flat assembler
Message board for the users of flat assembler.

Index > Main > F7C8B100 show as TEST AX,0x00B1

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 12 Dec 2017, 10:07
in DEBUG
Code:
-U100
139D:0100 F7C8          ???     AX
139D:0102 B100          MOV     CL,00
139D:0104 B202          MOV     DL,02
...

-rAX
AX FFFF
:0040
-t=100

AX=0040  BX=0000  CX=0000  DX=0000  SP=FFEE  BP=0000  SI=0000  DI=0000
DS=139D  ES=139D  SS=139D  CS=139D  IP=0104   NV UP EI PL ZR NA PE NC
139D:0104 B202          MOV     DL,02
-rAX
AX 0040
:0020
-t=100

AX=0020  BX=0000  CX=0000  DX=0000  SP=FFEE  BP=0000  SI=0000  DI=0000
DS=139D  ES=139D  SS=139D  CS=139D  IP=0104   NV UP EI PL NZ NA PO NC
139D:0104 B202          MOV     DL,02
-    

Is it the OS did the TEST or just CPU treat it as a TEST rather than a #UD?
Post 12 Dec 2017, 10:07
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8349
Location: Kraków, Poland
Tomasz Grysztar 12 Dec 2017, 10:13
Just recently there was a thread where I discussed this. My guess was that this is one of the old contractions of the opcode space preserved for compatibility.
Post 12 Dec 2017, 10:13
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 12 Dec 2017, 10:26
Code:
        (8F)
0       POP
1       #UD
2       #UD
3       #UD
4       #UD
5       #UD
6       #UD
7       #UD
        (FE,FF)
0       INC
1       DEC
2       CALL
3       CALLF
4       JMP
5       JMPF
6       PUSH
7       #UD
        (D0-D3)
0       ROL
1       ROR
2       RCL
3       RCR
4       SHL
5       SHR
6       SAL
7       SAR
        (F6,F7)
0       TEST
1       TEST
2       NOT
3       NEG
4       MUL
5       IMUL
6       DIV
7       IDIV
    
Post 12 Dec 2017, 10:26
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 12 Dec 2017, 10:31
Another problem may be hard to answer: Why POP mem is in 8F leaving the rest of 8F empty, while PUSH is in FF and leave FF/7 empty
Post 12 Dec 2017, 10:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20289
Location: In your JS exploiting you and your system
revolution 12 Dec 2017, 10:38
l4m2 wrote:
Another problem may be hard to answer: Why POP mem is in 8F leaving the rest of 8F empty, while PUSH is in FF and leave FF/7 empty
One of the old Cyrix CPUs (IIRC) used that space for something else. As I understand it, it hasn't been touched by AMD or Intel for that reason.

There is lots of old crap like that in the x86 encodings. You will be able to find more if you look further. It is an old architecture, it has many warts and scars. Be kind to it, the poor old thing.
Post 12 Dec 2017, 10:38
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20289
Location: In your JS exploiting you and your system
revolution 12 Dec 2017, 10:42
For your viewing pleasure here is another Cyrix instruction, OIO, that messes with the expected encoding:

https://board.flatassembler.net/topic.php?t=4069
Post 12 Dec 2017, 10:42
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 12 Dec 2017, 11:21
Code:
        0               1               2               3               4               5               6               7        
0       ADDB *,r        ADDW *,r        ADDB r,*        ADDW r,*        ADD AL,i        ADD AX,i        PUSH ES         POP ES   
8       ORB *,r         ORW *,r         ORB r,*         ORW r,*         OR AL,i         OR AX,i         PUSH CS                  
10      ADCB *,r        ADCW *,r        ADCB r,*        ADCW r,*        ADC AL,i        ADC AX,i        PUSH SS         POP SS   
18      SBBB *,r        SBBW *,r        SBBB r,*        SBBW r,*        SBB AL,i        SBB AX,i        PUSH DS         POP DS   
20      ANDB *,r        ANDW *,r        ANDB r,*        ANDW r,*        AND AL,i        AND AX,i        ES:             DAA      
28      SUBB *,r        SUBW *,r        SUBB r,*        SUBW r,*        SUB AL,i        SUB AX,i        CS:             DAS      
30      XORB *,r        XORW *,r        XORB r,*        XORW r,*        XOR AL,i        XOR AX,i        SS:             AAA      
38      CMPB *,r        CMPW *,r        CMPB r,*        CMPW r,*        CMP AL,i        CMP AX,i        DS:             AAS      
40      INC AX          INC CX          INC DX          INC BX          INC SP          INC BP          INC SI          INC DI   
48      DEC AX          DEC CX          DEC DX          DEC BX          DEC SP          DEC BP          DEC SI          DEC DI   
50      PUSH AX         PUSH CX         PUSH DX         PUSH BX         PUSH SP         PUSH BP         PUSH SI         PUSH DI  
58      POP AX          POP CX          POP DX          POP BX          POP SP          POP BP          POP SI          POP DI   
60      PUSHA           POPA            BOUND rw,md     ARPL *,r        FS:             GS:             16/32data       16/32addr
68      PUSH i          IMUL r,*,i      PUSH i8         IMUL r,*,i8     INSB            INSW            OUTSB           OUTSW    
70      JO              JNO             JB              JNB             JZ              JNZ             JBE             JA       
78      JS              JNS             JPE             JPO             JL              JGE             JLE             JG       
80      C0B *,i         C0W *,i         C0B *,i         C0W *,i8        TSTB r,*        TSTW r,*        XCHB r,*        XCHW r,* 
88      MOVB *,r        MOVW *,r        MOVB r,*        MOVW r,*        MOV *,s         LEA r,m         MOV s,*         X0W *    
90      NOP             XCH AX,CX       XCH AX,DX       XCH AX,BX       XCH AX,SP       XCH AX,BP       XCH AX,SI       XCH AX,DI
98      CBW             CWD             CALLFAR         WAIT            PUSHF           POPF            SAHF            LAHF     
A0      MOV AL,[i]      MOV AX,[i]      MOV [i],AL      MOV [i],AX      MOVSB           MOVSW           SMPSB           CMPSW    
A8      TEST AL,i       TEST AX,i       STOSB           STOSW           LODSB           LODSW           SCASB           SCASW    
B0      MOV AL,i        MOV CL,i        MOV DL,i        MOV BL,i        MOV AH,i        MOV CH,i        MOV DH,i        MOV BH,i 
B8      MOV AX,i        MOV CX,i        MOV DX,i        MOV BX,i        MOV SP,i        MOV BP,i        MOV SI,i        MOV DI,i 
C0      X2B *,i         X2W *,i         RET i           RET             LES r,m         LDS r,m         MOVB *,i        MOVW *,i 
C8      ENTER           LEAVE           RETF i          RETF            INT3            INT i           INTO            IRET     
D0      X2B *,1         X2W *,1         X2B *,CL        X2W *,CL        AAM             AAD             SALC            XLAT     
D8      (x87 command)                                                                                                            
E0      LOOPNZ          LOOPZ           LOOP            JCXZ            IN AL,i8        IN AX,i8        OUT i8,AL       OUT i8,AX
E8      CALL            JMP             JMPF            JMPS            IN AL,DX        IN AX,DX        OUT DX,AL       OUT DX,AX
F0      LOCK                            REPNE           REP(E)          HLT             CMC             X3B *(,i)       X3W *(,i)
F8      CLC             STC             CLI             STI             CLD             STD             X1B *           X1W *    
    
Post 12 Dec 2017, 11:21
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20289
Location: In your JS exploiting you and your system
revolution 12 Dec 2017, 11:39
0xF1 is the ICEBP
Post 12 Dec 2017, 11:39
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2493
Furs 12 Dec 2017, 12:51
l4m2 wrote:
Another problem may be hard to answer: Why POP mem is in 8F leaving the rest of 8F empty, while PUSH is in FF and leave FF/7 empty
I think 8F was used for AMD's XOP prefix.
Post 12 Dec 2017, 12:51
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 13 Dec 2017, 18:37
Furs wrote:
l4m2 wrote:
Another problem may be hard to answer: Why POP mem is in 8F leaving the rest of 8F empty, while PUSH is in FF and leave FF/7 empty
I think 8F was used for AMD's XOP prefix.
Table mainly for 8086. Has gray color to mean unused, but gone when copy here.

8086 is still more complex than 8051
Code:
        0               2               3               4               5               6               8
0       NOP             LJMP *          RR A            INC A           INC $           INC @R0         INC R0
1       JBC %,&         LCALL *         RRC A           DEC A           DEC $           DEC @R0         DEC R0
2       JB %,&          RET             RL A            ADD A,#         ADD A,$         ADD A,@R0       ADD A,R0
3       JNB %,&         RETI            RLC A           ADC A,#         ADC A,$         ADC A,@R0       ADC A,R0
4       JC %,&          ORL $,A         ORL $,#         ORL A,#         ORL A,$         ORL A,@R0       ORL A,R0
5       JNC %,&         ANL $,A         ANL $,#         ANL A,#         ANL A,$         ANL A,@R0       ANL A,R0
6       JZ %,&          XRL $,A         XRL $,#         XRL A,#         XRL A,$         XRL A,@R0       XRL A,R0
7       JNZ %,&         ORL C,%         JMP @A+DPTR     MOV A,#         MOV $,#         MOV @R0,#       MOV R0,#
8       SJMP &          ANL C,%         MOVC A,@A+PC    DIV AB          MOV $,$         MOV $,@R0       MOV $,R0
9       MOV DPTR,##     MOV %,C         MOVC A,@A+DPTR  SBB A,#         SBB A,$         SBB A,@R0       SBB A,R0
A       ORL C,/%        MOV C,%         INC DPTR        MUL AB                          MOV @R0,$       MOV R0,$
B       ANL C,/%        CPL %           CPL C           CJNE A,#,&      CJNE A,$,&      CJNE @R0,#,&    CJNE R0,#,$
C       PUSH $          CLR %           CLR C           SWAP A          XCH A,$         XCH A,@R0       XCH A,R0
D       POP $           SETB %          SETB C          DA A            DJNZ $,&        XCHD A,@R0      DJNZ R0,&
E       MOVX A,@DPTR    MOVX A,@R0      MOVX A,@R1      CLR A           MOV A,$         MOV A,@R0       MOV A,R0
F       MOVX @DPTR,A    MOVX @R0,A      MOVX @R1,A      CPL A           MOV $,A         MOV @R0,A       MOV R0,A
    
Post 13 Dec 2017, 18:37
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 14 Dec 2017, 22:55
Code:
C:\DOCUME~1\ADMINI~1>debug
-a
139D:0100 int 18
139D:0102 int 3
139D:0103
-t

AX=0000  BX=0000  CX=0000  DX=0000  SP=FFE8  BP=0000  SI=0000  DI=0000
DS=139D  ES=139D  SS=139D  CS=0210  IP=0C0E   NV UP DI PL NZ NA PO NC
0210:0C0E C4C4          LES     AX,SP
-t
C:\DOCUME~1\ADMINI~1>    

Now that opcode for LES reg,reg is used, it really go confused?
Post 14 Dec 2017, 22:55
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2493
Furs 15 Dec 2017, 12:55
They should repurpose lea reg, reg to something.
Post 15 Dec 2017, 12:55
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.