraction

r/m8, r/m16/32, r8, r16/32, AL, eAX, SS

o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR SS segment override prefix (use with any branch instruction is reserved)

undefined AAA CMP CMP CMP CMP CMP CMP DS TAKEN AAS INC DEC PUSH POP PUSHA PUSHA PUSHAD POPA POPA POPAD BOUND ARPL FS AL, r16/32 r16/32 r16/32 r16/32 AX, AX, EAX, DI, DI, EDI, r16/32, r/m16, FS CX, CX, ECX, SI, SI, ESI, DX, DX, EDX, BP, BP, EBP, ... ... ... ... ... ... ..i..... ..i..... ....z... ....z... AL, r/m8, r/m16/32, r8, r16/32, AL, eAX, DS AH r8 r16/32 r/m8 r/m16/32 imm8 .....a.. o..szapc .....a.c o..sz.p. o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc

ASCII Adjust After Addition Compare Two Operands Compare Two Operands Compare Two Operands Compare Two Operands Compare Two Operands Compare Two Operands

ref.x86asm.net
imm16/32 DS segment override prefix AH .....a.. o..szapc .....a.c o..sz.p. o..szap. o..szap. o..szap. o..szap. ASCII Adjust AL After Subtraction Increment by 1 Decrement by 1 Pop a Value from the Stack Push All General-Purpose Registers Push All General-Purpose Registers Pop All General-Purpose Registers Pop All General-Purpose Registers ..i..... Check Array Index Against Bounds Adjust RPL Field of Segment Selector FS segment override prefix (used only with Jcc instructions) GS segment override prefix (used only with Jcc instructions) Operand-size override prefix sse2 Precision-size override prefix Address-size override prefix m16/32&16/32, eFlags r16

Branch taken prefix (used only with Jcc instructions)

Push Word, Doubleword or Quadword Onto the Stack

undefined GS GS

undefined no mnemonic no mnemonic no mnemonic