flat assembler
Message board for the users of flat assembler.

Index > Main > Disassembly question.

Author
Thread Post new topic Reply to topic
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 22 Jan 2010, 20:38
I was doing some tests in Ollydbg and i have a question.

The instruction ADD EAX, 0 is translated to 83 C0 00.
And the instruction ADD AX, 0 is translated to 66 83 C0 00

My question is: why that '66'? what it mean? (how that things work?)

and i was looking at http://ref.x86asm.net/coder32.html but I didn't find a reference to it.

_________________
Sorry if bad english.
Post 22 Jan 2010, 20:38
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 22 Jan 2010, 20:56
Teehee,

Didn't you miss 66 in pf column?

Operand-size override prefix tells that the following instruction uses non-default (for code segment) operand size. I.e. in 32-bit code segment 66 83 C0 00 is decoded as add ax, 0, in 16-bit — as add eax, 0.

You may also refer to subchapter "2.1.1 Instruction Prefixes" of Intel SDM vol. 2A for detailed explanation of prefixes (67 address-size override prefix is important too), or subchapter "1.2 Instruction Prefixes" of AMD64 APM vol. 3 (even more details given).
Post 22 Jan 2010, 20:56
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 22 Jan 2010, 21:07
baldr wrote:
Didn't you miss 66 in pf column?

there is no 66 prefix in that collum Sad
There is in ADDPD instruction.

Thanks baldr, i will take a look at Intel SDM prefix topic.

_________________
Sorry if bad english.
Post 22 Jan 2010, 21:07
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 22 Jan 2010, 21:23
Teehee,

Follow the "63" link in one-byte opcodes index and voilà!
Post 22 Jan 2010, 21:23
View user's profile Send private message Reply with quote
Teehee



Joined: 05 Aug 2009
Posts: 570
Location: Brazil
Teehee 22 Jan 2010, 21:25
oh.. i see Confused hehe [I was thinking it would be show in ADD instruction row]
Post 22 Jan 2010, 21:25
View user's profile Send private message Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen 23 Jan 2010, 20:53
Teehee, I can't add another definition with 0x66 prefix to every primary opcode that depends on it, it would make the reference so huuuuge Smile
Post 23 Jan 2010, 20:53
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania
Borsuc 24 Jan 2010, 20:45
In 32-bit mode, 0x66 simply switches from 32-bit to 16-bit operands on the instructions.
Post 24 Jan 2010, 20:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 24 Jan 2010, 23:45
Borsuc wrote:
In 32-bit mode, 0x66 simply switches from 32-bit to 16-bit operands on the instructions.
Not true for SSE instructions.
Post 24 Jan 2010, 23:45
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4330
Location: Now
edfed 25 Jan 2010, 02:44
in 16bit mode, 66 make it 32 bit
in 32bit mode, it is the oposite.

something like a xor inside CPU internal mode switch.
Post 25 Jan 2010, 02:44
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler 25 Jan 2010, 11:04
revolution wrote:
Not true for SSE instructions.

What does it do to SSE instructions?
Post 25 Jan 2010, 11:04
View user's profile Send private message Reply with quote
Fanael



Joined: 03 Jul 2009
Posts: 168
Fanael 25 Jan 2010, 11:44
Tyler wrote:
revolution wrote:
Not true for SSE instructions.

What does it do to SSE instructions?
For instance, MOVAPS changes to MOVAPD.
Post 25 Jan 2010, 11:44
View user's profile Send private message Reply with quote
hopcode



Joined: 04 Mar 2008
Posts: 563
Location: Germany
hopcode 25 Jan 2010, 11:52
Teehee wrote:
...tests in Ollydbg...

using use32/use16 to test it in your test app, for example
Code:
use16
 add eax,0
 add ax,0
use32
 add eax,0
 add ax,0
;...
    

I have drawn a simple skema to opcode functionalities orienting
here (for a better organizing purpouse)
http://board.flatassembler.net/topic.php?p=108824#108824

Cheers,
hopcode
Post 25 Jan 2010, 11:52
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2465
Location: Bucharest, Romania
Borsuc 25 Jan 2010, 20:07
revolution wrote:
Borsuc wrote:
In 32-bit mode, 0x66 simply switches from 32-bit to 16-bit operands on the instructions.
Not true for SSE instructions.
But SSE instructions don't have 32-bit operands... I meant it switches from instructions that have 32-bit operands to 16-bit operands

_________________
Previously known as The_Grey_Beast
Post 25 Jan 2010, 20:07
View user's profile Send private message Reply with quote
asmmsa



Joined: 06 Feb 2010
Posts: 45
asmmsa 09 Feb 2010, 20:51
0x66 is a prefix.
it normally swap default operand size. when first opcode byte is 0x0F meaning of 0x66 is changed.
Post 09 Feb 2010, 20:51
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr 10 Feb 2010, 00:45
asmmsa,

PS suffix changed to PD and likewise? How this is different from 32/16 (for 0Fs, literally)? Wink
Post 10 Feb 2010, 00:45
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 10 Feb 2010, 01:44
baldr wrote:
PS suffix changed to PD and likewise? How this is different from 32/16 (for 0Fs, literally)? Wink
SQRTPS XMM and SQRTPD XMM: Both without 0x66 byte.
ROUNDPS XMM and ROUNDPD XMM: Both have 0x66 byte.
PSHUFB MM and PSHUFB XMM: Only XMM version has 0x66 byte.

This is why Intel explicitly state that 0x66 is not a prefix byte when used with SIMD encoding.
Post 10 Feb 2010, 01:44
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.