Instr2Op version 1.0 - Written by John Baldwin, 1996

Ŀ
 Overview 


This document provides detailed information on assembling Intel 80x86
assembly instructions, including tables for various addressing methods
and methods of determining operands.  A working knowledge of Intel 80x86
Assembly language is very highly recommended since this is by no means a
tutorial on Assembly language.

Ŀ
 Help 



General Help
============

In this document, section headings are surrounded by a box of sorts, major
topic headings are underlined with equal signs (=), and sub-topic headings
are underlind with dashes (-).


Segment Sizes
=============
In Real Mode, are segments are 16-bit.  In Protected Mode on 80386+, each
segment descriptor has a bit that determines if that selector is a 16-bit
segment or a 32-bit segment.  The size of the segment affects the size of
the operands and the memory references.  If the Address Size or Operand
Size prefixes are used, then the opposite model for addressing and determing
operands is used.  IOW, an instruction in a 32-bit segment that is prefixed
with the Operand Size prefix would execute the instruction as if its
operands were the equivalent 16-bit operands.

Opcode Ordering
===============

In Intel 80x86 Assembly, the opcodes follow this pattern in determining the
order of the various opcodes for each instruction:

Code:

->-- Instructions ->--
|                   |
`-------------------'

Instruction:

->-- Prefixes ->-- Instruction ->-- Operands ->-- Data ->---
| |           |      Opcodes     |           | |       |  |
| `----->-----'                  `----->-----' `--->---'  |
|                                                         |
`-------<----------<----------<----------<---------<------'

Prefixes:

->-- Instruction ->-- Address Size ->-- Operand Size ->-- Segment -->--
  |     Prefix   | |               | |               | |  Override |
  |              | `------->-------' `------->-------' |           |
  `------->------'                                     `----->-----'

Instruction Prefix:         Segment Override:

->-- REP ------>--          ->-- CS: -->--
  |           |               |       |
  |- REPE/Z --|               |- DS: -|
  |           |               |       |
  |- REPNE/Z -|               |- ES: -|
  |           |               |       |
  `- LOCK ----'               |- FS: -|
                              |       |
                              |- GS: -|
                              |       |
                              `- SS: -'

Operands:

->-- Operand -->-- Displacement -->--
     Selector   |               |
                `------->-------'

Operand Selector:

->-- Modr/M Byte -->-- SIB -->--
                    |      |
                    `--->--'

Address Size     : Uses 32-bit addressing in 16-bit segments, and 16-bit
                   addressing in 32-bit segments.
Data             : For instructions that use numberical data.  Can be byte,
                   word, dword, etc. depending on instruction
Instruction      : The opcodes that define which instruction this is.
Memory Offset    : For operands that have memory offsets, they are word or
                   byte offsets added to memory address operands.
Operand Size     : Uses 32-bit operands in 16-bit segments, and 16-bit
                   operands in 32-bit segments.
Operands         : The opcodes that define what the parameters are, if any.
Prefixes         : Instruction prefixes.
Segment Override : Force the next instruction to use this segment for any
                   memory references.

Tables
======

Each table will have a number.  Included in the heading of a table
declaration is a short description of the data in the table.  The
next line will describe the size of the data being tabled.  Afterwards
the table will be listed in either a straight table form, i.e. listing
each value on one side and it's meaning on the other, in a bit-wise
fashion, in which bits, or groups of bits are defined, or a combination
of the two.  After the table, any further notes may be appended.

Instructions
============

The instructions are broken up into three main groups: regular instructions,
math co-processor instructions, and protected-mode instructions.  For each
instruction, the first line shall be a sub-topic heading with the
instruction's mnenomic in all caps.  Beside the instruction name will follow
a brief explanation of the instruction- usually the meaning of the mnenomic.
On the next line will be a description of the instruction.  The next line
will give the number of basic opcodes or opcode groups that this instruction
assembles to.  Each opcode or opcode group will be given a sub-topic heading
consisting of the opcode or opcode group number (based on their order in this
document).  Below the heading will be a brief description of the specifics of
the opcode or opcode group.  Beneath the description will be a table that
defines the opcode or opcode group, and below that extra details such as
clock cycles may be appended.  If an opcode or opcode group is defined by a
constant number, then that number may be given in hexadecimal instead of in a
bit-wise table.

Prefixes
========

At the end of the instructions list is a list of the instruction prefixes
such as the segment overrides and the REP prefixes.  Their format basically
follows the same format of the instruction format above.

Operand and Address Sizes
=========================

Frequently in this document, the symbols OperandSize and AddressSize will
be used in Tables and Instruction Descriptions.  Here are their formal
definitions for this document:

If RealMode Or (ProtectedMode and (SegmentSize=16)) Then
   If Address Size Prefix Then
      AddressSize = 32
   Else
      AddressSize = 16
   If Operand Size Prefix Then
      OperandSize = 32
   Else
      OperandSize = 16
Else
   If Address Size Prefix Then
      AddressSize = 16
   Else
      AddressSize = 32
   If Operand Size Prefix Then
      OperandSize = 16
   Else
      OperandSize = 32

Ŀ
 Tables 


Table 1 - Operand group in 16-bit segments.
-------------------------------------------
Size: 2 bits

00 - 16-bit Memory Reference
01 - 16-bit Memory Reference with a byte displacement
10 - 16-bit Memory Reference with a word displacement
11 - Register

Table 2 - Memory Reference operand in 16-bit segments.
------------------------------------------------------
Size: 3 bits

000 - [bx+si]
001 - [bx+di]
010 - [bp+si]
011 - [bp+di]
100 - [si]
101 - [di]
110 - [word offset]
111 - [bx]

*Note: if there is a word or byte offset added to the memory
 address, then the following code changes to:

110 - [bp+offset]

Table 3 - 8-bit register operands.
----------------------------------
Size: 3 bits

xxx
^^^
 Register:
        00 - al/h
        01 - cl/h
        10 - dl/h
        11 - bl/h
 Byte selector:
         0 - Low byte: E.g. AL
         1 - High byte: E.g. AH

Table 4 - 16-bit register operands.
-----------------------------------
Size: 3 bits

000 - ax
001 - cx
010 - dx
011 - bx
100 - sp
101 - bp
110 - si
111 - di

Table 5 - Two byte operands in 16-bit segments.
-----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand   - Table 3
 Operand Group    - Table 1
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 2
                 Register         - Table 3

Table 6 - Two word operands in 16-bit segments.
-----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand   - Table 4
 Operand Group    - Table 1
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 2
                 Register         - Table 4

Table 7 - One byte operand in 16-bit segments.
----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group    - Table 1
   First Operand:
           Case Operand Group of
              Memory Reference - Table 2
              Register         - Table 3
   Instruction Selector (see Instruction for definition)

Table 8 - One word operand in 16-bit segments.
----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group    - Table 1
   First Operand:
           Case Operand Group of
              Memory Reference - Table 2
              Register         - Table 4
   Instruction Selector (see Instruction for definition)

Table 9 - Condition bits
------------------------
Size: 4 bits

0000 - o
0001 - no
0010 - b,nae
0011 - nb,ae
0100 - e,z
0101 - ne,nz
0110 - na,be
0111 - a,nbe
1000 - s
1001 - ns
1010 - p,pe
1011 - np,po
1100 - l,nge
1101 - nl,ge
1110 - ng,le
1111 - g,nle

Table 10 - 32-bit register operands.
------------------------------------
Size: 3 bits

000 - eax
001 - ecx
010 - edx
011 - ebx
100 - esp
101 - ebp
110 - esi
111 - edi

Table 11 - Operand group in 32-bit segments.
--------------------------------------------
Size: 2 bits

00 - 32-bit Memory Reference
01 - 32-bit Memory Reference with a byte displacement
10 - 32-bit Memory Reference with a dword displacement
11 - Register

Table 12 - SIB byte Index
-------------------------
Size: 3 bits

000 - [eax]
001 - [ecx]
010 - [edx]
011 - [ebx]
100 - none
101 - [ebp]
110 - [esi]
111 - [edi]

Table 13 - SIB byte Multiplier
------------------------------
Size: 2 bits

The index of a SIB is mulitplied by the "Mulitplier"th power of 2.
So a Mulitplier of 00 would multiply the index by 1, and a Multiplier
of 10 would multiply the index by 4.

Table 14 - SIB byte Base Register
---------------------------------
Size: 3 bits

000 - [eax]
001 - [ecx]
010 - [edx]
011 - [ebx]
100 - [esp]
101 - [dword offset]
110 - [esi]
111 - [edi]

*Note: If the Operand Group from the Modr/M byte is a Memory Reference
plus an 8-bit or 32-bit displacement, then the following code changes to:

101 - [ebp+offset]

Table 15 - Memory Reference operand in SIB byte in 32-bit segments.
-------------------------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^
 Base Register  - Table 14
 Index Register - Table 12
 Index Mulitiplier - Table 13

Table 16 - Memory Reference operand in 32-bit segments.
-------------------------------------------------------
Size: 3 bits

000 - [eax]
001 - [ecx]
010 - [edx]
011 - [ebx]
100 - use SIB - Table 15
101 - [dword offset]
110 - [esi]
111 - [edi]

*Note: If the Operand Group is a Memory Reference with an 8-bit or 32-bit
displacement, then the following code changes to:

101 - [ebp+offset]

Table 17 - Two dword operands in 32-bit segments.
-------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand - Table 10
 Operand Group  - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 16
                 Register         - Table 10

Table 18 - One dword operand in 32-bit segments.
------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group  - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference - Table 16
              Register         - Table 10
   Instruction Selector (see Instruction for definition)

Table 19 - Two byte operands in 32-bit segments.
----------------------------------0-------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand   - Table 3
 Operand Group    - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 16
                 Register         - Table 3

Table 20 - One byte operand in 32-bit segments.
-----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group    - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference - Table 16
              Register         - Table 3
   Instruction Selector (see Instruction for definition)

Table 21 - Two (d)word operands.
--------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand:
         Case OperandSize of
            16 - Table 4
            32 - Table 10
 Operand Group:
           Case AddressSize of
              16 - Table 1
              32 - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference:
                    Case AddressSize of
                       16 - Table 2
                       32 - Table 16
                 Register:
                    Case OperandSize of
                       16 - Table 4
                       32 - Table 10

Table 22 - Two byte operands.
-----------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand - Table 3
 Operand Group:
           Case AddressSize of
              16 - Table 1
              32 - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference:
                    Case AddressSize of
                       16 - Table 2
                       32 - Table 16
                 Register - Table 3

Table 23 - One (d)word operands.
--------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group:
        Case AddressSize of
           16 - Table 1
           32 - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference:
                 Case AddressSize of
                    16 - Table 2
                    32 - Table 16
              Register:
                 Case OperandSize of
                    16 - Table 4
                    32 - Table 10
   Instruction Selector (see Instruction for definition)

Table 24 - One byte operand.
----------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group:
        Case AddressSize of
           16 - Table 1
           32 - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference:
                 Case AddressSize of
                    16 - Table 2
                    32 - Table 16
              Register - Table 3
   Instruction Selector (see Instruction for definition)

Table 25 - Segment registers
----------------------------
Size: 3 bits

000 - es
001 - cs
010 - ss
011 - ds
100 - fs
101 - gs
11x - reserved for future segment registers (probably)

Table 26 - One segment register and one word as operands.
---------------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand - Table 25
 Operand Group:
           Case AddressSize of
              16 - Table 1
              32 - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 2
                 Register         - Table 4

Ŀ
 Instructions 


Regular Instructions
====================

AAA - ASCII adjust after addition
---------------------------------------------------------------------------
Converts the result of adding two unpacked single-digit BCD numbers (stored
in AL) to an unpacked, single-digit BCD number.

Opcodes: 1

Opcode 1
--------
37

AAD - ASCII adjust before division
---------------------------------------------------------------------------
This sets AL equal to AL + (Immediate byte*AH) and sets AH to 0.  This is
normally used with the immediate byte having a value of 0Ah (10d) to
prepare two unpacked BCD digits for a division operation with an unpacked
result.

Opcodes: 1

Opcode 1
--------
D5

AAM - ASCII adjust after multiplication
---------------------------------------------------------------------------
This sets AH to (AL div Immediate byte) and AL to (AL mod Immediate byte).
Normally, this is used with an immediate byte of 0Ah (10d) to convert the
result of multiplying two unpacked BCD digits in AX.

Opcodes: 1

Opcode 1
--------
D4

AAS - ASCII adjust after subtraction
---------------------------------------------------------------------------
Converts the result of subtracting two unpacked single-digit BCD numbers
(stored in AL) to an unpacked, single-digit BCD number.

Opcodes: 1

Opcode 1
--------
3F

ADC - Add with Carry
---------------------------------------------------------------------------
Adds the two operands and the carry flag together and stores the result in
the first operand.

Opcodes: 3

Opcode 1
--------
Adds a register to a memory reference or another register.

000100xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Adds an immediate to the accumulator register.

1000010x
       ^
        Operand size:
              0 - Byte: Immediate byte added to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word added to AX
                           32 - Immediate dword added to EAX

Opcode 3
--------
Adds an immediate to a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte added to first operand
                       Operands - Table 24 - Instruction Selector 010
             1 - Word: Immediate (d)word added to first operand
                       Operands - Table 23 - Instruction Selector 010
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

ADD - Add
---------------------------------------------------------------------------
Adds two operands together and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
Adds a register to a memory reference or another register.

000000xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Adds an immediate to the accumulator register.

0000010x
       ^
        Operand size:
              0 - Byte: Immediate byte added to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word added to AX
                           32 - Immediate dword added to EAX

Opcode 3
--------
Adds an immediate to a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte added to first operand
                       Operands - Table 24 - Instruction Selector 000
             1 - Word: Immediate (d)word added to first operand
                       Operands - Table 23 - Instruction Selector 000
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

AND - Logical And
---------------------------------------------------------------------------
Bitwise ANDs the two operands and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
And a register with a memory reference or another register.

001000xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
And an immediate to the accumulator register.

0010010x
       ^
        Operand Size:
              0 - Byte: Immediate byte ANDed to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word ANDed with AX
                           32 - Immediate dword ANDed with EAX

Opcode 3
--------
ANDs an immediate with a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte ANDed with first operand
                       Operands - Table 24 - Instruction Selector 100
             1 - Word: Immediate (d)word ANDed with first operand
                       Operands - Table 23 - Instruction Selector 100
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

BOUND - Check array index against bounds
---------------------------------------------------------------------------
Compares the first operand to two variables of the same size as the first
operand in the memory referenced by the second operand to see if the first
operand is greater than the first variable referenced by the second operand
and less than the second variable.  The variables are stored contiguously.
First the lower bound and then the upper bound.  If the test fails, then
Interrupt 5 is generated with the saved (E)IP pointing to the Bound
instruction that caused the fault.

*Note: "bound reg16,reg16" and "bound reg32,reg32" assemble and seem to be
       valid instructions.  However, according to the definition above they
       are invalid since a reg16 cannot hold 32 bits and a reg32 cannot hold
       64 bits.

Opcodes: 1

Opcode 1
--------
62
   Operands - Table 21

CALL - Call a subroutine
---------------------------------------------------------------------------
Call pushes (E)IP (and CS if a far call) onto the stack and jumps to the
specified location.

Opcodes: 3

Opcode 1
--------
Far call to an immediate address following the opcode.

9A
   Location -
      Case OperandSize of
         16: 16-bit offset followed by a 16-bit segment
         32: 32-bit offset followed by a 16-bit segment
      Case AddressSize of
         16: Use CS:IP
         32: Use CS:EIP
      If AddressSize<>OperandSize Then
         If AddressSize=16 Then
            High word of 32-bit offset ignored
         Else
            16-bit offset copied to low word of EIP, high word of EIP
            unchanged (?)

Opcode 2
--------
Near call to an immediate (d)word displacement in the current CS.

E8

Opcode 3
--------
Call to a memory reference or a register.

FF
   Operands: Table 23 - Instruction Selector 01x
                                               ^
                                                Target distance:
                                                      0: Near
                                                      1: Far, only memory
                                                         references are valid
                                                         (i.e. "call near ax"
                                                          is valid, but
                                                          "call far ax" is
                                                          not.)

CBW, CWDE - Convert byte to word, Convert word to dword.
---------------------------------------------------------------------------
CBW sign extends the value of AL to AX.  CWDE sign extends the value of AX
to EAX.

Opcodes: 1

Opcode 1
--------
98
   Case OperandSize of
      16: CBW
      32: CWDE

CDQ, CWD - Convert dword to qword, Convert word to dword
---------------------------------------------------------------------------
CDQ sign extends the dword in EAX to EDX:EAX.  CWD sign extends the word in
AX to DX:AX.

Opcodes: 1

Opcode 1
--------
99
   Case OperandSize of
      16: CWD
      32: CDQ

CLC - Clear the carry flag
---------------------------------------------------------------------------
Clears the carry flag.

Opcodes: 1

Opcode 1
--------
F8

CLD - Clear the direction flag
---------------------------------------------------------------------------
Clears the direction flag, which is used to control the direction of string
instructions in memory.

Opcodes: 1

Opcode 1
--------
FC

CLI - Clear the interrupt flag
---------------------------------------------------------------------------
Clears the interrupt flag, which disables external interrupts except for
NMI's.

Opcodes: 1

Opcode 1
--------
FA

CMC - Complement carry
---------------------------------------------------------------------------
Toggles the carry flag.

Opcodes: 1

Opcode 1
--------
F5

CMP - Compares two operands
---------------------------------------------------------------------------
Subtracts the second operand from the first operand but throws a way the
result.  It does set the flags accordingly, however.

Opcodes: 3

Opcode 1
--------
Compare a register with a memory reference or another register.

001110xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Compare an immediate with the accumulator register.

0011110x
       ^
        Operand Size:
              0 - Byte: Immediate byte compared to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word compared with AX
                           32 - Immediate dword compared with EAX

Opcode 3
--------
Compares an immediate to a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte compared to first operand
                       Operands - Table 24 - Instruction Selector 111
             1 - Word: Immediate (d)word compared to first operand
                       Operands - Table 23 - Instruction Selector 111
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

CMPSB, CMPSW, CMPSD - Compares memory at DS:(E)SI and ES:(E)DI.
---------------------------------------------------------------------------
Compares either a byte, word, or dword at DS:(E)SI with the same at
ES:(E)DI.  After the compare, the (E)SI and (E)DI registers are updated
by either adding or subtracting 1, 2, or 4 to or from them based on the
value of the direction flag.  If the direction flag is clear, then the
values are added to the registers, otherwise they are subtracted from the
registers.  The flags are set according to the compare.  The order of the
memory references for the purpose of the compare operation is as follows:

   cmp [ds:(e)si],[es:(e)di]

Opcodes: 1

Opcode 1
--------
1010011x
       ^
        Operand Size:
              0 - CMPSB
              1 - Case OperandSize of
                     16 - CMPSW
                     32 - CMPSD

DAA - Decimal adjust AL after addition
---------------------------------------------------------------------------
Converts the decimal result of adding two packed, two-digit BCD numbers
(stored in AL) into the correct packed, two-digit BCD number.

8Opcodes: 1

Opcode 1
--------
27

DAS - Decimal adjust AL after subtraction
---------------------------------------------------------------------------
Converts the decimal result of subtracting two packed, two-digit BCD
numbers (stored in AL) into the correct packed, two-digit BCD number.

Opcodes: 1

Opcode 1
--------
2F

DEC - Decrement
---------------------------------------------------------------------------
Decrements the operand by 1.

Opcodes: 2

Opcode 1
--------
Decrement (d)word registers.

01001xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 2
--------
Decrement a memory reference or register.

1111111x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 001
              1: Word - Table 23 - Instruction Selector 001

DIV - Unsigned divide
---------------------------------------------------------------------------
Divides the accumulator by the operand and stores the result in the
accumulator.  Bytes are divided into AX with the remainder going into AH
and the quotient into AL.  (D)words are divided into (E)DX:(E)AX with
the remainder going into (E)DX and the quotient going into (E)AX.

Opcodes: 1

Opcode 1
--------
1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 110
              1: Word - Table 23 - Instruction Selector 110

ENTER - Enter
---------------------------------------------------------------------------
Sets up the stack frame for a subroutine.  It takes two parameters: an
immediate word, followed by an immediate byte.  The word specifies the
amount of stack space to preserve for local variables in the procedure.
The byte designates the nesting level of the subroutine.  This instruction
is equivalent to the following sequence:

   push    bp
   mov     bp,sp
   sub     sp,First Operand (word)

Opcodes: 1

Opcode 1
--------
C8

HLT - Halt
---------------------------------------------------------------------------
Halts the processor until an interrupt or a reset occurs.

Opcodes: 1

Opcode 1
--------
F4

ICEBP, INT01 - ICE Breakpoint
---------------------------------------------------------------------------
This instruction is only useful for ICE (In-Circuit-Emulator) debuggers.
It generates an interrupt 1 as a breakpoint interrupt.  (Interrupt 1 is
usually generated after every instruction whenever the trap flag is set.)
ICEBP was the mnenomic given by an early Intel 80386 ICE, while the P6
documentation gives it the menomic INT01.

Opcodes: 1

Opcode 1
--------
F1

IDIV - Integer divide
---------------------------------------------------------------------------
Divides the accumulator by the operand and stores the result in the
accumulator.  Bytes are divided into AX with the remainder going into AH
and the quotient into AL.  (D)words are divided into (E)DX:(E)AX with
the remainder going into (E)DX and the quotient going into (E)AX.

Opcodes: 1

Opcode 1
--------
1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 111
              1: Word - Table 23 - Instruction Selector 111

IMUL - Integer multiply
---------------------------------------------------------------------------
Multiplies the third operand by the second operand and stores the result
in the first operand.  If there are only two operands, then the assembler
or debugger is just making the code look neat.  There are really always
three operands, but if the second or third operand is the same as the
first operand, then the second copy of the duplicate operand is omitted
from the instruction when it is displayed as an assembler mnenomic.  In
other words, "imul ax,cx" is really "imul ax,cx,ax".  If there is only one
operand, than that operand is multiplied by the accumulator register
and stored in the accumulator register.  Bytes are multiplied by AL and
stored in AX, and (d)words are multiplied by (E)AX and stored in
(E)DX:(E)AX.

Opcodes: 3

Opcode 1
--------
Multiplies the second operand by an immediate (d)word and stores the result
in the first operand, which must be a (d)word register.

69
   Operands - Table 21

Opcode 2
--------
Multiplies the second operand by a sign extended immediate byte and stores
the result in the first operand, which must be a word register.

6B
   Operands - Table 21

Opcode 3
--------
Simple one operand integer multiply.

1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 101
              1: Word - Table 23 - Instruction Selector 101

IN - Read from port.
---------------------------------------------------------------------------
Reads a byte from a port.  The port read from is determined by the second
operand, and the byte read is stored in the first operand.  If the first
operand is a word or dword, then 2 or 4 consecutive ports are read starting
with the second parameter for the lowest byte in the first operand, and the
port second operand+1 for the second lowest byte in the first operand, etc.

Opcodes: 2

Opcode 1
--------
Read data from one of the first 256 ports determined by an immediate byte
following the opcode into the accumulator register.

1110010x
       ^
        Operand size:
              0 - Read byte from port into AL
              1 - Case OperandSize of
                     16 - Read two ports into AX
                     32 - Read four ports into EAX

Opcode 2
--------
Read from the port specified by DX into the accumulator register.

1110110x
       ^
        Operand size:
              0 - Read byte from port DX into AL
              1 - Case OperandSize of
                     16 - Read from two ports into AX
                     32 - Read from four ports into EAX

INC - Increment
---------------------------------------------------------------------------
Increments the operand by 1.

Opcodes: 2

Opcode 1
--------
Increment (d)word registers.

01000xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 2
--------
Increment a memory reference or register.

1111111x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 000
              1: Word - Table 23 - Instruction Selector 000

INS - Input from port to string
---------------------------------------------------------------------------
The in string instructions read data from port DX and store it at ES:(E)DI
and updates (E)DI based on the size of the data and the direction flag.
If the flag is set, then the size of the data is subtracted from (E)DI.
Otherwise, the data size is added to (E)DI.  Ins cannot be overriden by a
segment override; it always uses ES:(E)DI.

Opcodes: 1

Opcode 1
--------
0110110x
       ^
        Data Size: (determines exact instruction)
              0: INSB (reads bytes)
              1: Case OperandSize of
                    16 - INSW (reads words)
                    32 - INSD (reads dwords)

INT - Generate interrupt
---------------------------------------------------------------------------
Calls an interrupt.

Opcodes: 2

Opcode 1
--------
Breakpoint interrupt.  This opcode generates interrupt 3, the breakpoint
interrupt, when it is executed.

CC

Opcode 2
--------
Calls interrupt immediate byte.  I.E. the byte following the opcode
specifies the interrupt to call.

CD

INTO - Call Interrupt on Overflow
---------------------------------------------------------------------------
If the overflow flag is set, then interrupt 4 is called.

Opcodes: 1

Opcode 1
--------
CE

IRET,IRETD - Interrupt return
---------------------------------------------------------------------------
Returns from an interrupt by popping the flags from the stack and
performing a far return.  In protected mode, approx. 300 other things take
place as well, but this is basically a doc on Real Mode (for now), so that
is going to be ignored.

Opcodes: 1

Opcode 1
--------
CF
   Case OperandSize of
      16 - IRET
      32 - IRETD

Jcc - Conditional jumps
---------------------------------------------------------------------------
If condition cc is true then the value of the sign-extended byte or word
following the conditional jump opcode is added to the offset in the CS of
the next instruction after the conditional jump instruction and stored in
IP.

Opcodes: 2

Opcode 1
--------
Conditional jump to a short target (i.e. a byte displacement)

0111xxxx
    ^^^^
     Condition - Table 9

Opcode 2
--------
Jump to a short target if (E)CX is zero. (JCXZ/JECXZ)

E3

JMP - Jump
---------------------------------------------------------------------------
Jumps to the target following the opcode.

Opcodes: 4

Opcode 1
--------
Jump to a near target in the current CS.  (Immediate is a displacement, not
an absolute).

E9

Opcode 2
--------
Jump to a far target (i.e. CS:IP).

EA

Opcode 3
--------
Jump to a short target, i.e. 128 bytes backward or 127 bytes forward.

EB

Opcode 4
--------
Near or far jump to a register or memory reference.

FF
   Operands: Table 23 - Instruction Selector 10x
                                               ^
                                                Target distance:
                                                      0: Near
                                                      1: Far, only memory
                                                         references are valid
                                                         (i.e. "jmp near ax"
                                                          is valid, but
                                                          "jmp far ax" is
                                                          not.)

LAHF - Load low 8 bits of flag register into AH.
---------------------------------------------------------------------------
Copies the low byte of the flags register into AH.

Opcodes: 1

Opcode 1
--------
9F

LDS - Load into DS
---------------------------------------------------------------------------
Copies the memory referenced by the second parameter into DS and the first
operand.  (The first operand recevies the first (d)word).  If the second
parameter is not a memory reference (e.g. "lds ax,ax") the CPU *will* lock
up unrecoverably, so those are invalid opcodes.

Opcodes: 1

Opcode 1
--------
C5
   Operands: Table 21

LEA - Load effective address
---------------------------------------------------------------------------
Stores the offset of the second operand (which must be a memory reference)
in the first operand.  If AddressSize <> OperandSize Then the offset of
the second address will either be zero-extended or only the lowe 16 bits
will be stored.  Although the opcodes for having a register as the second
operand seem to assemble and exist, their validity is questionable.

Opcodes: 1

Opcode 1
--------
8D
   Operands - Table 21

LEAVE - Leave
---------------------------------------------------------------------------
Reclaims the stack frame set up by a call to enter.  Leave is equivalent
to the following sequence:

   mov    sp,bp
   pop    bp

Opcodes: 1

Opcode 1
--------
C9

LES - Load into ES
---------------------------------------------------------------------------
Copies the memory referenced by the second parameter into ES and the first
operand.  (The first operand recevies the first (d)word).  If the second
parameter is not a memory reference (e.g. "les ax,ax") the CPU *will* lock
up unrecoverably, so those are invalid opcodes.

Opcodes: 1

Opcode 1
--------
C4
   Operands: Table 21

LODSB, LODSW, LODSD - Copy from DS:(E)SI to the accumulator register.
---------------------------------------------------------------------------
Copies either a byte, word, or dword from DS:(E)SI to the accumulator
register (AL, AX, or EAX).  Afterwards, it updates (E)SI by either adding
or subtracting 1, 2, or 4 to or from (E)SI based on the direction flag.
If the direction flag is set, then the value is subtracted from (E)SI,
otherwise the value is added to (E)SI.

Opcodes: 1

Opcode 1
--------
1010110x
       ^
        Operand size:
              0 - LODSB
              1 - Case OperandSize of
                     16 - LODSW
                     32 - LODSD

LOOP, LOOPZ, LOOPNZ - Loop, Loop While Zero, Loop While Not Zero
---------------------------------------------------------------------------
Loop decrements the counter register, (E)CX, and if it is zero, it jumps
to the code referenced by the immediate byte offset following it.

Opcodes: 2

Opcode 1
--------
Loop until counter is zero or the zero flag is set or clear.

1110000x
       ^
        Zero state:
              0 - LOOPZ
              1 - LOOPNZ

Opcode 2
--------
Loop until counter is zero.

E2

MOV - Move
---------------------------------------------------------------------------
Copies the value of the second operand into the first operand.

Opcodes: 6

Opcode 1
--------
Move a register into a memory reference or another register and vice versa.

100010xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Move a segment register into a memory reference or another register and
vice versa.

100011x0
      ^
       Operand order:
              0 - Order of operand same as in tables.
              1 - Swap order of operands.
           Operands - Table 26

Opcode 3
--------
Move a direct memory reference (i.e. no registers) into the accumulator
register.

101000xx
      ^^
       Operand size:
             0 - Byte operands
             1 - (D)word operands
       Operand order:
              0 - AL/AX/EAX first operand
              1 - AL/AX/EAX second operand

Opcode 4
--------
Move an immediate byte into an 8-bit register.

10110xxx
     ^^^
      Destination register - Table 3

Opcode 5
--------
Move an immediate (d)word into a (d)word register.

10111xxx
     ^^^
      Destination register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 6
--------
Move an immediate byte or (d)word into a memory reference or register.

1100011x
       ^
        Operand size:
              0 - Byte - Table 24 - Instruction Selector xxx (i.e. anything)
              1 - Word - Table 23 - Instruction Selector xxx (i.e. anything)

MOVSB, MOVSW, MOVSD - Copies memory from DS:(E)SI to ES:(E)DI.
---------------------------------------------------------------------------
The movs string instructions copy a byte, word, or dword of memory from
DS:(E)SI to ES:(E)DI.  Afterwards, they either add or subtract 1, 2, or 4
to or from (E)SI and (E)DI based on the value of the direction flag.
If the direction flag is set, then the values are subtracted from the
registers, otherwise the values are added to the registers.

Opcodes: 1

Opcode 1
--------
1010010x
       ^
        Operand size:
              0 - MOVSB
              1 - Case OperandSize of
                     16 - MOVSW
                     32 - MOVSD

MUL - Unsigned multiply
---------------------------------------------------------------------------
Multiplies the operand by the accumulator register and stores the result
in the accumulator register.  Bytes are multiplied by AL and stored in AX.
(D)words are multiplied by (E)AX and stored in (E)DX:(E)AX.

Opcodes: 1

Opcode 1
--------
1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 100
              1: Word - Table 23 - Instruction Selector 100

NEG - Negate
---------------------------------------------------------------------------
Sets the operand to the 2's complement of itself.  Basically toggles the
sign of a number.  (Not by just toggling the sign bit, however).
NEG is the same as the following:

   not <operand>
   inc <operand>

Opcodes: 1

Opcode 1
--------
1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 011
              1: Word - Table 23 - Instruction Selector 011

NOP - No operation
---------------------------------------------------------------------------
NOP is actually the opcode for "xchg ax,ax".

Opcodes: 1

Opcode 1
--------
90

NOT - Not
---------------------------------------------------------------------------
Sets the operand equal to the 1's complement of itself.  It toggles every
bit in the operand.

Opcodes: 1

Opcode 1
--------
1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 010
              1: Word - Table 23 - Instruction Selector 010

OR - Logical or
---------------------------------------------------------------------------
Bitwise ORs the two operands and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
Or a register with a memory reference or another register.

000010xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Or an immediate to the accumulator register.

0000110x
       ^
        Operand Size:
              0 - Byte: Immediate byte ORed to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word ORed with AX
                           32 - Immediate dword ORed with EAX

Opcode 3
--------
ORs an immediate with a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte ORed with first operand
                       Operands - Table 24 - Instruction Selector 001
             1 - Word: Immediate (d)word ORed with first operand
                       Operands - Table 23 - Instruction Selector 001
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

OUT - Output data to port
---------------------------------------------------------------------------
Writes the second operand to the port specified by the first operand.
If the second operand is a word or dword, then the 2 or 4 bytes in the
second operand are written to either 2 or 4 consecutive ports starting
with the first operand.

Opcodes: 2

Opcode 1
--------
Output the accumulator register to one of the first 256 ports referenced by
an immediate byte following the opcode.

1110011x
       ^
        Operand size:
              0 - Output AL to the port
              1 - Case OperandSize of
                     16 - Output AX to two ports
                     32 - Output EAX to four ports

Opcode 2
--------
Output the accumulator register to the port specified by DX.

1110111x
        Operand size:
              0 - Output AL to port DX
              1 - Case OperandSize of
                     16 - Output AX to two ports
                     32 - Output EAX to four ports

OUTS - Output to port from string
---------------------------------------------------------------------------
The out string instructions read data from DS:(E)SI and out it to port DX.
They also update (E)SI based on the size of the data and the direction flag.
If the flag is set, then the size of the data is subtracted from (E)SI.
Otherwise, the data size is added to (E)SI.  The segment for outs cannot be
overridden; data is always read from DS:(E)SI.

Opcodes: 1

Opcode 1
--------
0110111x
       ^
        Data Size: (determines exact instruction)
              0: OUTSB (reads bytes)
              1: Case OperandSize of
                    16 - OUTSW (reads words)
                    32 - OUTSD (reads dwords)

POP - Pop data off the stack
---------------------------------------------------------------------------
Copies the data pointed to by SS:SP into the parameter and unallocates
the data copied from the top of the stack.

Opcodes: 3

Opcode 1
--------
Pop various segment registers from the stack.

000xx111
   ^^
    Segment register:
              00 - ES
              10 - SS
              11 - DS

Opcode 2
--------
Pops (d)word registers from the stack.

01011xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 3
--------
Pops (d)word registers or memory references from the stack.

8F
   Operands - Table 23 - Instruction Selector xxx (all are same instruction)

POPA, POPAD - Pop all general purpose registers from the stack.
----------------------------------------------------------------------------
Pops the 8 16- or 32-bit general registers from the stack in the following
order: DI, SI, BP, SP (discarded), BX, DX, CX, and AX.  If the OperandSize =
32, then the 32-bit versions of the registers are popped instead.

Opcodes: 1

Opcode 1
--------
61
   Case OperandSize of
      16: POPA
      32: POPAD

POPF, POPFD - Pop the flags register from the stack.
---------------------------------------------------------------------------
Pops either the 16-bit (POPF) or 32-bit (POPFD) flags register from the
stack.

Opcodes: 1

Opcode 1
--------
9D
   Case OperandSize of
      16: POPF
      32: POPFD

PUSH - Push data onto the stack
---------------------------------------------------------------------------
Allocates space on the stack and stores the parameter there.

Opcodes: 5

Opcode 1
--------
Pushes various segment registers onto the stack.

000xx110
   ^^
    Segment register:
              00 - ES
              01 - CS
              10 - SS
              11 - DS

Opcode 2
--------
Pushes (d)word registers onto the stack.

01010xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 3
--------
Pushes an immediate (d)word onto the stack.

68

Opcode 4
--------
Pushes a sign extended immediate byte onto the stack as a (d)word.

6A

Opcode 5
--------
Pushes a (d)word memory reference or register onto the stack.

FF
   Operands: Table 23 - Instruction Selector 110

PUSHA, PUSHAD - Push all general purpose registers onto the stack.
----------------------------------------------------------------------------
Pushes the 8 16- or 32-bit general registers onto the stack in the following
order: AX, CX, DX, BX, SP (before PUSHA instruction), BP, SI, and DI.  If
the OperandSize = 32, then the 32-bit versions of the registers are pushed
instead.

Opcodes: 1

Opcode 1
--------
60
   Case OperandSize of
      16: PUSHA
      32: PUSHAD

PUSHF, PUSHFD - Push the flags register
----------------------------------------------------------------------------
Pushes either the 16-bit (PUSHF) or the 32-bit (PUSHFD) flags register onto
the stack.

Opcodes: 1

Opcode 1
--------
9C
   Case OperandSize of
      16: PUSHF
      32: PUSHFD

RCL - Rotate through carry left.
----------------------------------------------------------------------------
Rotates the bits in the first operand and the carry flag left by counter
times.  At each rotation, the bits in the bit are all shifted left.  The
carry flag is copied to the LSB of the first operand, and the original MSB
of the first operand is copied to the carry flag.

Opcodes: 2

Opcode 1
--------
Rotate first operand left by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 010
              1 - Table 24 - Instruction Selector 010

Opcode 2
--------
Rotate first operand left once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 010
             1 - Table 24 - Instruction Selector 010
       Count:
              0 - 1 time
              1 - CL times

RCR - Rotate through carry right.
----------------------------------------------------------------------------
Rotates the bits in the first operand and the carry flag right by counter
times.  At each rotation, the bits in the bit are all shifted right.  The
carry flag is copied to the MSB of the first operand, and the original LSB
of the first operand is copied to the carry flag.

Opcodes: 2

Opcode 1
--------
Rotate first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 011
              1 - Table 24 - Instruction Selector 011

Opcode 2
--------
Rotate first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 011
             1 - Table 24 - Instruction Selector 011
       Count:
              0 - 1 time
              1 - CL times

RET, RETF, RETN - Return from subroutine call.
----------------------------------------------------------------------------
Pops (E)IP (and CS if it is a far return) off of the stack.

Opcodes: 4

Opcode 1
--------
Discard immediate word number of bytes from the stack and then return near.

C2

Opcode 2
--------
Return near.

C3

Opcode 3
--------
Discard immediate word number of bytes from the stack and then return far.

CA

Opcode 4
--------
Return far.

CB

ROL - Rotate left.
----------------------------------------------------------------------------
Rotates the bits in the first operand left by counter times.  After the
rotation, the carry flag is the same as the LSB, as that was the last bit
rotated.

Opcodes: 2

Opcode 1
--------
Rotate first operand left by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 000
              1 - Table 24 - Instruction Selector 000

Opcode 2
--------
Rotate first operand left once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 000
             1 - Table 24 - Instruction Selector 000
       Count:
              0 - 1 time
              1 - CL times

ROR - Rotate right.
----------------------------------------------------------------------------
Rotates the bits in the first operand right by counter times.  After the
rotation, the carry flag is the same as the MSB, as that was the last bit
rotated.

Opcodes: 2

Opcode 1
--------
Rotate first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 001
              1 - Table 24 - Instruction Selector 001

Opcode 2
--------
Rotate first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 001
             1 - Table 24 - Instruction Selector 001
       Count:
              0 - 1 time
              1 - CL times

SAL, SHL - Shift left.
----------------------------------------------------------------------------
Shifts the bits in the first operand left by counter times.  At each
rotation, the MSB of the first operand is copied to the carry flag, the bits
in the first operand are shifted left, and the LSB of the first operand is
set to 0.

Opcodes: 2

Opcode 1
--------
Shift first operand left by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 100
              1 - Table 24 - Instruction Selector 100

Opcode 2
--------
Shift first operand left once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 100
             1 - Table 24 - Instruction Selector 100
       Count:
              0 - 1 time
              1 - CL times

SALC - Set AL on Carry
----------------------------------------------------------------------------
This sets all the bits in AL to the value of the carry flag.  So, if the
carry flag is set, AL is set to FF and it the carry flag is clear, AL is set
to 0.

(Note: This instruction is undocumented, but it does work.)

Opcodes: 1

Opcode 1
--------
D6

SAR - Shift arithmetic right.
----------------------------------------------------------------------------
Shifts the bits in the first operand right by counter times.  At each
rotation, the LSB of the first operand is copied to the carry flag, the bits
in the first operand are shifted right, and the MSB of the first operand is
unchanged to preserve the sign of signed values.

Opcodes: 2

Opcode 1
--------
Shift first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 111
              1 - Table 24 - Instruction Selector 111

Opcode 2
--------
Shift first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 111
             1 - Table 24 - Instruction Selector 111
       Count:
              0 - 1 time
              1 - CL times

SAHF - Copy AH to the low 8 bits of the flags register.
----------------------------------------------------------------------------
Copies the value of AH to the low byte of the flags register.

Opcodes: 1

Opcode 1
--------
9E

SBB - Subtract with borrow
----------------------------------------------------------------------------
Subtracts the sum of the second operand and the carry flag from the first
operand and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
Subtract a register from a memory value or a register.

000110xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Subtract an immedate from the accumulator register.

0001110x
       ^
        Operand Size:
              0 - Byte: Immediate byte subtracted from AL
              1 - Word: Case OperandSize of
                           16 - Immediate word subtracted from AX
                           32 - Immediate dword subtracted from EAX

Opcode 3
--------
Subtracts an immediate from a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte subtracted from first operand
                       Operands - Table 24 - Instruction Selector 011
             1 - Word: Immediate (d)word subtracted from first operand
                       Operands - Table 23 - Instruction Selector 011
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

SCASB, SCASW, SCASD - Compare the accumulator register with ES:(E)DI.
----------------------------------------------------------------------------
Compares the value of AL, AX, or EAX, with the byte, word, or dword at
ES:(E)DI and sets the flags accordingly.  Afterwards, (E)DI is updated by
either adding or subtracting 1, 2, or 4 bytes to or from (E)DI based on the
the value of the direction flag.  If the direction flag is set, the value
is subtracted from (E)DI, otherwise, the value is added to (E)DI.  For the
purposes of the comparison, the operands are ordered as follows:

   cmp al,[es:(e)di]

Opcodes: 1

Opcode 1
--------
1010111x
       ^
        Operand size:
              0 - SCASB
              1 - Case OperandSize of
                     16 - SCASW
                     32 - SCASD

SHR - Shift right.
----------------------------------------------------------------------------
Shifts the bits in the first operand right by counter times.  At each
rotation, the LSB of the first operand is copied to the carry flag, the bits
in the first operand are shifted right, and the MSB of the first operand is
set to 0.

Opcodes: 2

Opcode 1
--------
Shift first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 101
              1 - Table 24 - Instruction Selector 101

Opcode 2
--------
Shift first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 101
             1 - Table 24 - Instruction Selector 101
       Count:
              0 - 1 time
              1 - CL times

STC - Set the carry flag
---------------------------------------------------------------------------
Sets the carry flag.

Opcodes: 1

Opcode 1
--------
F9

STD - Set the direction flag
---------------------------------------------------------------------------
Sets the direction flag, which is used to control the direction of string
instructions in memory.

Opcodes: 1

Opcode 1
--------
FD

STI - Set the interrupt flag
---------------------------------------------------------------------------
Sets the interrupt flag, which enables external interrupts.

Opcodes: 1

Opcode 1
--------
FB

STOSB, STOSW, STOSD - Copy the accumulator register to ES:(E)DI.
----------------------------------------------------------------------------
Copies the value of AL, AX, or EAX (depending on the instruction) to
ES:(E)DI.  Afterwards, it updates (E)DI by adding or subtracting 1, 2, or 4
to or from (E)DI based on the direction flag.  If the direction flag is set,
the values are subtracted from (E)DI, otherwise they are added to (E)DI.

Opcodes: 1

Opcode 1
--------
1010101x
       ^
        Operand size:
              0 - STOSB
              1 - Case OperandSize of
                     16 - STOSW
                     32 - STOSD

SUB - Subtract
----------------------------------------------------------------------------
Subtracts the the second operand from the first operand and stores the
result in the first operand.

Opcodes: 3

Opcode 1
--------
Subtract a register from a memory value or a register.

001010xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Subtract an immediate from the accumulator register.

0010110x
       ^
        Operand Size:
              0 - Byte: Immediate byte subtracted from AL
              1 - Word: Case OperandSize of
                           16 - Immediate word subtracted from AX
                           32 - Immediate dword subtracted from EAX

Opcode 3
--------
Subtracts an immediate from a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte subtracted from first operand
                       Operands - Table 24 - Instruction Selector 101
             1 - Word: Immediate (d)word subtracted from first operand
                       Operands - Table 23 - Instruction Selector 101
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

TEST - Test to see if bits are set
---------------------------------------------------------------------------
Performs a bitwise AND on the two operands and discards the result.

Opcodes: 3

Opcode 1
--------
Test bits in a register with a memory reference or register.

1000010x
       ^
        Operand size:
              0: Byte - See Table 22 for operands.
              1: Word - See Table 21 for operands.

Opcode 2
--------
Test bits in the accumulator register with an immediate.

1010100x
       ^
        Operand size:
              0: Byte - use AL
              1: Word - use (E)AX

Opcode 3
--------
Test bits in a memory reference or register with an immediate.

1111011x
       ^
        Operand size:
              0: Byte - Table 24 - Instruction Selector 000
              1: Word - Table 23 - Instruction Selector 000

WAIT - Wait until BUSY# pin is inactive
---------------------------------------------------------------------------
Wait halts the CPU until the BUSY# pin becomes high.  The BUSY# pin is
controlled by the math co-processor.

Opcodes: 1

Opcode 1
--------
9B

XCHG - Exchange values
---------------------------------------------------------------------------
Exchanges the values of the two operands.

Opcodes: 2

Opcode 1
--------
Exchange a register with a memory reference or another register.

1000011x
       ^
        Operand Size:
              0: Byte - See Table 22 for operands.
              1: Word - See Table 21 for operands.

Opcode 2
--------
Exchange a (d)word register with the accumulator.

10010xxx
     ^^^
      Register to exchange with (E)AX:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

XLAT - Table lookup translation
---------------------------------------------------------------------------
This can be used to read values from a table., basically, this instruction
sets AL to the byte of memory at DS:[(E)BX+ unsigned AL].

Opcodes: 1

Opcode 1
--------
D7

XOR - Logical exclusive or
---------------------------------------------------------------------------
Bitwise exclusive ORs the two operands and stores the result in the first
operand.

Opcodes: 3

Opcode 1
--------
XORs a register with a memory reference or another register.

001100xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
XORs an immediate with the accumulator register.

0011010x
       ^
        Operand Size:
              0 - Byte: Immediate byte XORed with AL
              1 - Word: Case OperandSize of
                           16 - Immediate word XORed with AX
                           32 - Immediate dword XORed with EAX

Opcode 3
--------
XORs an immediate with a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte XORed with first operand
                       Operands - Table 24 - Instruction Selector 110
             1 - Word: Immediate (d)word XORed with first operand
                       Operands - Table 23 - Instruction Selector 110
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

Math Co-Processor Instructions
==============================

Protected Mode Instructions
===========================

ARPL - Adjust RPL (Requested Priviledge Level) field of selector.
---------------------------------------------------------------------------
The first operand is a 16-bit memory reference or register that holds the
value of a selector.  The second operand is a word register.  If the RPL
field of the first operand (the lower two bits) is less than the RPL field
of the second operand, then ZF = 1 and the RPL of the first operand is
set to the RPL of the second operand.  Otherwise ZF = 0 and the first
operand isn't changed.

This can be used by the operating system to insure that callers to routines
do not have a higher RPL than they should.

*Note: This instruction only takes 16-bit operands according to the
       documentation from TASM.  Apparently, however, it does use 32-bit
       operands.  However, this makes no sense since it deals with
       selectors, which are only 16 bits wide.

Opcodes: 1

Opcode 1
--------
63
   Operands - Table 21

Ŀ
 Prefixes 


LOCK - Lock the bus
---------------------------------------------------------------------------
Causes the LOCK# signal of the CPU to be asserted during the next
instruction.  This instruction is only useful in multiple processor
environments, where it can be used to assure that the CPU has exclusive
access to any shared memory.

Opcodes: 1

Opcode 1
--------
F0

Segment Overrides
---------------------------------------------------------------------------
Forces the processor to use the segment represented by the override to be
used in all memory references for the next instruction.

Opcodes: 2

Opcode 1
--------
Segment overrides for ES, DS, CS, and SS.

001xx110
   ^^
    Segment register:
              00 - ES
              01 - CS
              10 - SS
              11 - DS

Opcode 2
--------
Segment overrides for FS and GS

011001xx
      ^^
       Segment register:
              00 - FS
              01 - GS
              1x - most likely reserved for two more segment registers

REP, REPZ, REPNZ
---------------------------------------------------------------------------
Repeats the following string instruction (CMPS, INS, LODS, MOVS, OUTS,
SCAS, STOS) (E)CX times while the specified condition of the zero flag
is met (CMPS, SCAS only).  REP is used with INS, LODS, MOVS, OUTS, and
STOS.  REPZ and REPNZ (and their aliases REPE and REPNE) are used with CMPS
and SCAS.

Opcodes: 1

Opcode 1
--------
1111001x
       ^
        ZF state:
              0 - REPNZ
              1 - REP, REPZ

===========================================================================
Copyright 1996, John Baldwin.

The author wishes to acknowledge the following for their assistance:

Robert Collins - various documents regarding undocumented opcodes.

_Turbo_Assembler_Quick_Reference_Guide_.  Borland International: Scott
   Valley, 1991.

Swan, Tom.  _Mastering_Turbo_Assember_.  Sams Publishing: Indianapolis,
   1995.
