Microsoft<sub>®</sub> Macro Assembler 5.0 **Microsoft**° pcjs.org Information in this document is subject to change without notice and does not represent a commitment on the part of Microsoft Corporation. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of the agreement. The purchaser may make one copy for backup purposes. No part of this manual may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose other than the purchaser's personal use without the written permission of Microsoft Corporation. © Copyright Microsoft Corporation, 1987. All rights reserved. Simultaneously published in the U.S. and Canada. Timings and encodings in this manual are used with permission of Intel and come from the following publications: Intel Corporation. iAPX 86, 88, 186, and 188 User's Manual, Programmer's Reference, Santa Clara, Calif. 1986. Intel Corporation. iAPX 286 Programmer's Reference Manual including the iAPX 286 Numeric Supplement, Santa Clara, Calif. 1985. Intel Corporation. 80386 Programmer's Reference Manual, Santa Clara, Calif. 1986. Intel Corporation. 80387 80-bit CHMOS III Numeric Processor Extension, Santa Clara, Calif. 1987. Microsoft, MS-DOS, and CodeView are registered trademarks of Microsoft Corporation. Intel® is a registered trademark of Intel Corporation. # Microsoft® Macro Assembler 5.0 Reference ## TABLE OF CONTENTS | Notational Conventions2 | |------------------------------------------| | Programs MASM | | LINK | | Microsoft® CodeView® Debugger 5 | | MAKE | | LIB11 | | CREF12 | | SETENV12 | | EXEPACK12 | | EXEMOD12 | | ERROUT12 | | Directives | | Directives | | Operators | | Processor | | | | Interpreting Processor Instructions | | | | Coprocessor | | Interpreting Coprocessor Instructions | | Architecture | | Instructions119 | | Tables | | DOS Program Segment Prefix (PSP)143 | | ASCII Codes144 | | Key Codes146 | | Color Display Attributes148 | | Hexadecimal-Binary-Decimal Conversion | | | | T | | FIGURES | | Eigens 1 Instruction V | | Figure 1 Instruction Key | | Figure 2 Coprocessor Registers | | Figure 3 Control Word and Status Word117 | ## Notational Conventions KEY TERMS Bold type indicates text that must be typed exactly as shown. This includes instructions, directives, registers, commands, and program names. placeholders Italics indicate variable information supplied by the user. The typeface shown in the left column Examples simulates the appearance of source code as it appears on a screen or printed listing. Double brackets indicate that the enclosed item [optional items] is optional. {choice1 | choice2} Braces indicate a choice between two or more > items. A vertical bar separates the choices. At least one of the items must be chosen unless all the items are enclosed in double brackets. Ellipsis dots following an item indicate that Repeating elements... more items having the same form may be typed. START Vertical ellipsis dots indicate that additional lines may be added between the starting and ending elements. END ## **Programs** #### MASM Command-Line Syntax **Options** Environment Variables #### LINK Command-Line Syntax **Options** **Environment Variables** Microsoft® CodeView® Debugger Command-Line Syntax **Options** Window Commands Format Specifiers Size Specifiers Dialog Commands #### MAKE Command-Line Syntax **Options** Syntax for MAKE Files Syntax for Macro Definitions Syntax for Inference Rules Syntax for Dependency Rules Syntax for Using Macros Special Macro Names **Environment Variable** #### LIB Command-Line Syntax Commands #### **CREF** Command-Line Syntax SETENV Command-Line Syntax #### **EXEPACK** Command-Line Syntax #### **EXEMOD** Command-Line Syntax Options #### **ERROUT** Command-Line Syntax ## MASM ## Command-Line Syntax MASM [options] sourcefile [,[objectfile] [,[listingfile][,[crossreferencefile]]]]] [;] ## **Options** | Option | Action | | |-------------------------|---------------------------------------------------------------------------------------|--| | /A | Writes segments in alphabetical order | | | <b>B</b> number | Sets buffer size | | | /C | Specifies a cross-reference file | | | /D | Creates a Pass 1 listing | | | Dsymbol[=value] | Defines assembler symbol | | | /E | Emulates floating-point instructions | | | / <b>H</b> | Lists options and command-line syntax | | | / <b>I</b> path | Sets include-file search path | | | /L | Specifies an assembly-listing file | | | /ML | Preserves case in names | | | /MU | Converts names to uppercase (default) | | | /MX | Preserves case in public and external names | | | /N | Suppresses tables in listing file | | | /P | Checks for impure code | | | /S | Writes segments in sequential order (default) | | | /T | Suppresses messages for successful assembly | | | <b>/V</b> | Displays extra statistics | | | <b>/W { 0 1 2 }</b> | Sets error display level | | | /X | Shows false conditional blocks in listings | | | / <b>Z</b> | Displays error lines on screen | | | /ZD | Puts line number information in the object file | | | /ZI | Puts symbolic and line number information in the object file (for CodeView® debugger) | | #### **Environment Variables** | Variable | Description | | |----------|-------------------------------------|--| | INCLUDE | Sets search path for include files | | | MASM | Specifies default assembler options | | ## LINK ## Command-Line Syntax LINK [[options]] objectfiles [[,[executablefile]] [[,[mapfile]][,[libraryfiles]]]]]] [[;] ## **Options** | Option | Action | | |------------------------|----------------------------------------------------------------------------------------------------------|--| | /B | Prevents prompting when errors are encountered (for make and batch files) | | | /CO | Creates a special-format executable file containing symbolic information needed by the CodeView debugger | | | /CP:number | Sets the program's maximum allocation to <i>number</i> of paragraphs | | | /DO | Orders segments in the default order used by Microsoft high-level languages | | | /E | Packs the executable file | | | /F | Optimizes far calls | | | /HE | Displays LINK options | | | /I | Displays linking information, including the name of each input module as it is linked | | | /L | Lists line numbers and addresses of source statements in the map file | | | / <b>M</b> [[:number]] | Lists all public symbols in the map file (number is the maximum number of symbols) | | | /NOD | Ignores default libraries | | | /NOF | Disables far call optimization | | | /NOI | Distinguishes between uppercase and lowercase letters | | | /NOP | Disables code segment packing | | | /PAC | Packs contiguous code segments | | | /PAU | Pauses during the link session for disk changes | | | /Q | Creates an in-memory (load-time) library for a Quick language (such as QuickBASIC) | | | /ST:number | Sets the stack size to <i>number</i> , which may be up to 65,536 bytes | | Note: Several rarely used options not listed above are described in the CodeView® and Utilities manual. ## **Environment Variables** | Variable | Description | |----------|------------------------------------| | LIB | Sets search path for library files | | LINK | Specifies default linker options | | TMP | Sets path for the VM.TMP file | | | | ## Microsoft® CodeView® Debugger ## Command-Line Syntax CV [options] executablefile [arguments] ## **Options** | Option | Action | |------------|------------------------------------------------------------------------------------------------------------------| | /2 | Enables use with two monitors and two graphics adapters | | /43 | Starts in 43-line mode on EGA | | / <b>B</b> | Starts in black-and-white mode | | /Ccommands | Executes commands on start-up | | /D | Turns off nonmaskable interrupt and 8259 interrupt trapping (necessary for some compatibles) | | /E | Enables expanded memory support | | <b>/F</b> | Starts with screen flipping (exchanges screens by flipping video pages) | | / <b>I</b> | Forces the debugger to handle nonmaskable interrupt and 8259 interrupt trapping (necessary for some compatibles) | | / <b>M</b> | Disables the mouse | | / <b>P</b> | Disables palette-register saving (necessary for some EGA-compatible adapters) | | /S | Starts with screen swapping (exchanges screens by changing buffers) | | <b>/T</b> | Starts in sequential mode | | / <b>W</b> | Starts in window mode (necessary for some compatibles) | ## **Window Commands** | William Collina | ilus | | |--------------------------|--------------|-------------------------------------------| | Action | Keyboard | Mouse | | Open help screen | F1 | Help menu | | Toggle register window | F2 | Registers from View menu | | Toggle display mode | F3 | Source, Mixed, or Assembly from View menu | | Switch to output screen | F4 | Output from View menu | | Go | F5 | Click left on Go | | Switch<br>display/dialog | F6 | None | | Execute to here | F7 at cursor | Click right at location | | Trace through | F8 | Click left on Trace | | Set breakpoint<br>here | F9 at cursor | Click left at location | | Step over | F10 | Click right on Trace | | Change flag | None | Click left on flag | | Scroll up line | None | Click left on up arrow | | Scroll up page | PGUP | Click left above elevator | | Scroll to top | HOME | Drag elevator to top | | Scroll down line | None | Click left on down arrow | | Scroll down page | PGDN | Click left below elevator | | Scroll to bottom | END | Drag elevator to bottom | | Scroll to location | None | Drag elevator to location | | Move cursor up | UP arrow | None | | Move cursor down | DOWN arrow | None | | Make window grow | CTRL+G | Drag line up or down | | Make window tiny | CTRL+T | Drag line up or down | | Find text | CTRL+F | Find from Search menu | | Add watch expression | CTRL+W | Add Watch from Watch menu | | Delete watch | CTRL+U | Delete Watch from Watch menu | #### Format Specifiers Use with Display Expression, Watch Expression, and Tracepoint Expression dialog commands. | Character | Argument Type | Output Format | |-----------|----------------|-------------------------------------------------------------------------------------------------------------------------------| | d or i | Integer | Signed decimal integer | | u | Integer | Unsigned decimal integer | | 0 | Integer | Unsigned octal integer | | x or X | Integer | Hexadecimal integer | | f | Floating point | Signed value in floating-point decimal format with six decimal places | | e or E | Floating point | Signed value in scientific-notation<br>format with up to six decimal places<br>(trailing zeros or decimal point<br>truncated) | | g or G | Floating point | Signed value with floating-point decimal or scientific notation, whichever is more compact | | c | Character | Single character | | s | String | Characters printed up to the first null (C null-terminated strings only) | Note: If appropriate for the language, the prefix I can be used with the integer format specifiers $(\mathbf{d}, \mathbf{o}, \mathbf{u}, \mathbf{x}, \text{ and } \mathbf{X})$ to specify a four-byte integer. The prefix $\mathbf{h}$ can be used with the same types to specify a two-byte integer. ## Size Specifiers Use with Dump, Enter, Watch Memory, and Tracepoint Memory dialog commands. | Type | Description | |------------------|----------------------------------------| | No type | The current type (default is byte) | | A (ASCII) | ASCII (8-bit) characters | | <b>B</b> (Byte) | Byte (8-bit) hexadecimal values | | I (Integer) | Integer (16-bit) decimal values | | U (Unsigned) | Unsigned (8-bit) decimal values | | W (Word) | Word (16-bit) hexadecimal values | | D (Doubleword) | Doubleword (32-bit) hexadecimal values | | S (Short Real) | Short-real (32-bit) values | | L (Long Real) | Long-real (64-bit) values | | T (10-Byte Real) | 10-byte-real values | | | | ## Dialog Commands | Name | Syntax | Description | |---------------------|-------------------------------|----------------------------------------------------------------------------------------------------------------| | 8087 | 7 | Displays coprocessor or emulator status | | Assemble | <b>A</b> [[addr]] | Assembles mnemonics starting at given address | | Break Clear | BC {list *} | Clears listed breakpoints | | Break<br>Disable | BD {list *} | Disables listed breakpoints | | Break<br>Enable | BE {list *} | Enables listed breakpoints | | Break List | BL | Lists current breakpoints | | Break Set | BP [addr[pc]]["cmds"]] | Sets breakpoint at given address with the specified pass count (pc); given commands are executed at each break | | Comment | * comment | Displays explanatory text | | Compare<br>Memory | C range addr | Compares bytes in <i>range</i> with bytes beginning at given address; displays mismatches | | Current<br>Location | In the second second | Displays the current source line | | Delay | : | Delays redirected commands | | Display | ? expr[fmt] | Displays expression in format | | Dump | $\mathbf{D}[[type]][[range]]$ | Dumps memory <i>range</i> in <i>type</i> format | | Enter | E[[type]] addr [[list]] | Enters memory values in <i>type</i> format | | Examine<br>Symbols | $X?mod!proc.{sym *}$ | Displays symbols in given module and procedure | | Execute | E | Executes in slow motion | | Fill<br>Memory | Frange list | Fills range with the listed values | | Go | G [addr] | Executes to address or to end | | Help | H again the state of | Displays on-line help | | Load | L [[args]] | Restarts program with given arguments | | Move<br>Memory | M range addr | Copies values in <i>range</i> to the given address | | Option | O[[F B C 3[[+ -]]]] | Toggles flip/swap, bytes coded, case sense, or 386 option | | Pause | u suches | Interrupts redirected commands and waits for keystroke | | Port Input | I port | Displays byte from port | | Port Output | O port value | Sends byte value to port | |--------------------|---------------------------------------------------------------|--------------------------------------------------------------------------------------| | Program<br>Step | P [[count]] | Executes, stepping over calls; repeats <i>count</i> times | | Quit | Q | Exits to DOS | | Radix | N[[radix]] | Sets input radix | | Redirection | <b>[T]&gt;[&gt;]</b> device<br><device<br>=device</device<br> | Redirects input or output to or from device | | Redraw | @ | Redraws the screen | | Register | $\mathbf{R}[[register][[=]]expr]]]$ | Displays registers and flags, or sets new registers and flags | | Screen<br>Exchange | \ | Displays the output screen | | Search Text | /[[regexpr]] | Searches for a regular expression | | Search<br>Memory | S range list | Searches <i>range</i> for listed values, and displays where values are found | | Set Mode | S[[+ - &]] | Toggles source, assembly, and mixed modes | | Shell<br>Escape | ![[command]] | Escapes to a new DOS shell | | Stack Trace | K | Displays routines currently active on the stack | | Tab Set | #number | Sets tab size to number | | Trace | T [count] | Executes, tracing into calls; repeats <i>count</i> times | | Tracepoint | TP? expr[[,fmt]] TP[[type]] range | Breaks when given expression<br>or memory value changes;<br>displays in watch window | | Unassemble | U[[range]] | Displays unassembled instructions | | Use | USE[[language]] | Switches expression evaluators | | View | V [[.[file:]]line]] | Displays specified source lines of given file | | Watch | W? expr[[,fmt]] W[[type]] range | Displays given expression or memory <i>range</i> in watch window | | Watch<br>Delete | $Y\{number *\}$ | Deletes (yanks) the given watch statements | | Watch List | W | Lists watch statements | | Watchpoint | <b>WP?</b> $expr[[fmt]]$ | Breaks when given expression is true; displays in watch window | 110 ## MAKE ### Command-Line Syntax MAKE [options] [macrodefinitions] filename #### **Options** | Option | Action | | |-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--| | <b>/D</b> | Displays the last modification date of each file as the file is scanned | | | /I | Ignores exit codes returned by programs called from<br>the MAKE description file; MAKE continues<br>execution of the next lines of the description file<br>despite the errors | | | /N | Displays commands that would be executed by a description file, but does not actually execute the commands | | | /S | Executes in silent mode; lines are not displayed as they are executed | | ## Syntax for MAKE Files [macrodefinitions] [inferencerules] dependencyrules ## **Syntax for Macro Definitions** name=value ## Syntax for Inference Rules .inextension.outextension: command [command] ## Syntax for Dependency Rules targetfile:dependentfiles[#comment] [#comment] command[#comment] [command][#comment] ## Syntax for Using Macros \$(name) ## **Special Macro Names** | Name | Value Substituted | |-------------|-------------------------------------------------| | <b>\$</b> * | Base-name portion of the outfile (no extension) | | <b>\$@</b> | Complete outfile name | | \$ * * | Complete list of infiles | #### **Environment Variable** | Variable | Description | |----------|------------------------------------------------------------------------------------| | INIT | Specifies location of the <b>TOOLS.INI</b> file, which may contain inference rules | ## LIB ### Command-Line Syntax $\textbf{LIB} \ old library \ \llbracket/ \mathbb{P} \llbracket \textbf{AGESIZE} \rrbracket : number \rrbracket \ \llbracket commands \rrbracket \ \llbracket, \llbracket list file \rrbracket \ \llbracket, \llbracket new library \rrbracket \rrbracket \rrbracket \rrbracket \ \rrbracket \colon \rrbracket$ #### Commands | Code | Task Description | |------|-------------------------------------------------------------------------------------------| | + | Appends an object file or library file | | - | Deletes a module | | -+ | Replaces a module by deleting it and appending an object file with the same name | | * | Copies an object module onto an independant object file | | _* | Moves a module out of the library by copying it to<br>an object file and then deleting it | ## CREF Command-Line Syntax CREF crossreferencefile[crossreferencelisting] ## SETENV Command-Line Syntax SETENV filename [[environmentsize]] ## **EXEPACK** Command-Line Syntax EXEPACK exefile packedfile ## **EXEMOD** Command-Line Syntax EXEMOD exefile [options] ## **Options** | Option | Effect | |---------------|------------------------------------------------------------------| | /STACK hexnum | Sets the stack size by setting the initial value of SP to hexnum | | /MIN hexnum | Sets the minimum allocation value to <i>hexnum</i> paragraphs | | /MAX hexnum | Sets the maximum allocation value to <i>hexnum</i> paragraphs | ## **ERROUT** Command-Line Syntax ERROUT [/f stderrfile]] command [[> stdoutfile]] ## **Directives** Directives Operators ## **Topical Cross-Reference for Directives** Simplified Segment .MODEL .CODE .STACK .DATA .DATA .FARDATA .FARDATA .FOONST DOSSEG Segment SEGMENT ENDS GROUP ASSUME DOSSEG END .ALPHA .SEQ Data Allocation DB DW DD DF DQ DT LABEL ALIGN EVEN ORG Code Labels PROC ENDP LABEL ALIGN EVEN ORG Scope PUBLIC EXTRN COMM INCLUDELIB and Record RECORD STRUC ENDS Macros Macros MACRO ENDM EXITM LOCAL PURGE Equate EQU = Repeat Blocks REPT IRP IRPC ENDM Conditional Assembly IF1 IF2 IF IFE IFB IFE IFB IFNB IFDEF IFNDEF IFDUF/IFDIFI IFIDN/IFIDNI ELSE ENDIF Conditional Error ERR ERR1 ERR2 ERRE ERRNZ ERRB ERRNB ERRDEF ERRDEF ERRDIF/ERRDIFI .ERRIDN/.ERRIDNI Processor .8086 .286 .286P .386 .386P .8087 .287 Listing Control TITLE SUBTTL PAGE .LIST .XLIST .LFCOND .SFCOND .LALL .SALL .XALL .CREF .XCREF Miscellaneous COMMENT %OUT .RADIX END INCLUDE INCLUDELIB ## **Topical Cross-Reference for Operators** Arithmetic + \* / MOD . [] Macro Macro <>>! ;;; % Logical and Shift AND OR XOR NOT SHL Record MASK WIDTH Type HIGH LOW PTR SHORT SIZE THIS TYPE .TYPE Segment: SEG OFFSET <u>Relational</u> EQ NE GT GE LT LE NAME <u>Miscellaneous</u> DUP ## **Directives** name = expression Assigns the numeric value of expression to name. The symbol may be redefined later. .186 Enables assembly of instructions for the 80186 processor. .286 Enables assembly of nonprivileged instructions for the 80286 processor. .286P Enables assembly of all instructions (including privileged) for the 80286 processor. .287 Enables assembly of instructions for the 80287 coprocessor. .386 Enables assembly of nonprivileged instructions for the 80386 processor. .386P Enables assembly of all instructions (including privileged) for the 80386 processor. .387 Enables assembly of instructions for the 80387 coprocessor. .8086 Enables assembly of 8086 instructions (and the identical 8088 instructions); disables assembly of instructions of later processors. This is the default mode. .8087 Enables assembly of 8087 instructions and disables assembly of instructions available only with later coprocessors. This is the default mode. ALIGN number Aligns the next variable or instruction on a byte that is a multiple of number. .ALPHA Orders segments alphabetically. **ASSUME** segregister:name[[,segregister:name]]... Selects segregister to be the default segment register for all symbols in the named segment or group. If name is **NOTHING**, no segment register is associated with the segment. ocis.ora #### .CODE [name] When used with .MODEL, indicates the start of a code segment, which may have *name* for medium, large, and huge models (default segment name \_TEXT for small and compact models, or *module* TEXT for other models). ### **COMM** definition [, definition]... Creates a communal variable with the attributes specified in definition. Each definition has the following form: #### [NEAR|FAR] label:size[:count] The *label* is the name of the variable. The *size* can be any size specifier (**BYTE**, **WORD**, etc.). The *count* specifies the number of data objects (one is the default). #### COMMENT delimiter [text] text #### delimiter [[text]] Treats all text between or on the same line as the *delimiters* as a comment #### .CONST When used with .MODEL, starts a constant data segment (with segment name CONST). #### .CREF Restores listing of symbols in the cross-reference listing file. #### .DATA When used with .MODEL, starts a near data segment for initialized data (segment name DATA). #### .DATA? When used with .MODEL, starts a near data segment for uninitialized data (segment name BSS). #### DOSSEG Orders segments according to the DOS segment convention. ## [name] **DB** initializer [name]... Allocates and optionally initializes a byte of storage for each initializer. ## [[name]] **DW** initializer [[,initializer]]... Allocates and optionally initializes a word (2 bytes) of storage for each *initializer*. ## [name] DD initializer [,initializer]... Allocates and optionally initializes a doubleword (4 bytes) of storage for each *initializer*. ## [name]] **DF** initializer [,initializer]]... Allocates and optionally initializes a farword (6 bytes) of storage for each *initializer*. ## [name] DQ initializer [,initializer]... Allocates and optionally initializes a quadword (8 bytes) of storage for each *initializer*. #### 14 DIRECTIVES #### [name]] **DT** initializer [,initializer]]... Allocates and optionally initializes 10 bytes of storage for each initializer. #### ELSE Marks the beginning of an alternate block within a conditional block. See IF. #### **END** [startaddress] Marks the end of a module and, optionally, sets the program entry point to *startaddress*. #### **ENDIF** Terminates a conditional block. See IF. #### **ENDM** Terminates a macro or repeat block. See MACRO, REPT, IRP, or IRPC. #### name ENDP Marks the end of procedure *name* previously begun with **PROC**. See **PROC**. #### name ENDS Marks the end of segment *name* or of structure *name* previously begun with SEGMENT or STRUC. See SEGMENT and STRUC. #### name EQU [<]expression[>] Assigns expression to name. If expression is enclosed in angle brackets, it will be interpreted as a text expression. Numeric equates defined with EQU cannot be redefined, but text equates can be redefined. #### .ERR Generates an error. #### .ERR1 Generates an error on Pass 1 only. #### .ERR2 Generates an error on Pass 2 only. #### .ERRB <argument> Generates an error if argument is blank. #### ERRDEF name Generates an error if *name* is a previously defined label, variable, or symbol. #### .**ERRDIF**[[I]] < argument1>, < argument2> Generates an error if the arguments are different. If I is given, the argument comparison is case insensitive. #### .ERRE expression Generates an error if expression is false (0). ### .ERRIDN[I] <argument1>, <argument2> Generates an error if the arguments are identical. If I is given, the argument comparison is case insensitive. #### .ERRNB <argument> Generates an error if argument is not blank. #### .ERRNDEF name Generates an error if name has not been defined. #### .ERRNZ expression Generates an error if expression is true (nonzero). #### EVEN Aligns the next variable or instruction on an even byte. #### **EXITM** Terminates expansion of the current repeat or macro block and begins assembly of the next statement outside the block. #### **EXTRN** name:type [[,name:type]]... Defines one or more external variables, labels, or symbols called *name* whose type is *type*. #### .FARDATA [name] When used with .MODEL, starts a far data segment for initialized data (segment name FAR DATA or name). #### .FARDATA? [name] When used with .MODEL, starts a far data segment for uninitialized data (segment name FAR BSS or name). ## $name \ GROUP \ segment \llbracket , segment \rrbracket ...$ Add the specified segments to the group called name. ## IF expression ifstatements ### **[ELSE** elsestatements] ## **ENDIF** Grants assembly of *ifstatements* if *expression* is true (nonzero). Optionally assembles *elsestatements* if expression is false (0). ## IF1 Grants assembly on Pass 1 only. See IF for complete syntax. #### IF2 Grants assembly on Pass 2 only. See IF for complete syntax. ## IFB <argument> Grants assembly if *argument* is blank. See **IF** for complete syntax. #### IFDEF name Grants assembly if *name* is a previously defined label, variable, or symbol. See **IF** for complete syntax. ### IFDIF[[I]] <argument1>, <argument2> Grants assembly if the arguments are different. If ${\bf I}$ is given, the argument comparison is case insensitive. See ${\bf IF}$ for complete syntax. #### IFE expression Grants assembly if expression is false (0). See IF for complete syntax. #### IFIDN[I] <argument1>, <argument2> Grants assembly if the arguments are identical. If I is given, the argument comparison is case insensitive. See IF for complete syntax. #### IFNB <argument> Grants assembly if argument is not blank. See IF for complete syntax. #### **IFNDEF** name Grants assembly if *name* has not been defined. See **IF** for complete syntax. #### **INCLUDE** filespec Inserts source code from the source file given by *filespec* into the current source file during assembly. #### **INCLUDELIB** *library* Informs the linker that the current module should be linked with *library*. ## **IRP** parameter,<argument[[,argument]]...> statements ## ENDM Marks a block that will be repeated for as many *arguments* as are given, with the current *argument* replacing *parameter* on each repetition. ## IRPC parameter, string statements #### **ENDM** Marks a block that will be repeated for as many characters as there are in *string*, with the current character replacing *parameter* on each repetition. ## name LABEL type Creates a new variable or label by assigning the current location-counter value and the given *type* to *name*. #### .LALL Starts listing of all statements in macros. #### .LFCOND Starts listing of statements in false conditional blocks. #### LIST. Starts listing of statements. This is the default. #### LOCAL localname [,localname]... Declares *localname* within a macro as a placeholder for an actual name to be created when the macro is expanded. ## name MACRO [[parameter [[,parameter]]...]] statements #### **ENDM** Marks a macro block called *name* and establishes *parameters* as placeholders for arguments passed when the macro is called. #### .MODEL memorymodel Initializes the program memory model. The *memorymodel* can be SMALL, COMPACT, MEDIUM, LARGE, or HUGE. #### NAME modulename Ignored in Version 5.0. The module name is always the base name of the source file. #### **ORG** expression Sets the location counter to expression. #### **%OUT** text Displays text to the standard output device (the screen). #### PAGE [[[length]],width]] Sets line *length* and character *width* of the program listing. If no arguments are given, generates a page break. #### PAGE + Increments section-page numbering. #### label PROC [NEAR|FAR] statements #### RET [constant] label ENDP Marks start and end of a procedure block called *label*. The statements the block can be called with the CALL instruction. ## PUBLIC name [,name]... Makes each variable, label, or absolute symbol specified as *name* available to all other modules in the program. ## PURGE macroname [[,macroname]]... Deletes the specified macros from memory. ## .RADIX expression Sets the input radix to the value of expression. ## recordname RECORD field [sfield] ... Declares a record type consisting of the specified fields. Each field has the following form: fieldname:width[=expression]] The *fieldname* names the field, *width* specifies the number of bits, and *expression* gives its initial value. #### **REPT** expression statements #### **ENDM** Marks a block that is to be repeated expression times. #### .SALL Suppresses listing of macro expansions. ## name **SEGMENT** [align] [combine] [use] ['class'] statements #### name ENDS Defines a program segment called *name* having segment attributes *align*, *combine*, *use*, and *class*. #### .SEQ Orders segments sequentially (the default order). #### .SFCOND Suppresses listing of conditional blocks whose condition evaluates to false (0). This is the default. #### .STACK [size] When used with .MODEL, indicates the start of a stack segment (with segment name STACK). The optional *size* specifies the number of bytes for the stack (default 1024). #### name STRUC fields #### name ENDS Declares a structure type having the specified *fields*. Each field must be a valid data definition (using **DB**, **DW**, etc.). #### SUBTTL text Defines the listing subtitle. #### .TFCOND Toggles listing of false conditional blocks. #### TITLE text Defines the program listing title. #### .XALL Starts listing of macro expansion statements that generate code or data. This is the default. ## .XCREF [name[,name]...] Suppresses listing of symbols in the cross-reference listing file. If *names* are specified, only the given symbols will be suppressed. #### .XLIST Suppresses program listing. ## **Operators** expression1 \* expression2 Returns expression1 times expression2. expression1 | expression2 Returns expression1 divided by expression2. expression1 + expression2 Returns expression1 plus expression2. expression1 - expression2 Returns expression1 minus expression2. -expression Reverses the sign of expression. segment: expression Overrides the default segment of expression with segment. The segment may be a segment register, a group name, or a segment name. The expression can be a constant, a memory expression, or a SEG expression. variable . field Returns the offset of field plus the offset of variable. [[expression1]] [expression2] Returns the offset of expression1 plus the offset of expression2. <text> Treats *text* in a macro argument as a single literal element. !character Treats *character* in a macro argument as a literal character rather than as an operator or symbol. ;text Treats text as a comment. ;;text Treats *text* as a comment that will not be listed in expanded macros. %text Treats text in a macro argument as an expression. &parameter Replaces parameter with its corresponding argument value. expression1 AND expression2 Returns the result of a bitwise Boolean AND done on *expression1* and *expression2*. count **DUP** (initialvalue [,initialvalue]...) Specifies count number of declarations of initialvalue. #### expression1 EQ expression2 Returns true (-1) if expression1 equals expression2, or returns false (0) if it does not. ### expression1 GE expression2 Returns true (-1) if expression1 is greater than or equal to expression2, or returns false (0) if it is not. #### expression1 GT expression2 Returns true (-1) if *expression1* is greater than *expression2*, or returns false (0) if it is not. #### **HIGH** expression Returns the high byte of expression. #### expression1 LE expression2 Returns true (-1) if *expression1* is less than or equal to *expression2*, or returns false (0) if it is not. #### **LENGTH** variable Returns the number of data objects in *variable* if *variable* was defined with the **DUP** operator. #### LOW expression Returns the low byte of expression. #### expression1 LT expression2 Returns true (-1) if expression1 is less than expression2, or returns false (0) if it is not. ### MASK {recordfieldname|record} Returns a bit mask in which the bits for *recordfieldname* or *record* are set and all other bits are cleared. ## expression1 MOD expression2 Returns the remainder of dividing expression1 by expression2. ## expression1 NE expression2 Returns true (-1) if *expression1* does not equal *expression2*, or returns false (0) if it does. ## **NOT** expression Returns expression with all bits reversed. ## **OFFSET** expression Returns the offset of expression. ## expression1 OR expression2 Returns the result of a bitwise Boolean OR done on expression1 and expression2. ## type PTR expression Forces the expression to be treated as having the specified type. ## **SEG** expression Returns the segment of expression. #### expression SHL count Returns the result of shifting the bits of expression left count number of bits. #### SHORT label Sets the type of *label* to short (having a distance less than 128 bytes from the start of the next instruction). #### expression SHR count Returns the result of shifting the bits of expression right count number of bits. #### **SIZE** variable Returns the number of bytes allocated for *variable* if *variable* was defined with the **DUP** operator. #### THIS type Returns an operand of specified *type* whose offset and segment values are equal to the current location-counter value. #### **TYPE** expression Returns the type of expression. #### .TYPE expression Returns a byte defining the mode and scope of expression. #### **WIDTH** {recordfieldname|record} Returns the width in bits of the current recordfieldname or record. #### expression1 XOR expression2 Returns the result of a bitwise Boolean XOR done on expression1 and expression2. ## **Processor** Interpreting Processor Instructions Flags Syntax Examples Clock Speeds Timings on the 8088 and 8086 Timings on the 80286 and 80386 Interpreting Encodings Interpreting 80386 Encoding Extensions 80286 Encoding 80386 Encoding Address-Size Prefix Operand-Size Prefix Encoding Differences for 32-bit Operations Scaled Index Base Byte Instructions ## **Topical Cross-Reference** Data Transfer MOV MOVS MOVSX8 MOVZXS **XCHG** LODS STOS LEA LDS/LES LFS/LGS/LSS§ XLAT/XLATB Stack PUSH PUSHF PUSHA\* POP POPF POPA\* Input/Output IN INS\* OUT Type Conversion OUTS\* CBW CWD CWDE§ CDO§ Flag CLC CLD CLI CMC CLTS\* STC STD STI POPF PUSHF LAHF SAHF String MOVS LODS STOS SCAS **CMPS** INS\* OUTS\* REP REPE/REPZ REPNE/REPNZ Arithmetic ADD ADC INC SUB SBB DEC NEG **IMUL** MUL DIV IDIV Logical AND OR XOR NOT Bit Shift ROL ROR RCL RCR SHL/SAL SHR SAR SHLDS SHRDS BSF§ BSR§ Compare CMP **CMPS** TEST BTS BTC§ BTR§ BTS§ Unconditional Transfer CALL INT IRET RET RETN/RETF **JMP** ENTER\* LEAVE\* Loop LOOP LOOPE/LOOPZ LOOPNE/LOOPNZ JCXZ/JECXZ Conditional Transfer JB/JNAE JAE/JNB JBE/JNA JA/JNBE JE/JZ JNE/JNZ JL/JNGE JGE/JNL JLE/JNG JG/JNLE JS INS IC .INC JO JNO JP/JPE JNP/JPO BOUND\* INTO JCXZ/JECXZ SETB/SETNAE§ SETAE/SETNB§ SETBE/SETNAS SETA/SETNBE§ SETE/SETZ§ SETNE/SETNZ§ SETL/SETNGE§ SETGE/SETNL§ SETLE/SETNG§ SETG/SETNLE§ **SETS**§ SETNS§ SETC§ SETNC§ SETO§ SETNO§ SETP/SETPE§ SETNP/SETPO§ Conditional Set **BCD Conversion** AAA AAS AAM AAD DAA DAS Processor Control NOP ESC WAIT LOCK HLT Process Control ARPLT CLTST LART LGDT/LIDT/LLDT† LMSW<sup>†</sup> LSL† LTR† SGDT/SIDT/SLDT† SMSW† STR† VERR† VERW† MOV special§ ## **Interpreting Processor Instructions** This section provides an alphabetical reference to the instructions for the 8086, 8088, 80286, and 80386 processors. A key to each element of the reference is given in Figure 1. Figure 1 Instruction Key ## **Flags** The first row of the display has a one-character abbreviation for the flag name. Only the flags common to all processors are shown. | O | Overflow | T | Trap | Α | Auxiliary carry | |---|-----------|---|------|---|-----------------| | D | Direction | S | Sign | P | Parity | | I | Interrupt | Z | Zero | C | Carry | The second line has codes indicating how the flag can be effected. Sets the flag 0 Clears the flag ? May change the flag, but the value is not predictable blank No effect on the flag ± Modifies according to the rules associated with the flag ## Syntax Each encoding variation may have different syntaxes corresponding to different addressing modes. The following abbreviations are used: reg A general-purpose register of any size segreg One of the segment registers: DS, ES, SS, or CS (also FS or GS on the 80386) accum An accumulator register of any size: AL or AX (also EAX) on the 80386) mem A direct or indirect memory operand of any size label A labeled memory location in the code segment src,dest A source or destination memory operand used in a string operation immed A constant operand In some cases abbreviations have numeric suffixes to specify that the operand must be a particular size. For example, *reg16* means that only a 16-bit (word) register is accepted. ## **Examples** One or more examples are shown for each syntax. The examples are randomly chosen, and no significance should be attached to their order or placement. They are valid examples of the associated syntax, but there is no attempt to illustrate all possible operand combinations or to show context. Their position is not related to the clock speeds in the right column. To avoid confusion by programmers who do not have an 80386 processor, examples do not use 32-bit registers unless the instruction is available only on the 80386. However, 80386 programmers can substitute 32-bit registers unless the description specifically states otherwise. ### **Clock Speeds** Column 3 shows the clock speeds for each processor. Sometimes an instruction may have more than one clock speed. Multiple speeds are separated by commas. If several speeds are part of an expression, they will be enclosed in parentheses. The following abbreviations are used to specify variations: EA <u>Effective address.</u> This applies only to the 8088 and 8086 processors, as described in the next section. processors, as described in the next section. b,w,d Byte, word, or doubleword operands. pm Protected mode. Iterations. Repeated instructions may have a base number of clocks plus a number of clocks for each iteration. For example, 8+4n means eight clocks plus four clocks for each iteration. noj <u>No jump.</u> For conditional jump instructions, noj indicates the speed if the condition is false and the jump is not taken. m Next instruction components. Some control transfer instructions take different times depending on the length of the next instruction executed. On the 8088 and 8086, m is never a factor. On the 80286, m is the number of bytes in the instruction. On the 80386, m is the number of components. Each byte of encoding is a component and the displacement and data are separate components. W88,88 8088 exceptions. See "Timings on the 8088 and 8086." Clocks can be converted to nanoseconds by dividing one microsecond by the number of megahertz (MHz) at which the processor is running. For example, on a processor running at 8 MHz, one clock takes 125 nanoseconds (1000 MHz per nanosecond / 8 MHz). The clock counts are for best-case timings. Actual timings vary depending wait states, alignment of the instruction, the status of the prefetch queue, and other factors. ## Timings on the 8088 and 8086 Because of its 8-bit data bus, the 8088 always requires two fetches to get a 16-bit operand. Instructions that work on 16-bit memory operands therefore take longer on the 8088 than on the 8086. Separate 8088 timings are shown in parentheses following the main timing. For example, 9 (W88=13) means that the 8086 with any operands or the 8088 with byte operands take 9 clocks, but the 8088 with word operands takes 13 clocks. Similarly, 16 (88=24) means that the 8086 takes 21 clocks, but the 8088 takes 29 clocks. On the 8088 and 8086, the effective address (EA) value must be added for instructions that operate on memory operands. A displacement is any direct memory or constant operand, or any combination of the two. Below are the number of clocks to add for the effective address. | Components | EA Clocks | Example | <u>es</u> | |-----------------------------------------------------------|-----------|---------|------------------------------------------| | Displacement | 6 | mov | <pre>ax,stuff ax,stuff+2</pre> | | Base or index | 5 | mov | ax,[bx]<br>ax,[di] | | Displacement plus base or index | 9 | mov | <pre>ax,[bp+8] ax,stuff[di]</pre> | | Base plus index (BP+DI,BX+SI) | 7 | mov | <pre>ax, [bx+si] ax, [bp+di]</pre> | | Base plus index (BP+SI,BX+DI) | 8 | mov | <pre>ax,[bx+di] ax,[bp+si]</pre> | | Base plus index plus displacement (BP+DI+disp,BX+SI+disp) | 11 | mov | <pre>ax,stuff[bx+si] ax,[bp+di+8]</pre> | | Base plus index plus displacement (BP+SI+disp,BX+DI+disp) | 12 | mov | <pre>ax,stuff[bx+di] ax,[bp+si+20]</pre> | | Segment override | EA+2 | mov | <pre>ax,es:stuff ax,ds:[bp+10]</pre> | ## Timings on the 80286 and 80386 Processors On the 80286 and 80386 processors, the effective address calculation is handled by hardware and is therefore not a factor in clock calculations except in one case. If a memory operand includes all three possible elements—a displacement, a base register, and an index register—then add one clock. Examples are shown below. | mov | ax,[bx+di] | ; No | extra | | |-----|-----------------|------|-------|--| | mov | ax,array[bx+di] | ;One | extra | | | mov | ax,[bx+di+6] | ;One | extra | | Note: 80186 and 80188 timings are different from 8088, 8086, and 80286 timings. They are not shown in this manual. Timings are also not shown for protected-mode transfers through gates or for the virtual 8086 mode available on the 80386 processor. ### Interpreting Encodings mod Encodings are shown for each variation of the instruction. This section describes encoding for all processors except the 80386. The encodings take the form of boxes filled with 0s and 1s for bits that are constant for the instruction variation, and abbreviations (in italics) for the following variable bits or bitfields: - d <u>Direction bit.</u> If set, do memory to register or register to register; the *reg* field is the destination. If cleared, do register to memory; the *reg* field is the source. - Word/byte bit. If set, use 16-bit operands. If cleared, use 8-bit operands. - s Sign bit. If set, sign-extend 8-bit immediate data to 16 bits. mod Mode. This two-bit field gives the register/memory mode with displacement. The possible values are shown below. Meaning | 2 | | |----|----------------------------------------------------------------------------------------------------------------------------------------| | 00 | This value can have two meanings: | | | If r/m is 110, a direct memory operand is used. | | | If r/m is not 110, the displacement is 0 and an indirect memory operand is used. The operand must be based, indexed, or based indexed. | | 01 | An indirect memory operand is used with an 8-bit displacement. | | 10 | An indirect memory operand is used with a 16-bit displacement. | | 11 | A two-register instruction is used; the $reg$ field specifies the destination and the $r/m$ field specifies the source. | reg Register. This three-bit field specifies one of the general-purpose registers: | <u>reg</u> | 16-bit if $w=1$ | 8-bit if $w=0$ | |------------|-----------------|----------------| | 000 | AX | AL | | 001 | CX | $\mathbf{CL}$ | | 010 | DX | DL | | 011 | BX | BL | | 100 | SP | AH | | 101 | BP | CH | | 110 | SI | DH | | 111 | DI | BH | The reg field is sometimes used to specify encoding information rather than a register. <u>Segment register.</u> This field specifies one of the segment registers. | sreg | Register | |------|----------| | 000 | ES | | 001 | CS | | 010 | SS | | 011 | DS | r/m Register/memory. This three-bit field specifies a memory or register operand. If the mod field is 11, r/m specifies the source register using the reg field codes. Otherwise, the field has one of the following values: | <u>r/m</u> | Operand Address | |------------|------------------------------------| | 000 | DS:[BX+SI+disp] | | 001 | DS:[BX+DI+disp] | | 010 | SS:[BP+SI+disp] | | 011 | SS:[BP+DI+disp] | | 100 | DS:[SI+disp] | | 101 | <b>DS</b> :[ <b>DI</b> +disp] | | 110 | $\mathbf{DS}:[\mathbf{BP}+disp]^*$ | | 111 | DS:[BX+disp] | disp <u>Displacement.</u> These bytes give the offset for memory operands. The possible lengths (in bytes) are shown in parentheses. data Data. These bytes gives the actual value for constant values. The possible lengths (in bytes) are shown in parentheses. If a memory operand has a segment override, the entire instruction has one of the following bytes as a prefix: | Segment | <u>Prefix</u> | | |---------|---------------|-------| | CS | 00101110 | (2Eh) | | DS | 00111110 | (3Eh) | | ES | 00100110 | (26h) | | SS | 00110110 | (36h) | | | | | <sup>\*</sup> If mod is 00 and r/m is 110, then the operand is treated as a direct memory operand. This means that the operand [BP] is encoded as [BP+0] rather than having a short-form like other register indirect operands. Encoding [BX] takes one byte, but encoding [BP] takes two. ### Example As an example, assume you want to calculate the encoding for the following statement (where warray is a 16-bit variable): ``` add warray[bx+di],-3 ``` First look up the encoding for the immediate to memory syntax of the **ADD** instruction: 100000sw mod,000,r/m disp (0 or 2) data (1 or 2) Since the destination is a word operand, the *w* bit will be set. The 8-bit immediate data must be sign-extended to 16 bits in order to fit into the operand, so the *s* bit is also set. The first byte of the instruction is therefore 10000011 (83h). Since the memory operand can be anywhere in the segment, it must have a 16-bit offset (displacement). Therefore the mod field is 10. The reg field is 000, as shown in the encoding. The r/m coding for [bx+di+disp] is 001. The second byte is 10000001 (81h). The next two bytes are the offset of warray. The high byte of the offset is stored first and the low byte second. For this example, assume that warray is located at offset 10EFh The last byte of the instruction is used to store the 8-bit immediate value -3 (FDh). This value is encoded as 8 bits (but sign-extended to 16 bits by the processor). The encoding is shown below in hexadecimal: 83 81 10 EF FD You can confirm this by assembling the instruction and looking at the resulting assembly listing. ### Interpreting 80386 Encoding Extensions This manual shows 80386 encodings for instructions that are available only on the 80386 processor. For other instructions, encodings are shown only for the 16-bit subset available on all processors. This section tells how to convert the 80286 encodings shown in the manual to 80386 encodings that use extensions such as 32-bit registers and memory operands. The extended 80386 encodings differ in that they can have additional prefix bytes, a Scaled Index Base (SIB) byte, and 32-bit displacement and immediate bytes. Use of these elements is closely tied to the segment word size. The use type of the code segment determines whether the instructions are processed in 32-bit mode (USE32) or 16-bit mode (USE16). Current versions of MS-DOS® and announced versions of OS/2 use 16-bit mode only. The bytes that can appear in an instruction encoding are shown below. ### 80286 Encoding | Opcode | mod-reg-<br>r/m | disp | immed | |--------|-----------------|-------|-------| | (1-2) | (0-1) | (0-2) | (0-2) | ### 80386 Encoding | Address- | Operand- | Opcode | mod-reg- | Scaled | disp | immed | |------------|------------|--------------|----------|------------|-------|--------------| | Size (67h) | Size (66h) | all de anous | r/m | Index Base | | The state of | | (0-1) | (0-1) | (1-2) | (0-1) | (0-1) | (0-4) | (0-4) | Additional bytes may be added for a segment prefix, a repeat prefix, or the **LOCK** prefix. #### **Address-Size Prefix** The address-size prefix determines the segment word size of the operation. It can override the default size for calculating the displacement of memory addresses. The address prefix byte is 67h. **MASM** automatically inserts this byte where appropriate. In 32-bit mode (**USE32** code segment), displacements are calculated as 32-bit addresses. The effective address-size prefix must be used for any instructions that must calculate addresses as 16-bit displacements. In 16-bit mode the defaults are reversed. The prefix must be used to specify calculation of 32-bit displacements. ### Operand-Size Prefix The operand-size prefix determines the size of operands. It can override the default size of registers or memory operands. The operand-size prefix byte is 66h. **MASM** automatically inserts this byte where appropriate. In 32-bit mode, the default sizes for operands are 8 bits and 32 bits (depending on the w bit). The operand-size prefix must be used for any instructions that use 16-bit operands. In 16-bit mode, the default sizes are 8 bits and 16 bits. The prefix must be used for any instructions that use 32-bit operands. ### **Encoding Differences for 32-bit Operations** When 32-bit operations are performed, the meaning of certain bits or fields are different than for 16-bit operations. The changes may affect default operations in 32-bit mode, or 16-bit mode operations in which the address-size prefix or the operand-size prefix is used. The following fields may have a different meaning for 32-bit operations than the meaning described in the Interpreting Encodings section: w Word/byte bit. If set, use 32-bit operands. If cleared, use 8-bit operands. s Sign bit. If set, sign-extend 8-bit or 16-bit immediate data Mode. This field indicates the register/memory mode. The value 11 still indicates a register-to-register operation with r/m containing the code for a 32-bit source register. However, other codes have different meanings as shown in the tables in the next section. reg Register. The codes for 16-bit registers are extended to 32-bit registers. For example, if the reg field is 000, EAX is used instead of AX. Use of 8-bit registers is unchanged. sreg Segment register. The 80386 has the following additional segment registers: sreg Register 100 FS 101 GS mod r/m Register/memory. If the r/m field is used for the source register, 32-bit registers are used as for the reg field. If the field is used for memory operands, the meaning is completely different than for 16-bit operations, as shown in the tables in the next section. disp <u>Displacement.</u> This field is four bytes for 32-bit addresses. data Data. Immediate data can be up to four bytes. ### Scaled Index Base Byte Many 80386 extended memory operands are too complex to be represented by a single mod-reg-r/m byte. For these operands, a value of 100 in the r/m field signals the presence of a second encoding byte called the Scaled Index Base (SIB) byte. The SIB byte is made up of the following fields: ss <u>Scaling Field.</u> This two-bit field specifies one of the following scaling factors: | <u>SS</u> | <b>Factor</b> | |-----------|---------------| | 00 | 1 | | 01 | 2 | | 10 | 4 | | 11 | 8 | index <u>Index Register</u>. This three-bit field specifies one of the following index registers: | <u>index</u> | Register | |--------------|------------| | 000 | EAX | | 001 | <b>ECX</b> | | 010 | EDX | | 011 | EBX | | 100 | no index | | 101 | EBP | | 110 | ESI | | 111 | EDI | Note that **ESP** cannot be an index register. If the *index* field is 100, then the ss field must be 00. base <u>Base Register.</u> This three-bit field combines with the mod field to specify the base register and the displacement. Note that the *base* field only specifies the base when the r/m field is 100. Otherwise the r/m field specifies the base. The possible combinations of the *mod*, *r/m*, *scale*, *index*, and *base* fields are shown below. | Fields for 32-bit Fields for 32-<br>Nonindexed Operands Indexed Opera | | | | | | - (1980) | |-----------------------------------------------------------------------|------------|-----------------|-------------|------------|-------------|------------------------------------------------| | <u>mod</u> | <u>r/m</u> | <u>Operand</u> | <u>mod</u> | <u>r/m</u> | <u>base</u> | <u>Operand</u> | | 00 | 000 | DS:[EAX] | (00 | 100 | 000 | <b>DS</b> :[ <b>EAX</b> +(scale*index)] | | 00 | 001 | DS:[ECX] | 00 | 100 | 001 | <b>DS</b> :[ <b>ECX</b> +(scale*index)] | | 00 | 010 | DS:[EDX] | 00 | 100 | 010 | DS:[EDX+(scale*index)] | | 00 | 011 | DS:[EBX] | 00 | 100 | 011 | DS:[EBX+(scale*index)] | | 00 | 100 | SIB used— | → 00 | 100 | 100 | SS:[ESP+(scale*index)] | | 00 | 101 | DS:disp32† | 00 | 100 | 101 | <b>DS</b> :[ $disp32+(scale*index)$ ]† | | 00 | 110 | DS:[ESI] | 00 | 100 | 110 | <b>DS</b> :[ <b>ESI</b> +(scale*index)] | | 00 | 111 | DS:[EDI] | <b>(</b> 00 | 100 | 111 | <b>DS</b> :[ <b>EDI</b> +(scale*index)] | | | | | | | | | | 01 | 000 | DS:[EAX+disp8] | (01 | 100 | 000 | <b>DS</b> :[ <b>EAX</b> +(scale*index)+disp8] | | 01 | 001 | DS:[ECX+disp8] | 01 | 100 | 001 | <b>DS</b> :[ <b>ECX</b> +(scale*index)+disp8] | | 01 | 010 | DS:[EDX+disp8] | 01 | 100 | 010 | <b>DS</b> :[ <b>EDX</b> +(scale*index)+disp8] | | 01 | 011 | DS:[EBX+disp8] | 01 | 100 | 011 | <b>DS</b> :[ <b>EBX</b> +(scale*index)+disp8] | | 01 | 100 | SIB used— | 01 | 100 | 100 | SS:[ESP+(scale*index)+disp8] | | 01 | 101 | SS:[EBP+disp8] | 0.1 | 100 | 101 | SS:[EBP+(scale*index)+disp8] | | 01 | 110 | DS:[ESI+disp8] | 01 | 100 | 110 | <b>DS</b> :[ <b>ESI</b> +(scale*index)+disp8] | | 01 | 111 | DS:[EDI+disp8] | 01 | 100 | 111 | <b>DS</b> :[ <b>EDI</b> +(scale*index)+disp8] | | | | | | | | | | 10 | 000 | DS:[EAX+disp32] | (10 | 100 | 000 | <b>DS</b> :[ <b>EAX</b> +(scale*index)+disp32] | | 10 | 001 | DS:[ECX+disp32] | 10 | 100 | 001 | <b>DS</b> :[ <b>ECX</b> +(scale*index)+disp32] | | 10 | 010 | DS:[EDX+disp32] | 10 | 100 | 010 | DS:[EDX+(scale*index)+disp32] | | 10 | 011 | DS:[EBX+disp32] | 10 | 100 | 011 | <b>DS</b> :[ <b>EBX</b> +(scale*index)+disp32] | | 10 | 100 | SIB used— | 10 | 100 | 100 | SS:[ESP+(scale*index)+disp32] | | 10 | 101 | SS:[EBP+disp32] | 10 | 100 | 101 | SS:[EBP+(scale*index)+disp32] | | 10 | 110 | DS:[ESI+disp32] | 10 | 100 | 110 | DS:[ESI+(scale*index)+disp32] | | 10 | 111 | DS:[EDI+disp32] | (10 | 100 | 111 | <b>DS</b> :[ <b>EDI</b> +(scale*index)+disp32] | <sup>†</sup> The operand [EBP] must be encoded as [EBP+0] (the 0 is an 8-bit displacement). Similarly, [EBP+(scale\*index)] must be encoded as [EBP+(scale\*index)+0]. The short encoding form available with other base registers cannot be used with **EBP**. If a memory operand has a segment override, the entire instruction has one of the prefixes discussed earlier in the Interpreting Encodings section or one of the following prefixes for the segment registers available only on the 80386: | <u>Segment</u> | <u>Prefix</u> | | |----------------|---------------|-------| | FS | 01100100 | (64h) | | GS | 01100101 | (65h) | ### **Example** Assume you want to calculate the encoding for the following statement (where warray is a 16-bit variable). Assume also that the instruction is used in 16-bit mode. add warray[eax+ecx\*2],-3 First look up the encoding for the immediate to memory syntax of the **ADD** instruction: 100000sw mod,000,r/m disp (0 or 2) data (1 or 2) This encoding must be expanded to account for 80386 extensions. Note that the instruction operates on 16-bit data in a 16-bit mode program. Therefore, the operand-size prefix is not needed. However, the instruction does use 32-bit registers to calculate a 32-bit effective address. Thus the first byte of the encoding must be the effective address-size prefix, 01100111 (67h). The opcode byte is the same (83h) as for the 80286 example described in the Interpreting Encodings section. The mod-reg-r/m byte must specify a based indexed operand with a scaling factor of two. This operand cannot be specified with a single byte, so the encoding must also use the SIB byte. The value 100 in the r/m field specifies an SIB byte. The reg field is 000, as shown in the encoding. The mod field is 10 for operands that have base and scaled index registers and a 32-bit displacement. The combined mod, reg, and r/m fields for the second byte are 10000100 (84h). The SIB byte is next. The scaling factor is 2, so the *ss* field is 01. The index register is **ECX**, so the *index* field is 001. The base register is **EAX**, so the *base* field is 000. The SIB byte is 01001000 (48h). The next four bytes are the offset of warray. The low bytes are stored last. For this example, assume that warray is located at offset 10EFh. This offset only requires two bytes, but four must be supplied because of the addressing mode. A 32-bit address can be safely used in 16-bit mode as long as the upper word is 0. The last byte of the instruction is used to store the 8-bit immediate value -3 (FDh). The encoding is shown below in hexadecimal: 67 83 84 48 00 00 10 EF FD | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ? | ? | ± | ? | ± | ### AAA **ASCII Adjust After Addition** Adjusts the result of an addition to a decimal digit (0-9). The previous addition instruction should place its 8-bit sum in AL. If the sum is greater than 9h, **AH** is incremented and the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared. | 00110111 | | | |----------|-----|------------------| | AAA | aaa | 88/86 8<br>286 3 | | | | 386 4 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ± | ± | ? | ± | ? | ### AAD ASCII Adjust Before Division Converts unpacked BCD digits in AH (most significant digit) and AL (least significant digit) to a binary number in AX. The instruction is often used to prepare an unpacked BCD number in AX for division by an unpacked BCD digit in an 8-bit register. | 11010101 00 | 001010 | | | |-------------|--------|---------------------|----------------| | AAD | aad | 88/86<br>286<br>386 | 60<br>14<br>19 | ### AAM ASCII Adjust After Multiply | 0 | D | I | T | | | | | | |---|---|---|---|---|---|---|---|---| | ? | | | M | ± | ± | ? | ± | ? | Converts an 8-bit binary number less than 100 decimal in AL to an unpacked BCD number in AX. The most significant digit goes in AH and the least significant in AL. This instruction is often used to adjust the product after a MUL instruction that multiplies unpacked BCD digits in AH and AL. It is also used to adjust the quotient after a DIV instruction that divides a binary number less than 100 decimal in AX by an unpacked BCD number. | 11010100 | 00001010 | 2.2 | | |----------|----------|----------|--| | | aam | 88/86 83 | | | AAM | | 286 16 | | | | | 386 17 | | # AAS ASCII Adjust After Subtraction | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ? | ? | ± | ? | ± | Adjusts the result of a subtraction to a decimal digit (0-9). The previous subtraction instruction should place its 8-bit result in **AL**. If the result is greater than 9h, then **AH** is decremented and the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared. | 00111111 | | | | |----------|-----|---------|--| | | aas | 88/86 8 | | | AAS | | 286 3 | | | | | 386 4 | | | О | D | I | T | S | Z | Α | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | ### ADC Add with Carry Adds the source operand, the destination operand, and the value of the carry flag. The result is assigned to the destination operand. This instruction is used to add the more significant portions of numbers that must be added in multiple registers. | 000100dw moa | l,reg,r/m disp (0 or 2) | | | |---------------|-------------------------|---------------------|-----------------------------| | ADC reg,reg | adc dx,cx | 88/86<br>286<br>386 | 3<br>2<br>2 | | ADC mem,reg | adc WORD PTR m32[2],dx | 88/86<br>286<br>386 | 16+EA (W88=24+EA)<br>7<br>7 | | ADC reg,mem | adc dx, WORD PTR m32[2] | 88/86<br>286<br>386 | 9+EA (W88=13+EA)<br>7<br>6 | | 100000sw mod | disp (0 or 2) | data (1 or | 2) | | ADC reg,immed | adc dx,12 | 88/86<br>286<br>386 | 4<br>3<br>2 | | ADC mem,immed | adc WORD PTR m32[2],16 | 88/86<br>286<br>386 | 17+EA (W88=23+EA)<br>7<br>7 | | 0001010w date | a (1 or 2) | | | | | adc ax,5 | 88/86 | 4 | ### ADD Add | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | Adds the source and destination operands and puts the sum in the destination operand. | 4 D.D | add ax,bx | 88/86 | 3 | | |------------------------------|------------------------------------------------|--------------------------------------------|---------------------------------------|--| | ADD reg,reg | | 286<br>386 | 2 2 | | | | add total,cx | 88/86 | 16+EA (W88=24+EA | | | ADD mem,reg | add array[bx+di],dx | 286 | 7 | | | | | 386 | 7 | | | | add cx,incr | 88/86 | 9+EA (W88=13+EA) | | | ADD reg,mem | add dx,[bp+6] | 286 | 7 | | | | | 386 | 6 | | | 100000sw m | od, 000,r/m disp (0 or 2) | | | | | 100000sw m | disp (0 or 2) | data (1 or | 4 | | | | | 88/86<br>286 | 4 3 | | | | | 88/86 | 4 | | | ADD reg,immed | add bx,6 | 88/86<br>286<br>386<br>88/86 | 4<br>3<br>2<br>17+EA (W88=23+EA | | | ADD reg,immed | add bx,6 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=23+EA)<br>7 | | | ADD reg,immed | add bx,6 | 88/86<br>286<br>386<br>88/86 | 4<br>3<br>2<br>17+EA (W88=23+EA) | | | ADD reg,immed | add bx,6 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=23+EA<br>7 | | | ADD reg,immed ADD mem,immed | add bx,6 add amount,27 add pointers[bx][si],6 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=23+EA<br>7 | | | ADD reg,immed ADD mem,immed | add bx,6 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=23+EA<br>7 | | | ADD reg,immed ADD mem,immed | add bx,6 add amount,27 add pointers[bx][si],6 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=23+EA<br>7 | | | ADD reg,immed ADD mem,immed | add bx,6 add amount,27 add pointers[bx][si],6 | 88/86<br>286<br>386<br>88/86<br>286<br>386 | 4<br>3<br>2<br>17+EA (W88=23+EA<br>7 | | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | 0 | | | | ± | ± | ? | ± | 0 | ### AND Logical AND Performs a bitwise logical AND on the source and destination operands and stores the result in the destination operand. For each bit position in the operands, if both bits are set, then the corresponding bit of the result is set. Otherwise, the corresponding bit of the result is cleared. | 001000dw | disp (0 or 2) | | |-----------------|---------------------------------------|-------------------------------------------| | AND reg,reg | and dx,bx | 88/86 3<br>286 2<br>386 2 | | AND mem,reg | and bitmask,bx<br>and [bp+2],dx | 88/86 16+EA (W88=24+EA)<br>286 7<br>386 7 | | AND reg,mem | and bx,masker<br>and dx,marray[bx+di] | 88/86 9+EA (W88=13+EA)<br>286 7<br>386 6 | | 100000sw mod | , 100, r/m disp ( 0 or 2) | data (1 or 2) | | AND reg,immed | and dx,0F7h | 88/86 4<br>286 3<br>386 2 | | AND mem,immed | and masker,1001b | 88/86 17+EA (W88=23+EA)<br>286 7<br>386 7 | | 0010010w date | ı (1 or 2) | | | AND accum,immed | and ax,0B6h | 88/86 4<br>286 3<br>386 2 | # ARPL Adjust Requested O D I T S Z A P C Adjust Requested Privilege Level 80286/386 Protected Only Verifies that the destination Requested Privileged Level (RPL) field (bits 0 and 1 of a selector value) is less than the source RPL field. If it is not, **ARPL** adjusts the destination RPL up to match the source RPL. The destination operand should be a 16-bit memory or register operand containing the value of a selector. The source operand should be a 16-bit register containing the test value. The zero flag is set if the destination is adjusted; otherwise the flag is cleared. **ARPL** can only be used in 80286 and 80386 privileged mode. See Intel documentation for details on selectors and privilege levels. | 01100011 | mod,reg,r/m disp (0 or 2) | | |--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------| | ADDI was use | arpl ax,cx | 88/86 —<br>286 10 | | ARPL reg,reg | to the same of | 386 20 | | | arpl selector, dx | 88/86 — | | ARPL mem,reg | | 286 11 | | | and the second | 386 21 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### BOUND Check Array Bounds 80186/286/386 Only Verifies that a signed index value is within the bounds of an array. The destination operand can be any 16-bit register containing the index to be checked. The source operand must then be a 32-bit memory operand in which the low and high words contain the starting and ending values, respectively, of the array. (On the 80386 processor, the destination operand can be a 32-bit register; in this case, the source operand must be a 64-bit operand made up of 32-bit bounds.) If the source operand is less than the first bound or greater than the last bound, then an Interrupt 5 is generated. The instruction pointer pushed by the interrupt (and returned by IRET) points to the BOUND instruction rather than to the next instruction. | 01100010 mod | reg, r/m | disp (2) | | | | |-----------------------------------------|----------|-----------|---------------------|------------------------|--| | BOUND reg16,mem32<br>BOUND reg32,mem64* | | di,base-4 | 88/86<br>286<br>386 | <br>noj=13†<br>noj=10† | | <sup>\* 80386</sup> only. <sup>†</sup> See INT for timings if interrupt 5 is called. ### BSF/BSR Bit Scan 80386 Only | 0 | D | I | T | S | Z | A | P | C | |-----|---|---|---|---|---|---|---|---| | 121 | | - | | | ± | | | | Scans an operand to find the first set bit. If a set bit is found, the zero flag is set and the destination operand is loaded with the bit index of the first set bit encountered. If no set bit is found, the zero flag is cleared. **BSF** (Bit Scan Forward) scans from bit 0 to the most significant bit. **BSR** (Bit Scan Reverse) scans from the most significant bit of an operand to bit 0. | 00001111 | 10111100 mod, reg, r/m | disp (0, 2, or 4) | |------------------------------------|---------------------------------------|-------------------------------| | BSF reg16,reg16 | bsf cx,bx | 88/86 — | | BSF reg32,reg32 | | 286 —<br>386 10+3n | | BSF reg16,mem16 | bsf ecx,bitmask | 88/86 — | | BSF reg32,mem32 | DSI GCA, DICHIASK | 286 — | | Dox regozymentoz | | 386 10+3n | | | | Company of the State of the | | 00001111 | 10111101 mod, reg, r/m | disp (0, 2, or 4) | | 00001111 BSR reg16,reg16 | 10111101 mod, reg, r/m bsr cx, dx | disp (0, 2, or 4) | | BSR reg16,reg16 | | | | BSR reg16,reg16 | | 88/86 — | | | | 88/86 —<br>286 — | | BSR reg16,reg16<br>BSR reg32,reg32 | bsr cx,dx | 88/86 —<br>286 —<br>386 10+3n | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | ± | ### BT/BTC/BTR/BTS **Bit Tests** 80386 Only Copies the value of a specified bit into the carry flag where it can be tested by a JC or JNC instruction. The destination operand specifies the value in which the bit is located; the source operand specifies the bit position. BT simply copies the bit to the flag. BTC copies the bit and complements (toggles) it in the destination. BTR copies the bit and resets (clears) it in the destination. BTS copies the bit and sets it in the destination | 00001111 10 | 111010 mod, BBB*,r/m | disp (0, 2, or 4) | data (1) | |-------------------------------------------------------------|---------------------------------------------------------------|----------------------------|----------| | BT reg16,immed8† | bt ax,4 | 88/86 —<br>286 —<br>386 3 | | | BTC reg16,immed8†<br>BTR reg16,immed8†<br>BTS reg16,immed8† | bts ax,4<br>btr bx,17<br>btc edi,4 | 88/86 —<br>286 —<br>386 6 | | | BT mem16,immed8† | btr DWORD PTR [si],27<br>btc color[di],4 | 88/86 —<br>286 —<br>386 6 | | | BTC mem16,immed8†<br>BTR mem16,immed8†<br>BTS mem16,immed8† | <pre>btc DWORD PTR [bx],27 btc maskit,4 btr color[di],4</pre> | 88/86 —<br>286 —<br>386 8 | | | 00001111 10B | RBB011* mod, reg, r/m | disp (0, 2, or 4) | | | BT reg16,reg16† | bt ax,bx | 88/86 —<br>286 —<br>386 3 | | | BTC reg16,reg16† BTR reg16,reg16† BTS reg16,reg16† | btc eax,ebx<br>bts bx,ax<br>btr cx,di | 88/86 —<br>286 —<br>386 6 | | | BT mem16,reg16† | bt [bx],dx | 88/86 —<br>286 —<br>386 12 | | | BTC mem16,reg16†<br>BTR mem16,reg16†<br>BTS mem16,reg16† | <pre>bts flags[bx],cx btr rotate,cx btc [bp+8],si</pre> | 88/86 —<br>286 —<br>386 13 | | <sup>\*</sup> BBB is 100 for BT, 111 for BTC, 110 for BTR, and 101 for BTS. <sup>†</sup> Operands can also be 32 bits (reg32 and mem32). ### CALL Call Procedure | O | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Calls a procedure. The instruction does this by pushing the address of the next instruction onto the stack and transferring to the address specified by the operand. For **NEAR** calls, **SP** is decreased by 2, the offset (**IP**) is pushed, and the new offset is loaded into **IP**. For FAR calls, SP is decreased by 2, the segment (CS) is pushed, and the new segment is loaded into CS. Then SP is decreased by 2 again, the offset (IP) is pushed, and the new offset is loaded into IP. A subsequent RET instruction can pop the address so that execution continues with the instruction following the call. | CALL label | call upcase | 88/86 | 19 (88=23) | |------------|------------------|---------------------|--------------------------------| | | | 286<br>386 | 7+m<br>7+m | | 10011010 | disp (4) | | | | | call FAR PTR job | 88/86 | 28 (88=36) | | CALL label | call distant | 286<br>386 | 13+m,pm=26+m*<br>17+m,pm=34+m* | | 11111111 | mod,010,r/m | 360 | 771m,pm=547m | | 11111111 | mod,010,r/m | 88/86 | 16 (88=20) | | 11111111 | | 88/86<br>286 | 16 (88=20)<br>7+m | | CALL reg | call ax | 88/86<br>286<br>386 | 16 (88=20)<br>7+m<br>7+m | | | | 88/86<br>286 | 16 (88=20)<br>7+m | <sup>\*</sup> Timings for calls through call and task gates are not shown, since they are used primarily in operating systems. <sup>† 80386 32-</sup>bit addressing mode only. | 0 | D | I | T | S | Z | Α | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | # **CBW**Convert Byte to Word Converts a signed byte in **AL** to a signed word in **AX** by extending the sign bit of **AL** into all bits of **AH**. | 10011000* | | | | | |-----------|-----|--------------|---|--| | | cbw | 88/86<br>286 | 2 | | | CBW | | 286 | 2 | | | | | 386 | 3 | | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### CDQ Convert Double to Quad 80386 Only Converts the signed doubleword in **EAX** to a signed quadword in the **EDX:EAX** register pair by extending the sign bit of **EAX** into all bits of **EDX**. | 10011001* | | | | | |-----------|-----|--------------|---|--| | | edq | 88/86<br>286 | | | | CDQ | | 286 | - | | | | | 386 | 2 | | <sup>\*</sup> CBW and CWDE have the same encoding except that in 32-bit mode CBW is preceded by the operand-size byte (66h) but CWDE is not; in 16-bit mode CWDE is preceded by the operand-size byte but CBW is not. <sup>\*</sup> CWD and CDQ have the same encoding except that in 32-bit mode CWD is preceded by the operand-size byte (66h) but CDQ is not; in 16-bit mode CDQ is preceded by the operand-size byte but CWD is not. | CLC | | |--------------------|------| | <b>Clear Carry</b> | Flag | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | 0 | Clears the carry flag. | 11111000 | | 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 | |----------|-----------|-----------------------------------------| | | clc | 88/86 2 | | CLC | Carlo Co | 286 2 | | | C. Prince | 386 2 | | CLD | ) | | |-------|-----------|------| | Clear | Direction | Flag | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | 0 | | | | | | | | Clears the direction flag. All subsequent string instructions will process up (from low addresses to high addresses), by increasing the appropriate index registers. | 11111100 | and breezie und 773<br>Thomas regional go | oned the signed damplement in f | |----------|-------------------------------------------|---------------------------------| | | cld | 88/86 2<br>286 2 | | CLD | | | | | | 386 2 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | 0 | | | | | | | ### CLI Clear Interrupt Flag Clears the interrupt flag. When the interrupt flag is cleared, maskable interrupts are not recognized until the flag is set again with the STI instruction. In privileged mode, CLI only clears the flag if the current task's privilege level is less than or equal to the value of the IOPL flag. Otherwise, a general protection fault is generated. | 11111010 | | | | | | |----------|-----|-------|---|----|--| | | cli | 88/86 | 2 | i. | | | CLI | | 286 | 3 | | | | | | 386 | 3 | | | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### **CLTS** Clear Task Switched Flag 80286/386 Privileged Only Clears the task switched flag in the Machine Status Word (MSW) of the 80286 or the CR0 register of the 80386. This instruction can be used only in systems software executing at privilege level 0. See Intel documentation for details on the task switched flag and other privileged-mode concepts. | 00001111 00 | 000110 | | | |-------------|--------|--------------|---| | CLTS | clts | 88/86<br>286 | | | | | 386 | 5 | # **CMC**Complement Carry Flag | 0 | D | I | T | S | Z | A | P | C | |---|---|---|-------|---|---|---|---|---| | | | | THE P | | | | | ± | Complements (toggles) the carry flag. | 11110101 | to anti-citing. | प्रकार कर्ती व्यवस्थित किली ब्राह्मिकाल है।<br>सम्बद्धाः स्वास्टर्भागाः स्वास्टर्भागाः | |----------|-----------------|----------------------------------------------------------------------------------------| | | cmc | 88/86 2 | | CMC | | 286 2 | | | | 386 2 | | 0 | D | I | T | S | Z | Α | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | ### CMP Compare Two Operands Compares two operands as a test for a subsequent conditional jump or set instruction. CMP does this by subtracting the source operand from the destination operand and setting the flags according to the result. CMP is the same as the SUB instruction, except that the result is not stored. | 001110dw mod | , reg, r/m disp (0 or 2) | | |-----------------|----------------------------------------|-------------------------------------------| | CMP reg,reg | cmp di,bx<br>cmp dl,cl | 88/86 3<br>286 2<br>386 2 | | CMP mem,reg | cmp maximum,dx cmp array[si],bl | 88/86 9+EA (W88=13+EA)<br>286 7<br>386 5 | | CMP reg,mem | cmp dx,minimum cmp bh,array[si] | 88/86 9+EA (W88=13+EA)<br>286 6<br>386 6 | | 100000sw mod | disp (0 or 2) | data (1 or 2) | | CMP reg,immed | cmp ax,24 | 88/86 4<br>286 3<br>386 2 | | CMP mem,immed | cmp WORD PTR [di],4<br>cmp tester,4000 | 88/86 10+EA (W88=14+EA)<br>286 6<br>386 5 | | 0011110w date | a (1 or 2) | | | CMP accum,immed | cmp ax,1000 | 88/86 4<br>286 3<br>386 2 | ### CMPS/CMPSB/ CMPSW/CMPSD Compare String | | O | D | I | T | S | Z | A | P | C | |----|---|---|---|---|---|---|---|---|---| | T: | ± | | | | ± | ± | ± | ± | + | Compares two strings. **DS:SI** must point to the source string and **ES:DI** must point to the destination string (even if operands are given). For each comparison, the destination element is subtracted from the source element and the flags are updated to reflect the result (although the result is not stored). **DI** and **SI** are adjusted according to the size of the operands and the status of the direction flag. They are increased if the direction flag has been cleared with **CLD** or decreased if the direction flag has been set with **STD**. If the CMPS form of the instruction is used, operands must be provided to indicate the size of the data elements to be processed. A segment override can be given for the source (but not for the destination). If CMPSB (bytes), CMPSW (words), or CMPSD (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be processed. Operands are not allowed. CMPS and its variations are usually used with repeat prefixes. REPNE (or REPNZ) is used to find the first match between two strings. REPE (or REPZ) is used to find the first nonmatch. Before the comparison, CX should contain the maximum number of elements to compare. After the comparison, CX will be 0 if no match (for REPNE) or no nonmatch (for REPE) was found. Otherwise SI and DI will point to the element after the first match or nonmatch. | 1010011w | | | Track . | Contract of | |---------------------------------|-------|-----------------|---------|-------------| | CMPS [[segreg:]]src,[[ES:]]dest | cmps | source, es:dest | 88/86 | 22 (W88=30) | | CMPSB | repne | cmpsw | 286 | 8 | | CMPSW | repe | cmpsb | 386 | 10 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | # CWD Convert Word to Double Converts the signed word in AX to a signed word in the DX:AX register pair by extending the sign bit of AX into all bits of DX. | 10011001* | | | | |-----------|-----|---------------------|-------------| | CWD | cwd | 88/86<br>286<br>386 | 5<br>2<br>2 | | | | 300 | 2 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### **CWDE** Convert Word to Extended Double 80386 Only Converts a signed word in **AX** to a signed doubleword in **EAX** by extending the sign bit of **AX** into all bits of **EAX**. | 10011000* | | | | |-----------|------|--------------|---| | CWDE | cwde | 88/86<br>286 | - | | CWDE | | 386 | 3 | <sup>\*</sup> CWD and CDQ have the same encoding except that in 32-bit mode CWD is preceded by the operand-size byte (66h) but CDQ is not; in 16-bit mode CDQ is preceded by the operand-size byte but CWD is not. <sup>\*</sup> CBW and CWDE have the same encoding except that in 32-bit mode CBW is preceded by the operand-size byte (66h) but CWDE is not; in 16-bit mode CWDE is preceded by the operand-size byte but CBW is not. ### **DAA**Decimal Adjust After Addition | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | m | ± | ± | ± | ± | ± | Adjusts the result of an addition to a packed BCD number (less than 100 decimal). The previous addition instruction should place its 8-bit binary sum in AL. DAA converts this binary sum to packed BCD format with the least significant decimal digit in the lower four bits and the most significant digit in the upper four bits. If the sum is greater than 99h after adjustment, then the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared. | 00100111 | en, a 1987 - Jam bij 17 - De | Legano polici di pilin sur espertità i dels 198 | |----------|------------------------------|-------------------------------------------------| | | daa | 88/86 4 | | DAA | | 286 3 | | | | 386 4 | # DAS Decimal Adjust after Subtraction | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ± | ± | ± | ± | ± | Adjusts the result of a subtraction to a packed BCD number (less than 100 decimal). The previous subtraction instruction should place its 8-bit binary result in **AL. DAS** converts this binary sum to packed BCD format with the least significant decimal digit in the lower four bits and the most significant digit in the upper four bits. If the sum is greater than 99h after adjustment, then the carry and auxiliary carry flags are set. Otherwise, the carry and auxiliary carry flags are cleared. | 00101111 | Control of English | In control of the state of the control of the state of the control of the state of the control o | |----------|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | DAS | das | 88/86 4<br>286 3<br>386 4 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | | ### DEC Decrement Subtracts 1 from the destination operand. Because the operand is treated as an unsigned integer, the DEC instruction does not affect the carry flag. If a signed borrow requires detection, use the SUB instruction. | 1111111w mod | disp (0 or 2) | | | |-------------------------|---------------|---------------------|-----------------------------| | DEC reg8 | dec cl | 88/86<br>286<br>386 | 3<br>2<br>2 | | DEC mem | dec counter | 88/86<br>286<br>386 | 15+EA (W88=23+EA)<br>7<br>6 | | 01001 reg | | | | | DEC reg16<br>DEC reg32* | dec ax | 88/86<br>286<br>386 | 3<br>2<br>2 | <sup>\* 80386</sup> only. ### **DIV** Unsigned Divide | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ? | ? | ? | ? | ? | Divides an implied destination operand by a specified source operand. Both operands are treated as unsigned numbers. If the source (divisor) is 16 bits wide, then the implied destination (dividend) is the **DX:AX** register pair. The quotient goes into **AX** and the remainder into **DX**. If the source is 8 bits wide, the implied destination operand is **AX**. The quotient goes into **AL** and the remainder into **AH**. On the 80386, if the source is **EAX**, the quotient goes into **EAX** and the divisor into **EDX**. | 1111011w | mod, 110,r/m disp (0 or 2) | | |----------|----------------------------|----------------------------------------------------------------------| | DIV reg | div cx<br>div dl | 88/86 b=80-90,w=144-162<br>286 b=14,w=22<br>386 b=14,w=22,w=38 | | DIV mem | div [bx]<br>div fsize | 88/86 (b=86-96,w=150-168)+EA*<br>286 b=17,w=25<br>386 b=17,w=25,d=41 | <sup>\*</sup> Word memory operands on the 8088 take (158-176)+EA clocks. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | Г | | | | | | | | | ### **ENTER** Make Stack Frame 80186/286/386 Only Creates a stack frame for a procedure that receives parameters passed on the stack. The **BP** register is pushed and **BP** is set as the stack frame through which parameters and local variables can be accessed. The first operand of the **ENTER** instruction specifies the number of bytes to reserve for local variables. The second operand specifies the nesting level for the procedure. The nesting level should be 0 for languages that do not allow access to local variables of higher level procedures (such as **C**, **BASIC**, and **FORTRAN**). See the complementary instruction **LEAVE** for a method of exiting from a procedure. | a(2) data(1) | | | |--------------|-----------|------------------------------------------------------------------------------------------| | enter 4,0 | 88/86 | | | | | 11 | | | | 10 | | enter 0,1 | 88/86 | _ | | | 286 | 15 | | | 386 | 12 | | enter 6,4 | 88/86 | | | | 286 | 12+4(n-1) | | | 386 | 15+4(n-1) | | | enter 4,0 | enter 4,0 88/86<br>286<br>386<br>enter 0,1 88/86<br>286<br>386<br>enter 6,4 88/86<br>286 | ### ESC Escape | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Provides an instruction, and optionally a memory or register operand, for use by a coprocessor (such as the 8087, 80287, or 80387). The first operand must be a 6-bit constant that specifies the bits of the coprocessor instruction. The second operand can be either a register or memory operand to be used by the coprocessor instruction. The CPU puts the specified information on the data bus where it can be accessed by the coprocessor. MASM automatically inserts ESC instructions in coprocessor instructions. | 11011 <i>TTT</i> * | nod, LLL*,r/m | mass to bottom a not STAN | |--------------------|---------------|---------------------------------------------| | ESC immed,reg | esc 5,al | 88/86 2<br>286 9-20<br>386 † | | ESC immed,mem | esc 29,[bx] | 88/86 8+EA (W88=12+EA)<br>286 9-20<br>386 † | <sup>\*</sup> TTT specifies the top three bits of the coprocessor opcode and LLL specifies the lower three bits. † Timings vary. See the 80387 timings in the coprocessor section. ### HLT Halt | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Stops CPU execution until an interrupt restarts execution at the instruction following HLT. | 11110100 | | | |----------|-----|------------------| | | hlt | 88/86 2<br>286 2 | | HLT | | 286 2 | | | | 386 5 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ? | ? | ? | ? | ? | ### IDIV Signed Divide Divides an implied destination operand by a specified source operand. Both operands are treated as signed numbers. If the source (divisor) is 16 bits wide, then the implied destination (dividend) is the **DX:AX** register pair. The quotient goes into AX and the remainder into DX. If the source is 8 bits wide, the implied destination is AX. The quotient goes into AL and the remainder into AH. On the 80386, if the source is EAX, the quotient goes into EAX and the divisor into EDX. | 1111011w mod | disp (0 or 2) | | |--------------|-------------------|------------------------------------------------------------------------| | IDIV reg | idiv bx<br>div dl | 88/86 b=101-112,w=165-184<br>286 b=17,w=25<br>386 b=19,w=27,d=43 | | IDIV mem | idiv itemp | 88/86 (b=107-118,w=171-190)+EA*<br>286 b=20,w=28<br>386 b=22,w=30,d=46 | <sup>\*</sup> Word memory operands on the 8088 take (175-194)+EA clocks. ### IMUL Signed Multiply | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ? | ? | ? | ? | ± | Multiplies an implied destination operand by a specified source operand. Both operands are treated as signed numbers. If a single 16-bit operand is given, the implied destination is AX and the product goes into the DX:AX register pair. If a single 8-bit operand is given, the implied destination is AL and the product goes into AX. On the 80386, if the operand is EAX, the product goes into the EDX:EAX register pair. The carry and overflow flags are set if the product is sign extended into DX for 16-bit operands, into AH for 8-bit operands, or into EDX for 32-bit operands. Two additional syntaxes are available on the 80186-80386 processors. In the two-operand form, a 16-bit register gives one of the factors and serves as the destination for the result; a source constant specifies the other factor. In the three-operand form, the first operand is a 16-bit register where the result will be stored, the second is a 16-bit register or memory operand containing one of the factors, and the third is a constant representing the other factor. With both variations, the overflow and carry flags are set if the result is too large to fit into the 16-bit destination register. Since the low 16 bits of the product are the same for both signed and unsigned multiplication, these syntaxes can be used for either signed or unsigned numbers. On the 80386, the operands can either 16 or 32 bits wide. A fourth syntax is available on the 80386. Both the source and destination operands can be given specifically. The source can be any 16- or 32-bit memory operand or general-purpose register. The destination can be any general-purpose register of the same size. The overflow and carry flags are set if the product does not fit in the destination. | 1111011w mod | , 101,r/m disp (0 or 2) | | | |--------------|-------------------------|---------------------|-------------------------------------------------------------------| | IMUL reg | imul dx | 88/86<br>286<br>386 | b=80-98,w=128-154<br>b=13,w=21<br>b=9-14,w=9-22,d=9-38† | | IMUL mem | imul factor | 88/86<br>286<br>386 | (b=86-104,w=134-160)+EA*<br>b=16,w=24<br>b=12-17,w=12-25,d=12-41† | <sup>\*</sup> Word memory operands on the 8088 take (138-164)+EA clocks. CONTINUED... $<sup>\</sup>dagger$ The 80386 has an early-out multiplication algorithm. Therefore multiplying an 8-bit or 16-bit value in EAX takes the same time as multiplying the value in AL or AX. | 011010s1 mod, reg, | r/m disp (0 or 2) | data (1 or 2) | |---------------------------------------------------|-------------------|---------------------------------------------------| | IMUL reg16,immed<br>IMUL reg32,immed* | imul cx,25 | 88/86 —<br>286 21<br>386 b=9-14,w=9-22,d=9-38† | | IMUL reg16,reg16,immed<br>IMUL reg32,reg32,immed* | imul dx,ax,18 | 88/86 —<br>286 21<br>386 b=9-14,w=9-22,d=9-38† | | IMUL reg16,mem16,immed<br>IMUL reg32,mem32,immed* | imul bx,[si],60 | 88/86 —<br>286 24<br>386 b=12-17,w=12-25,d=12-41† | | 00001111 101011 | 11 mod, reg, r/m | disp (0 or 2) | | IMUL regl6,regl6<br>IMUL regl6,regl6 | imul cx,ax | 88/86 —<br>286 —<br>386 w=9-22,d=9-38 | | IMUL reg16,mem16<br>IMUL reg32,mem32 | imul dx,[si] | 88/86 —<br>286 —<br>386 w=12-25,d=12-41 | <sup>\* 80386</sup> only. <sup>†</sup> The variations depend on the source constant size; destination size is not a factor. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | П | | | | | | | | | # IN Input from Port Transfers a byte or word (or doubleword on the 80386) from a port to the accumulator register. The port address is specified by the source operand, which can be **DX** or an 8-bit constant. Constants can only be used for ports numbers less than 255; use **DX** for higher port numbers. In privileged mode, a general protection fault is generated if **IN** is used when the current protection level is greater than the value of the IOPL flag. | 1110010w data | (1) | | |----------------|----------------------|-----------------------------------------------| | IN accum,immed | in ax,60h | 88/86 10 (W88=14)<br>286 5<br>386 12,pm=6,26* | | 1110110w | _ | | | IN accum,DX | in ax,dx<br>in al,dx | 88/86 8 (W88=12)<br>286 5<br>386 13,pm=7,27* | <sup>\*</sup> First protected-mode timing: CPL ≤ IOPL. Second timing: CPL > IOPL. ### INC Increment | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | | Adds 1 to the destination operand. Because the operand is treated as an unsigned integer, the **INC** instruction does not affect the carry flag. If a signed carry requires detection, use the **ADD** instruction. | | 286 | 2 | |---------|---------|-------------------| | | 201 | | | | 386 | 2 | | c vpage | | 15+EA (W88=23+EA) | | | | 7 | | | 386 | 6 | | | c vpage | 286<br>286<br>386 | <sup>\* 80386</sup> only. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### INS/INSB/INSW/INSD Input from Port to String 80186/286/386 Only Receives a string from a port. The string is considered the destination and must be pointed to by **ES:DI** (even if an operand is given). The input port is specified in **DX**. For each element received, **DI** is adjusted according to the size of the operand and the status of the direction flag. **DI** is increased if the direction flag has been cleared with **CLD** or decreased if the direction flag has been set with **STD**. If the INS form of the instruction is used, a destination operand must be provided to indicate the size of the data elements to be processed and DX must be specified as the source operand containing the port number. A segment override is not allowed. If INSB (bytes), INSW (words), or INSD (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be received. No operands are allowed. **INS** and its variations are usually used with the **REP** prefix. Before the repeated instruction is executed, **CX** should contain the number of elements to be received. In privileged mode, a general protection fault is generated if **INS** is used when the current protection level is greater than the value of the IOPL flag. | 0110110w | | | | | |-------------------|-----|-------------|-------|-------------| | INS [ES:]]dest,DX | rep | insb | 88/86 | _ | | INSB | ins | es:instr,dx | 286 | 5 | | INSW | rep | insw | 386 | 15,pm=9,29* | <sup>\*</sup> First protected-mode timing: CPL ≤ IOPL. Second timing: CPL > IOPL. ### INT Interrupt | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | 0 | 0 | | | | | | Generates a software interrupt. An 8-bit constant operand (0 to 255) specifies the interrupt procedure to be called. The call is made by indexing the interrupt number into the Interrupt Descriptor Table (IDT) starting at segment 0, offset 0. In real mode, the IDT contains 4-byte pointers to interrupt procedures. In privileged mode, the IDT contains 8-byte pointers. When an interrupt is called in real mode, the flags, CS, and IP are pushed onto the stack (in that order) and the trap and interrupt flags are cleared. STI can be used to restore interrupts. See Intel documentation and the documentation for your operating system for details on using and defining interrupts in privileged mode. To return from an interrupt, use the IRET instruction. | 11001101 | data (1) | | | |------------|---------------------------|---------------------|--------------------------------------------------| | INT immed8 | int 25h | 88/86<br>286<br>386 | 51 (88=71)<br>23+m,pm=(40,78)+m*<br>37,pm=59,99* | | 11001100 | a sourceasty matthe enti- | | an the value of the | | INT 3 | int 3 | 88/86<br>286<br>386 | 52 (88=72)<br>23+m,pm=(40,78)+m*<br>33,pm=59,99* | <sup>\*</sup> The first protected-mode timing is for interrupts to the same privilege level. The second is for interrupts to a higher privilege level. Timings for interrupts through task gates are not shown. | 0 | D | Ι | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | ± | ± | | | | | | # INTO Interrupt on Overflow Generates interrupt 4 if the overflow flag is set. The default DOS behavior for interrupt 4 is to return without taking any action. You must define an interrupt procedure for interrupt 4 in order for **INTO** to have any effect. | 11001110 | | | |----------|------|--------------------------------------------------------------------| | INTO | into | 53 (88=73),noj=4<br>24+m,noj=3,pm=(40,78)+m*<br>35,noj=3,pm=59,99* | <sup>\*</sup> The first protected-mode timing is for interrupts to the same privilege level. The second is for interrupts to a higher privilege level. Timings for interrupts through task gates are not shown. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | ± | ± | ± | ± | ± | ± | ± | ± | ### IRET/IRETD Interrupt Return Returns control from an interrupt procedure to the interrupted code. In real mode, the **IRET** instruction pops **IP**, **CS**, and the flags (in that order) and resumes execution. See Intel documentation for details on **IRET** operation in privileged mode. On the 80386, the **IRETD** instruction should be used to pop a 32-bit instruction pointer when returning from an interrupt called from a 32-bit segment. | 11001111 | | | | |----------------|------|---------------------|--------------------------------------------------| | IRET<br>IRETD† | iret | 88/86<br>286<br>386 | 32 (88=44)<br>17+m,pm=(31,55)+m*<br>22,pm=38,82* | <sup>\*</sup> The first protected-mode timing is for interrupts to the same privilege level within a task. The second is for interrupts to a higher privilege level within a task. Timings for interrupts through task gates are not shown. <sup>† 80386</sup> only. # Jcondition Jump Conditionally | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|------|---|---| | | | | | | | n) d | | | Transfers execution to the specified label if the flags condition is true. The condition is tested by checking the flags shown in the table on the following page. If the condition is false, then no jump is taken and program execution continues at the next instruction. On the 8088-80286 processors, the label given as the operand must be short (between -128 and 127 bytes from the instruction following the jump). On the 80386, the label is near (between -32768 to +32767 bytes) by default, but a short jump can be specified with the **SHORT** operator. | 0111cond | disp(1) | | | |-------------------|---------------------------------------------|---------------------|------------------------------------| | Jcondition label | jg bigger<br>jo SHORT too_big<br>jpe p_even | 88/86<br>286<br>386 | 16,noj=4<br>7+m,noj=3<br>7+m,noj=3 | | 00001111 | 1000cond disp (2) | | | | Jcondition label* | je next<br>jnae lesser | 88/86<br>286 | | <sup>\*</sup> Near labels are only available on the 80386. They are the default. #### CONTINUED... #### JUMP CONDITIONS | Opcode | Mnemonic | Flags Checked | Description | |-----------|----------|---------------|---------------------------------------------------------| | | | | | | size 0010 | JB/JNAE | CF=1 | Jump if below/not above or equal (unsigned comparisons) | | size 0011 | JAE/JNB | CF=0 | Jump if above or equal/not below (unsigned comparisons) | | size 0110 | JBE/JNA | CF=1 or ZF=1 | Jump if below or equal/not above (unsigned comparisons) | | size 0111 | JA/JNBE | CF=0 and ZF=0 | Jump if above/not below or equal | | size 0100 | JE/JZ | ZF=1 | (unsigned comparisons) Jump if equal (zero) | | size 0101 | JNE/JNZ | ZF=0 | Jump if not equal (not zero) | | size 1100 | JL/JNGE | SF≠OF | Jump if less/not greater or equal (signed comparisons) | | size 1101 | JGE/JNL | SF=OF | Jump if greater or equal/not less (signed comparisons) | | size 1110 | JLE/JNG | ZF=1 or SF≠OF | Jump if less or equal/not greater (signed comparisons) | | size 1111 | JG/JNLE | ZF=0 or SF=OF | Jump if greater/not less or equal (signed comparisons) | | size 1000 | JS | SF=1 | Jump if sign | | size 1001 | JNS | SF=0 | Jump if not sign | | size 0010 | JC | CF=1 | Jump if carry | | size 0011 | JNC | CF=0 | Jump if not carry | | size 0000 | JO | OF=1 | Jump if overflow | | size 0001 | JNO | OF=0 | Jump if not overflow | | size 1010 | JP/JPE | PF=1 | Jump if parity/parity even | | size 1011 | JNP/JPO | PF=0 | Jump if no parity/parity odd | Note: The size bits are 0111 for short jumps or 1000 for 80386 near jumps. ### JCXZ/JECXZ Jump if CX is Zero | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Transfers program execution to the specified label if CX is 0. On the 80386, JECXZ can be used to jump if ECX is 0. If the count register is not 0, execution continues at the next instruction. The label given as the operand must be short (between -128 and 127 bytes from the instruction following the jump). | 11100011 | disp (1) | NAMES OF THE PERSON PER | AND A COURS | |----------------------------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------| | JCXZ label<br>JECXZ label* | jcxz notfound | 88/86<br>286<br>386 | 18,noj=6<br>8+m,noj=4<br>9+m,noj=5 | <sup>\* 80386</sup> only. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | # JMP Jump Unconditionally Transfers program execution to the address specified by the destination operand. By default, jumps are near (between -32768 and 32767 bytes from the instruction following the jump), but you can use an override to make them short (between -128 and 127 bytes) or far (in a different code segment). With near and short jumps, the operand specifies a new IP address. With far jumps, the operand specifies new IP and CS addresses. | 11101011 | disp (1) | | | | |-------------------------|-------------------|--------------------------------------------|---------------------|---------------------------------------| | JMP label | jmp | SHORT exit | 88/86<br>286<br>386 | 15<br>7+m<br>7+m | | 11101001 | lisp (2*) | | | | | JMP label | jmp<br>jmp | close<br>NEAR PTR distant | 88/86<br>286<br>386 | 15<br>7+m<br>7+m | | 11101010 | lisp (4*) | | | | | JMP label | jmp<br>jmp | FAR PTR close<br>distant | 88/86<br>286<br>386 | 15<br>11+m,pm=23+m†<br>12+m,pm=27+m† | | 11111111 mo | d,100,r/m | | | | | JMP reg16<br>JMP reg32§ | jmp | ax | 88/86<br>286<br>386 | 11<br>7+m<br>7+m | | JMP mem16<br>JMP mem32§ | jmp<br>jmp<br>jmp | WORD [bx]<br>table[di]<br>DWORD [si] | 88/86<br>286<br>386 | 18+EA<br>11+m<br>10+m | | 11111111 mo | d,101,r/m | | | | | JMP mem32<br>JMP mem48§ | jmp<br>jmp<br>jmp | fpointer[si] DWORD PTR [bx] FWORD PTR [di] | 88/86<br>286<br>386 | 24+EA<br>15+m,pm=26+m<br>12+m,pm=27+m | <sup>\*</sup> On the 80386, the displacement can be four bytes for near jumps or six bytes for far jumps. †Timings for jumps through call or task gates are not shown, since they are normally used only in operating systems. <sup>§ 80386</sup> only. You can use **DWORD PTR** to specify near register-indirect jumps or **FWORD PTR** to specify far register-indirect jumps. ## LAHF Load Flags into AH Register Transfers bits 0 to 7 of the flags register to AH. This includes the carry, parity, auxiliary carry, zero, and sign flags, but not the trap, interrupt, direction, or overflow flags. | 10011111 | | address Willerin ments ments | Tig. | |----------|------|------------------------------|------| | | lahf | 88/86 4 | | | LAHF | | 286 2 | | | | | 386 2 | | ### LAR Load Access Rights 80286/386 Protected Only | 0 | D | I | T | S | Z | A | P | С | |---|---|---|---|---|---|---|---|---| | | | | | | ± | | | | Loads the access rights of a selector into a specified register. This instruction is only available in privileged mode. The source operand must be a register or memory operand containing a selector. The destination operand must be a register that will receive the access rights if the selector is valid and visible at the current privilege level. The zero flag is set if the access rights are transferred, or cleared if they are not. See Intel documentation for details on selectors, access rights, and other privileged-mode concepts. | 00001111 | 00000010 mod, reg, r/m | disp (0, 2, or 4) | |-------------------------------------|------------------------|-----------------------------| | LAR reg16,reg16<br>LAR reg32,reg32* | lar ax,bx | 88/86 —<br>286 14<br>386 15 | | LAR reg16,mem16<br>LAR reg32,mem32* | lar cx, selector | 88/86 —<br>286 16<br>386 16 | <sup>\* 80386</sup> only. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### LDS/LES/LFS/LGS/LSS **Load Far Pointer** Reads and stores the far pointer specified by the source memory operand. The pointer's segment value is stored in the segment register segment specified by the instruction name. The offset value is stored in the register specified by the destination operand. The LDS and LES instructions are available on all processors. The LFS, LGS, and LSS instructions are available only on the 80386. On the 80386, the size of the source and destination operand must match the current segment word size. | 11000101 | | |---------------------------------|------------------------------------------------------| | LDS reg,mem | 88/86 16+EA (88=24+EA)<br>286 7,pm=21<br>386 7,pm=22 | | 11000100 | | | LES reg,mem | 88/86 16+EA (88=24+EA)<br>286 7,pm=21<br>386 7,pm=22 | | 00001111 10110100 mod, reg, r/m | disp (2 or 4) | | LFS reg,mem | 88/86 —<br>286 —<br>386 7,pm=25 | | 00001111 10110101 mod, reg, r/m | disp (2 or 4) | | LGS reg.mem | 88/86 —<br>286 —<br>386 7,pm=25 | | 00001111 10110010 mod, reg, r/m | disp (2 or 4) | | LSS reg.mem | 88/86 —<br>286 —<br>386 7,pm=22 | ### LEA Load Effective Address | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Calculates the effective address (offset) of the source memory operand and stores the result into the destination register. | 10001101 m | od, reg, r/m disp (2) | a i arteineve sin stantsversa<br>gar iksila is sin kasiyuska | |-------------|-----------------------|--------------------------------------------------------------| | LEA reg,mem | lea bx,npointer | 88/86 2+EA<br>286 3 | | | | 386 2 | ### LEAVE High Level Procedure Exit 80186/286/386 Only | - | 0 | D | I | Т | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---|----| | | | | | | | | | | 77 | Terminates the stack frame of a procedure. **LEAVE** reverses the action of a previous **ENTER** instruction by restoring **SP** and **BP** to the values they had before the procedure stack frame was initialized. | 11001001 | | 1991. II - 1891. | F-121 F-14 | |----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------|------------| | | leave | 88/86 | | | LEAVE | I The same of | 286 | 5 | | | the same in the same | 386 | 4 | # LES/LFS/LGS Load Far Pointer to Extra Segment See LDS. | O | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### LGDT/LIDT/LLDT Load Descriptor Table 80286/386 Privileged Only Loads a value from an operand into a descriptor table register. LGDT loads into the Global Descriptor Table, LIDT into the Interrupt Descriptor Table, and LLDT into the Local Descriptor Table. These instructions are available only in privileged mode. See Intel documentation for details on descriptor tables and other privileged-mode concepts. | 00001111 00 | 0000001 | disp (2) | |-------------|----------------------|-----------------------------| | LGDT mem64 | lgdt descriptor | 88/86 —<br>286 11<br>386 11 | | 00001111 00 | 0000001 mod, 011,r/m | disp (2) | | LIDT mem64 | lidt descriptor | 88/86 —<br>286 12<br>386 11 | | 00001111 00 | 0000000 mod, 010,r/m | disp (0 or 2) | | LLDT reg16 | lldt ax | 88/86 —<br>286 17<br>386 20 | | LLDT mem16 | lldt selector | 88/86 —<br>286 19<br>386 24 | ### LMSW ### Load Machine Status Word 80286/386 Privileged Only Loads a value from a memory operand into the Machine Status Word (MSW). This instruction is available only in privileged mode. See Intel documentation for details on the MSW and other privileged-mode concepts. | 00001111 | 00000001 mod, 110,r/m | disp (0 or 2) | |------------|-----------------------|----------------------------| | LMSW regl6 | lmsw ax | 88/86 —<br>286 3<br>386 10 | | LMSW mem16 | lmsw machine | 88/86 —<br>286 6<br>386 13 | ### LOCK | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Locks out other processors during execution of the next instruction. This instruction is a prefix. It usually precedes an instruction that modifies a memory location that another processor might attempt to modify at the same time. See Intel documentation for details on multiprocessor environments. | 11110000 | | | | |------------------|-------------------|---------|--| | | lock xchg ax, sem | 88/86 2 | | | LOCK instruction | | 286 0 | | | | | 386 0 | | | О | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### LODS/LODSB/ LODSW/LODSD Load String Operand Loads a string from memory into the accumulator register. The string to be loaded is the source and must be pointed to by **DS:SI** (even if an operand is given). For each source element loaded, **SI** is adjusted according to the size of the operands and the status of the direction flag. **SI** is increased if the direction flag has been cleared with **CLD** or decreased if the direction flag has been set with **STD**. If the LODS form of the instruction is used, an operand must be provided to indicate the size of the data elements to be processed. A segment override can be given. If LODSB (bytes), LODSW (words), or LODSD (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be processed and whether the element will be loaded to AL, AX, or EAX. Operands are not allowed. **LODS** and its variations are not normally used with repeat prefixes, since there is no reason to repeatedly load memory values to a register. | 1010110w | | | | | |---------------------|----------------|-------|-------------|--| | LODS [[segreg:]]src | lods es:source | 88/86 | 12 (W88=16) | | | LODSB | lodsw | 286 | 5 | | | LODSW | | 386 | 5 | | ### LOOP Loop | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Loops repeatedly to a specified label. LOOP decrements CX (without changing any flags) and if the result is not 0, transfers execution to the address specified by the operand. If CX is 0 after being decremented, execution continues at the next instruction. The operand must specify a short label (between -128 and 127 bytes from the instruction following the LOOP instruction). | 11100010 | disp (1) | antane adi to anno vili (1 todi i<br>u ta pakeant magdari ot bolisvos | |------------|------------------------------|-----------------------------------------------------------------------| | LOOP label | loop wend | 88/86 17,noj=5<br>286 8+m,noj=4 | | | S bright the PA C halfburger | 386 11+m | # LOOP condition | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Loops repeatedly to a specified label if *condition* is met and if CX is not 0. The instruction decrements CX (without changing any flags) and tests to see if the zero flag was set by a previous instruction (such as CMP). With LOOPE and LOOPZ (they are synonyms), execution is transferred to the label if the zero flag is set and CX is not 0. With LOOPNE and LOOPNZ (they are synonyms), execution is transferred to the label if the zero flag is cleared and CX is not 0. Execution continues at the next instruction if the condition is not met. Before entering the loop, CX should be set to the maximum number of repetitions desired. | 11100001 | disp | (1) | | | | |----------------------------|------|-----------------|---------------------|-------------------------------|--| | LOOPE label<br>LOOPZ label | | loopz again | 88/86<br>286<br>386 | 18,noj=6<br>8+m,noj=4<br>11+m | | | 11100000 | disp | (1) | | | | | LOOPNE label LOOPNZ label | | loopnz for_next | 88/86<br>286 | 19,noj=5<br>8,noj=4 | | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | ± | | | | ### LSL ### Load Segment Limit 80286/386 Protected Only Loads the segment limit of a selector into a specified register. The source operand must be a register or memory operand containing a selector. The destination operand must be a register that will receive the segment limits if the selector is valid and visible at the current privilege level. The zero flag is set if the segment limits are transferred, or cleared if they are not. See Intel documentation for details on selectors, segment limits, and other privileged-mode concepts. | 00001111 00 | 0000011 mod, reg, r/m | disp (0 or 2) | |-------------------------------------|-----------------------|---------------------------------| | LSL reg16,reg16<br>LSL reg32,reg32* | lsl ax,bx | 88/86 —<br>286 14<br>386 20,25† | | LSL reg16,mem16<br>LSL reg32,mem32* | lsl cx,seg_lim | 88/86 —<br>286 16<br>386 21,26† | <sup>\* 80386</sup> only. LSS Load Far Pointer to Stack Segment See LDS. <sup>†</sup> The first value is for byte granular; the second is for page granular. #### LTR Load Task Register 80286/386 Privileged Only Loads a value from the specified operand to the current task register. LTR is available only in privileged mode. See Intel documentation for details on task registers and other privileged-mode concepts. | 00001111 | 00000000 mod, 001,r/m | disp (0 or 2) | |-----------|-----------------------|-----------------------------| | LTR regl6 | ltr ax | 88/86 —<br>286 17<br>386 23 | | LTR mem16 | ltr task | 88/86 —<br>286 19<br>386 27 | ### MOV Move Data | 0 | D | I | T | S | Z | A | P | C | |---|-----|---|---|---|---|---|---|---| | | 100 | | | | | | | | Copies the value in the source operand to the destination operand. If the destination operand is SS, then interrupts are disabled until the next instruction is executed (except on early versions of the 8088 and 8086). | 100010dw | mod, reg, r/m disp (0 or 2) | | | |-------------|-----------------------------|-------|------------------| | | mov dh,bh | 88/86 | 2 | | MOV reg,reg | mov dx,cx | 286 | 2 | | | mov bp,sp | 386 | 2 | | | mov array[di],bx | 88/86 | 9+EA (W88=13+EA) | | MOV mem,reg | mov count,cx | 286 | 3 | | | | 386 | 2 | | | mov bx,pointer | 88/86 | 8+EA (W88=12+EA) | | MOV reg,mem | mov dx, matrix[bx+di] | 286 | 5 | | Ġ. | | 386 | 4 | CONTINUED... | 1100011w mod | disp (0 or 2) | data (1 or 1 | 2) | |------------------|------------------------------------|---------------------|---------------------------------------| | MOV mem,immed | mov [bx],15<br>mov color,7 | 88/86<br>286<br>386 | 10+EA (W88=14+EA)<br>3<br>2 | | 1011w reg date | a (1 or 2) | | | | MOV reg,immed | mov cx,256<br>mov dx,OFFSET string | 88/86<br>286<br>386 | 4<br>2<br>2 | | 101000dw disp | o (0 or 2) | | | | MOV mem,accum | mov total,ax<br>mov [di],al | 88/86<br>286<br>386 | 10 (W88=14)<br>3<br>2 | | MOV accum,mem | mov al,string[bx] mov ax,fsize | 88/86<br>286<br>386 | 10 (W88=14)<br>5<br>4 | | 100011d0 mod | sreg, r/m disp (0 or 2) | | | | MOV segreg,reg!6 | mov ds,ax | 88/86<br>286<br>386 | 2<br>2,pm=17<br>2,pm=18 | | MOV segreg,mem16 | mov es,psp | 88/86<br>286<br>386 | 8+EA (88=12+EA)<br>5,pm=19<br>5,pm=19 | | MOV reg16,segreg | mov ax,ds | 88/86<br>286<br>386 | 2<br>2<br>2 | | MOV mem16,segreg | mov stack_save,ss | 88/86<br>286<br>386 | 9+EA (88=13+EA)<br>3<br>2 | ### MOV Move to/from Special Registers 80386 Only | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ? | ? | ? | ? | ? | Stores or loads a value from a special register to or from a 32-bit general purpose register. The special registers include the control registers CR0, CR2, and CR3; the debug registers DR0, DR1, DR2, DR3, DR6, and DR7; and the test registers TR6 and TR7. See Intel documentation for details on special registers. | | 001000 10 | (2040) min (2046) | | |-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----| | 00001111 | 001000d0 11, reg*, r/n | 1 | | | | mov eax,cr2 | 88/86 — | | | MOV r32, controlreg | | 286 — | | | | Design of Table 181 | 386 6 | | | | mov cr0,ebx | 88/86 — | | | MOV controlreg,r32 | the contract of the state th | 286 — | | | | | 386 CR0=10,CR2=4,CR | 3=5 | | 00001111 | 001000 /1 | | | | 00001111 | 001000d1 11, reg*, r/n | 1 | | | | T | 99/94 | | | MOV r32,debugreg | mov edx, dr3 | 88/86 —<br>286 — | | | WOV 132, aedugreg | 40 | 386 DR0-3=22,DR6-7= | 14 | | | mov dr0,ecx | 88/86 — | - | | MOV debugreg,reg32 | mov dro,ecx | 286 — | | | WOV debugreg,reg52 | | 386 DR0-3=22,DR6-7= | 16 | | | | 300 DR0-3-22,DR0 7- | | | | | <u> </u> | | | 00001111 | 001001d0 11,reg*, r/n | 1 | | | | | The state of s | | | | mov edx, tr6 | 88/86 — | | | | | 286 — | | | MOV r32,testreg | l . | | | | MOV r32,testreg | | 386 12 | | | | mov tr7,eax | 88/86 — | | | MOV r32,testreg MOV testreg, r32 | mov tr7,eax | | | <sup>\*</sup> The *reg* field contains the register number of the special register (for example, 000 for **CR0**, 011 for **DR7**, or 111 for **TR7**). | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### MOVS/MOVSB/ MOVSW/MOVSD **Move String Data** Moves a string from one area of memory to another. The source string must be pointed to by **DS:SI** and the destination address must be pointed to by **ES:DI** (even if operands are given). For each element moved, **DI** and **SI** are adjusted according to the size of the operands and the status of the direction flag. They are increased if the direction flag has been cleared with **CLD**, or decreased if the direction flag has been set with **STD**. If the MOVS form of the instruction is used, operands must be provided to indicate the size of the data elements to be processed. A segment override can be given for the source operand (but not for the destination). If MOVSB (bytes), MOVSW (words), or MOVSD (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be processed. Operands are not allowed. MOVS and its variations are usually used with the REP prefix. Before a move using a repeat prefix, CX should contain the number of elements to move. | 1010010w | | | | | | |-------------------------------|------|----------------|-------|-------------|--| | MOVS [ES:]]dest,[segreg:]]src | rep | movsb | 88/86 | 18 (W88=26) | | | MOVSB | movs | dest,es:source | 286 | 5 | | | MOVSW | | | 386 | 7 | | #### MOVSX Move with Sign-Extend 80386 Only | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Copies and sign-extends the value of the source operand to the destination register. **MOVSX** is used to copy a signed 8-bit or 16-bit source operand to a larger 16-bit or 32-bit destination register. | 00001111 | 1011111w | mod, reg, r/m | disp (0, 2, | or 4) | |-----------------------|----------|------------------|--------------|----------------------------| | MOVSX reg,reg | movsx | eax,bx<br>ecx,bl | 88/86<br>286 | a <u>r</u> n eybyr | | 3, 3 | movsx | bx, al | 386 | 3 | | - Bill-tur stay start | movsx | cx,bsign | 88/86 | | | MOVSX reg,mem | movsx | edx, wsign | 286 | 1 <del>-</del> 11 - milion | | | movsx | eax, bsign | 386 | 6 | #### MOVZX Move with Zero-Extend 80386 Only | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Copies and zero-extends the value of the source operand to the destination register. **MOVZX** is used to copy an unsigned 8-bit or 16-bit source operand to a larger 16-bit or 32-bit destination register. | 00001111 | 011011w mod, reg, r/m | disp (0, 2, or 4) | |---------------|------------------------------------------------------------|---------------------------| | MOVZX reg,reg | movzx eax,bx movzx ecx,bl movzx bx,al | 88/86 —<br>286 —<br>386 3 | | MOVZX reg,mem | movzx cx,bunsign<br>movzx edx,wunsign<br>movzx eax,bunsign | 88/86 —<br>286 —<br>386 6 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ? | ? | ? | ? | ± | # MUL Unsigned Multiply Multiplies an implied destination operand by a specified source operand. Both operands are treated as unsigned numbers. If a single 16-bit operand is given, the implied destination is **AX** and the product goes into the **DX**:**AX** register pair. If a single 8-bit operand is given, the implied destination is **AL** and the product goes into **AX**. On the 80386, if the operand is **EAX**, the product goes into the **EDX:EAX** register pair. The carry and overflow flags are set if **DX** is not 0 for 16-bit operands or if **AH** is not zero for 8-bit operands. | 1111011w mod, 100,r/m disp (0 or 2) | | | | | | | | | |-------------------------------------|---------------------------------|---------------------|------------------------------------------------------------------|--|--|--|--|--| | MUL reg | mul bx<br>mul dl | 88/86<br>286<br>386 | b=70-77,w=118-113<br>b=13,w=21<br>b=9-14,w=9-22,d=9-38† | | | | | | | MUL mem | mul factor<br>mul WORD PTR [bx] | 88/86<br>286<br>386 | (b=76-83,w=124-139)+EA*<br>b=16,w=24<br>b=12-17,w=12-25,d=12-41† | | | | | | <sup>\*</sup> Word memory operands on the 8088 take (128-143)+EA clocks. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | ### NEG Two's Complement Negation Replaces the operand with its two's complement. **NEG** does this by subtracting the operand from 0. If the operand is 0, the carry flag is cleared. Otherwise the carry flag is set. If the operand contains the maximum possible negative value (-128 for 8-bit operands or -32768 for 16-bit operands), the value does not change, but the overflow and carry flags are set. | 1111011w mod | disp (0 or 2) | | | |--------------|---------------|---------------------|-----------------------------| | NEG reg | neg ax | 88/86<br>286<br>386 | 3<br>2<br>2 | | NEG mem | neg balance | 88/86<br>286<br>386 | 16+EA (W88=24+EA)<br>7<br>6 | <sup>†</sup> The 80386 has an early-out multiplication algorithm. Therefore multiplying an 8-bit or 16-bit value in EAX takes the same time as multiplying the value in AL or AX. | NO | OP | |----|-----------| | No | Operation | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Performs no operation. NOP can be used for timing delays or alignment. | 10010000* | oni elog tado n<br>I tres na spol | 1986, and expense to EAS the splitter was such examples and coverflex | |-----------|-----------------------------------|-----------------------------------------------------------------------| | | nop | 88/86 3 | | NOP | | 286 3 | | | | 386 3 | # NOT One's Complement Negation | | Б | T | T | 0 | 7 | | D | | |---------|---|---|---|---|---|---|---|---| | $\circ$ | ע | 1 | 1 | 3 | L | Α | P | C | | | | | | | | | | | Toggles each bit of the operand by clearing set bits and setting cleared bits. | 1111011w ma | od, 010,r/m disp (0 or 2) | | | |-------------|---------------------------|----------------------------|----------------------------------| | NOT reg | not ax | 88/86<br>286 | 3 2 | | NOT mem | not masker | 386<br>88/86<br>286<br>386 | 2<br>16+EA (W88=24+EA)<br>7<br>6 | <sup>\*</sup> The encoding is the same as for XCHG AX,AX. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | 0 | | | | ± | ± | ? | ± | 0 | ### OR Inclusive OR Performs a bitwise logical OR on the source and destination operands and stores the result to the destination operand. For each bit position in the operands, if either or both bits are set, the corresponding bit of the result it set. Otherwise, the corresponding bit of the result is cleared. | 000010dw m | ood, reg, r/m disp (0 or 2) | | |----------------|---------------------------------|-------------------------------------------| | OR reg,reg | or ax,dx | 88/86 3<br>286 2<br>386 2 | | OR mem,reg | or [bp+6],cx<br>or bits,dx | 88/86 16+EA (W88=24+EA)<br>286 7<br>386 7 | | OR reg,mem | or bx,masker<br>or dx,color[di] | 88/86 9+EA (W88=13+EA)<br>286 7<br>386 6 | | 100000sw m | od,001, r/m disp (0 or 2) | data (1 or 2) | | OR reg,immed | or dx,110110b | 88/86 4<br>286 3<br>386 2 | | OR mem,immed | or flag_rec,8 | 88/86 (b=17,w=25)+EA<br>286 7<br>386 7 | | 0000110w d | lata (1 or 2) | | | OR accum,immed | or ax,40h | 88/86 4<br>286 3<br>386 2 | pcis.org # OUT Output to Port | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Transfers a byte or word (or a doubleword on the 80386) to a port from the accumulator register. The port address is specified by the destination operand, which can be **DX** or an 8-bit constant. In privileged mode, a general protection fault is generated if **OUT** is used when the current protection level is greater than the value of the IOPL flag. | 1110011w | data (1) | | | |------------------|------------------------|---------------------|--------------------------------| | OUT immed8,accum | out 60h,al | 88/86<br>286<br>386 | 10 (88=14)<br>3<br>10,pm=4,24* | | 1110111w | | | | | OUT DX,accum | out dx,ax<br>out dx,al | 88/86<br>286<br>386 | 8 (88=12)<br>3<br>11,pm=5,25* | <sup>\*</sup> First protected-mode timing: CPL ≤ IOPL. Second timing: CPL > IOPL. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### OUTS/OUTSB/ OUTSW/OUTSD **Output String to Port** 80186/286/386 Only Sends a string to a port. The string is considered the source and must be pointed to by DS:SI (even if an operand is given). The output port is specified in DX. For each element sent, SI is adjusted according to the size of the operand and the status of the direction flag. SI is increased if the direction flag has been cleared with CLD or decreased if the direction flag has been set with STD. If the OUTS form of the instruction is used, an operand must be provided to indicate the size of data elements to be sent. A segment override can be given. If **OUTSB** (bytes), **OUTSW** (words), or **OUTSD** (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be sent. No operand is allowed. OUTS and its variations are usually used with the REP prefix. Before the instruction is executed, CX should contain the number of elements to send. In privileged mode, a general protection fault is generated if **OUTS** is used when the current protection level is greater than the value of the IOPL flag. | 0110111w | | | | |-----------------------|---------------------|-------|-------------| | OUTS DX, [segreg:]src | rep outs dx, buffer | 88/86 | | | OUTSB | outsb | 286 | 5 | | OUTSW | rep outw | 386 | 14,pm=8,28* | <sup>\*</sup> First protected-mode timing: CPL ≤ IOPL. Second timing: CPL > IOPL. ### POP Pop | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|----|---| | | | | | | | | PN | | Pops the top of the stack into the destination operand. This means that the value at SS:SP is copied to the destination operand and SP is increased by 2. The destination operand can be a memory location, a general purpose 16-bit register, or any segment register except CS. Use RET to pop CS. On the 80386, 32-bit values can be popped by giving a 32-bit operand. ESP is increased by 4 for 32-bit pops. | 01011 reg | | | |-------------------------|----------------------------|-----------------------------------------------| | POP reg16<br>POP reg32* | рор сх | 88/86 8 (88=12)<br>286 5<br>386 4 | | 10001111 | mod, 000,r/m disp (2) | | | POP mem16<br>POP mem32* | pop param | 88/86 17+EA (88=25+EA)<br>286 5<br>386 5 | | 000,sreg,111 | | and their adda byth | | POP segreg | pop es<br>pop ds<br>pop ss | 88/86 8 (88=12)<br>286 5,pm=20<br>386 7,pm=21 | | 00001111 | 10,sreg,001 | | | POP segreg* | pop fs<br>pop gs | 88/86 —<br>286 —<br>386 7,pm=21 | <sup>\* 80386</sup> only. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | #### POPA/POPAD Pop All 80186/286/386 Only Pops the top 16 bytes on the stack into the eight general-purpose registers. The registers are popped in the following order: **DI**, **SI**, **BP**, **SP**, **BX**, **DX**, **CX**, **AX**. The value for the **SP** register is actually discarded rather than copied to **SP**. **POPA** always pops into 16-bit registers. On the 80386, use **POPAD** to pop into 32-bit registers. | 01100001 | | | |----------------|------|-------------------| | POPA<br>POPAD* | popa | 88/86 —<br>286 19 | | | | 386 24 | <sup>\* 80386</sup> only. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | ± | ± | ± | ± | ± | ± | ± | ± | ### POPF/POPFD Pop Flags Pops the value on the top of the stack into the flags register. **POPF** always pops into the 16-bit flags register. On the 80386, use **POPFD** to pop into the 32-bit flags register. | 10011101 | | | | | |----------------|------|---------------------|---------------------|--| | POPF<br>POPFD* | popf | 88/86<br>286<br>386 | 8 (88=12)<br>5<br>5 | | <sup>\* 80386</sup> only. ### PUSH Push | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Pushes the source operand onto the stack. This means that **SP** is decreased by 2 and the source value is copied to **SS:SP**. The operand can be a memory location, a general purpose 16-bit register, or a segment register. On the 80186-80386 processors, the operand can also be a constant. On the 80386, 32-bit values can be pushed by giving a 32-bit operand. **ESP** is decreased by 4 for 32-bit pushes. On the 8088 and 8086, **PUSH SP** copies the value of **SP** after the push. On the 80186-80386 processors, **PUSH SP** copies the value of **SP** before the push. | | | - 101 | |---------------------------|-------------------------------|------------------------------------------| | 01010 reg | | | | PUSH reg16<br>PUSH reg32* | push dx | 88/86 11 (88=15)<br>286 3<br>386 2 | | 11111111 | mod, 110,r/m disp (2) | | | PUSH mem16<br>PUSH mem32* | push [di]<br>push fcount | 88/86 16+EA (88=24+EA)<br>286 5<br>386 5 | | 00,sreg,110 | and the second second | et all the same and | | PUSH segreg | push es<br>push ss<br>push cs | 88/86 10 (88=14)<br>286 3<br>386 2 | | 00001111 | 10,sreg,000 | | | PUSH segreg | push fs<br>push gs | 88/86 —<br>286 —<br>386 2 | | 011010s0 | data (1 or 2) | | | PUSH immed | push 'a'<br>push 15000 | 88/86 —<br>286 3<br>386 2 | <sup>\* 80386</sup> only. | О | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | #### PUSHA/PUSHAD Push All 80186/286/386 Only Pushes the general-purpose registers onto the stack. The registers are pushed in the following order: AX, CX, DX, BX, SP, BP, SI, DI. The value pushed for SP is the value before the instruction. PUSHA always pushes 16-bit registers. On the 80386, you can use PUSHAD to push 32-bit registers. | 01100000 | | | | |----------|-------|-------|----| | PUSHA | pusha | 88/86 | | | PUSHAD* | 1 | 286 | 17 | | | | 386 | 18 | <sup>\* 80386</sup> only. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ### PUSHF/PUSHFD Push Flags Pushes the flags register onto the stack. **PUSHF** always pushes the 16-bit flags register. On the 80386, use **PUSHFD** to push the 32-bit flags register. | 10011100 | | | | |------------------|-------|---------------------|----------------------| | PUSHF<br>PUSHFD* | pushf | 88/86<br>286<br>386 | 10 (88=14)<br>3<br>4 | <sup>\* 80386</sup> only. ## RCL/RCR/ROL/ROR Rotate | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | | | | | ± | Rotates the bits in the destination operand the number of times specified in the source operand. RCL and ROL rotate the bits left; RCR and ROR rotate right. **ROL** and **ROR** rotate the number of bits in the operand. For each rotation, the leftmost or rightmost bit is copied to the carry flag as well as rotated. **RCL** and **RCR** rotate through the carry flag. The carry flag becomes an extension of the operand so that a 9-bit rotation is done for 8-bit operands, or a 17-bit rotation for 16-bit operands. On the 8088 and 8086, the source operand can be either CL or 1. On the 80186-80386, the source operand can be CL or an 8-bit constant. On the 80186-80386, rotate counts larger than 31 are masked off, but on the 8088 and 8086, larger rotate counts are performed despite the inefficiency involved. The overflow flag is only modified by single-bit variations of the instruction; for multiple-bit variations it is undefined. | $\boxed{1101000w} \qquad \boxed{mod, TTT^*, r/m} \qquad disp (0 \text{ or } 2)$ | | | | | | | | | |---------------------------------------------------------------------------------|----------------------------------------------|--------------------------------------------|--|--|--|--|--|--| | ROL reg,1<br>ROR reg,1 | ror ax,1 rol dl,1 | 88/86 2<br>286 2<br>386 3 | | | | | | | | RCL reg,1<br>RCR reg,1 | rcl dx,1<br>rcr bl,1 | 88/86 2<br>286 2<br>386 9 | | | | | | | | ROL mem,1<br>ROR mem,1 | ror bits,1<br>rol WORD PTR [bx],1 | 88/86 15+EA (W88=23+EA)<br>286 7<br>386 7 | | | | | | | | RCL mem,1<br>RCR mem,1 | rcl WORD PTR [si],1<br>rcr WORD PTR m32[0],1 | 88/86 15+EA (W88=23+EA)<br>286 7<br>386 10 | | | | | | | <sup>\*</sup> TTT represents one of the following bit codes: 000 for ROL, 001 for ROR, 010 for RCL, or 011 for RCR. CONTINUED... | 1101001w m | $od, TTT^*, r/m$ $disp(0 or 2)$ | | |----------------------------------|-----------------------------------------------|------------------------------------------------------| | ROL reg,CL<br>ROR reg,CL | ror ax,cl<br>rol dx,cl | 88/86 8+4n<br>286 5+n<br>386 3 | | RCL reg,CL<br>RCR reg,CL | rcl dx,cl<br>rcr bl,cl | 88/86 8+4n<br>286 5+n<br>386 9 | | ROL mem,CL<br>ROR mem,CL | ror color,cl<br>rol WORD PTR [bp+6],cl | 88/86 20+EA+4n (W88=28+EA+4n)<br>286 8+n<br>386 7 | | RCL mem,CL<br>RCR mem,CL | rcr WORD PTR [bx+di],cl<br>rcl masker | . 88/86 20+EA+4n (W88=28+EA+4n)<br>286 8+n<br>386 10 | | 1100000 | | | | 1100000w m | disp(0 or 2) | data (1) | | ROL reg,immed8 ROR reg,immed8 | od,TTT*,r/m disp (0 or 2) rol ax,13 ror bl,3 | data (1) 88/86 — 286 5+n 386 3 | | ROL reg,immed8 | rol ax,13 | 88/86 —<br>286 5+n | | ROL reg,immed8<br>ROR reg,immed8 | rol ax,13<br>ror bl,3<br>rcl bx,5 | 88/86 —<br>286 5+n<br>386 3<br>88/86 —<br>286 5+n | <sup>\*</sup> TTT represents one of the following bit codes: 000 for ROL, 001 for ROR, 010 for RCL, or 011 for RCR. ### REP Repeat String Repeats the string instruction the number of times indicated by CX. For each string element, the string instruction is performed and CX is decremented. When CX reaches 0, execution continues with the next instruction. REP is normally used with MOVS and STOS. (REP LODS is legal, but has the same effect as LODS.) REP is additionally used with INS and OUTS on the 80186-80386 processors. On all processors except the 80386, combining a repeat prefix with a segment override may cause errors if an interrupt occurs during a string operation. | DED MOVE I | | | 00/07 | 0.17 (1100 0.25) | |-----------------------------------------|------------|-----------------------|---------------------|-----------------------------| | REP MOVS dest,src | rep | movs source, destin | 88/86<br>286 | 9+17n (W88=9+25n)<br>5+4n | | REP MOVSW | rep | MOVSW | 386 | 8+4n | | 11110010 1 | 010101w | | | | | REP STOS dest | rep | stosb | 88/86 | 9+10n (W88=9+14n) | | REP STOSB<br>REP STOSW | rep | stos destin | 286<br>386 | 4+3n<br>5+5n | | 11110010 0 | 110110w | | | | | 11110010 | 110110# | | | 7.19 | | REP INS dest,DX | rep | insb | 88/86 | | | REP INS dest,DX | | insb<br>ins destin,dx | 88/86<br>286<br>386 | 5+4n<br>13+6n,pm=(7,27)+6n* | | REP INS dest,DX<br>REP INSB<br>REP INSW | rep | | 286 | 5+4n | | REP INS dest,DX<br>REP INSB<br>REP INSW | rep<br>rep | | 286 | 5+4n | <sup>\*</sup> First protected-mode timing: CPL ≤ IOPL. Second timing: CPL > IOPL. | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | ± | | | | # REPcondition Repeat String Conditionally Repeats a string instruction as long as *condition* is true and the maximum count has not been reached. **REPE** and **REPZ** (the names are synonyms) repeat while the zero flag is set. **REPNE** and **REPNZ** (the names are synonyms) repeat while the zero flag is cleared. The conditional repeat prefixes should only be used with **SCAS** and **CMPS**, since these are the only string instructions that modify the zero flag. Before executing the instruction, **CX** should be set to the maximum allowable number of repetitions. For each string element, the string instruction is performed, **CX** is decremented, and the zero flag is tested. On all processors except the 80386, combining a repeat prefix with a segment override may cause errors if an interrupt occurs during a string operation. | 11110011 1010 | )011w | | | |---------------------------------------------------|--------------------------------------|---------------------|-----------------------------------| | REPE CMPSB REPE CMPSW | repz cmpsb<br>repe cmps destin,src | 88/86<br>286<br>386 | 9+22n (W88=9+30n)<br>5+9n<br>5+9n | | 11110011 1010 | 0111w | | | | REPE SCAS dest<br>REPE SCASB<br>REPE SCASW | repe scas destin<br>repz scasw | 88/86<br>286<br>386 | 9+15n (W88=9+19n)<br>5+8n<br>5+8n | | 11110010 1010 | 0011w | | | | REPNE CMPS dest,src<br>REPNE CMPSB<br>REPNE CMPSW | repne cmpsw<br>repnz cmps destin,src | 88/86<br>286<br>386 | 9+22n (W88=9+30n)<br>5+9n<br>5+9n | | 11110011 1010 | )111w | | | | REPNE SCAS dest<br>REPNE SCASB<br>REPNE SCASW | repne scas destin<br>repnz scasb | 88/86<br>286<br>386 | 9+15n (W88=9+19n)<br>5+8n<br>5+8n | ### RET/RETN/RETF | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Returns from a procedure by transferring control to an address popped from the top of the stack. A constant operand can be given indicating the number of additional bytes to release. The constant is normally used to adjust the stack for arguments pushed before the procedure was called. Under MASM, the size of a return (near or far) is the size of the procedure in which the RET is defined with the PROC directive. Starting with Version 5.0, RETN can be used to specify a near return; RETF can specify a far return. A near return works by popping a word into IP. A far return works by popping a word into IP and then popping a word into CS. After the return, the number of bytes given in the operand (if any) is added to SP. | RET<br>RETN | ret | 88/86<br>286 | 16 (88=20)<br>11+m | |-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|----------------------------------------------------| | KETI ( | 10011 | 386 | 10+m | | 11000010 | data (2) | | | | RET immed8 | ret 2 | 88/86 | 20 (88=24) | | RETN immed8 | retn 8 | 286<br>386 | 11+m<br>10+m | | | | | | | 11001011 | | | | | | Luci | 1 88/88 | 26 (88–34) | | RET | ret<br>retf | 88/86<br>286 | 26 (88=34)<br>15+m,pm=25+m,55* | | RET | ret<br>retf | | 26 (88=34)<br>15+m,pm=25+m,55*<br>18+m,pm=32+m,62* | | RET<br>RETF | retf | 286 | 15+m,pm=25+m,55* | | RET | The second secon | 286 | 15+m,pm=25+m,55* | | RET<br>RETF | retf | 286 | 15+m,pm=25+m,55* | <sup>\*</sup> The first protected mode timing is for a return to the same privilege level; the second is for a return to a lesser privilege level. ### ROL/ROR Rotate See RCL/RCR | APC<br>±±± Store AH | SAHF | |---------------------|------------| | Store AH | into Flags | Transfers **AH** into bits 0 to 7 of the flags register. This includes the carry, parity, auxiliary carry, zero, and sign flags, but not the trap, interrupt, direction, or overflow flags. | 10011110 | | | | |----------|------|---------------------|-------------| | SAHF | sahf | 88/86<br>286<br>386 | 4<br>2<br>3 | ### SAL/SAR/SHL/SHR Shift | 1 | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---|---| | | ± | | | | ± | ± | ? | ± | ± | Shifts the bits in the destination operand the number of times specified by the source operand. SAL and SHL shift the bits left; SAR and SHR shift right. With SHL, SAL, and SHR, the bit shifted off the end of the operand is copied into the carry flag and the leftmost or rightmost bit opened by the shift is set to 0. With SAR, the bit shifted off the end of the operand is copied into the carry flag and the leftmost bit opened by the shift retains its previous value (thus preserving the sign of the operand). SAL and SHL are synonyms; they have the same effect. On the 8088 and 8086, the source operand can be either CL or 1. On the 80186-80386 processors, the source operand can be CL or an 8-bit constant. On the 80186-80386 processors, shift counts larger than 31 are masked off, but on the 8088 and 8086, larger shift counts are performed despite the inefficiency involved. The overflow flag is only modified by single-bit variations of the instruction; for multiple-bit variations it is undefined. | $1101000w \qquad mod, TTT^*, r/m \qquad disp (0 or 2)$ | | | | | | | | | |--------------------------------------------------------|-----|-------------------|-------|-------------------|--|--|--|--| | | sar | di,1 | 88/86 | 2 | | | | | | SAR reg,1 | sar | cl,1 | 286 | 2 | | | | | | 8, | | | 386 | 3 | | | | | | SAL reg,1 | shr | dh,1 | 88/86 | 2 | | | | | | SHL reg,1 | shl | si,1 | 286 | 2 | | | | | | SHR reg,1 | sal | bx,1 | 386 | 3 | | | | | | | sar | count,1 | 88/86 | 15+EA (W88=23+EA) | | | | | | SAR mem,1 | | | 286 | 7 | | | | | | | | | 386 | 7 | | | | | | SAL mem,1 | sal | WORD PTR m32[0],1 | 80/86 | 15+EA (W88=23+EA) | | | | | | SHL mem,1 | shl | index,1 | 286 | 7 | | | | | | SHR mem,1 | shr | unsign[di],1 | 386 | 7 | | | | | <sup>\*</sup> TTT represents one of the following bit codes: 100 for SHL or SAL, 101 for SHR, or 111 for SAR. CONTINUED... | 1101001w n | ood, TTT*,r/m disp (0 or 2) | | |----------------------------------------------------|---------------------------------------------------------------------|---------------------------------------------------| | SAR reg,CL | sar bx,cl<br>sar dx,cl | 88/86 8+4n<br>286 5+n<br>386 3 | | SAL reg,CL<br>SHL reg,CL<br>SHR reg,CL | shr dx,cl<br>shl di,cl<br>sal ah,cl | 88/86 8+4n<br>286 5+n<br>386 3 | | SAR mem,CL | sar sign,cl<br>sar WORD PTR [bp+8],cl | 88/86 20+EA+4n (W88=28+EA+4n)<br>286 8+n<br>386 7 | | SAL mem,CL<br>SHL mem,CL<br>SHR mem,CL | <pre>shr WORD PTR m32[2],cl sal BYTE PTR [di],cl shl index,cl</pre> | 88/86 20+EA+4n (W88=28+EA+4n)<br>286 8+n<br>386 7 | | 1100000w m | od,TTT*,r/m disp (0 or 2) | data (1) | | SAR reg,immed8 | sar bx,5<br>sar cl,5 | 88/86 —<br>286 5+n<br>386 3 | | SAL reg,immed8<br>SHL reg,immed8<br>SHR reg,immed8 | <pre>sal cx,6 shl di,2 shr bx,8</pre> | 88/86 —<br>286 5+n<br>386 3 | | SAR mem,immed8 | <pre>sar sign_count,3 sar WORD PTR [bx],5</pre> | 88/86 —<br>286 8+n<br>386 7 | | SAL mem,immed8<br>SHL mem,immed8<br>SHR mem,immed8 | <pre>shr mem16,11 shl unsign,4 sal array[bx+di],14</pre> | 88/86 —<br>286 8+n<br>386 7 | <sup>\*</sup> TTT represents one of the following bit codes: 100 for SHL or SAL, 101 for SHR, or 111 for SAR. ### SBB Subtract with Borrow | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | Subtracts the source from the destination, then subtracts the the value of the carry flag from the result. This result is assigned to the destination. **SBB** is used to subtract the least significant portions of numbers that must be processed in multiple registers. | | sbb dx,cx | 88/86 | 3 | |-----------------------------|-----------------------------------------------|--------------------------------------------|---------------------------------------| | SBB reg,reg | SSS dayea | 286 | 2 | | 022 100,100 | | 386 | 2 | | | sbb WORD PTR m32[2],dx | 88/86 | 16+EA (W88=24+EA) | | SBB mem,reg | | 286 | 7 | | | | 386 | 6 | | | sbb dx, WORD PTR m32[2] | 88/86 | 9+EA (W88=13+EA) | | SBB reg,mem | | 286 | 7 | | - | | 386 | 7 | | 100000sw n | nod,011, r/m disp (0 or 2) | data (1 or | | | 100000sw n | | | | | | sbb dx, 45 | 88/86 | 4 | | | | | | | | sbb dx,45 | 88/86<br>286 | 4<br>3<br>2 | | SBB reg,immed | sbb dx,45 | 88/86<br>286<br>386 | 4 3 | | SBB reg,immed | sbb dx,45 | 88/86<br>286<br>386<br>88/86 | 4<br>3<br>2<br>17+EA (W88=25+EA) | | SBB reg,immed | sbb dx,45 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=25+EA) | | SBB reg,immed SBB mem,immed | sbb dx,45 sbb WORD PTR m32[2],40 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=25+EA) | | SBB reg,immed SBB mem,immed | sbb dx,45 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=25+EA) | | SBB reg,immed SBB mem,immed | sbb dx,45 sbb WORD PTR m32[2],40 | 88/86<br>286<br>386<br>88/86<br>286 | 4<br>3<br>2<br>17+EA (W88=25+EA) | | SBB reg,immed SBB mem,immed | sbb dx,45 sbb WORD PTR m32[2],40 data(1 or 2) | 88/86<br>286<br>386<br>88/86<br>286<br>386 | 4<br>3<br>2<br>17+EA (W88=25+EA)<br>7 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | ### SCAS/SCASB/ SCASW/SCASD Scan String Flags Scans a string to find a value specified in the accumulator register. The string to be scanned is considered the destination and must be pointed to by **ES:DI** (even if an operand is specified). For each element, the destination element is subtracted from the accumulator value and the flags are updated to reflect the result (although the result is not stored). **DI** is adjusted according to the size of the operands and the status of the direction flag. **DI** is increased if the direction flag has been cleared with **CLD** or decreased if the direction flag has been set with **STD**. If the SCAS form of the instruction is used, an operand must be provided to indicate the size of the data elements to be processed. No segment override is allowed. If SCASB (bytes), SCASW (words), or SCASD (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be processed and whether the element scanned for is in AL, AX, or EAX. No operand is allowed. SCAS and its variations are usually used with repeat prefixes. REPNE (or REPNZ) is used to find the first match of the accumulator value. REPE (or REPZ) is used to find the first nonmatch. Before the comparison, CX should contain the maximum number of elements to compare. After the comparison, CX will be 0 if no match or nonmatch was found. Otherwise SI and DI will point to the element after the first match or nonmatch. | 1010111w | | | | | |--------------------------|---------------|----------------|--------------|------------------| | SCAS [ES:]]dest<br>SCASB | repne<br>repe | scasw<br>scasb | 88/86<br>286 | 15 (W88=19)<br>7 | | SCASW | scas | es:destin | 386 | 7 | ### SET condition Set Conditionally 80386 Only Sets the byte specified in the operand to 1 if *condition* is true or to 0 if *condition* is false. The condition is tested by checking the flags shown in the table on the following page. The instruction is used to conditionally set Boolean flags. | 00001111 1 | 001cond | mod,000,r/m | | | | |-------------------|-----------------------|---------------------------------------|---------------------|---------------|-------------| | SETcondition reg8 | setc<br>setz<br>setae | dh<br>al<br>bl | 88/86<br>286<br>386 | <u>-</u> | 7 De sell 1 | | SETcondition mem8 | seto<br>setle<br>sete | BTYE PTR [bx]<br>flag<br>Booleans[di] | 88/86<br>286<br>386 | <u>-</u><br>5 | | CONTINUED... #### **SET CONDITIONS** | Opcode | Mnemonic | Flags Checked | Description | |----------|-------------|---------------|----------------------------------------------------------------| | 10010010 | SETB/SETNAE | CF=1 | Set if below/not above or equal (unsigned comparisons) | | 10010011 | SETAE/SETNB | CF=0 | Set if above or equal/not below (unsigned comparisons) | | 10010110 | SETBE/SETNA | CF=1 or ZF=1 | Set if below or equal/not above (unsigned comparisons) | | 10010111 | SETA/SETNBE | CF=0 and ZF=0 | Set if above/not below or equal (unsigned comparisons) | | 10010100 | SETE/SETZ | ZF=1 | Set if equal/zero | | 10010101 | SETNE/SETNZ | ZF=0 | Set if not equal/not zero | | 10011100 | SETL/SETNGE | SF≠OF | Set if less/not greater or equal (signed comparisons) | | 10011101 | SETGE/SETNL | SF=OF | Set if greater or equal/not less (signed comparisons) | | 10011110 | SETLE/SETNG | ZF=1 or SF≠OF | Set if less or equal/not greater or equal (signed comparisons) | | 10011111 | SETG/SETNLE | ZF=0 or SF=OF | Set if greater/not less or equal (signed comparisons) | | 10011000 | SETS | SF=1 | Set if sign | | 10011001 | SETNS | SF=0 | Set if not sign | | 10010010 | SETC | CF=1 | Set if carry | | 10010011 | SETNC | CF=0 | Set if not carry | | 10010000 | SETO | OF=1 | Set if overflow | | 10010001 | SETNO | OF=0 | Set if not overflow | | 10011010 | SETP/SETPE | PF=1 | Set if parity/parity even | | 10011011 | SETNP/SETPO | PF=0 | Set if no parity/parity odd | ## SGDT/SIDT/SLDT Store Descriptor Table 80286/386 Privileged Only Stores a Descriptor Table register into a specified operand. **SGDT** stores the Global Descriptor Table; **SIDT**, the Interrupt Descriptor Table; and **SLDT**, the Local Descriptor Table. These instructions are available only in privileged mode. See Intel documentation for details on descriptor tables and other privileged-mode concepts. | 00001111 | 00000001 mod,000,r/m | disp (2) | |------------|-----------------------|----------------------------| | SGDT mem64 | sgdt descriptor | 88/86 —<br>286 11<br>386 9 | | 00001111 | 00000001 mod,001,r/m | disp (2) | | SIDT mem64 | sidt descriptor | 88/86 —<br>286 12<br>386 9 | | 00001111 | 00000000 mod, 000,r/m | disp (0 or 2) | | SLDT reg16 | sldt ax | 88/86 —<br>286 2<br>386 2 | | SLDT mem16 | sldt selector | 88/86 —<br>286 3<br>386 2 | ## SHL/SHR Shift See SAL/SAR | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ? | | | | ± | ± | ? | ± | ± | ### SHLD/SHRD Double Precision Shift 80386 Only Shifts the bits of the second operand into the first operand. The number of bits shifted is specified by the third operand. **SHLD** shifts the first operand to the left by the number of positions specified in the count. The positions opened by the shift are filled by the most significant bits of the second operand. **SHRD** shifts the first operand to the right by the number of positions specified in the count. The positions opened by the shift are filled by the least significant bits of the second operand. The count operand can be either **CL** or an 8-bit constant. If a shift count larger than 31 is given, it will be adjusted by using the remainder (modulus) of a division by 32. | 00001111 10100 | 0100 mod,reg,r/m | disp (0 or 2) | data (1) | |------------------------------------------------------|------------------------|---------------------------|----------| | SHLD reg16,reg16,immed 8<br>SHLD reg32,reg32,immed 8 | shld ax,dx,10 | 88/86 —<br>286 —<br>386 3 | | | SHLD mem16,reg16,immed8<br>SHLD mem32,reg32,immed8 | shld bits,cx,5 | 88/86 —<br>286 —<br>386 7 | | | 00001111 10101 | 100 mod,reg,r/m | disp (0 or 2) | data (1) | | SHRD reg16,reg16,immed 8<br>SHRD reg32,reg32,immed 8 | shrd cx,si,3 | 88/86 —<br>286 —<br>386 3 | | | SHRD mem16,reg16,immed8<br>SHRD mem32,reg32,immed8 | | 88/86 —<br>286 —<br>386 7 | | | 00001111 10100 | 0101 mod,reg,r/m | disp (0 or 2) | | | SHLD reg16,reg16,CL<br>SHLD reg32,reg32,CL | shld ax,dx,cl | 88/86 —<br>286 —<br>386 3 | | | SHLD mem16,reg16,CL<br>SHLD mem32,reg32,CL | shld masker,ax,cl | 88/86<br>286<br>386 7 | | | 00001111 10101 | 101 | disp (0 or 2) | | | 00001111 10101 | 101 <i>mod,reg,r/m</i> | aisp (0 or 2) | | | SHRD reg16,reg16,CL<br>SHRD reg32,reg32,CL | shrd bx,dx,cl | 88/86 —<br>286 —<br>386 3 | | ## SMSW Store Machine Status Word 80286/386 Privileged Only | 0 | D | I | T | S | Z | A | P | C | |----|---|---|---|---|---|---|---|---| | /E | | | | | | | | | Stores the Machine Status Word (MSW) into a specified memory operand. SMSW is available only in privileged mode. See Intel documentation for details on the MSW and other privileged-mode concepts. | 00001111 | 00000001 mod,100,r/m | disp (0 or 2) | |------------|----------------------|--------------------------------| | SMSW reg16 | smsw ax | 88/86 —<br>286 2<br>386 10 | | SMSW mem16 | smsw machine | 88/86 —<br>286 3<br>386 3,pm=2 | | ST | C | | |-----|-------|------| | Set | Carry | Flag | | 0 | D | I | T | S | Z | A | P | C | |-----|---|---|---|---|---|---|---|---| | 190 | | | | | | | - | 1 | Sets the carry flag. | 11111001 | | | |-----------------------|-----|---------------------------| | and the second second | stc | 88/86 2 | | STC | | 88/86 2<br>286 2<br>386 2 | | 0 | D | I | T | S | Z | Α | P | C | |---|---|---|---|---|---|---|---|---| | | 1 | | | | | | | | ## STD Set Direction Flag Sets the direction flag. All subsequent string instructions will process down (from high addresses to low addresses). | 11111101 | | | | |----------|-----|---------------------------|--| | STD | std | 88/86 2<br>286 2<br>386 2 | | | _ | _ | _ | _ | _ | | | _ | _ | |---|---|---|---|---|---|---|---|---| | 0 | D | I | T | S | Z | A | P | C | | П | | 1 | | | | | | | ## STI Set Interrupt Flag Sets the interrupt flag. When the interrupt flag is set, maskable interrupts are recognized. If interrupts were disabled by a previous **CLI** instruction, pending interrupts will not be executed immediately; they will be executed after the instruction following **STI**. | 11111011 | | | | |----------|-----|---------------------|---| | | sti | 88/86<br>286<br>386 | 2 | | STI | | 286 | 2 | | | | 386 | 3 | ## STOS/STOSB/ STOSW/STOSD Store String Data Stores the value in the accumulator to a string. The string to be filled is the destination and must be pointed to by ES:DI (even if an operand is given). For each source element loaded, DI is adjusted according to the size of the operands and the status of the direction flag. DI is increased if the direction flag has been cleared with CLD or decreased if the direction flag has been set with STD. If the STOS form of the instruction is used, an operand must be provided to indicate the size of the data elements to be processed. No segment override is allowed. If STOSB (bytes), STOSW (words), or STOSD (doublewords on the 80386 only) is used, the instruction determines the size of the data elements to be processed and whether the element will be from AL, AX, or EAX. No operand is allowed. STOS and its variations are often used with the REP prefix. Before the repeated instruction is executed, CX should contain the number of elements to store. | 1010101w | | integral League de La L<br>La descripción de La La<br>La descripción de La | |-----------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | STOS [ES:]]dest | stos es:dstring | 88/86 11 (W88=15) | | STOSB | rep stosw | 286 3 | | STOSW | rep stosb | 386 4 | | 0 | D | I | T | S | Ż | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | ## STR #### Store Task Register 80286/386 Privileged Only Stores the current task register to the specified operand. This instruction is only available in privileged mode. See Intel documentation for details on task registers and other privileged-mode concepts. | 00001111 00 | 000000 mod, 001, reg | disp (0 or 2) | |-------------|----------------------|---------------------------| | STR reg16 | str cx | 88/86 —<br>286 2<br>386 2 | | STR mem16 | str taskreg | 88/86 —<br>286 3<br>386 2 | ## SUB Subtract | O | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | ± | | | | ± | ± | ± | ± | ± | Subtracts the source operand from the destination operand and stores the result in the destination operand. | 001010dw mo | d, reg, r/m disp (0 or 2) | | a equal. | |-----------------|------------------------------------------|---------------------|-----------------------------| | SUB reg,reg | sub ax,bx<br>sub bh,dh | 88/86<br>286<br>386 | 3<br>2<br>2 | | SUB mem,reg | <pre>sub tally,bx sub array[di],bl</pre> | 88/86<br>286<br>386 | 16+EA (W88=24+EA)<br>7<br>6 | | SUB reg,mem | sub cx,discard<br>sub al,[bx] | 88/86<br>286<br>386 | 9+EA (W88=13+EA)<br>7<br>7 | | 100000sw mo | d,101,r/m disp (0 or 2) | data (1 or | | | SUB reg,immed | sub dx,45<br>sub bl,7 | 88/86<br>286<br>386 | 4<br>3<br>2 | | SUB mem,immed | sub total,4000<br>sub BYTE PTR [bx+di],2 | 88/86<br>286<br>386 | 17+EA (W88=25+EA)<br>7<br>7 | | 0010110w dat | ta (1 or 2) | | | | SUB accum,immed | sub ax,32000 | 88/86<br>286<br>386 | 4<br>3<br>2 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | 0 | | | | ± | ± | ? | ± | 0 | ## TEST Logical Compare Tests specified bits of an operand and sets the flags for a subsequent conditional jump or set instruction. One of the operands contains the value to be tested. The other contains a bit mask indicating the bits to be tested. TEST works by doing a logical bitwise AND on the source and destination operands. The flags are modified according to the result, but the destination operand is not changed. This instruction is the same as the AND instruction, except that the result is not stored. | 1000011w mod | disp (0 or 2) | | | | | | | | | |--------------------------------------------------|-----------------------------------------|------------------------------------------|--|--|--|--|--|--|--| | TEST reg,reg | test dx,bx<br>test bl,ch | 88/86 3<br>286 2<br>386 2 | | | | | | | | | TEST mem,reg*<br>TEST reg,mem | test dx,flags<br>test bl,bitarray[bx] | 88/86 9+EA (W88=13+EA)<br>286 6<br>386 5 | | | | | | | | | 1111011w mod,000,r/m disp (0 or 2) data (1 or 2) | | | | | | | | | | | TEST reg,immed | test cx,30h<br>test cl,1011b | 88/86 5<br>286 3<br>386 2 | | | | | | | | | TEST mem,immed | test masker,1<br>test BYTE PTR [bx],03h | 88/86 11+EA<br>286 6<br>386 5 | | | | | | | | | 1010100w data (1 or 2) | | | | | | | | | | | TEST accum,immed | test ax,90h | 88/86 4<br>286 3<br>386 2 | | | | | | | | <sup>\*</sup> MASM transposes TEST mem, reg so that it is encoded as TEST reg, mem. ## **VERR/VERW** Verify Read or Write 80286/386 Protected Only | O | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | ± | | | | Verifies that a specified segment selector is valid and can be read or written to at the current privilege level. **VERR** verifies that the selector is readable. **VERW** verifies that the selector can be written to. If the segment is verified, the zero flag is set. Otherwise the zero flag is cleared. These instructions are available only in privileged mode. See Intel documentation for details on segment selectors and other privileged-mode concepts. | 00001111 | 00000000 mod, 100,r/m | disp (0 or 2) | | |-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|-----| | | verr ax | 88/86 — | Tr | | VERR reg16 | | 286 14 | | | A BUT IN WEAT | The state of s | 386 10 | | | | verr selector | 88/86 — | | | VERR mem16 | | 286 16 | | | | | | | | | A CONTRACTOR OF THE CONTRACTOR | 386 11 | | | 00001111 | 00000000 mod, 101,r/m | disp (0 or 2) | Ī | | | 00000000 mod, 101,r/m | disp (0 or 2) | 6. | | 00001111 VERW reg16 | 100000 | disp (0 or 2) 88/86 — 286 14 | | | | 100000 | disp (0 or 2) | 10. | | | 100000 | disp (0 or 2) 88/86 — 286 14 | L. | | | verw cx | disp (0 or 2) 88/86 — 286 14 386 15 | | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | WAIT Wait Suspends CPU execution until a signal is received that a coprocessor has finished a simultaneous operation. It should be used to prevent a coprocessor instruction from modifying a memory location that is being modified at the same time by a processor instruction. WAIT is the same as the coprocessor FWAIT instruction. | 10011011 | | | | |----------|------|---------------------|-----| | WAIT | wait | 88/86<br>286<br>386 | 4 3 | | | | 386 | 6 | | 0 | D | I | Т | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | XCHG Exchange Exchanges the values of the source and destination operands. | 1000011w ma | od,reg,r/m disp (0 or 2) | | | |-------------------|--------------------------|---------|-------------------| | wawa | xchg cx, dx | 88/86 | 4 | | XCHG reg,reg | xchg l,dh | 286 | 3 | | | xchg al,ah | 386 | 3 | | XCHG reg,mem | xchg [bx],ax | 88/86 | 17+EA (W88=25+EA) | | XCHG mem,reg | xchg bx,pointer | 286 | 5 | | | | 386 | 5 | | 10010 reg | | 1 00/06 | | | XCHG accum,reg16* | xchg ax,cx | 88/86 | 3 | | XCHG reg16,accum* | xchg cx,ax | 286 | 3 | | | | 386 | 3 | <sup>\*</sup> On the 80386, the accumulator may also be exchanged with a 32-bit register. ## XLAT/XLATB Translate | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | | | | | | | | | | Translates a value from one coding system to another by looking up the value to be translated in a table stored in memory. Before the instruction is executed, **BX** should point to a table in memory and **AL** should contain the unsigned position of the value to be translated from the table. After the instruction, **AL** will contain the table value with the specified position. No operand is required, but one can be given in order to specify a segment override. **DS** is assumed unless a segment override is given. Starting with version 5.0, **XLATB** is recognized as a synonym for **XLAT**. Either version allows an operand, but neither requires one. | 11010111 | | | |----------------------------------------------|------------------------|----------------------------| | XLAT [[[segreg]]:mem] XLATB [[[segreg]]:mem] | xlat<br>xlatb es:table | 88/86 11<br>286 5<br>386 5 | | 0 | D | I | T | S | Z | A | P | C | |---|---|---|---|---|---|---|---|---| | 0 | | | | ± | ± | ? | ± | 0 | ## XOR Exclusive OR Performs a bitwise exclusive OR on the source and destination operands, and stores the result to the destination. For each bit position in the operands, if both bits are set or if both bits are cleared, the corresponding bit of the result is cleared. Otherwise, the corresponding bit of the result is set. | 001100dw mod | l, reg, r/m disp (0 or 2) | | | |-----------------|----------------------------------------|---------------------|-----------------------------| | XOR reg,reg | xor cx,bx<br>xor ah,al | 88/86<br>286<br>386 | 3<br>2<br>2 | | XOR mem,reg | xor [bp+10],cx<br>xor masked,bx | 88/86<br>286<br>386 | 16+EA (W88=24+EA)<br>7<br>6 | | XOR reg,mem | xor cx,flags<br>xor bl,bitarray[di] | 88/86<br>286<br>386 | 9+EA (W88=13+EA)<br>7<br>7 | | 100000sw mod | disp (0 or 2) | data (1 or | 2) | | XOR reg,immed | xor bx,10h<br>xor bl,1 | 88/86<br>286<br>386 | 4<br>3<br>2 | | XOR mem,immed | xor Boolean,1<br>xor switches[bx],101b | 88/86<br>286<br>386 | 17+EA (W88=25+EA)<br>7<br>7 | | 0011010w date | ı (1 or 2) | | | | XOR accum,immed | xor ax,01010101b | 88/86<br>286<br>386 | 4<br>3<br>2 | ## Coprocessor Interpreting Coprocessor Instructions Syntax Examples Clock Speeds Instruction Size Architecture Instructions ## **Topical Cross-Reference** #### Load FLD/FILD/FBLD FXCH FLDCW FLDENV FSTENV/FNSTENV #### Store Data FST/FIST FSTP/FISTP/FBSTP FSTCW/FNSTCW FSTSW/FNSTSW FSAVE/FNSAVE FRSTOR #### **Load Constant** FLD1 FLDL2E FLDL2T FLDLG2 FLDLN2 FLDPI FLDZ #### <u>Arithmetic</u> FADD/FIADD **FADDP** FSUB/FISUB **FSUBP** FSUBR/FISUBR **FSUBRP** FMUL/FIMUL **FMULP FSCALE** FDIV/FIDIV **FDIVP** FDIVR/FIDIVR FDIVRP FABS **FCHS** FRNDINT **FSORT** **FPREM** FPREM1 † **FXTRACT** #### Transcendental FPTAN FPATAN FSIN † FCOS † FSINCOS † F2XM FYL2X FYL2PI FPREEM FPREMI † #### Compare FCOM/FICOM FCOMP/FICOMP FCOMPP FUCOM † FUCOMPP † FTST FXAM FSTSW/FNSTSW ### Processor Control FINIT/FNINIT FFREE FNOP FWAIT FDECSTP FINCSTP FCLEX/FNCLEX FSETPM \* FDISI/FNDISI \$ FENI/FNENI \$ FSAVE/FNSAVE FLDCW FRSTOR FSTCW/FNSTCW FSTSW/FNSTSW FSTENV/FNSTENV ## **Interpreting Coprocessor Instructions** This section provides an alphabetical reference to instructions of the 8087, 80287, and 80387 coprocessors. The format is the same as for the processor instructions except that encodings are not provided. Differences are noted below. #### Syntax Syntaxes in Column 1 use the following abbreviations for operand types: reg A coprocessor stack register memreal A direct or indirect memory operand where a real number is stored memint A direct or indirect memory operand where a binary integer is stored membed A direct or indirect memory operand where a BCD number is stored #### Examples The examples in Column 2 are randomly chosen, and no significance should be attached to their order or placement. They are valid examples of the associated syntax, but there is no attempt to illustrate all possible operand combinations or to show context. Their position is not related to the clock speeds in Column 3. ### **Clock Speeds** Column 3 shows the clock speeds for each processor. Sometimes an instruction may have more than one possible clock speed. The following abbreviations are used to specify variations: EA <u>Effective address.</u> This applies only to the 8087. See the Processor Section "Timings on the 8080 and 8086 Processor Section, "Timings on the 8080 and 8086 Processors," for an explanation of effective address timings. s,l,t Short real, long real, and 10-byte temporary real. w,d,q Word, doubleword, and quadword binary integer. t,f To or from stack top. On the 80387, the t clocks represent timings when ST is the destination. The f clocks represent timings when ST is the source. #### Instruction Size The instruction size is always two bytes for instructions that do not access memory. For instructions that do access memory, the size is four bytes on the 8087 and 80287. On the 80387, the size for instructions that access memory is four bytes in 16-bit mode or six bytes in 32-bit mode. On the 8087, each instruction must be preceded by the WAIT (also called FWAIT) instruction, thereby increasing the instruction's size by one byte. MASM inserts WAIT automatically by default, or with the .8087 directive. #### **Architecture** The 8087, 80287, and 80387 coprocessors have several elements of architecture in common. All have a register stack made up of eight 80-bit data registers. These can contain floating-point numbers in the temporary real format. The coprocessors also have 14 bytes of control registers. The format of registers is shown in Figure 2. Figure 2 Coprocessor Registers The most important control registers are the control word and the status word. The format of these registers is shown in Figure 3. Figure 3 Control Word and Status Word ## F2XM1 2<sup>X</sup>-1 Calculates $Y = 2^X - 1$ . X is taken from ST. The result, Y, is returned in ST. X must be in the range $0 \le X \le 0.5$ on the 8087 and 80287, or in the range $-1.0 \le X \le +1.0$ on the 80387. | | £21 | 07 | 210 (20 | |-------|-------|-----|---------| | | f2xm1 | 87 | 310-630 | | F2XM1 | | 287 | 310-630 | | | | 387 | 211-476 | ## FABS Absolute Value Converts the element in ST to its absolute value. | FABS | fabs | 87<br>287 | 10-17 | |------|------|-----------|-------------| | rabs | | 387 | 10-17<br>22 | # FADD/FADDP/FIADD Add Adds the source to the destination and returns the sum in the destination. If two register operands are specified, one must be ST. If a memory operand is specified, the sum replaces the value in ST. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified, ST is added to ST(1) and the stack is popped, returning the sum in ST. For FADDP, the source must be ST; the sum is returned in the destination and ST is popped. | FADD [[reg,reg]] | | st(2)<br>5),st | 87<br>287<br>387 | 70-100<br>70-100<br>t=23-31,f=26-34 | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|------------------|--------------------------------------------------------------------| | FADDP reg,ST | faddp st( | 6),st | 87<br>287<br>387 | 75-105<br>75-105<br>23-31 | | FADD memreal | | RD PTR [bx]<br>rtreal | 87<br>287<br>387 | (s=90-120,s=95 125)+EA<br>s=90-120,l=95-125<br>s=24-32,l=29-37 | | FIADD memint | The state of s | 16<br>ray[di]<br>ble | 87<br>287<br>387 | (w=102-137,d=108-143)+EA<br>w=102-137,d=108-143<br>w=71-85,d=57-72 | ## FBLD Load BCD See FLD. ## FBSTP Store BCD and Pop See FST. ## FCHS Change Sign Reverses the sign of the value in ST. | FCHS | fchs | 87 10-17<br>287 10-17<br>387 24-25 | |------|------|------------------------------------| |------|------|------------------------------------| # FCLEX/FNCLEX Clear Exceptions Clears all exception flags, the busy flag and bit 7 in the status word. Bit 7 is the interrupt request flag on the 8087 and the error status flag on the 80287 and 80387. The instruction has wait and no-wait versions. | FCLEX | fclex | 87 | 2-8 | |--------|-------|-----|-----| | FNCLEX | | 287 | 2-8 | | | | 387 | 11 | ## FCOM/FCOMP/FCOMPP/ FICOM/FICOMP Compare Compares the specified source to ST and sets the condition codes of the status word according to the result. The instruction works by subtracting the source operand from ST without changing either operand. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified or if two pops are specified, ST is compared to ST(1) and the stack is popped. If one pop is specified with an operand, the operand is compared to ST. If one of the operands is a NAN, an invalid-operation exception is generated (see FUCOM for an alternative method of comparing on the 80387). | FCOM [reg] | fcom<br>fcom | st (2) | 87<br>287<br>387 | 40-50<br>40-50<br>24 | |---------------|----------------|-------------------------------|------------------|------------------------------------------------------------| | FCOMP [reg] | fcomp<br>fcomp | st (7) | 87<br>287<br>387 | 42-52<br>42-52<br>26 | | FCOMPP | fcompp | | 87<br>287<br>387 | 45-55<br>45-55<br>26 | | FCOM memreal | fcom<br>fcom | shortreals[di]<br>longreal | 87<br>287<br>387 | (s=60-70,l=65-75)+EA<br>s=60-70,l=65-75<br>s=26,l=31 | | FCOMP memreal | fcomp<br>fcomp | longreal<br>shorts[di] | 87<br>287<br>387 | (s=63-73,l=67-77)+EA<br>s=63-73,l=67-77<br>s=26,l=31 | | FICOM memint | ficom<br>ficom | double<br>warray[di] | 87<br>287<br>387 | (w=72-86,d=78-91)+EA<br>w=72-86,d=78-91<br>w=71-75,d=56-63 | | FICOMP memint | | WORD PTR [bp+6]<br>darray[di] | 87<br>287<br>387 | (w=74-88,d=80-93)+EA<br>w=74-88,d=80-93<br>w=71-75,d=56-63 | #### Condition Codes for FCOM | <u>C3</u> | <u>C2</u> | <u>C1</u> | <u>C0</u> | Meaning | |-----------|-----------|-----------|-----------|--------------------------------| | 0 | 0 | ? | 0 | ST > source | | 0 | 0 | ? | 1 | ST < source | | 1 | 0 | ? | 0 | ST = source | | 1 | 1 | ? | 1 | ST is not comparable to source | ### FCOS Cosine 80387 Only Replaces a value in radians in ST with its cosine. If ST is in the range $|ST| < 2^{63}$ , the C2 bit of the status word is cleared and the cosine is calculated. Otherwise, C2 is set and no calculation is done. ST can be reduced to the required range with FPREM or FPREM1. | | fcos | 87 — | |------|------|--------------| | FCOS | | 287 — | | | | 387 123-772* | <sup>\*</sup> For operands with an absolute value greater than $\pi/4$ , up to 76 additional clocks may be required. ## FDECSTP Decrement Stack Pointer Decrements the stack top pointer in the status word. No tags or registers are changed and no data are transferred. If the stack pointer is 0, **FDECSTP** changes it to 7. | FDECSTP fdecstp | 87 6-12<br>287 6-12<br>387 22 | |-----------------|-------------------------------| |-----------------|-------------------------------| ## FDISI/FNDISI Disable Interrupts 8087 Only Disables interrupts by setting the interrupt enable mask in the control word. This instruction has wait and no-wait versions. Since the 80287 and 80387 do not have an interrupt enable mask, the instruction is recognized but ignored on these coprocessors. | FDISI | fdisi | 87 | 2-8 | | |--------|-------|-----|-----|--| | FNDISI | | 287 | 2 | | | | | 387 | 2 | | ## FDIV/FDIVP/FIDIV Divide Divides the destination by the source, and returns the quotient in the destination. If two register operands are specified, one must be ST. If a memory operand is specified, the quotient replaces the value in ST. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified, ST is divided by ST(1) and the stack is popped, returning the result in ST. For FDIVP, the source must be ST; the quotient is returned in the destination register and ST is popped. | FDIV [[reg,reg]] | fdiv<br>fdiv<br>fdiv | st,st(2)<br>st(5),st | 87<br>287<br>387 | 193-203<br>193-203<br>t=88,f=91 | |------------------|----------------------|----------------------|------------------|---------------------------------| | FDIVP reg,ST | fdivp | st(6),st | 87<br>287<br>387 | 197-207<br>197-207<br>91 | | FDIV memreal | fdiv | DWORD PTR [bx] | 87 | (s=215-225,l=220-230)+EA | | | fdiv | shortreal[di] | 287 | s=215-225,l=220-230 | | | fdiv | longreal | 387 | s=89,l=94 | | FIDIV memint | fidiv | int16 | 87 | (w=224-238,d=230-243)+EA | | | fidiv | warray[di] | 287 | w=224-238,d=230-243 | | | fidiv | double | 387 | w=136-140,d=120-127 | ## FDIVR/FDIVRP/FIDIVR Divide Reversed Divides the source by the destination and returns the quotient in the destination. If two register operands are specified, one must be ST. If a memory operand is specified, the quotient replaces the value in ST. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified, ST is divided by ST(1) and the stack is popped, returning the result in ST. For FDIVRP, the source must be ST; the quotient is returned in the destination register and ST is popped. | FDIVR [reg,reg] | fdivr st,st(2)<br>fdivr st(5),st<br>fdivr | 87<br>287<br>387 | 194-204<br>194-204<br>t=88,f=91 | |-----------------|-------------------------------------------|------------------|------------------------------------------------------------------------| | FDIVRP reg,ST | fdivrp st(6),st | 87<br>287<br>387 | 198-208<br>198-208<br>91 | | FDIVR memreal | fdivr longreal<br>fdivr shortreal[di] | 87<br>287<br>387 | (s=216-226,l=221-231)+EA<br>s=216-226,l=221-231<br>s=89,l=94 | | FIDIVR memint | fidivr double<br>fidivr warray[di] | 87<br>287<br>387 | (w=225-239,d=231-245)+EA<br>w=225-239,d=231-245<br>w=135-141,d=121-128 | ### FENI/FNENI **Enable Interrupts** 8087 Only Enables interrupts by clearing the interrupt enable mask in the control word. This instruction has wait and no-wait versions. Since the 80287 and 80387 do not have an interrupt enable mask, the instruction is recognized but ignored on these coprocessors. | FENI | feni | 87 | 2-8 | | |-------|------|-----|-----|--| | FNENI | | 287 | 2 | | | | | 387 | 2 | | ## **FFREE** Free Register Changes the specified register's tag to empty without changing the contents of the register. | FFREE ST(i) | ffree st(3) | 87 9-16<br>287 9-16 | | |-------------|-------------|---------------------|--| | | | 387 18 | | ## FIADD/FISUB/FISUBR/ FIMUL/FIDIV/FIDIVR Integer Arithmetic See FADD, FSUB, FSUBR, FMUL, FDIV, and FDIVR. ## FICOM/FICOMP Compare Integer See FCOM. ## FILD **Load Integer** See FLD. ## **FINCSTP** **Increment Stack Pointer** Increments the stack top pointer in the status word. No tags or registers are changed and no data are transferred. If the stack pointer is 7, then **FINCSTP** changes it to 0. | | fincstp | 87 | 6-12 | |---------|---------|-----|------| | FINCSTP | SIT | 287 | 6-12 | | | | 387 | 21 | ## FINIT/FNINIT Initialize Coprocessor Initializes the coprocessor and resets all the registers and flags to their default values. The instruction has wait and no-wait versions. On the 80387, the condition codes of the status word are cleared. On the 8087 and 80287, they are unchanged. | FINIT | finit | 87 2-8 | |--------|-------|---------| | FNINIT | | 287 2-8 | | | | 387 33 | ## FIST/FISTP Store Integer See FST. ## FLD/FILD/FBLD Load Pushes the specified operand onto the stack. All memory operands are automatically converted to temporary real numbers before being loaded. | | fld st(3) | 87 | 17-22 | |-------------|-----------------------|-----|------------------------------| | FLD reg | | 287 | 17-22 | | | | 387 | 14 | | | fld longreal | 87 | (s=38-56,l=40-60,t=53-65)+EA | | FLD memreal | fld shortarray[bx+di] | 287 | s=38-56,l=40-60,t=53-65 | | | fld tempreal | 387 | s=20,l=25,t=44 | | | fld mem16 | 87 | (w=46-54,d=52-60,q=60-68)+EA | | FILD memint | fld DWORD PTR [bx] | 287 | w=46-54,d=52-60,q=60-68 | | | fld quads[si] | 387 | w=61-65,d=45-52,q=56-67 | | | fld packbcd | 87 | (290-310)+EA | | FBLD membcd | | 287 | 290-310 | | | | 387 | 266-275 | # FFLD1/FLDZ/FLDPI/FLDL2E/FLDL2T/FLDLG2/FLDLN2 **Load Constant** Pushes a constant onto the stack. The following constants can be loaded: | Instruction | Constant Loaded | |-------------|-----------------------| | FLD1 | +1.0 | | FLDZ | +0.0 | | FLDPI | π | | FLDL2E | Log <sub>2</sub> (e) | | FLDL2T | Log <sub>2</sub> (10) | | FLDLG2 | $Log_{10}(2)$ | | FLDLN2 | $Log_e(2)$ | | | | | *************************************** | | | |-----------------------------------------|--------|-----------| | | fld1 | 87 15-21 | | FLD1 | | 287 15-21 | | | | 387 24 | | | fldz | 87 11-17 | | FLDZ | | 287 11-17 | | | | 387 20 | | | fldpi | 87 16-22 | | FLDPI | | 287 16-22 | | | | 387 40 | | | fldl2e | 87 15-21 | | FLDL2E | | 287 15-21 | | | | 387 40 | | | fld12t | 87 16-22 | | FLDL2T | | 287 16-22 | | | | 387 40 | | | fldlg2 | 87 18-24 | | FLDLG2 | | 287 18-24 | | | | 387 41 | | | fldln2 | 87 17-23 | | FLDLN2 | | 287 17-23 | | | | 387 41 | ## FLDCW **Load Control Word** Loads the the specified word into the coprocessor control word. The format of the control word is shown in the Interpreting Coprocessor Instruction section. | FLDCW mem32 | fldcw | ctrlword | 87<br>287<br>387 | (7-14)+EA<br>7-14<br>19 | | |-------------|-------|----------|------------------|-------------------------|--| |-------------|-------|----------|------------------|-------------------------|--| ### FLDENV Load Environment State Loads the 14-byte coprocessor environment state from a specified memory location. The environment includes the control word, status word, tag word, instruction pointer, and operand pointer. On the 80387 in 32-bit mode, the environment state is made up of 28 bytes. | FLDENV mem | fldenv [bp+10] | 87<br>287<br>387 | (35-45)+EA<br>35-45<br>71 | | |------------|----------------|------------------|---------------------------|--| |------------|----------------|------------------|---------------------------|--| # FMUL/FMULP/FIMUL Multiply Multiplies the source by the destination and returns the product in the destination. If two register operands are specified, one must be ST. If a memory operand is specified, the product replaces the value in ST. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified, ST(1) is multiplied by ST and the stack is popped, returning the product in ST. For FMULP, the source must be ST; the product is returned in the destination register and ST is popped. | | fmul | st, st(2) | 87 | 130-145 (90-105)* | |------------------|-------|-----------------|-----|----------------------------| | FMUL [[reg,reg]] | fmul | st(5),st | 287 | 130-145 (90-105)* | | 2 0. 02 | fmul | N 40 12 | 387 | t=46-54 (49),f=29-57 (52)† | | | fmulp | st(6),st | 87 | 134-148 (94-108)* | | FMULP reg,ST | _ | | 287 | 134-148 (94-108)* | | 0, | | | 387 | 29-57 (52)† | | | fmul | DWORD PTR [bx] | 87 | (s=110-125,l=154-168)+EA§ | | FMUL memreal | fmul | shortreal[di+3] | 287 | s=110-125,l=154-168§ | | | fmul | longreal | 387 | s=27-35,l=32-57 | | | fimul | int16 | 87 | (w=124-138,d=130-144)+EA | | FIMUL memint | fimul | warray[di] | 287 | w=124-138,d=130-144 | | | fimul | double | 387 | w=76-87,d=61-82 | <sup>\*</sup> The clocks in parentheses show times for short values—those with 40 trailing zeros in their fraction because they were loaded from a short-real memory operand. <sup>†</sup> The clocks in parentheses show typical speeds. <sup>§</sup> If the register operand is a short value—having 40 trailing zeros in its fraction because it was loaded from a short-real memory operand—then the timing is (112-126)+EA on the 8087 or 112-126 on the 80287. ## FNinstuction No-Wait Instructions Instructions that have no-wait versions include FCLEX, FSAVE, FSTCW, FSTENV, and FSTSW. Wait versions of instructions check for unmasked numeric errors; no-wait versions do not. When the .8087 directive is used, MASM puts a WAIT instruction before the wait versions and a NOP instruction before the no-wait versions. ## FNOP No Operation Performs no operation. FNOP can be used for timing delays or alignment. | FNOP | fnop | 87 10-16<br>287 10-16 | |---------|----------------------|-----------------------| | rela ST | devisida, iligar unb | 387 12 | # FPATAN Partial Arctangent Finds the partial tangent by calculating Z = ARCTAN(Y / X). X is taken from ST and Y from ST(1). On the 8087 and 80287, Y and X must be in the range $0 \le Y < X < \infty$ . On the 80387, there is no restriction on X and Y. X is popped from the stack and Z replaces Y in ST. | | fpatan | 87 | 250-800 | | |--------|--------|-----|---------|--| | FPATAN | | 287 | 250-800 | | | | | 387 | 314-487 | | ## FPREM Partial Remainder Calculates the remainder of ST divided by ST(1), returning the result in ST. The remainder retains the same sign as the original dividend. The calculation uses the following formula: $$remainder = ST - ST(1) * quotient$$ The *quotient* is the exact value obtained by chopping ST / ST(1) toward 0. The instruction is intended to be used in a loop that repeats until the reduction is complete, as indicated by the condition codes of the status word. | | fprem | 87 15-190 | |-------|-------|------------| | FPREM | | 287 15-190 | | | | 387 74-155 | #### Condition Codes for FPREM and FPREM1 | <u>C3</u> | <u>C2</u> | <u>C1</u> | <u>C0</u> | Meaning | |-----------|-----------|-----------|-----------|----------------------| | ? | 1 | ? | ? | Incomplete reduction | | 0 | 0 | 0 | 0 | quotient MOD $8 = 0$ | | 0 | 0 | 0 | 1 | quotient MOD $8 = 4$ | | 0 | 0 | 1 | 0 | quotient MOD $8 = 1$ | | 0 | 0 | 1 | 1 | quotient MOD $8 = 5$ | | 1 | 0 | 0 | 0 | quotient MOD $8 = 2$ | | 1 | 0 | 0 | 1 | quotient MOD $8 = 6$ | | 1 | 0 | 1 | 0 | quotient MOD $8 = 3$ | | 1 | 0 | 1 | 1 | quotient MOD $8 = 7$ | ### FPREM1 ## Partial Remainder (IEEE Compatible) 80387 Only Calculates the remainder of ST divided by ST(1), returning the result in ST. The remainder retains the same sign as the original dividend. The calculation uses the following formula: $$remainder = ST - ST(1) * quotient$$ The *quotient* is the integer nearest to the exact value **ST / ST(1)**. If there are two integers equally close, the even integer is used. The instruction is intended to be used in a loop that repeats until the reduction is complete, as indicated by the condition codes of the status word. See **FPREM** for the possible condition codes. | | fprem1 | 87 | | |--------|--------|-----|--------| | FPREM1 | | 287 | _ | | | | 387 | 95-185 | # FPTAN Partial Tangent Finds the partial tangent by calculating Y / X = TAN(Z). Z is taken from ST. Z must be in the range $0 \le Z \le \pi / 4$ on the 8087 and 80287. On the 80387, |Z| must be less than $2^{63}$ . The result is the ratio Y / X. Y replaces Z, and X is pushed into ST. Thus Y is returned in ST(1) and X in ST. | | fptan | 87 | 30-540 | | |-------|-------|-----|----------|--| | FPTAN | | 287 | 30-540 | | | | | 387 | 191-497* | | <sup>\*</sup> For operands with an absolute value greater than $\pi/4$ , up to 76 additional clocks may be required. ## FRNDINT Round to Integer Rounds ST from a real number to an integer. The rounding control (RC) field of the control word specifies the rounding method, as shown in the introduction to this section. | FRNDINT | frndint | 87<br>287<br>387 | 16-50<br>16-50<br>66-80 | | |---------|---------|------------------|-------------------------|--| |---------|---------|------------------|-------------------------|--| ### FRSTOR Restore Saved State Restores the 94-byte coprocessor state to the coprocessor from the specified memory location. In 32-bit mode on the 80387, the environment state takes 108 bytes. | FRSTOR mem94 | frstor [bp-94] | 87<br>287 | (197-207)+EA<br>* | |--------------|----------------|-----------|-------------------| | | | 387 | 308 | <sup>\*</sup> Clock counts are not meaningful in determining overall execution time of this instruction. Timing is determined by operand transfers. ## FSAVE/FNSAVE Save Coprocessor State Stores the 94-byte coprocessor state to the specified memory location. In 32-bit mode on the 80387, the environment state takes 108 bytes. This instruction has wait and no-wait versions. After the save, the coprocessor is initialized as if **FINIT** had been executed. | FSAVE m94 | fsave | [bp-94] | 87 | (197-207)+EA | |------------|-------|----------|-----|--------------| | FNSAVE m94 | fsave | cobuffer | 287 | * | | | | | 387 | 375-376 | <sup>\*</sup> Clock counts are not meaningful in determining overall execution time of this instruction. Timing is determined by operand transfers. ### FSCALE Scale Scales by powers of two by computing the function $Y = Y * 2^X$ . X is the scaling factor taken from ST(1), and Y is the value to be scaled from ST. The scaled result replaces the value in ST. The scaling factor remains in ST(1). If the scaling factor is not an integer, it will be truncated toward zero before the scaling. The 80387 has no restrictions on the range of operands, but on the 8087 and 80287, if X is not in the range $-2^{15} \le X < 2^{15}$ or if X is in the range 0 < X < 1, the result will be undefined. | | fscale | 87 32-38 | | |--------|--------|-----------|--| | FSCALE | | 287 32-38 | | | | | 387 67-86 | | ### FSETPM Set Protected Mode 80287 Only Sets the 80287 to protected mode. The instruction and operand pointers are in the protected mode format after this instruction. On the 80387, **FSETPM** is recognized but interpreted as **FNOP**, since the 80386 handles addressing identically in real and protected mode. | | fsetpm | 87 | | | |--------|--------------|-----|-----|--| | FSETPM | | 287 | 2-8 | | | | The state of | 387 | 12 | | ### **FSIN** Sine 80387 Only Replaces a value in radians in ST with its sine. If ST is in the range $|\mathbf{S}\hat{\mathbf{T}}| < 2^{63}$ , then the C2 bit of the status word is cleared and the sine is calculated. Otherwise, C2 is set and no calculation is done. ST can be reduced to the required range with **FPREM** or **FPREM1**. | ECIN | fsin | 87 | _ | |------|------|-----|----------| | rsin | | 387 | 122-771* | <sup>\*</sup> For operands with an absolute value greater than $\pi/4$ , up to 76 additional clocks may be required. # **FSINCOS** Sine and Cosine 80387 Only Computes the sine and cosine of a radian value in ST. The sine replaces the value in ST and then the cosine is pushed onto the stack. If ST is in the range $|ST| < 2^{63}$ , the C2 bit of the status word is cleared and the sine and cosine are calculated. Otherwise, C2 is set and no calculation is done. **ST** can be reduced to the required range with FPREM or FPREM1. | | fsincos | 87 | _ | | |---------|---------|-----|----------|--| | FSINCOS | | 287 | | | | | | 387 | 194-809* | | <sup>\*</sup> For operands with an absolute value greater than $\pi/4$ , up to 76 additional clocks may be required. # FSQRT Square Root Replaces the value of ST with its square root. (The square root of -0 is -0.) | | fsqrt | 87 180-186 | | |-------|------------------------------------------------|-------------|--| | FSQRT | THE RESERVE AND ADDRESS OF THE PERSON NAMED IN | 287 180-186 | | | | | 387 122-129 | | # FST/FSTP/FIST/FISTP/FBSTP Store Stores the value in ST to the specified memory location or register. Temporary real values in registers are converted to the appropriate integer, BCD, or floating-point format as they are stored. With FSTP, FISTP, and FBSTP, the ST register value is popped off the stack. | FST reg | fst<br>fst | st(6)<br>st | 87<br>287<br>387 | 15-22<br>15-22<br>11 | |--------------|----------------|---------------------------|------------------|--------------------------------------------------------------------------------------| | FSTP reg | fstp<br>fstp | st<br>st(3) | 87<br>287<br>387 | 17-24<br>17-24<br>12 | | FST memreal | fst<br>fst | shortreal<br>longs[bx] | 87<br>287<br>387 | (s=84-90,l=96-104)+EA<br>s=84-90,l=96-104<br>s=44,l=45 | | FSTP memreal | fstp<br>fstp | longreal<br>tempreals[bx] | 87<br>287<br>387 | (s=86-92,l=98-106,t=52-58)+EA<br>s=86-92,l=98-106,t=52-58<br>s=44,l=45,t=53 | | FIST memint | fist<br>fist | int16<br>doubles[8] | 87<br>287<br>387 | (w=80-90,d=82-92)+EA<br>w=80-90,d=82-92<br>w=82-95,d=79-93 | | FISTP memint | fistp<br>fistp | longint<br>doubles[bx] | 87<br>287<br>387 | (w=82-92,d=84-94,q=94-105)+EA<br>w=82-92,d=84-94,q=94-105<br>w=82-95,d=79-93,q=80-97 | | FBSTP membcd | fbstp | bcds[bx] | 87<br>287<br>387 | (520-540)+EA<br>520-540<br>512-534 | ## FSTCW/FNSTCW Store Control Word Stores the control word to a specified 16-bit memory operand. This instruction has wait and no-wait versions. | FSTCW<br>FNSTCW | fstcw ctrlword | 87 12-18<br>287 12-18<br>387 15 | | |-----------------|----------------|---------------------------------|--| |-----------------|----------------|---------------------------------|--| ### FSTENV/FNSTENV Store Environment State Stores the 14-byte coprocessor environment state to a specified memory location. The environment state includes the control word, status word, tag word, instruction pointer, and operand pointer. On the 80387 in 32-bit mode, the environment state is made up of 28 bytes. | FSTENV mem<br>FNSTENV mem | fstenv [bp-14] | 87<br>287<br>387 | (40-50)+EA<br>40-50<br>103-104 | | | |---------------------------|----------------|------------------|--------------------------------|--|--| |---------------------------|----------------|------------------|--------------------------------|--|--| ## FSTSW/FNSTSW Store Status Word Stores the status word to a specified 16-bit memory operand. On the 80287 and 80387, the status word can be stored also to the processor's **AX** register. This instruction has wait and no-wait versions. | FSTSW mem<br>FNSTSW mem | fstsw | statword | 87<br>287<br>387 | 12-18<br>12-18<br>15 | |-------------------------|-------|----------|------------------|----------------------| | FSTSW AX<br>FNSTSW AX | fstsw | ax | 87<br>287<br>387 | 10-16<br>13 | # FSUB/FSUBP/FISUB Subtract Subtracts the source from the destination and returns the difference in the destination. If two register operands are specified, one must be ST. If a memory operand is specified, the result replaces the value in ST. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified, ST is subtracted from ST(1) and the stack is popped, returning the difference in ST. For FSUBP, the source must be ST; the difference (destination minus source) is returned in the destination register and ST is popped. | | fsub | st, st(2) | 87 | 70-100 | |------------------------|-------|----------------|-----|--------------------------| | FSUB [reg,reg] | fsub | st(5), st | 287 | 70-100 | | | fsub | | 387 | t=29-37,f=26-34 | | | fsubp | st(6),st | 87 | 75-105 | | FSUBP reg,ST | | | 287 | 75-105 | | | | | 387 | 26-34 | | - Amerikanan | fsub | longreal | 87 | (s=90-120,s=95-125)+EA | | FSUB memreal | fsub | shortreals[di] | 287 | s=90-120,l=95-125 | | | | | 387 | s=24-32,1=28-36 | | Director in the second | fisub | double | 87 | (w=102-137,d=108-143)+EA | | FISUB memint | fisub | warray[di] | 287 | w=102-137,d=108-143 | | | | | 387 | w=71-83,d=57-82 | # FSUBR/FSUBRP/FISUBR Subtract Reversed Subtracts the destination operand from the source operand, and returns the result in the destination operand. If two register operands are specified, one must be ST. If a memory operand is specified, the result replaces the value in ST. Memory operands can be 32- or 64-bit real numbers or 16- or 32-bit integers. If no operand is specified, ST(1) is subtracted from ST and the stack is popped, returning the difference in ST. For FSUBRP, the source must be ST; the difference (source minus destination) is returned in the destination register and ST is popped. | | fsubr st, st(2) | 87 | 70-100 | |-------------------|----------------------|-----|--------------------------| | FSUBR [[reg,reg]] | fsubr st(5),st | 287 | 70-100 | | | fsubr | 387 | t=29-37,f=26-34 | | | fsubrp st(6),st | 87 | 75-105 | | FSUBRP reg,ST | | 287 | 75-105 | | | | 387 | 26-34 | | | fsubr QWORD PTR [bx] | 87 | (s=90-120,s=95-125)+EA | | FSUBR memreal | fsubr shortreal[di] | 287 | s=90-120,l=95-125 | | | fsubr longreal | 387 | s=25-33,l=29-37 | | | fisubr int16 | 87 | (w=103-139,d=109-144)+EA | | FISUBR memint | fisubr warray[di] | 287 | w=103-139,d=109-144 | | | fisubr double | 387 | w=72-84,d=58-83 | ### FTST Test for Zero Compares ST with +0.0 and sets the condition of the status word according to the result. | | ftst | 87 | 38-48 | |------|------|-----|-------| | FTST | | 287 | 38-48 | | | | 387 | 28 | #### **Condition Codes for FTST** | <u>C3</u> <u>C2</u> <u>C1</u> <u>C0</u> | Meaning | |-----------------------------------------|---------------------------------------------------| | 0 0 ? 0 | ST is positive | | 0 0 ? 1 | ST is negative | | 1 0 ? 0 | ST is 0 | | 1 1 ? 1 | ST is not comparable (NAN or projective infinity) | # FUCOM/FUCOMP/FUCOMPP Unordered Compare 80387 Only Compares the specified source to ST and sets the condition codes of the status word according to the result. The instruction works by subtracting the source operand from ST without changing either operand. Memory operands are not allowed. If no operand is specified or if two pops are specified, ST is compared to ST(1). If one pop is specified with an operand, the given register is compared to ST. **FUCOM** differs from **FCOM** in that it does not cause an invalidoperation exception if one of the operands is a NAN. Instead, the result is set to unordered. | Market I | fucom st(2) | 87 — | |--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------| | FUCOM [reg] | fucom | 287 — | | | ship se a visa a la | 387 24 | | | fucomp st(7) | 87 — | | FUCOMP [reg] | fucomp | 287 — | | | Administration I have been | 387 26 | | | fucompp | 87 — | | FUCOMPP | | 287 — | | | Name of the last o | 387 26 | #### Condition Codes for FUCOM | <u>C3</u> | <u>C2</u> | <u>C1</u> | <u>C0</u> | Meaning | |-----------|-----------|-----------|-----------|-------------| | 0 | 0 | ? | 0 | ST > source | | 0 | 0 | ? | 1 | ST < source | | 1 | 0 | ? | 0 | ST = source | | 1 | 1 | ? | 1 | Unordered | ## FWAIT Wait Suspends execution of the processor until the coprocessor is finished executing. This is an alternate mnemonic for the processor **WAIT** instruction. | FWAIT | fwait | 87 4<br>287 3 | |-------|-------|---------------| | | | 387 6 | ## FXAM Examine Reports the contents of ST in the condition flags of the status word. | EVAN | fxam | 87 12-23 | | |------|------|------------------------|--| | FXAM | | 287 12-23<br>387 30-38 | | #### Condition Codes for FXAM | <u>C3</u> | <u>C2</u> | <u>C1</u> | <u>C0</u> | Interpretation | |-----------|-----------|-----------|-----------|----------------| | 0 | 0 | 0 | 0 | + Unnormal* | | 0 | 0 | 0 | 1 | + NAN | | 0 | 0 | 1 | 0 | - Unnormal* | | 0 | 0 | 1 | 1 | - NAN | | 0 | 1 | 0 | 0 | + Normal | | 0 | 1 | 0 | 1 | + Infinity | | 0 | 1 | 1 | 0 | - Normal | | 0 | 1 | 1 | 1 | - Infinity | | 1 | 0 | 0 | 0 | + 0 | | 1 | 0 | 0 | 1 | Empty | | 1 | 0 | 1 | 0 | - 0 | | 1 | 0 | 1 | 1 | Empty | | 1 | 1 | 0 | 0 | + Denormal | | 1 | 1 | 0 | 1 | Empty* | | 1 | 1 | 1 | 0 | - Denormal | | 1 | 1 | 1 | 1 | Empty* | | | | | | | <sup>\*</sup> Not used on the 80387. Unnormals are not supported by the 80387. Also, the 80387 uses two codes instead of four to identify empty registers. # **FXCH** Exchange Registers Exchanges the specified (destination) register and ST. If no operand is specified, ST and ST(1) are exchanged. | | fxch st(3) | 87 | 10-15 | | |-------------|------------|-----|-------|--| | FXCH [reg]] | fxch | 287 | 10-15 | | | | | 387 | 18 | | ### **FXTRACT** ### **Extract Exponent and Significand** Extracts the exponent and significand fields of ST. The exponent replaces the value in ST, and then the significand is pushed onto the stack. | FXTRACT | fxtract | 87 27-55<br>287 27-55<br>387 70-76 | |---------|---------|------------------------------------| | | | 387 70-76 | # FYL2X $Y log_2(X)$ Calculates $Z = Y \log_2(X)$ . X is taken from ST and Y from ST(1). The stack is popped and the result, Z, replaces Y in ST. X must be in the range $0 < X < \infty$ and Y in the range $-\infty < Y < \infty$ . | | fyl2x | 87 | 900-1100 | | |-------|-------|-----|----------|--| | FYL2X | | 287 | 900-1100 | | | | | 387 | 120-538 | | # FYL2XP1 $Y log_2(X+1)$ Calculates $Z = Y \log_2(X + 1)$ . X is taken from ST and Y from ST(1). The stack is popped once and the result, Z, replaces Y in ST. X must be in the range $0 \le |X| < (1 - (\sqrt{2} / 2))$ . Y must be in the range $-\infty < Y < \infty$ . | | fyl2xp1 | 87 | 700-1000 | Poor | |---------|---------|-----|----------|------| | FYL2XP1 | | 287 | 700-1000 | | | | | 387 | 257-547 | | # **Tables** DOS Program Segment Prefix (PSP) ASCII Chart Key Codes Color Display Attributes Hexadecimal-Binary-Decimal Conversion ## **DOS Program Segment Prefix (PSP)** | | 0 1 | 2 3 | 4 5 6 | s 7 | 8 | 9 | А В | С | DEF | | | | |-----|---------|------|-------|-----|---|---|-----|------|-----|--|--|--| | 00h | 1 | 2 | 13 | 3 | 0 | 9 | | d cs | 5 | | | | | 10h | 5<br>CS | IP I | | | | | IF | _ 03 | | | | | | 20h | 7 | | | | | | | | | | | | | 30h | | , | | | | | | | | | | | | 40h | | | | | | | | | | | | | | 50h | | 8 | | | | | | | 9 | | | | | 60h | | | 9 | | | | | | 10 | | | | | 70h | | | 10 | | | | | | 13 | | | | | 80h | 12 | | 11 | | | | | | | | | | | 90h | | | | | | | | | | | | | | A0h | | | | | | | | | | | | | | B0h | | | | | | | | | | | | | | C0h | | | | | | | | | | | | | | D0h | | | | | | | | | | | | | | E0h | | | | | | | | | | | | | | F0h | | | | | | | | | | | | | - 1 Opcode for INT 20h - 2 Segment of first allocatable address following the program (useful for memory allocation) - 3 Opcode for far call to DOS function dispatcher - 4 Vector for terminate routine - 5 Vector for CTRL+BREAK routine - 6 Vector for error routine - 7 Segment of program's copy of the environment - 8 Opcode for DOS INT 21h and far return (you can do a far call to this address to execute DOS calls) - 9 First command-line argument (formatted as uppercase 11-character file name) - O Second command-line argument (formatted as uppercase 11-character file name) - 11 Number of bytes in command line argument - 12 Unformatted command line and/or default Disk Transfer Area (DTA) - 13 Reserved or used by DOS ### **ASCII Codes** | Ctrl | Dec Hex | Char | Code | 1 | Dec | Hex ( | Char | | Dec | Hex ( | Char | | Dec | Hex ( | Char | |------|---------|----------|------|-------|-----|-------|------|-------|-----|-------|------|------|-----|-------|--------------------| | ^@ | 0 00 | | NUL | | 32 | 20 | | | 64 | 40 | 9 | | 96 | 60 | | | Â | 1 01 | 9 | SOH | | 33 | 21 | 1 | | 65 | 41 | A | | 97 | 61 | a | | ÎВ | 2 02 | ē | STX | | 34 | 22 | II | - | 66 | 42 | B | | 98 | 62 | b | | ^C | 3 03 | | ETX | | 35 | 23 | # | | 67 | 43 | C | | 99 | 63 | C | | ^D | 4 04 | • | EOT | | 36 | 24 | \$ | | 68 | 44 | D | | 100 | 64 | d | | Ê | 5 05 | * | ENQ | | 37 | 25 | % | | 69 | 45 | E | | 101 | 65 | e | | F | 6 06 | 1 | ACK | | 38 | 26 | å | | 70 | 46 | F | | 102 | 66 | f | | G | 7 07 | | BEL | | 39 | 27 | , | | 71 | 47 | G | | 103 | 67 | g | | ^H | 8 08 | • | BS | | 40 | 28 | ( | | 72 | 48 | Н | | 104 | 68 | h | | Î | 9 09 | 0 | HT | | 41 | 29 | ) | | 73 | 49 | I | | 105 | 69 | i | | Ĵ | 10 0A | 0 | LF | | 42 | 2A | ¥ | | 74 | 4A | J | | 106 | 6A | J | | ^K | 11 OB | ď | VT | | 43 | 2B | + | | 75 | 4B | K | | 107 | 6B | k | | ^L | 12 OC | Q | FF | | 44 | 2C | , | 100 | 76 | 4C | L | | 108 | 6C | 1 | | M | 13 0D | F | CR | | 45 | 2D | - | | 77 | 4D | M | | 109 | 6D | M | | N | 14 0E | F | SO | | 46 | 2E | 1 | | 78 | 4E | N | | 110 | 6E | n | | Ô | 15 OF | × | SI | | 47 | 2F | / | | 79 | 4F | 0 | | 111 | 6F | 0 | | ÎР | 16 10 | - | DLE | | 48 | 30 | 0 | | 80 | 50 | P | | 112 | 70 | р | | ^Q | 17 11 | 4 | DC1 | | 49 | 32 | 1 | | 81 | 51 | Q | | 113 | 71 | q | | R | 18 12 | \$ | DC2 | | 50 | 32 | 2 | | 82 | 52 | R | | 114 | 72 | r | | Ŝ | 19 13 | !! | DC3 | | 51 | 33 | 3 | | 83 | 53 | S | | 115 | 73 | 5 | | T | 20 14 | P | DC4 | | 52 | 34 | 4 | | 84 | 54 | T | | 116 | 74 | t | | Û | 21 15 | 8 | NAK | | 53 | 35 | 5 | | 85 | 55 | Ш | | 117 | 75 | u | | V | 22 16 | | SYN | | 54 | 36 | 6 | | 86 | 56 | V | | 118 | 76 | V | | Ŵ | 23 17 | 1 | ETB | | 55 | 37 | 7 | | 87 | 57 | M | | 119 | 77 | W | | X | 24 18 | Ť | CAN | | 56 | 38 | 8 | | 88 | 58 | X | d b | 120 | 78 | X | | Ŷ | 25 19 | 1 | EM | | 57 | 39 | 9 | :40 | 89 | 59 | Y | n lu | 121 | 79 | y | | ÎΖ | 26 1A | 7 | SUB | | 58 | 3A | : | | 90 | 5A | Z | | 122 | 7A | Z | | ] | 27 1B | + | ESC | Year | 59 | 3B | 1 | | 91 | 5B | ] | | 123 | 7B | { | | 1 | 28 1C | L | FS | | 60 | 3C | < | Sin | 92 | 5C | 1 | 163 | 124 | 7C | ! | | رُ أ | 29 1D | # | GS | | 61 | 3D | = | gr.X | 93 | 5D | ] | 1011 | 125 | 7D | } | | _ | 30 1E | <b>A</b> | RS | | 62 | 3E | > | | 94 | 5E | ^ | -4 | 126 | | . + | | _ | 31 1F | <b>▼</b> | US | P III | 63 | 3F | ? | -Unjo | 95 | 5F | - | | 127 | 7F | $\Delta^{\dagger}$ | $<sup>\</sup>dagger$ ASCII code 127 has the code DEL. Under DOS, this code has the same effect as ASCII 8 (BS). The DEL code can be generated by the CTRL-BKSP key. | Dec Hex Char | Dec Hex Char | Dec Hex Char | Dec Hex Char | |-----------------------------------------------------------------|------------------------------------------------|---------------------------------------------------|--------------------------| | 128 80 <b>§</b><br>129 81 <b>ü</b> | 160 A0 <b>ā</b> | 192 C0 L | 224 E0 🕊 | | 129 81 <b>ü</b> | | 193 C1 <b>▲</b> | 225 E1 <b>B</b> | | 130 82 <b>e</b><br>131 83 <b>a</b> | 162 A2 <b>ö</b> | 194 C2 <b>T</b> | 226 E2 <b>Г</b> | | 131 83 3 | 163 A3 <b>ū</b> | 195 C3 <b>-</b> | 227 E3 <b>T</b> | | 132 84 <b>ä</b> | 164 A4 <b>n</b> | 196 C4 - | 228 E4 <b>Σ</b> | | 133 85 <b>a</b> | 165 A5 N | 197 C5 🕂 | 229 E5 <b>0</b> | | 134 86 <b>å</b> | 166 A6 🚇 | 198 C6 <b> </b> | 230 E6 <b>4</b> | | 135 87 <b>\$</b> | 167 A7 💆 | 199 C7 | 232 E7 <b>1</b> | | 136 88 2 | 168 A8 <b>¿</b> | 200 C8 L | 232 E8 <b>Q</b> | | 136 88 <b>8</b> 137 89 <b>8</b> 138 8A <b>9</b> 139 8B <b>1</b> | 169 A9 <b>r</b> | 201 C9 <b>F</b> | 233 E9 0 | | 138 8A <b>e</b> | 170 AA | 202 CA 😃 | 234 EA <b>Ω</b> | | | 171 AB <b>½</b> | 203 CB <b>1</b> | 235 EB <b>δ</b> | | 140 8C 7 | 172 AC 🔏 | 204 CC | 236 EC • | | | 173 AD | 205 CD = | 237 ED 🏚 | | 142 8E A | 174 AE « | 206 CE # | 238 EE <b>€</b> | | 143 8F A | 175 AF 🔌 | 207 CF <b>±</b> | 239 EF <b>1</b> | | 144 90 <b>Ē</b> | 176 B0 \$\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ | 208 D0 <b>1</b> | 240 F0 <b>=</b> | | 145 91 <b>a</b> | 177 B1 | 209 D1 <b>〒</b> | 241 F1 ± 242 F2 ½ 243 F3 | | 146 92 <b>A</b> | | 210 D2 <b>T</b> | 242 F2 2 | | 147 93 6 | 179 B3 | 211 D3 L | 243 F3 <del>{</del> | | 148 94 <b>ö</b> | 180 B4 🚽 | 212 D4 <b>E</b> | | | 149 95 <b>ö</b> | 181 B5 <b>1</b> | 213 D5 <b>F</b> | 245 F5 <b>J</b> | | 150 96 <b>û</b> | 182 B6 | 214 D6 <b>m</b> | 246 F6 🕂 | | 151 97 <b>u</b> | 183 B7 <b>T</b> | 215 D7 # | 247 F7 🛣 | | 152 98 <b>ÿ</b> | 184 B8 <b>3</b> | 216 D8 <b>‡</b> | 248 F8 0 | | 153 99 0 | 185 B9 <b>1</b> | 217 D9 <b>J</b> | 249 F9 • | | 154 9A <b>ü</b> | 186 BA | 218 DA 🔽 | 250 FA . | | 155 9B <b>¢</b> | 187 BB <b>1</b> | 219 DB | 251 FB <b>1</b> | | 156 9C <b>£</b><br>157 9D <b>‡</b> | 188 BC 4 | 220 DC | 252 FC <b>n</b> | | 157 9D ¥ | 189 BD <b>1</b> | 221 DD | 253 FD 2 | | 158 9E R | 190 BE <b>3</b> | 222 DE | 254 FE | | 159 9F <b>\$</b> | 191 BF <b>1</b> | 223 DF | 255 FF | # **Key Codes** | Key | | an<br>ode | | SCII c | | E | SCII o<br>xtende<br>ith Sh | d <sup>†</sup> | E | SCII<br>xtend<br>ith C | ed† | E | ASCII<br>Extend<br>with A | ded <sup>†</sup> | |-------|-----|-----------|-----|--------|------|-----|----------------------------|----------------|-----|------------------------|------|------|---------------------------|------------------| | | Dec | Hex | Dec | Hex | Char | Dec | Hex | Char | Dec | Hex | Char | Dec | Hex | Char | | ESC | 1 | 01 | 27 | 1B | | 27 | 1B | | 27 | 1B | | 1 8 | | | | 1! | 2 | 02 | 49 | 31 | 1 | 33 | 21 | ! | 2 | | | 120 | 78 | NUL | | 2@ | 3 | 03 | 50 | 32 | 2 | 64 | 40 | 0 | 3 | 03 | NUL | 121 | 79 | NUL | | 3 # | 4 | 04 | 51 | 33 | 3 | 35 | 23 | # | | | | 122 | | NUL | | 4 \$ | 5 | 05 | 52 | 34 | 4 | 36 | 24 | \$ | | | | 123 | | NUL | | 5 % | 6 | 06 | 53 | 35 | 5 | 37 | 25 | 8 | | | | 124 | 7C | NUL | | 6 ^ | 7 | 07 | 54 | 36 | 6 | 94 | 5E | ^ | 30 | 1E | | 125 | 7D | NUL | | 7 & | 8 | 08 | 55 | 37 | 7 | 38 | 26 | 3 | | | | 126 | | NUL | | 8 * | 9 | 09 | 56 | 38 | 8 | 42 | 2A | * | | | | 127 | | NUL | | 9 ( | 10 | 0A | 57 | 39 | 9 | 40 | 28 | ( | | | | 128 | 80 | NUL | | 0) | 11 | 0B | 48 | 30 | 0 | 41 | 29 | ) | | | | 129 | | NUL | | | 12 | 0C | 45 | 2D | - | 95 | 5F | - | 31 | 1F | | 130 | 82 | NUL | | = + | 13 | 0D | 61 | 3D | = | 43 | 2B | + | | | | 131 | 83 | NUL | | BKSP | 14 | 0E | 8 | 08 | | 8 | 08 | | 127 | 7F | | | | | | TAB | 15 | 0F | 9 | 09 | | 15 | | NUL | 1 | ′ • | | | | | | Q | 16 | 10 | 113 | 71 | q | 81 | 51 | Q | 17 | 11 | | 16 | 10 | NUL | | W | 17 | 11 | 119 | 77 | W | 87 | 57 | W | 23 | 17 | | 17 | | NUL | | E | 18 | 12 | 101 | 65 | e | 69 | 45 | E | 5 | 05 | | 18 | | NUL | | R | 19 | 13 | 114 | 72 | r | 82 | 52 | R | 18 | 12 | | 19 | | NUL | | T | 20 | 14 | 116 | 74 | t | 84 | 54 | T | 20 | 14 | | 20 | | NUL | | Y | 21 | 15 | 121 | 79 | У | 89 | 59 | Y | 25 | 19 | | 21 | | NUL | | U | 22 | 16 | 117 | 75 | u | 85 | 55 | U | 21 | 15 | | 22 | | NUL | | I | 23 | 17 | 105 | 69 | i | 73 | 49 | I | 9 | 09 | | 23 | | NUL | | 0 | 24 | 18 | 111 | 6F | 0 | 79 | 4F | 0 | 15 | 0F | | 24 | | NUL | | P | 25 | 19 | 112 | 70 | p | 80 | 50 | P | 16 | 10 | | 25 | | NUL | | 11 | 26 | 1A | 91 | 5B | ĵ | 123 | 7B | { | 27 | 1B | | 1000 | | | | ] } | 27 | 1B | 93 | 5D | j | 125 | 7D | } | 29 | 1D | | | | | | ENTER | 28 | 1C | 13 | 0D | CR | 13 | 0D | CR | 10 | 0A | LF | | | | | CTRL | 29 | 1D | | 0.0 | | | 02 | | 10 | 011 | L. | 1.5 | | | | A | 30 | 1E | 97 | 61 | a | 65 | 41 | A | 1 | 01 | | 30 | 1E | NUL | | S | 31 | 1F | 115 | 73 | s | 83 | 53 | s | 19 | 13 | | 31 | | NUL | | D | 32 | 20 | 100 | 64 | d | 68 | 44 | D | 4 | 04 | | 32 | | NUL | | F | 33 | 21 | 102 | 66 | f | 70 | 46 | F | 6 | 06 | | 33 | 21 | NUL | | G | 34 | 22 | 103 | 67 | g | 71 | 47 | G | 7 | 07 | | 34 | | NUL | | Н | 35 | 23 | 104 | 68 | h | 72 | 48 | H | 8 | 08 | | 35 | | NUL | | J | 36 | 24 | 106 | 6A | j | 74 | 4A | J | 10 | 0A | | 36 | | NUL | | K | 37 | 25 | 107 | 6B | k | 75 | 4B | K | 11 | 0B | | 37 | | NUL | | L | 38 | 26 | 108 | 6C | 1 | 76 | 4C | L | 12 | 0C | | 38 | | NUL | | ; ; | 39 | 27 | 59 | 3B | ; | 58 | 3A | : | | | | | | | | | 40 | 28 | 39 | 27 | 1 | 34 | 22 | 11 | | | | | | | | `~ | 41 | 29 | 96 | 60 | , | 126 | 7E | ~ | | | | | | | <sup>†</sup> Extended codes return NUL (ASCII 0) as the initial character. This is a signal that a second (extended) code is available in the keystroke buffer. | Key | Scan<br>Code | | ASCII or<br>Extended <sup>†</sup> | | ASCII or<br>Extended <sup>†</sup><br>with Shift | | ASCII or<br>Extended <sup>†</sup><br>with Ctrl | | ASCII or<br>Extended <sup>†</sup><br>with Alt | | | | | |--------------------------------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------|---------------------------------------------------------------------|----------------------------------------------------------------|-------------------------------------------------|-----------------------------------------------------------------|----------------------------------------------------------------|-----------------------------------------|--------------------------------------------------------------|----------------------------------------------|-------------------------------------------------------------|--------------------------------------------------------------------|--------------------------------------------------------------------------------------------------| | | Dec | Hex | Dec | Hex | Char | Dec | Hex | Char | Dec | Hex | Char | Dec | Hex Char | | L SHIFT \\ \Z X C V B N M .< .> /? | 42<br>43<br>44<br>45<br>46<br>47<br>48<br>49<br>50<br>51<br>52<br>53 | 2A<br>2B<br>2C<br>2D<br>2E<br>2F<br>30<br>31<br>32<br>33<br>34<br>35 | 92<br>122<br>120<br>99<br>118<br>98<br>110<br>109<br>44<br>46<br>47 | 5C<br>7A<br>78<br>63<br>76<br>62<br>6E<br>6D<br>2C<br>2E<br>2F | \ z | 124<br>90<br>88<br>67<br>86<br>66<br>78<br>77<br>60<br>62<br>63 | 7C<br>5A<br>58<br>43<br>56<br>42<br>4E<br>4D<br>3C<br>3E<br>3F | Z X C V B N M < > ? | 28<br>26<br>24<br>3<br>22<br>2<br>14<br>13 | 1C<br>1A<br>18<br>03<br>16<br>02<br>0E<br>0D | | 44<br>45<br>46<br>47<br>48<br>49<br>50 | 2C NUL<br>2D NUL<br>2E NUL<br>2F NUL<br>30 NUL<br>31 NUL<br>32 NUL | | R SHIFT<br>* PRTSC<br>ALT<br>SPACE<br>CAPS | 54<br>55<br>56<br>57<br>58 | 36<br>37<br>38<br>39<br>3A | 42<br>32 | 2A<br>20 | * SPC | 32 | INT<br>20 | Γ 5§<br>SPC | 16<br>32 | 10<br>20 | SPC | 32 | 20 SPC | | F1<br>F2<br>F3<br>F4<br>F5<br>F6<br>F7<br>F8<br>F9<br>F10 | 59<br>60<br>61<br>62<br>63<br>64<br>65<br>66<br>67<br>68 | 3B<br>3C<br>3D<br>3E<br>3F<br>40<br>41<br>42<br>43<br>44 | 59<br>60<br>61<br>62<br>63<br>64<br>65<br>66<br>67<br>68 | 3C<br>3D<br>3E<br>3F<br>40<br>41<br>46<br>43 | NUL | 84<br>85<br>86<br>87<br>88<br>89<br>90<br>91<br>92<br>93 | 55<br>56<br>57<br>58<br>59<br>5A<br>5B<br>5C | NUL | 94<br>95<br>96<br>97<br>98<br>99<br>100<br>101<br>102<br>103 | 5F<br>60<br>61<br>62<br>63<br>64<br>65<br>66 | NUL<br>NUL<br>NUL<br>NUL<br>NUL<br>NUL<br>NUL<br>NUL<br>NUL | 104<br>105<br>106<br>107<br>108<br>109<br>110<br>111<br>112<br>113 | 68 NUL<br>69 NUL<br>6A NUL<br>6B NUL<br>6C NUL<br>6D NUL<br>6E NUL<br>6F NUL<br>70 NUL<br>71 NUL | | NUM<br>SCROLL<br>HOME<br>UP<br>PGUP | 69<br>70<br>71<br>72<br>73 | 45<br>46<br>47<br>48<br>49 | 71<br>72<br>73 | 48<br>49 | NUL<br>NUL<br>NUL | 55<br>56<br>57 | 37<br>38<br>39 | 7<br>8<br>9 | 119<br>132 | | NUL<br>NUL | | | | GREY -<br>LEFT<br>CENTER<br>RIGHT<br>GREY +<br>END<br>DOWN<br>PGDN | 74<br>75<br>76<br>77<br>78<br>79<br>80<br>81 | 4A<br>4B<br>4C<br>4D<br>4E<br>4F<br>50<br>51 | 45<br>75<br>77<br>43<br>79<br>80<br>81 | 4D<br>2B<br>4F<br>50 | - NUL NUL + NUL NUL NUL | 45<br>52<br>53<br>54<br>43<br>49<br>50<br>51 | 2D<br>34<br>35<br>36<br>2B<br>31<br>32<br>33 | -<br>4<br>5<br>6<br>+<br>1<br>2<br>3 | 115<br>116<br>117<br>118 | 74<br>75 | NUL<br>NUL<br>NUL | | | | INS<br>DEL | 82<br>83 | 52<br>53 | 82<br>83 | | NUL<br>NUL | 48<br>46 | 30<br>2E | 0 | | | | | | <sup>†</sup> Extended codes return NUL (ASCII 0) as the initial character. This is a signal that a second (extended) code is available in the keystroke buffer. <sup>§</sup> Under DOS, Shift-PtrScr causes interrupt 5, which prints the screen unless an interrupt handler has been defined to replace the default interrupt 5 handler. # **Color Display Attributes** Red bit | Backgroun | d | Foregrou | | d | | |-----------------|---|---------------|---------|-----------|---------------| | | | Color | Bits* | Num | Color | | FRGB | | | IRGB | | | | 0 0 0 0 | 0 | Black | 0 0 0 0 | 0 | Black | | 0 0 0 1 | 1 | Blue | 0 0 0 1 | 1 | Blue | | 0 0 1 0 | 2 | Green | 0 0 1 0 | 2 | Green | | 0 0 1 1 | 3 | Cyan | 0 0 1 1 | 3 | Cyan | | 0 1 0 0 | 4 | Red | 0 1 0 0 | 4 | Red | | 0 1 0 1 | 5 | Magenta | 0 1 0 1 | 5 | Magenta | | 0 1 1 0 | 6 | Brown | 0 1 1 0 | 6 | Brown | | 0 1 1 1 | 7 | White | 0 1 1 1 | 7 | White | | 1 0 0 0 | 8 | Black blink | 1 0 0 0 | 8 | Dark grey | | 1 0 0 1 | 9 | Blue blink | 1 0 0 1 | 9 | Light blue | | 1 0 1 0 | A | Green blink | 1 0 1 0 | A | Light green | | 1 0 1 1 | В | Cyan blink | 1 0 1 1 | В | Light cyan | | 1 1 0 0 | C | Red blink | 1 1 0 0 | C | Light red | | 1 1 0 1 | D | Magenta blink | 1 1 0 1 | D | Light magenta | | 1 1 1 0 | E | Brown blink | 1 1 1 0 | E | Yellow | | 1 1 1 1 | F | White blink | 1 1 1 1 | F | Bright white | | I Intensity hit | | G. Green hit | FF | laching h | it | <sup>\*</sup> On monochrome monitors, the blue bit is set and the red and green bits are cleared (001) for underline; all color bits are set (111) for normal text. # Hexadecimal-Binary-Decimal Conversion | Hex<br><u>Number</u> | Binary<br>Number | Decimal<br>Digit 000X | Decimal<br>Digit 00X0 | Decimal Digit 0X00 | Decimal Digit X000 | |----------------------|------------------|-----------------------|-----------------------|--------------------|--------------------| | 0 | 0000 | 0 | 0 | 0 | 0 | | 1 | 0001 | 1 | 16 | 256 | 4,096 | | 2 | 0010 | 2 | 32 | 512 | 8,192 | | 3 | 0011 | 3 | 48 | 768 | 12,288 | | 4 | 0100 | 4 | 64 | 1,024 | 16,384 | | 5 | 0101 | 5 | 80 | 1,280 | 20,480 | | 6 | 0110 | 6 | 96 | 1,536 | 24,576 | | 7 | 0111 | 7 | 112 | 1,792 | 28,672 | | 8 | 1000 | 8 | 128 | 2,048 | 32,768 | | 9 | 1001 | 9 | 144 | 2,304 | 36,864 | | A | 1010 | 0 | 160 | 2,560 | 40,960 | | В | 1011 | 11 | 176 | 2,816 | 45,056 | | C | 1100 | 12 | 192 | 3,072 | 49,152 | | D | 1101 | 13 | 208 | 3,328 | 53,248 | | E | 1110 | 14 | 224 | 3,584 | 57,344 | | F | 1111 | 15 | 240 | 3,840 | 61,440 | Microsoft Corporation 16011 NE 36th Way Box 97017 Redmond, WA 98073-9717 # Microsoft<sup>®</sup> 0887 Part No. 016-014-043 pcis.org