flat assembler
Message board for the users of flat assembler.

flat assembler > Examples and Tutorials > decoding 8086 instructions

Author
Thread Post new topic Reply to topic
Ali.Z



Joined: 08 Jan 2018
Posts: 232
please note:
not every instruction is encoded this way, more about them might be added later.


Description:
Filesize: 37.78 KB
Viewed: 3765 Time(s)

asmdisasm.png



_________________
Asm For Wise Humans
Post 20 Dec 2018, 16:38
View user's profile Send private message Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7354
Location: Kraków, Poland
Nice! I'm happy to see that my streams inspire others to make some new material.

I was myself considering making some infographics clarifying things I mentioned about REX/VEX/EVEX (I feel I have not explained them well enough), but you may actually beat me to it! Smile
Post 20 Dec 2018, 20:22
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 232
Tomasz Grysztar wrote:
I feel I have not explained them well enough)

yes, but its complex topic nonetheless.

talking about One-Byte Opcode-Map:
the rule in the above screen-shot applies to every entry have:
Eb,Gb
Gb,Eb
Ev,Gv
Gv,Ev

however Eb or Ev followed by Ib or Iz means the ModR/M Byte is treated differently.

in this case:
80 FC 00 --- cmp ah,00

80 = opcode group 1 extension
1000 0000
1000 000W --- W=1 size word W=0 size byte

FC = ModR/M Byte
1111 1100

Mod(11), Reg(111), R/M(100)

Reg 111 is not a register, its treated as an instruction.

111 in binary = 7 in octal

0o - add
1o - or
2o - adc
3o - sbb
4o - and
5o - sub
6o - xor
7o - cmp

if there is enough time (tonight) i will upload another screen-shot about Jcc.

_________________
Asm For Wise Humans
Post 21 Dec 2018, 13:37
View user's profile Send private message Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7354
Location: Kraków, Poland
Ali.A wrote:
if there is enough time (tonight) i will upload another screen-shot about Jcc.
Since you mention Jcc, please take a look at this schematics: https://board.flatassembler.net/topic.php?p=207285#207285
It explains the 4-bit condition encoding on hardware level, great stuff.
Post 21 Dec 2018, 14:22
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 232
https://board.flatassembler.net/topic.php?p=207285#207285

great info, but i included the original 8086 flags.

attachment removed, and re uploaded.

_________________
Asm For Wise Humans
Post 21 Dec 2018, 22:23
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 232
Jcc and Flags

previous Jcc and Flags attachment had a small issue, and its corrected in this attachment.

please notice the required flags, math and final value.


Description:
Filesize: 31.89 KB
Viewed: 3638 Time(s)

jcc.png



_________________
Asm For Wise Humans
Post 22 Dec 2018, 09:41
View user's profile Send private message Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 113
Hi, Ali.A!
If we approach the conditional jump commands from the position machine coding of commands, the four high bits of the command (for the i8086 microprocessor) contain code 7, and the four low bits of the command indicate the condition of the operation. The condition is specified in bits 1-3, and setting bit 0 causes its inversion.
Code:
 Code  |Condition|Invert
-------+---------+-----
7 6 5 4| 3  2  1 |  0    
The same bits are used when encoding SETcc and CMOVcc commands (operation code F9 for SETcc and F4 commands for CMOVcc, as well as in the CMOVcc command encoding, as in the code of any MOV command, there will be mode bits, bits of the receiver's register address and bits source register addresses)
Code:
 Code jcc  |           |Code |                 |           |
short| long| Mnemonics |SETcc|    Mnemonics    |Code CMOVcc|Mnemonics
-----+-----+-----------+-----+-----------------+-----------+-------
 70h |0F80h|     JO    |0F90h|     SETO        |0F40  cw/cd|CMOVO
 71h |0F81h|     JNO   |0F91h|    SETNO        |0F41  cw/cd|CMOVNO
 72h |0F82h| JC/JB/JNAE|0F92h|SETC/SETB/SETNAE |0F42  cw/cd|CMOVC/CMOVB/CMOVNAE
 73h |0F83h|JNC/JNB/JAE|0F93h|SETNC/SETNB/SETAE|0F43  cw/cd|CMOVNC/CMOVNB/CMOVAE
 74h |0F84h|    JE/JZ  |0F94h|  SETE/SETZ      |0F44  cw/cd|CMOVE/CMOVZ
 75h |0F85h|   JNE/JNZ |0F95h|  SETNE/SETNZ    |0F45  cw/cd|CMOVNE/CMOVNZ
 76h |0F86h|   JBE/JNA |0F96h|  SETBE/SETNA    |0F46  cw/cd|CMOVBE/CMOVNA
 77h |0F87h|   JNBE/JA |0F97h|  SETNBE/SETA    |0F47  cw/cd|CMOVNBE/CMOVA
 78h |0F88h|     JS    |0F98h|     SETS        |0F48  cw/cd|CMOVS
 79h |0F89h|     JNS   |0F99h|     SETNS       |0F49  cw/cd|CMOVNS
 7Ah |0F8Ah| JP/JO/JPE |0F9Ah|SETP/SETO/SETPE  |0F4A  cw/cd|CMOVP/CMOVO/CMOVPE
 7Bh |0F8Bh|   JNP/JPO |0F9Bh|  SETNP/SETPO    |0F4B  cw/cd|CMOVNP/CMOVPO
 7Ch |0F8Ch|  JL/JNGE  |0F9Ch|  SETL/SETNGE    |0F4C  cw/cd|CMOVL/CMOVNGE
 7Dh |0F8Dh|  JNL/JGE  |0F9Dh|  SETNL/SETGE    |0F4D  cw/cd|CMOVNL/CMOVGE
 7Eh |0F8Eh|  JLE/JNG  |0F9Eh|  SETLE/SETNG    |0F4E  cw/cd|CMOVLE/CMOVNG
 7Fh |0F8Fh|  JNLE/JG  |0F9Fh|  SETNLE/SETG    |0F4F  cw/cd|CMOVNLE/CMOVG    
P.S. Tomasz Grysztar, pleeeeez, add to the forum engine the ability to build tables - otherwise it is some kind of onanism.


Last edited by Mikl___ on 13 Jan 2019, 11:50; edited 3 times in total
Post 13 Jan 2019, 01:08
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 113
Post 13 Jan 2019, 02:10
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 113
Code:
  Bin   |Invert|Opcode|Mnemonics
--------+------+------+---------
1110.001|   1  |  E3  |JCXZ
1110.001|   0  |  E2  |LOOP (=JCXNZ CX=CX+1)
1110.000|   1  |  E1  |LOOPE/LOOPZ
1110.000|   0  |  E0  |LOOPNE/LOOPNZ
1111.001|   1  |  F3  |REP/REPE/REPZ
1111.001|   0  |  F2  |REPNE/REPNZ    
Post 13 Jan 2019, 05:11
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 232
hi Mikl___
thanks for the added info about SETcc and LOOPZ / LOOPNZ

JCXZ / LOOPZ / LOOPNZ fall into the [i]special-case conditional jump[i/] due to their relation in binary encoding, i should have had added them (LOOP?) earlier to the infograph.

however, CMOV? instruction were not part of original 8086 instruction set architecture, they were added in 80386.

_________________
Asm For Wise Humans
Post 13 Jan 2019, 09:46
View user's profile Send private message Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7354
Location: Kraków, Poland
Ali.A wrote:
however, CMOV? instruction were not part of original 8086 instruction set architecture, they were added in 80386.
The SETcc are the ones added by 80386. CMOVcc were added later, in P6 architecture.

You may find this out by taking a look at x86 macros for fasmg
Post 13 Jan 2019, 10:37
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 113
Hi, Ali.A and Tomasz Grysztar!
I not knew that this is a matter of principle - the decoding of instructions for only 8086 Image. Therefore, I suggested help to decoding instructions for x86-x64
Post 13 Jan 2019, 11:29
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 113
The encoding of arithmetic, logical and cyclic shifts has the following format
Code:
15|14|13|12|11|10|9|8|7-6|5-4| 3 |2-0
--+--+--+--+--+--+-+-+---+---+---+---
 1| 1| 0| C| 0| 0|V|W|MOD| OP|R/L|R/M    

Bit С in this case determines the number of shifts, if C=0 - the number of shifts is set directly in the command. If C=1 the number of shifts is either 1 or specified by the CL register.
Bit W determines the size of the operand - byte or word / double word.
Bit V=0 if the counter is 1, V = 1, if the counter is specified by CL register
Bits 7 and 6 determine the addressing mode
bits 5 and 4 determine shift operation code
bit R/L determine shift direction
bits R/M determine destination operand determined from addressing mode
Usually, using the “SAL” command, the translator generates the SHL command code, although there is a SAL-D0Fx command code that is not always recognized by disassemblers, but is executed by a microprocessor.
Code:
OP|R/L|          Name                 |Example of|code
  |   |                               |command   |
--+---+-------------------------------+----------+--------
00| 0 |cyclic shift operand           | ROL AL,1 |D0C0
01| 0 |cyclic shift through Carry Flag| RCL AL,1 |D0D0
10| 0 |logical shift                  | SHL AL,1 |D0E0
11| 0 |left arithmetic shift          | SAL AL,1 |D0F0(only in code)
11| 1 |right arithmetic shift         | SAR AL,1 |D0F8    


Last edited by Mikl___ on 15 Jan 2019, 11:31; edited 2 times in total
Post 14 Jan 2019, 15:34
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 7354
Location: Kraków, Poland
Mikl___ wrote:
Usually, using the “SAL” command, the translator generates the SHL command code, although there is a SAL-D0Fx command code that is not always recognized by disassemblers, but is executed by a microprocessor.
You can find this discussed by me in a few places, like here. This code remains undocumented, but has always been working correctly anyway.
Post 14 Jan 2019, 15:40
View user's profile Send private message Visit poster's website Reply with quote
Mikl___



Joined: 30 Dec 2014
Posts: 113
Hi, Tomasz Grysztar!
wszystko nowe jest dobrze zapomniane stare Image
Post 14 Jan 2019, 15:44
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16778
Location: In your JS exploiting you and your system
Tomasz Grysztar wrote:
This code remains undocumented, but has always been working correctly anyway.
... but might stop working in future CPUs.

Such is the problem with relying on undocumented behaviour. Sad
Post 14 Jan 2019, 15:47
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 232
intel mention that SAL and SHL have the same opcode, but in fact the REG field of ModR/M byte for SAL is 110 while SHL is 100.

_________________
Asm For Wise Humans
Post 14 Jan 2019, 20:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.