-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.s
231 lines (187 loc) · 10.9 KB
/
default.s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
; References and sources - https://www.cs.virginia.edu/~evans/cs216/guides/x86.html
;Data Movement Instructions
;mov — Move (Opcodes: 88, 89, 8A, 8B, 8C, 8E, ...)
;The mov instruction copies the data item referred to by its second operand (i.e. register contents, memory contents, or a constant value) into the location referred to by its first operand (i.e. a register or memory). While register-to-register moves are possible, direct memory-to-memory moves are not. In cases where memory transfers are desired, the source memory contents must first be loaded into a register, then can be stored to the destination memory address.
;Syntax
mov <reg>,<reg>
mov <reg>,<mem>
mov <mem>,<reg>
mov <reg>,<const>
mov <mem>,<const>
;Examples
mov eax, ebx ;— copy the value in ebx into eax
mov byte ptr [var], 5 ;— store the value 5 into the byte at location var
; push — Push stack (Opcodes: FF, 89, 8A, 8B, 8C, 8E, ...)
; The push instruction places its operand onto the top of the hardware supported stack in memory. Specifically, push first decrements ESP by 4, then places its operand into the contents of the 32-bit location at address [ESP]. ESP (the stack pointer) is decremented by push since the x86 stack grows down - i.e. the stack grows from high addresses to lower addresses.
; Syntax
push <reg32>
push <mem>
push <con32>
; Examples
push eax ;— push eax on the stack
push [var] ;— push the 4 bytes at address var onto the stack
; pop — Pop stack
; The pop instruction removes the 4-byte data element from the top of the hardware-supported stack into the specified operand (i.e. register or memory location). It first moves the 4 bytes located at memory location [SP] into the specified register or memory location, and then increments SP by 4.
; Syntax
pop <reg32>
pop <mem>
; Examples
pop edi ;— pop the top element of the stack into EDI.
pop [ebx] ;— pop the top element of the stack into memory at the four bytes starting at location EBX.
;lea — Load effective address
;The lea instruction places the address specified by its second operand into the register specified by its first operand. Note, the contents of the memory location are not loaded, only the effective address is computed and placed into the register. This is useful for obtaining a pointer into a memory region.
;Syntax
lea <reg32>,<mem>
;Examples
lea edi, [ebx+4*esi] ;— the quantity EBX+4*ESI is placed in EDI.
lea eax, [var] ;— the value in var is placed in EAX.
lea eax, [val] ;— the value val is placed in EAX.
;---------------------------------------------------------------------------------------------------------------------------------
;Arithmetic and Logic Instructions
add ;— Integer Addition
;The add instruction adds together its two operands, storing the result in its first operand. Note, whereas both operands may be registers, at most one operand may be a memory location.
;Syntax
add <reg>,<reg>
add <reg>,<mem>
add <mem>,<reg>
add <reg>,<con>
add <mem>,<con>
;Examples
add eax, 10 ;— EAX ← EAX + 10
add BYTE PTR [var], 10 ;— add 10 to the single byte stored at memory address var
;sub — Integer Subtraction
;The sub instruction stores in the value of its first operand the result of subtracting the value of its second operand from the value of its first operand. As with add
;Syntax
sub <reg>,<reg>
sub <reg>,<mem>
sub <mem>,<reg>
sub <reg>,<con>
sub <mem>,<con>
;Examples
sub al, ah ;— AL ← AL - AH
sub eax, 216 ;— subtract 216 from the value stored in EAX
;inc, dec — Increment, Decrement
;The inc instruction increments the contents of its operand by one. The dec instruction decrements the contents of its operand by one.
;Syntax
inc <reg>
inc <mem>
dec <reg>
dec <mem>
;Examples
dec eax ;— subtract one from the contents of EAX.
inc DWORD PTR [var] ;— add one to the 32-bit integer stored at location var
;imul — Integer Multiplication
;The imul instruction has two basic formats: two-operand (first two syntax listings above) and three-operand (last two syntax listings above).
;The two-operand form multiplies its two operands together and stores the result in the first operand. The result (i.e. first) operand must be a register.
;The three operand form multiplies its second and third operands together and stores the result in its first operand. Again, the result operand must be a register. Furthermore, the third operand is restricted to being a constant value.
;Syntax
imul <reg32>,<reg32>
imul <reg32>,<mem>
imul <reg32>,<reg32>,<con>
imul <reg32>,<mem>,<con>
;Examples
imul eax, [var] ;— multiply the contents of EAX by the 32-bit contents of the memory location var. Store the result in EAX.
imul esi, edi, 25 ;— ESI → EDI * 25
;idiv — Integer Division
;The idiv instruction divides the contents of the 64 bit integer EDX:EAX (constructed by viewing EDX as the most significant four bytes and EAX as the least significant four bytes) by the specified operand value. The quotient result of the division is stored into EAX, while the remainder is placed in EDX.
;Syntax
idiv <reg32>
idiv <mem>
;Examples
idiv ebx ;— divide the contents of EDX:EAX by the contents of EBX. Place the quotient in EAX and the remainder in EDX.
idiv DWORD PTR [var] ;— divide the contents of EDX:EAX by the 32-bit value stored at memory location var. Place the quotient in EAX and the remainder in EDX.
;and, or, xor ;— Bitwise logical and, or and exclusive or
;These instructions perform the specified logical operation (logical bitwise and, or, and exclusive or, respectively) on their operands, placing the result in the first operand location.
;Syntax
and <reg>,<reg>
and <reg>,<mem>
and <mem>,<reg>
and <reg>,<con>
and <mem>,<con>
or <reg>,<reg>
or <reg>,<mem>
or <mem>,<reg>
or <reg>,<con>
or <mem>,<con>
xor <reg>,<reg>
xor <reg>,<mem>
xor <mem>,<reg>
xor <reg>,<con>
xor <mem>,<con>
;Examples
and eax, 0fH ;— clear all but the last 4 bits of EAX.
xor edx, edx ;— set the contents of EDX to zero.
not ;— Bitwise Logical Not
;Logically negates the operand contents (that is, flips all bit values in the operand).
;Syntax
not <reg>
not <mem>
;Example
not BYTE PTR [var] ;— negate all bits in the byte at the memory location var.
neg ;— Negate
;Performs the two's complement negation of the operand contents.
;Syntax
neg <reg>
neg <mem>
;Example
neg eax ;— EAX → - EAX
;shl, shr — Shift Left, Shift Right
;These instructions shift the bits in their first operand's contents left and right, padding the resulting empty bit positions with zeros. The shifted operand can be shifted up to 31 places. The number of bits to shift is specified by the second operand, which can be either an 8-bit constant or the register CL. In either case, shifts counts of greater then 31 are performed modulo 32.
;Syntax
shl <reg>,<con8>
shl <mem>,<con8>
shl <reg>,<cl>
shl <mem>,<cl>
shr <reg>,<con8>
shr <mem>,<con8>
shr <reg>,<cl>
shr <mem>,<cl>
;Examples
shl eax, 1 ;— Multiply the value of EAX by 2 (if the most significant bit is 0)
shr ebx, cl ;— Store in EBX the floor of result of dividing the value of EBX by 2n wheren is the value in CL.
;------------------------------------------------------------------------------------------------------------------
;Control Flow Instructions
;The x86 processor maintains an instruction pointer (IP) register that is a 32-bit value indicating the location in memory where the current instruction starts. Normally, it increments to point to the next instruction in memory begins after execution an instruction. The IP register cannot be manipulated directly, but is updated implicitly by provided control flow instructions.
;We use the notation <label> to refer to labeled locations in the program text. Labels can be inserted anywhere in x86 assembly code text by entering a label name followed by a colon. For example,
mov esi, [ebp+8]
begin: xor ecx, ecx
mov eax, [esi]
;The second instruction in this code fragment is labeled begin. Elsewhere in the code, we can refer to the memory location that this instruction is located at in memory using the more convenient symbolic name begin. This label is just a convenient way of expressing the location instead of its 32-bit value.
jmp ;— Jump
;Transfers program control flow to the instruction at the memory location indicated by the operand.
;Syntax
jmp <label>
;Example
jmp begin ;— Jump to the instruction labeled begin.
;jcondition — Conditional Jump
;These instructions are conditional jumps that are based on the status of a set of condition codes that are stored in a special register called the machine status word. The contents of the machine status word include information about the last arithmetic operation performed. For example, one bit of this word indicates if the last result was zero. Another indicates if the last result was negative. Based on these condition codes, a number of conditional jumps can be performed. For example, the jz instruction performs a jump to the specified operand label if the result of the last arithmetic operation was zero. Otherwise, control proceeds to the next instruction in sequence.
;A number of the conditional branches are given names that are intuitively based on the last operation performed being a special compare instruction, cmp (see below). For example, conditional branches such as jle and jne are based on first performing a cmp operation on the desired operands.
;Syntax
je <label> (jump when equal)
jne <label> (jump when not equal)
jz <label> (jump when last result was zero)
jg <label> (jump when greater than)
jge <label> (jump when greater than or equal to)
jl <label> (jump when less than)
jle <label> (jump when less than or equal to)
;Example
cmp eax, ebx
jle done
;If the contents of EAX are less than or equal to the contents of EBX, jump to the label done. Otherwise, continue to the next instruction.
;cmp — Compare
;Compare the values of the two specified operands, setting the condition codes in the machine status word appropriately. This instruction is equivalent to the sub instruction, except the result of the subtraction is discarded instead of replacing the first operand.
;Syntax
cmp <reg>,<reg>
cmp <reg>,<mem>
cmp <mem>,<reg>
cmp <reg>,<con>
;Example
cmp DWORD PTR [var], 10
jeq loop
;If the 4 bytes stored at location var are equal to the 4-byte integer constant 10, jump to the location labeled loop.
;call, ret — Subroutine call and return
;These instructions implement a subroutine call and return. The call instruction first pushes the current code location onto the hardware supported stack in memory (see the push instruction for details), and then performs an unconditional jump to the code location indicated by the label operand. Unlike the simple jump instructions, the call instruction saves the location to return to when the subroutine completes.
;The ret instruction implements a subroutine return mechanism. This instruction first pops a code location off the hardware supported in-memory stack (see the pop instruction for details). It then performs an unconditional jump to the retrieved code location.
;Syntax
call <label>
ret