Machine_instr_representation_Offset_spec_formula.pdf

Rezumat_27_oct.pdf

Intel x86 Assembler Instruction Set Opcode Table.pdf

Addressing Method Codes.pdf

💡Recall

🖋 Notes

Machine instructions representation

• a x86 machine instruction represents a sequence of 1 to 15 bytes, these values specifying an operation to be run, the operands to which it will be applied and also possible supplementary modifier

• a x86 machine instruction has maximum 2 operands

• for most of the instructions, they are called source and destination respectively:

  • only one may be stored in the RAM memory
  • other one must be either an EU register, either an integer constant

• therefore, an instruction has the general form:

  instruction_name destination, source
  

• the internal format of an instruction varies between 1 and 15 bytes, and has the following general form (instructions byte-codes from OllyDbg):

  [prefixes] + code + [ModeR/M] + [SIB] + [displacement] + [immediate]
  

  • prefixes
    • control how an instruction is executed
    • these are optional (0 to maxim 4) and occupy one byte each
    • for example, they may request repetitive execution of the current instruction or may block the address bus during execution to not allow concurrent access to operands and results
  • the operation to be run is identified by 1 to 2 bytes of code (opcode)
    • the only mandatory bytes, no matter of the instruction
  • the byte ModeR/M (register/memory mode)
    • specifies for some instructions the nature and the exact storage of operands (register or memory)
    • this allows the specification of a register or of a memory location described by an offset

  

  • although the diagram seems to imply that instructions can be up to 16 bytes long, in actuality the x86 will not allow instructions greater than 15 bytes in length

    

  Offset Formula

  [base] + [index × scale] + [constant] 
           (SIB)     (displacement+immediate)
  

  • where for base and index the value of two registers will be used and the scale is 1, 2, 4 or 8
  • the allowed registers as base or/ and as indexes are: EAX, EBX, ECX, EDX, EBP, ESI, EDI
  • the ESP register is available as base but cannot be used as index
  • most of the instructions use for their implementation either only the opcode or the opcode followed by ModeR/M
  • the displacement is present in some particular addressing forms and it comes immediately after ModeR/M or SIB, if SIB is present, this field can be encoded either on a byte or on a doubleword (32 bits)