heya, while playing with opcodes and intel books I've found one which
doesn't seem to be well documented on intel books, ADD :)
Example: opcode 8200, acording to the table it says "Immediate Grp1(1A) Eb,Ib"
Checking table A-4 it says that that group 1 is opcode 80-83
(I assume that is from 80 to 83; 80, 81, 82, and 83), since bits 5,4,3 of ModRm are 000b
its an ADD, however when I check the ADD instruction (page 60) there is no 82 opcode in it...
...
81 /0 iw ADD r/m16,imm16 Add imm16 to r/m16
81 /0 id ADD r/m32,imm32 Add imm32 to r/m32
83 /0 ib ADD r/m16,imm8 Add sign-extended imm8 to r/m16
83 /0 ib ADD r/m32,imm8 Add sign-extended imm8 to r/m32
...
OllyDbg disassembles as "ADD BYTE PTR DS:,1" (which it would take an imm8
also after the modrm\sib) I guess this is the sign-extended instruction for imm8 to r/m8 in group 1.
Maybe its me who's bad reading the book? :rolleyes:
Nothing special tho...
PS: Intel developer books, volume 2: 24547112.pdf
doesn't seem to be well documented on intel books, ADD :)
Example: opcode 8200, acording to the table it says "Immediate Grp1(1A) Eb,Ib"
Checking table A-4 it says that that group 1 is opcode 80-83
(I assume that is from 80 to 83; 80, 81, 82, and 83), since bits 5,4,3 of ModRm are 000b
its an ADD, however when I check the ADD instruction (page 60) there is no 82 opcode in it...
...
81 /0 iw ADD r/m16,imm16 Add imm16 to r/m16
81 /0 id ADD r/m32,imm32 Add imm32 to r/m32
83 /0 ib ADD r/m16,imm8 Add sign-extended imm8 to r/m16
83 /0 ib ADD r/m32,imm8 Add sign-extended imm8 to r/m32
...
OllyDbg disassembles as "ADD BYTE PTR DS:,1" (which it would take an imm8
also after the modrm\sib) I guess this is the sign-extended instruction for imm8 to r/m8 in group 1.
Maybe its me who's bad reading the book? :rolleyes:
Nothing special tho...
PS: Intel developer books, volume 2: 24547112.pdf
OllyDbg disassembles as "ADD BYTE PTR DS:,1" (which it would take an imm8
also after the modrm\sib) I guess this is the sign-extended instruction for imm8 to r/m8 in group 1.
And sign extension to 8-bits would be redundant.also after the modrm\sib) I guess this is the sign-extended instruction for imm8 to r/m8 in group 1.
I have asked The Svin that and here's his reply
Last two bits in code block is bits s and w.
I've already written an artical about those bits and sent it to Opcode
threads.
Read it - and it will make everything clear to you.
80 s = 0 , w = 0 (immsize = full, operand = byte)
81 s = 0 , w = 1 (immsize = full, operand = full)
82 s = 1 , w = 0 (immsize = sbyte, operand = byte) - nonsence 'cause
operand is byte, yet legal.
83 s = 1 , w = 1 (immsize = sbyte, operand = full)
Last two bits in code block is bits s and w.
I've already written an artical about those bits and sent it to Opcode
threads.
Read it - and it will make everything clear to you.
80 s = 0 , w = 0 (immsize = full, operand = byte)
81 s = 0 , w = 1 (immsize = full, operand = full)
82 s = 1 , w = 0 (immsize = sbyte, operand = byte) - nonsence 'cause
operand is byte, yet legal.
83 s = 1 , w = 1 (immsize = sbyte, operand = full)
tnks, I'll search for those threads ;)