flat assembler
Message board for the users of flat assembler.

Index > OS Construction > Undocumented "REAL" real mode x86 NOP opcodes

Author
Thread Post new topic Reply to topic
Mike Gonta



Joined: 26 Dec 2010
Posts: 243
Mike Gonta 26 Mar 2017, 14:36
There are a series of two byte opcodes (opcode byte plus MOD-REG-R/M byte) that have a MOD-R/M for a 32 bit register indirect addressing mode.
For example, one of these (of many) is add [eax], al and the encoding is 0x00, 0x00
In real mode this instruction (on a 80386 or better) requires an address override prefix byte (0x67) since there is no instruction for add [ax], al.
However, the encoding of 0x00, 0x00 is a perfectly valid instruction in real mode, and in fact is a true real No OPeration.
Unlike xchg ax, ax aka 0x90 which is a valid operation (but for the fact that it has no effect and is thus classified as a NOP), the encoding of 0x00, 0x00
in real mode (without the address override prefix) not only doesn't add al to what ax (or eax) is pointing to but does absolutely nothing other than
advance the program counter.
Of course, these undocumented REAL real mode x86 NOP opcodes are (almost) totally useless.
I did however manage to save 3 bytes (which I didn't need) in my exFAT boot sector boot loader.

_________________
Mike Gonta
look and see - many look but few see

https://mikegonta.com
Post 26 Mar 2017, 14:36
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8356
Location: Kraków, Poland
Tomasz Grysztar 26 Mar 2017, 15:10
16-bit address encoding is very different from 32-bit one. There is no such simple correspondence between them. "00 00" in 16-bit mode encodes "add [bx+si],al" and not "add [ax],al".
Post 26 Mar 2017, 15:10
View user's profile Send private message Visit poster's website Reply with quote
Mike Gonta



Joined: 26 Dec 2010
Posts: 243
Mike Gonta 26 Mar 2017, 16:04
Tomasz Grysztar wrote:
16-bit address encoding is very different from 32-bit one. There is no such simple correspondence between them. "00 00" in 16-bit mode encodes "add [bx+si],al" and not "add [ax],al".
That explains why it has never been documented.
I guess I should have waited for April 1 before posting.
Funny thing is IDA Free won't disassemble 0x00, 0x00 as code.

_________________
Mike Gonta
look and see - many look but few see

https://mikegonta.com
Post 26 Mar 2017, 16:04
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20414
Location: In your JS exploiting you and your system
revolution 27 Mar 2017, 06:47
Mike Gonta wrote:
However, the encoding of 0x00, 0x00 is a perfectly valid instruction in real mode, and in fact is a true real No OPeration
No it isn't.
Mike Gonta wrote:
Funny thing is IDA Free won't disassemble 0x00, 0x00 as code.
Sounds to me like a bug.
Post 27 Mar 2017, 06:47
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 20 May 2021, 17:18
W32Dasm write lots of 0 as db dup 0, but if the first instruction after them happen to be add r/m8,r8 then the dup cover 0 in instruction
Post 20 May 2021, 17:18
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.