x86 Notes

Things are specified in little endian byte order.

Prefix Codes

  • 0x66 prefix for selecting between 16 and 32 bit values, the non-default size.
  • 0x67 prefix for selecting between 16 and 32 bit addressing values, the non-default size.
  • 0xF3 prefix for REP (used only with string instructions)
  • 0xF3 prefix for REPE/REPZ (used only with string instructions
  • 0xF2 prefix for REPNE/REPNZ (used only with string instructions)
  • 0xF0 prefix for LOCK
  • 0x0F is an option opcode prefix for expansion.

REX Prefix Codes

REX prefixes are instruction-prefix bytes used in 64-bit mode.

  • Specify GPR registers
  • Specify SSE registers
  • Specify 64-bit operand size
  • Specify extended control registers

Immediate Bytes

  • imm8 = Immediate Byte
  • imm16 = Immediate Word
  • imm32 = Immediate Double Word

Displacement Bytes

  • 0, 1, 2, 4
  • 1-byte displacement is present if MOD bits in MOD-R/M operand equals 01
  • 4-bytes displacement is present if MOD bits in MOD-R/M operand equals 10
  • 2-bytes displacement is present if MOD bits in MOD-R/M operand equals 10 and a 0x66 16-bit mode prefix is used

ModR/M Bytes

  • 0 to 1 used
  • r = register
  • m = memory

ModR/M mod bits

  • 00 = register indirect addressing mode
  • 00 = SIB with no displacement IF r/m == 100
  • 00 = displacement only addressing mode IF r/m == 101
  • 01 = 1-byte signed displacement follows addressing mode byte(s)
  • 10 = 4-byte signed displacement follows addressing mode byte(s)
  • 11 = register addressing mode

ModR/M reg bits

The reg bits specify the register being addressed

  • 000 = al, ax, eax
  • 001 = cl, cx, ecx
  • 010 = dl, dx, edx
  • 011 = bl, bx, ebx
  • 100 = ah, sp, esp
  • 101 = ch, bp, ebp
  • 110 = dh, si, esi
  • 111 = bh, di, edi

SIB Bytes

  • 0 to 1 used

SIB scale value

  • 00 = index * 1 (1 byte)
  • 01 = index * 2 (2 bytes)
  • 10 = index * 4 (4 bytes)
  • 11 = index * 8 (8 bytes)

SIB index value

  • 000 = eax
  • 001 = ecx
  • 010 = edx
  • 011 = ebx
  • 100 = illegal
  • 101 = ebp
  • 110 = esi
  • 111 = edi

SIB index value

  • 000 = eax
  • 001 = ecx
  • 010 = edx
  • 011 = ebx
  • 100 = esp
  • 101 = displacement-only if mod == 00, ebp if mod == 01 or 10
  • 110 = esi
  • 111 = edi

Opcodes

A primary opcode can be 1, 2, or 3 bytes in length.

x86 Instruction Encoding

x86 Operand Encoding

  • R = reg
  • I = immediate
  • M = r/m

Resources