X86
x86 is a family of backward compatible instruction set architectures based on the Intel 8086 CPU and its Intel 8088 variant.
- Intel® 64 and IA-32 Architectures Software Developer’s Manual | combined volumes
- sandpile.org The world's leading source for technical x86 processor information
- Cheat sheet
- Assembly Wikibook
- Architecture/x86-assembly
- A fundamental introduction to x86 assembly programming
- Encoding Real x86 Instructions
- SO: x86 opcode instruction decoding
- The mysteries arround "0x7C00" in x86 architecture bios bootloader
- Shellcode obfuscation talk about internal format of opcode
- x86 paging
- Repo x86-assembly-cheat with running examples.
- http://flint.cs.yale.edu/cs421/papers/x86-asm/asm.html
- Intel x86 JUMP quick reference
- The Intel 80386, part 1: Introduction
- Why does the x86 have so few registers?
- x86 bare metal examples
- 1001 Ways of Implementing a System Call
- Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD, and VIA CPUs
- Compiling a simple boot image for x86
- Hardware Store Elimination
If you want an explanation of the structure of the opcodes, look at this answer on SO
| Instruction | Pseudocode | Description |
|---|---|---|
bt arg, index |
it sets the cf as the bit indexed by index of arg |
|
lea idx(regA), regB |
regB = regA + idx | load effective address, just compute the addess of the operand without dereferencing it |
pop reg |
reg = *(esp++) |
loads into reg the value pointed by the stack pointer and then increments esp |
push reg |
*(--esp) = reg |
decrements esp and store reg in the stack |
pusha |
sp[0] = ax sp[-1] = cx sp[-2] = dx sp[-3] = bx sp[-4] = sp sp[-5] = bp sp[-6] = si sp[-7] = di sp -= 8 |
Push all general registers in this order: ax, cx, dx, bx, sp, bp, si, di; The value of sp pushed is the value before the instruction is executed |
pushad |
the same as pusha but for 32 bit registers |
|
pushf |
pushes all the flags in the stack | |
scasb |
zf = (eax == *(edi++)) |
it compares the content of al against the value pointed by edi and sets the zero flag |
test arg1, arg2 |
arg1 & arg2 |
equivalent to and arg1, arg2 but discards the result in the final register, the flags sf, zf and pf are set, of and cf are set to 0 |
AMD64
x86-64 is the 64-bit version of the x86 instruction set.
- User-level applications use as integer registers for passing the sequence %rdi, %rsi, %rdx, %rcx, %r8 and %r9. The kernel interface uses %rdi, %rsi, %rdx, %r10, %r8 and %r9.
- A system-call is done via the syscall instruction. The kernel destroys registers %rcx and %r11.
- The number of the syscall has to be passed in register %rax.
- System-calls are limited to six arguments, no argument is passed directly on the stack.
- Returning from the syscall, register %rax contains the result of the system-call. A value in the range between -4095 and -1 indicates an error, it is -errno.
- Only values of class INTEGER or class MEMORY are passed to the kernel.