Intel Instruction Interpretation

About

This section is based on the section 3-1 - interpreting the instruction pages reference of the intel documentation and used the jmp mnemonic as example.

Definition: The jmp mnemonic transfers program control to a different point in the instruction stream without recording return information.

Articles Related

Intel 64 and IA-32 syntax

From Intel 64 and IA-32 Architectures (See also appendix b instruction formats and encodings)

where:

• Instruction Prefixes (optional). Another assembly instruction to be inserted before another assembly instruction that such prefix is applicable. Instructions with 2 or 3-bytes opcode include the prefixes by default. The operand-size override prefix allows a program to switch between 16-and 32-bit operand sizes. Either size can be the default; use of the prefix selects the non-default size.
• Opcode is a unique number that identifies an instruction. Each opcode has an mnemonic name. Opcode can be 1,2 or 3 bytes long and includes an additional 3-bit field in the ModR/M byte when needed.
• ModR/M for instructions that refer to an operand in memory

Instruction table definition

The jmp mnemonic definition can be found in the Section 3.2 - JMP - page 1065 and shows a table where:

• each row lists a variant of the jmp instruction.
• the first column is the instruction in hexadecimal and is called the opcode_column
• the second column is the instruction in intel assembly and is called the instruction_column

The transfer is one-way; that is, a return address is not saved. See also 7.3.8.1 - Unconditional Transfer Instructions

Opcode column

The first column is called the opcode column. . Example: EB cb. It shows the object code produced and has the following format:

• opcode + extra entries (See section 3.1.1.1 for the definition of the extra entries)

Instruction column

The second column is the Instruction column and gives the syntax of the instruction statement as it would appear in an ASM386 program.

Example: jmp rel8.

It has the following format:

mnemonic operand

where operand (See section 3.1.1.3 for the definition of the symbol operands)

• rel means a relative address (or offset)
• r means register
• imm means immediate value
• r/m means registers or memory (absolute address ?)
• m means memory
• …

Operand encoding column

Instructions with an operand in memory have an addressing-form specifier byte called the ModR/M byte.

In the encoding definition table:

• (r) denotes the content of the operand will be read by the processor.
• (w) denotes the content of the operand will be updated by the processor

Management

List

For the intel CPU, the description of each instruction class can be found in the Instruction Set reference (Volume 2) Intel® 64 and IA-32 Architectures - Software Developer’s Manual - Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D and 4.

Example

The jmp instructions with opcode FF /4 enable jumping to a near, absolute address stored in a general-purpose register or a memory location; or in short, as written in the description, absolute indirect.

; as [0x1234] means rel16 (which means 2-byte offset)
; jmp is then the ''FF /4'' jump
jmp [0x1234]

generates the machine code in the default 16 bit mode of nasm to the following instruction:

ff 26 34 12

where:

• 0xff is the opcode for jmp
• 0x26 is the ModR/M byte that means that the operand is disp16 bit operand. ie a displacement / jump of 16 bit.
• 0x34 and 0x12 is the data but in little endian order (reversed)

The ModR/M byte comes from the 16 bit ModR/M table: