Instr2Op version 1.0 - Written by John Baldwin, 1996

Ŀ
 Overview 


This document provides detailed information on assembling Intel 80x86
assembly instructions, including tables for various addressing methods
and methods of determining operands.  A working knowledge of Intel 80x86
Assembly language is very highly recommended since this is by no means a
tutorial on Assembly language.

Ŀ
 Help 



General Help
============

In this document, section headings are surrounded by a box of sorts, major
topic headings are underlined with equal signs (=), and sub-topic headings
are underlind with dashes (-).


Segment Sizes
=============
In Real Mode, are segments are 16-bit.  In Protected Mode on 80386+, each
segment descriptor has a bit that determines if that selector is a 16-bit
segment or a 32-bit segment.  The size of the segment affects the size of
the operands and the memory references.  If the Address Size or Operand
Size prefixes are used, then the opposite model for addressing and determing
operands is used.  IOW, an instruction in a 32-bit segment that is prefixed
with the Operand Size prefix would execute the instruction as if its
operands were the equivalent 16-bit operands.

Opcode Ordering
===============

In Intel 80x86 Assembly, the opcodes follow this pattern in determining the
order of the various opcodes for each instruction:

Code:

->-- Instructions ->--
|                   |
`-------------------'

Instruction:

->-- Prefixes ->-- Instruction ->-- Operands ->-- Data ->---
| |           |      Opcodes     |           | |       |  |
| `----->-----'                  `----->-----' `--->---'  |
|                                                         |
`-------<----------<----------<----------<---------<------'

Prefixes:

->-- Instruction ->-- Address Size ->-- Operand Size ->-- Segment -->--
  |     Prefix   | |               | |               | |  Override |
  |              | `------->-------' `------->-------' |           |
  `------->------'                                     `----->-----'

Instruction Prefix:         Segment Override:

->-- REP ------>--          ->-- CS: -->--
  |           |               |       |
  |- REPE/Z --|               |- DS: -|
  |           |               |       |
  |- REPNE/Z -|               |- ES: -|
  |           |               |       |
  `- LOCK ----'               |- FS: -|
                              |       |
                              |- GS: -|
                              |       |
                              `- SS: -'

Operands:

->-- Operand -->-- Displacement -->--
     Selector   |               |
                `------->-------'

Operand Selector:

->-- Modr/M Byte -->-- SIB -->--
                    |      |
                    `--->--'

Address Size     : Uses 32-bit addressing in 16-bit segments, and 16-bit
                   addressing in 32-bit segments.
Data             : For instructions that use numberical data.  Can be byte,
                   word, dword, etc. depending on instruction
Instruction      : The opcodes that define which instruction this is.
Memory Offset    : For operands that have memory offsets, they are word or
                   byte offsets added to memory address operands.
Operand Size     : Uses 32-bit operands in 16-bit segments, and 16-bit
                   operands in 32-bit segments.
Operands         : The opcodes that define what the parameters are, if any.
Prefixes         : Instruction prefixes.
Segment Override : Force the next instruction to use this segment for any
                   memory references.

Tables
======

Each table will have a number.  Included in the heading of a table
declaration is a short description of the data in the table.  The
next line will describe the size of the data being tabled.  Afterwards
the table will be listed in either a straight table form, i.e. listing
each value on one side and it's meaning on the other, in a bit-wise
fashion, in which bits, or groups of bits are defined, or a combination
of the two.  After the table, any further notes may be appended.

Instructions
============

The instructions are broken up into three main groups: regular instructions,
math co-processor instructions, and protected-mode instructions.  For each
instruction, the first line shall be a sub-topic heading with the
instruction's mnenomic in all caps.  Beside the instruction name will follow
a brief explanation of the instruction- usually the meaning of the mnenomic.
On the next line will be a description of the instruction.  The next line
will give the number of basic opcodes or opcode groups that this instruction
assembles to.  Each opcode or opcode group will be given a sub-topic heading
consisting of the opcode or opcode group number (based on their order in this
document).  Below the heading will be a brief description of the specifics of
the opcode or opcode group.  Beneath the description will be a table that
defines the opcode or opcode group, and below that extra details such as
clock cycles may be appended.  If an opcode or opcode group is defined by a
constant number, then that number may be given in hexadecimal instead of in a
bit-wise table.

Prefixes
========

At the end of the instructions list is a list of the instruction prefixes
such as the segment overrides and the REP prefixes.  Their format basically
follows the same format of the instruction format above.

Operand and Address Sizes
=========================

Frequently in this document, the symbols OperandSize and AddressSize will
be used in Tables and Instruction Descriptions.  Here are their formal
definitions for this document:

If RealMode Or (ProtectedMode and (SegmentSize=16)) Then
   If Address Size Prefix Then
      AddressSize = 32
   Else
      AddressSize = 16
   If Operand Size Prefix Then
      OperandSize = 32
   Else
      OperandSize = 16
Else
   If Address Size Prefix Then
      AddressSize = 16
   Else
      AddressSize = 32
   If Operand Size Prefix Then
      OperandSize = 16
   Else
      OperandSize = 32

Ŀ
 Tables 


Table 1 - Operand group in 16-bit segments.
-------------------------------------------
Size: 2 bits

00 - 16-bit Memory Reference
01 - 16-bit Memory Reference with a byte displacement
10 - 16-bit Memory Reference with a word displacement
11 - Register

Table 2 - Memory Reference operand in 16-bit segments.
------------------------------------------------------
Size: 3 bits

000 - [bx+si]
001 - [bx+di]
010 - [bp+si]
011 - [bp+di]
100 - [si]
101 - [di]
110 - [word offset]
111 - [bx]

*Note: if there is a word or byte offset added to the memory
 address, then the following code changes to:

110 - [bp+offset]

Table 3 - 8-bit register operands.
----------------------------------
Size: 3 bits

xxx
^^^
 Register:
        00 - al/h
        01 - cl/h
        10 - dl/h
        11 - bl/h
 Byte selector:
         0 - Low byte: E.g. AL
         1 - High byte: E.g. AH

Table 4 - 16-bit register operands.
-----------------------------------
Size: 3 bits

000 - ax
001 - cx
010 - dx
011 - bx
100 - sp
101 - bp
110 - si
111 - di

Table 5 - Two byte operands in 16-bit segments.
-----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand   - Table 3
 Operand Group    - Table 1
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 2
                 Register         - Table 3

Table 6 - Two word operands in 16-bit segments.
-----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand   - Table 4
 Operand Group    - Table 1
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 2
                 Register         - Table 4

Table 7 - One byte operand in 16-bit segments.
----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group    - Table 1
   First Operand:
           Case Operand Group of
              Memory Reference - Table 2
              Register         - Table 3
   Instruction Selector (see Instruction for definition)

Table 8 - One word operand in 16-bit segments.
----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group    - Table 1
   First Operand:
           Case Operand Group of
              Memory Reference - Table 2
              Register         - Table 4
   Instruction Selector (see Instruction for definition)

Table 9 - Condition bits
------------------------
Size: 4 bits

0000 - o
0001 - no
0010 - b,nae
0011 - nb,ae
0100 - e,z
0101 - ne,nz
0110 - na,be
0111 - a,nbe
1000 - s
1001 - ns
1010 - p,pe
1011 - np,po
1100 - l,nge
1101 - nl,ge
1110 - ng,le
1111 - g,nle

Table 10 - 32-bit register operands.
------------------------------------
Size: 3 bits

000 - eax
001 - ecx
010 - edx
011 - ebx
100 - esp
101 - ebp
110 - esi
111 - edi

Table 11 - Operand group in 32-bit segments.
--------------------------------------------
Size: 2 bits

00 - 32-bit Memory Reference
01 - 32-bit Memory Reference with a byte displacement
10 - 32-bit Memory Reference with a dword displacement
11 - Register

Table 12 - SIB byte Index
-------------------------
Size: 3 bits

000 - [eax]
001 - [ecx]
010 - [edx]
011 - [ebx]
100 - none
101 - [ebp]
110 - [esi]
111 - [edi]

Table 13 - SIB byte Multiplier
------------------------------
Size: 2 bits

The index of a SIB is mulitplied by the "Mulitplier"th power of 2.
So a Mulitplier of 00 would multiply the index by 1, and a Multiplier
of 10 would multiply the index by 4.

Table 14 - SIB byte Base Register
---------------------------------
Size: 3 bits

000 - [eax]
001 - [ecx]
010 - [edx]
011 - [ebx]
100 - [esp]
101 - [dword offset]
110 - [esi]
111 - [edi]

*Note: If the Operand Group from the Modr/M byte is a Memory Reference
plus an 8-bit or 32-bit displacement, then the following code changes to:

101 - [ebp+offset]

Table 15 - Memory Reference operand in SIB byte in 32-bit segments.
-------------------------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^
 Base Register  - Table 14
 Index Register - Table 12
 Index Mulitiplier - Table 13

Table 16 - Memory Reference operand in 32-bit segments.
-------------------------------------------------------
Size: 3 bits

000 - [eax]
001 - [ecx]
010 - [edx]
011 - [ebx]
100 - use SIB - Table 15
101 - [dword offset]
110 - [esi]
111 - [edi]

*Note: If the Operand Group is a Memory Reference with an 8-bit or 32-bit
displacement, then the following code changes to:

101 - [ebp+offset]

Table 17 - Two dword operands in 32-bit segments.
-------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand - Table 10
 Operand Group  - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 16
                 Register         - Table 10

Table 18 - One dword operand in 32-bit segments.
------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group  - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference - Table 16
              Register         - Table 10
   Instruction Selector (see Instruction for definition)

Table 19 - Two byte operands in 32-bit segments.
----------------------------------0-------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand   - Table 3
 Operand Group    - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 16
                 Register         - Table 3

Table 20 - One byte operand in 32-bit segments.
-----------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group    - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference - Table 16
              Register         - Table 3
   Instruction Selector (see Instruction for definition)

Table 21 - Two (d)word operands.
--------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand:
         Case OperandSize of
            16 - Table 4
            32 - Table 10
 Operand Group:
           Case AddressSize of
              16 - Table 1
              32 - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference:
                    Case AddressSize of
                       16 - Table 2
                       32 - Table 16
                 Register:
                    Case OperandSize of
                       16 - Table 4
                       32 - Table 10

Table 22 - Two byte operands.
-----------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand - Table 3
 Operand Group:
           Case AddressSize of
              16 - Table 1
              32 - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference:
                    Case AddressSize of
                       16 - Table 2
                       32 - Table 16
                 Register - Table 3

Table 23 - One (d)word operands.
--------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group:
        Case AddressSize of
           16 - Table 1
           32 - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference:
                 Case AddressSize of
                    16 - Table 2
                    32 - Table 16
              Register:
                 Case OperandSize of
                    16 - Table 4
                    32 - Table 10
   Instruction Selector (see Instruction for definition)

Table 24 - One byte operand.
----------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Operand Group:
        Case AddressSize of
           16 - Table 1
           32 - Table 11
   First Operand:
           Case Operand Group of
              Memory Reference:
                 Case AddressSize of
                    16 - Table 2
                    32 - Table 16
              Register - Table 3
   Instruction Selector (see Instruction for definition)

Table 25 - Segment registers
----------------------------
Size: 3 bits

000 - es
001 - cs
010 - ss
011 - ds
100 - fs
101 - gs
11x - reserved for future segment registers (probably)

Table 26 - One segment register and one word as operands.
---------------------------------------------------------
Size: 8 bits

xxxxxxxx
^^^^^^^^

 Second Operand - Table 25
 Operand Group:
           Case AddressSize of
              16 - Table 1
              32 - Table 11
      First Operand:
              Case Operand Group of
                 Memory Reference - Table 2
                 Register         - Table 4

Ŀ
 Instructions 


Regular Instructions
====================

AAA - ASCII adjust after addition
---------------------------------------------------------------------------
Converts the result of adding two unpacked single-digit BCD numbers (stored
in AL) to an unpacked, single-digit BCD number.

Opcodes: 1

Opcode 1
--------
37

AAD - ASCII adjust before division
---------------------------------------------------------------------------
This sets AL equal to AL + (Immediate byte*AH) and sets AH to 0.  This is
normally used with the immediate byte having a value of 0Ah (10d) to
prepare two unpacked BCD digits for a division operation with an unpacked
result.

Opcodes: 1

Opcode 1
--------
D5

AAM - ASCII adjust after multiplication
---------------------------------------------------------------------------
This sets AH to (AL div Immediate byte) and AL to (AL mod Immediate byte).
Normally, this is used with an immediate byte of 0Ah (10d) to convert the
result of multiplying two unpacked BCD digits in AX.

Opcodes: 1

Opcode 1
--------
D4

AAS - ASCII adjust after subtraction
---------------------------------------------------------------------------
Converts the result of subtracting two unpacked single-digit BCD numbers
(stored in AL) to an unpacked, single-digit BCD number.

Opcodes: 1

Opcode 1
--------
3F

ADC - Add with Carry
---------------------------------------------------------------------------
Adds the two operands and the carry flag together and stores the result in
the first operand.

Opcodes: 3

Opcode 1
--------
Adds a register to a memory reference or another register.

000100xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Adds an immediate to the accumulator register.

1000010x
       ^
        Operand size:
              0 - Byte: Immediate byte added to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word added to AX
                           32 - Immediate dword added to EAX

Opcode 3
--------
Adds an immediate to a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte added to first operand
                       Operands - Table 24 - Instruction Selector 010
             1 - Word: Immediate (d)word added to first operand
                       Operands - Table 23 - Instruction Selector 010
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

ADD - Add
---------------------------------------------------------------------------
Adds two operands together and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
Adds a register to a memory reference or another register.

000000xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Adds an immediate to the accumulator register.

0000010x
       ^
        Operand size:
              0 - Byte: Immediate byte added to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word added to AX
                           32 - Immediate dword added to EAX

Opcode 3
--------
Adds an immediate to a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte added to first operand
                       Operands - Table 24 - Instruction Selector 000
             1 - Word: Immediate (d)word added to first operand
                       Operands - Table 23 - Instruction Selector 000
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

AND - Logical And
---------------------------------------------------------------------------
Bitwise ANDs the two operands and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
And a register with a memory reference or another register.

001000xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
And an immediate to the accumulator register.

0010010x
       ^
        Operand Size:
              0 - Byte: Immediate byte ANDed to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word ANDed with AX
                           32 - Immediate dword ANDed with EAX

Opcode 3
--------
ANDs an immediate with a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte ANDed with first operand
                       Operands - Table 24 - Instruction Selector 100
             1 - Word: Immediate (d)word ANDed with first operand
                       Operands - Table 23 - Instruction Selector 100
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

BOUND - Check array index against bounds
---------------------------------------------------------------------------
Compares the first operand to two variables of the same size as the first
operand in the memory referenced by the second operand to see if the first
operand is greater than the first variable referenced by the second operand
and less than the second variable.  The variables are stored contiguously.
First the lower bound and then the upper bound.  If the test fails, then
Interrupt 5 is generated with the saved (E)IP pointing to the Bound
instruction that caused the fault.

*Note: "bound reg16,reg16" and "bound reg32,reg32" assemble and seem to be
       valid instructions.  However, according to the definition above they
       are invalid since a reg16 cannot hold 32 bits and a reg32 cannot hold
       64 bits.

Opcodes: 1

Opcode 1
--------
62
   Operands - Table 21

CALL - Call a subroutine
---------------------------------------------------------------------------
Call pushes (E)IP (and CS if a far call) onto the stack and jumps to the
specified location.

Opcodes: 1

Opcode 1
--------
Far call to an immediate address following the opcode.

9A
   Location -
      Case OperandSize of
         16: 16-bit offset followed by a 16-bit segment
         32: 32-bit offset followed by a 16-bit segment
      Case AddressSize of
         16: Use CS:IP
         32: Use CS:EIP
      If AddressSize<>OperandSize Then
         If AddressSize=16 Then
            High word of 32-bit offset ignored
         Else
            16-bit offset copied to low word of EIP, high word of EIP
            unchanged (?)

CBW, CWDE - Convert byte to word, Convert word to dword.
---------------------------------------------------------------------------
CBW sign extends the value of AL to AX.  CWDE sign extends the value of AX
to EAX.

Opcodes: 1

Opcode 1
--------
98
   Case OperandSize of
      16: CBW
      32: CWDE

CDQ, CWD - Convert dword to qword, Convert word to dword
---------------------------------------------------------------------------
CDQ sign extends the dword in EAX to EDX:EAX.  CWD sign extends the word in
AX to DX:AX.

Opcodes: 1
----------
99
   Case OperandSize of
      16: CWD
      32: CDQ

CMP - Compares two operands
---------------------------------------------------------------------------
Subtracts the second operand from the first operand but throws a way the
result.  It does set the flags accordingly, however.

Opcodes: 3

Opcode 1
--------
Compare a register with a memory reference or another register.

001110xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Compare an immediate with the accumulator register.

0011110x
       ^
        Operand Size:
              0 - Byte: Immediate byte compared to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word compared with AX
                           32 - Immediate dword compared with EAX

Opcode 3
--------
Compares an immediate to a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte compared to first operand
                       Operands - Table 24 - Instruction Selector 111
             1 - Word: Immediate (d)word compared to first operand
                       Operands - Table 23 - Instruction Selector 111
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

CMPSB, CMPSW, CMPSD - Compares memory at DS:(E)SI and ES:(E)DI.
---------------------------------------------------------------------------
Compares either a byte, word, or dword at DS:(E)SI with the same at
ES:(E)DI.  After the compare, the (E)SI and (E)DI registers are updated
by either adding or subtracting 1, 2, or 4 to or from them based on the
value of the direction flag.  If the direction flag is clear, then the
values are added to the registers, otherwise they are subtracted from the
registers.  The flags are set according to the compare.  The order of the
memory references for the purpose of the compare operation is as follows:

   cmp [ds:(e)si],[es:(e)di]

Opcodes: 1

Opcode 1
--------
1010011x
       ^
        Operand Size:
              0 - CMPSB
              1 - Case OperandSize of
                     16 - CMPSW
                     32 - CMPSD

DAA - Decimal adjust AL after addition
---------------------------------------------------------------------------
Converts the decimal result of adding two packed, two-digit BCD numbers
(stored in AL) into the correct packed, two-digit BCD number.

8Opcodes: 1

Opcode 1
--------
27

DAS - Decimal adjust AL after subtraction
---------------------------------------------------------------------------
Converts the decimal result of subtracting two packed, two-digit BCD
numbers (stored in AL) into the correct packed, two-digit BCD number.

Opcodes: 1

Opcode 1
--------
2F

DEC - Decrement
---------------------------------------------------------------------------
Decrements the operand by 1.

Opcodes: 1

Opcode 1
--------
Decrement (d)word registers.

01001xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

ENTER - Enter
---------------------------------------------------------------------------
Sets up the stack frame for a subroutine.  It takes two parameters: an
immediate word, followed by an immediate byte.  The word specifies the
amount of stack space to preserve for local variables in the procedure.
The byte designates the nesting level of the subroutine.  This instruction
is equivalent to the following sequence:

   push    bp
   mov     bp,sp
   sub     sp,First Operand (word)

Opcodes: 1

Opcode 1
--------
C8

IMUL - Integer multiply
---------------------------------------------------------------------------
Multiplies the third operand by the second operand and stores the result
in the first operand.  If there are only two operands, then the assembler
or debugger is just making the code look neat.  There are really always
three operands, but if the second or third operand is the same as the
first operand, then the second copy of the duplicate operand is omitted
from the instruction when it is displayed as an assembler mnenomic.  In
other words, "imul ax,cx" is really "imul ax,cx,ax".

Opcodes: 1

Opcode 1
--------
Multiplies the second operand by an immediate (d)word and stores the result
in the first operand, which must be a (d)word register.

69
   Operands - Table 21

Opcode 2
--------
Multiplies the second operand by a sign extended immediate byte and stores
the result in the first operand, which must be a word register.

6B
   Operands - Table 21

INC - Increment
---------------------------------------------------------------------------
Increments the operand by 1.

Opcodes: 1

Opcode 1
--------
Increment (d)word registers.

01000xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

INS - Input from port to string
---------------------------------------------------------------------------
The in string instructions read data from port DX and store it at ES:(E)DI
and updates (E)DI based on the size of the data and the direction flag.
If the flag is set, then the size of the data is subtracted from (E)DI.
Otherwise, the data size is added to (E)DI.  Ins cannot be overriden by a
segment override; it always uses ES:(E)DI.

Opcodes: 1

Opcode 1
--------
0110110x
       ^
        Data Size: (determines exact instruction)
              0: INSB (reads bytes)
              1: Case OperandSize of
                    16 - INSW (reads words)
                    32 - INSD (reads dwords)

INT - Generate interrupt
---------------------------------------------------------------------------
Calls an interrupt.

Opcodes: 2

Opcode 1
--------
Breakpoint interrupt.  This opcode generates interrupt 3, the breakpoint
interrupt, when it is executed.

CC

Opcode 2
--------
Calls interrupt immediate byte.  I.E. the byte following the opcode
specifies the interrupt to call.

CD

INTO - Call Interrupt on Overflow
---------------------------------------------------------------------------
If the overflow flag is set, then interrupt 4 is called.

Opcodes: 1

Opcode 1
--------
CE

IRET,IRETD - Interrupt return
---------------------------------------------------------------------------
Returns from an interrupt by popping the flags from the stack and
performing a far return.  In protected mode, approx. 300 other things take
place as well, but this is basically a doc on Real Mode (for now), so that
is going to be ignored.

Opcodes: 1

Opcode 1
--------
CF
   Case OperandSize of
      16 - IRET
      32 - IRETD

Jcc - Conditional jumps
---------------------------------------------------------------------------
If condition cc is true then the value of the sign-extended byte or word
following the conditional jump opcode is added to the offset in the CS of
the next instruction after the conditional jump instruction and stored in
IP.

Opcodes: 1

Opcode 1
--------
Conditional jump to a short target (i.e. a byte displacement)

0111xxxx
    ^^^^
     Condition - Table 9

LAHF - Load low 8 bits of flag register into AH.
---------------------------------------------------------------------------
Copies the low byte of the flags register into AH.

Opcodes: 1

Opcode 1
--------
9F

LDS - Load into DS
---------------------------------------------------------------------------
Copies the memory referenced by the second parameter into DS and the first
operand.  (The first operand recevies the first (d)word).  If the second
parameter is not a memory reference (e.g. "lds ax,ax") the CPU *will* lock
up unrecoverably, so those are invalid opcodes.

Opcodes: 1

Opcode 1
--------
C5
   Operands: Table 21

LEA - Load effective address
---------------------------------------------------------------------------
Stores the offset of the second operand (which must be a memory reference)
in the first operand.  If AddressSize <> OperandSize Then the offset of
the second address will either be zero-extended or only the lowe 16 bits
will be stored.  Although the opcodes for having a register as the second
operand seem to assemble and exist, their validity is questionable.

Opcodes: 1

Opcode 1
--------
8D
   Operands - Table 21

LEAVE - Leave
---------------------------------------------------------------------------
Reclaims the stack frame set up by a call to enter.  Leave is equivalent
to the following sequence:

   mov    sp,bp
   pop    bp

Opcodes: 1

Opcode 1
--------
C9

LES - Load into ES
---------------------------------------------------------------------------
Copies the memory referenced by the second parameter into ES and the first
operand.  (The first operand recevies the first (d)word).  If the second
parameter is not a memory reference (e.g. "les ax,ax") the CPU *will* lock
up unrecoverably, so those are invalid opcodes.

Opcodes: 1

Opcode 1
--------
C4
   Operands: Table 21

LODSB, LODSW, LODSD - Copy from DS:(E)SI to the accumulator register.

---------------------------------------------------------------------------
Copies either a byte, word, or dword from DS:(E)SI to the accumulator
register (AL, AX, or EAX).  Afterwards, it updates (E)SI by either adding
or subtracting 1, 2, or 4 to or from (E)SI based on the direction flag.
If the direction flag is set, then the value is subtracted from (E)SI,
otherwise the value is added to (E)SI.

Opcodes: 1

Opcode 1
--------
1010110x
       ^
        Operand size:
              0 - LODSB
              1 - Case OperandSize of
                     16 - LODSW
                     32 - LODSD

MOV - Move
---------------------------------------------------------------------------
Copies the value of the second operand into the first operand.

Opcodes: 6

Opcode 1
--------
Move a register into a memory reference or another register and vice versa.

100010xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Move a segment register into a memory reference or another register and
vice versa.

100011x0
      ^
       Operand order:
              0 - Order of operand same as in tables.
              1 - Swap order of operands.
           Operands - Table 26

Opcode 3
--------
Move a direct memory reference (i.e. no registers) into the accumulator
register.

101000xx
      ^^
       Operand size:
             0 - Byte operands
             1 - (D)word operands
       Operand order:
              0 - AL/AX/EAX first operand
              1 - AL/AX/EAX second operand

Opcode 4
--------
Move an immediate byte into an 8-bit register.

10110xxx
     ^^^
      Destination register - Table 3

Opcode 5
--------
Move an immediate (d)word into a (d)word register.

10111xxx
     ^^^
      Destination register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 6
--------
Move an immediate byte or (d)word into a memory reference or register.

1100011x
       ^
        Operand size:
              0 - Byte - Table 24 - Instruction Selector xxx (i.e. anything)
              1 - Word - Table 23 - Instruction Selector xxx (i.e. anything)

MOVSB, MOVSW, MOVSD - Copies memory from DS:(E)SI to ES:(E)DI.
---------------------------------------------------------------------------
The movs string instructions copy a byte, word, or dword of memory from
DS:(E)SI to ES:(E)DI.  Afterwards, they either add or subtract 1, 2, or 4
to or from (E)SI and (E)DI based on the value of the direction flag.
If the direction flag is set, then the values are subtracted from the
registers, otherwise the values are added to the registers.

Opcodes: 1

Opcode 1
--------
1010010x
       ^
        Operand size:
              0 - MOVSB
              1 - Case OperandSize of
                     16 - MOVSW
                     32 - MOVSD

NOP - No operation
---------------------------------------------------------------------------
NOP is actually the opcode for "xchg ax,ax".

Opcodes: 1

Opcode 1
--------
90

OR - Logical or
---------------------------------------------------------------------------
Bitwise ORs the two operands and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
Or a register with a memory reference or another register.

000010xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Or an immediate to the accumulator register.

0000110x
       ^
        Operand Size:
              0 - Byte: Immediate byte ORed to AL
              1 - Word: Case OperandSize of
                           16 - Immediate word ORed with AX
                           32 - Immediate dword ORed with EAX

Opcode 3
--------
ORs an immediate with a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte ORed with first operand
                       Operands - Table 24 - Instruction Selector 001
             1 - Word: Immediate (d)word ORed with first operand
                       Operands - Table 23 - Instruction Selector 001
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

OUTS - Output to port from string
---------------------------------------------------------------------------
The out string instructions read data from DS:(E)SI and out it to port DX.
They also update (E)SI based on the size of the data and the direction flag.
If the flag is set, then the size of the data is subtracted from (E)SI.
Otherwise, the data size is added to (E)SI.  The segment for outs cannot be
overridden; data is always read from DS:(E)SI.

Opcodes: 1

Opcode 1
--------
0110111x
       ^
        Data Size: (determines exact instruction)
              0: OUTSB (reads bytes)
              1: Case OperandSize of
                    16 - OUTSW (reads words)
                    32 - OUTSD (reads dwords)

POP - Pop data off the stack
---------------------------------------------------------------------------
Copies the data pointed to by SS:SP into the parameter and unallocates
the data copied from the top of the stack.

Opcodes: 3

Opcode 1
--------
Pop various segment registers from the stack.

000xx111
   ^^
    Segment register:
              00 - ES
              10 - SS
              11 - DS

Opcode 2
--------
Pops (d)word registers from the stack.

01011xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 3
--------
Pops (d)word registers or memory references from the stack.

8F
   Operands - Table 23 - Instruction Selector xxx (all are same instruction)

POPA, POPAD - Pop all general purpose registers from the stack.
----------------------------------------------------------------------------
Pops the 8 16- or 32-bit general registers from the stack in the following
order: DI, SI, BP, SP (discarded), BX, DX, CX, and AX.  If the OperandSize =
32, then the 32-bit versions of the registers are popped instead.

Opcodes: 1

Opcode 1
--------
61
   Case OperandSize of
      16: POPA
      32: POPAD

POPF, POPFD - Pop the flags register from the stack.
---------------------------------------------------------------------------
Pops either the 16-bit (POPF) or 32-bit (POPFD) flags register from the
stack.

Opcodes: 1

Opcode 1
--------
9D
   Case OperandSize of
      16: POPF
      32: POPFD

PUSH - Push data onto the stack
---------------------------------------------------------------------------
Allocates space on the stack and stores the parameter there.

Opcodes: 3

Opcode 1
--------
Pushes various segment registers onto the stack.

000xx110
   ^^
    Segment register:
              00 - ES
              01 - CS
              10 - SS
              11 - DS

Opcode 2
--------
Pushes (d)word registers onto the stack.

01010xxx
     ^^^
      Register:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

Opcode 3
--------
Pushes an immediate (d)word onto the stack.

68

Opcode 4
--------
Pushes a sign extended immediate byte onto the stack as a (d)word.

6A

PUSHA, PUSHAD - Push all general purpose registers onto the stack.
----------------------------------------------------------------------------
Pushes the 8 16- or 32-bit general registers onto the stack in the following
order: AX, CX, DX, BX, SP (before PUSHA instruction), BP, SI, and DI.  If
the OperandSize = 32, then the 32-bit versions of the registers are pushed
instead.

Opcodes: 1

Opcode 1
--------
60
   Case OperandSize of
      16: PUSHA
      32: PUSHAD

PUSHF, PUSHFD - Push the flags register
----------------------------------------------------------------------------
Pushes either the 16-bit (PUSHF) or the 32-bit (PUSHFD) flags register onto
the stack.

Opcodes: 1

Opcode 1
--------
9C
   Case OperandSize of
      16: PUSHF
      32: PUSHFD

RCL - Rotate through carry left.
----------------------------------------------------------------------------
Rotates the bits in the first operand and the carry flag left by counter
times.  At each rotation, the bits in the bit are all shifted left.  The
carry flag is copied to the LSB of the first operand, and the original MSB
of the first operand is copied to the carry flag.

Opcodes: 2

Opcode 1
--------
Rotate first operand left by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 010
              1 - Table 24 - Instruction Selector 010

Opcode 2
--------
Rotate first operand left once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 010
             1 - Table 24 - Instruction Selector 010
       Count:
              0 - 1 time
              1 - CL times

RCR - Rotate through carry right.
----------------------------------------------------------------------------
Rotates the bits in the first operand and the carry flag right by counter
times.  At each rotation, the bits in the bit are all shifted right.  The
carry flag is copied to the MSB of the first operand, and the original LSB
of the first operand is copied to the carry flag.

Opcodes: 2

Opcode 1
--------
Rotate first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 011
              1 - Table 24 - Instruction Selector 011

Opcode 2
--------
Rotate first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 011
             1 - Table 24 - Instruction Selector 011
       Count:
              0 - 1 time
              1 - CL times

RET, RETF, RETN - Return from subroutine call.
----------------------------------------------------------------------------
Pops (E)IP (and CS if it is a far return) off of the stack.

Opcodes: 4

Opcode 1
--------
Discard immediate word number of bytes from the stack and then return near.

C2

Opcode 2
--------
Return near.

C3

Opcode 3
--------
Discard immediate word number of bytes from the stack and then return far.

CA

Opcode 4
--------
Return far.

CB

ROL - Rotate left.
----------------------------------------------------------------------------
Rotates the bits in the first operand left by counter times.  After the
rotation, the carry flag is the same as the LSB, as that was the last bit
rotated.

Opcodes: 2

Opcode 1
--------
Rotate first operand left by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 000
              1 - Table 24 - Instruction Selector 000

Opcode 2
--------
Rotate first operand left once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 000
             1 - Table 24 - Instruction Selector 000
       Count:
              0 - 1 time
              1 - CL times

ROR - Rotate right.
----------------------------------------------------------------------------
Rotates the bits in the first operand right by counter times.  After the
rotation, the carry flag is the same as the MSB, as that was the last bit
rotated.

Opcodes: 2

Opcode 1
--------
Rotate first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 001
              1 - Table 24 - Instruction Selector 001

Opcode 2
--------
Rotate first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 001
             1 - Table 24 - Instruction Selector 001
       Count:
              0 - 1 time
              1 - CL times

SAL, SHL - Shift left.
----------------------------------------------------------------------------
Shifts the bits in the first operand left by counter times.  At each
rotation, the MSB of the first operand is copied to the carry flag, the bits
in the first operand are shifted left, and the LSB of the first operand is
set to 0.

Opcodes: 2

Opcode 1
--------
Shift first operand left by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 100
              1 - Table 24 - Instruction Selector 100

Opcode 2
--------
Shift first operand left once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 100
             1 - Table 24 - Instruction Selector 100
       Count:
              0 - 1 time
              1 - CL times

SAR - Shift arithmetic right.
----------------------------------------------------------------------------
Shifts the bits in the first operand right by counter times.  At each
rotation, the LSB of the first operand is copied to the carry flag, the bits
in the first operand are shifted right, and the MSB of the first operand is
unchanged to preserve the sign of signed values.

Opcodes: 2

Opcode 1
--------
Shift first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 111
              1 - Table 24 - Instruction Selector 111

Opcode 2
--------
Shift first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 111
             1 - Table 24 - Instruction Selector 111
       Count:
              0 - 1 time
              1 - CL times

SAHF - Copy AH to the low 8 bits of the flags register.
----------------------------------------------------------------------------
Copies the value of AH to the low byte of the flags register.

Opcodes: 1

Opcode 1
--------
9E

SBB - Subtract with borrow
----------------------------------------------------------------------------
Subtracts the sum of the second operand and the carry flag from the first
operand and stores the result in the first operand.

Opcodes: 3

Opcode 1
--------
Subtract a register from a memory value or a register.

000110xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Subtract an immedate from the accumulator register.

0001110x
       ^
        Operand Size:
              0 - Byte: Immediate byte subtracted from AL
              1 - Word: Case OperandSize of
                           16 - Immediate word subtracted from AX
                           32 - Immediate dword subtracted from EAX

Opcode 3
--------
Subtracts an immediate from a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte subtracted from first operand
                       Operands - Table 24 - Instruction Selector 011
             1 - Word: Immediate (d)word subtracted from first operand
                       Operands - Table 23 - Instruction Selector 011
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

SCASB, SCASW, SCASD - Compare the accumulator register with ES:(E)DI.
----------------------------------------------------------------------------
Compares the value of AL, AX, or EAX, with the byte, word, or dword at
ES:(E)DI and sets the flags accordingly.  Afterwards, (E)DI is updated by
either adding or subtracting 1, 2, or 4 bytes to or from (E)DI based on the
the value of the direction flag.  If the direction flag is set, the value
is subtracted from (E)DI, otherwise, the value is added to (E)DI.  For the
purposes of the comparison, the operands are ordered as follows:

   cmp al,[es:(e)di]

Opcodes: 1

Opcode 1
--------
1010111x
       ^
        Operand size:
              0 - SCASB
              1 - Case OperandSize of
                     16 - SCASW
                     32 - SCASD

SHR - Shift right.
----------------------------------------------------------------------------
Shifts the bits in the first operand right by counter times.  At each
rotation, the LSB of the first operand is copied to the carry flag, the bits
in the first operand are shifted right, and the MSB of the first operand is
set to 0.

Opcodes: 2

Opcode 1
--------
Shift first operand right by an immediate number of times.

1100000x
       ^
        Operands:
              0 - Table 23 - Instruction Selector 101
              1 - Table 24 - Instruction Selector 101

Opcode 2
--------
Shift first operand right once or by CL times.

110100xx
      ^^
       Operands:
             0 - Table 23 - Instruction Selector 101
             1 - Table 24 - Instruction Selector 101
       Count:
              0 - 1 time
              1 - CL times

STOSB, STOSW, STOSD - Copy the accumulator register to ES:(E)DI.
----------------------------------------------------------------------------
Copies the value of AL, AX, or EAX (depending on the instruction) to
ES:(E)DI.  Afterwards, it updates (E)DI by adding or subtracting 1, 2, or 4
to or from (E)DI based on the direction flag.  If the direction flag is set,
the values are subtracted from (E)DI, otherwise they are added to (E)DI.

Opcodes: 1

Opcode 1
--------
1010101x
       ^
        Operand size:
              0 - STOSB
              1 - Case OperandSize of
                     16 - STOSW
                     32 - STOSD

SUB - Subtract
----------------------------------------------------------------------------
Subtracts the the second operand from the first operand and stores the
result in the first operand.

Opcodes: 3

Opcode 1
--------
Subtract a register from a memory value or a register.

001010xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
Subtract an immediate from the accumulator register.

0010110x
       ^
        Operand Size:
              0 - Byte: Immediate byte subtracted from AL
              1 - Word: Case OperandSize of
                           16 - Immediate word subtracted from AX
                           32 - Immediate dword subtracted from EAX

Opcode 3
--------
Subtracts an immediate from a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte subtracted from first operand
                       Operands - Table 24 - Instruction Selector 101
             1 - Word: Immediate (d)word subtracted from first operand
                       Operands - Table 23 - Instruction Selector 101
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

TEST - Test to see if bits are set
---------------------------------------------------------------------------
Performs a bitwise AND on the two operands and discards the result.

Opcodes: 2

Opcode 1
--------
Test bits in a register with a memory reference or register.

1000010x
       ^
        Operand Size:
              0: Byte - See Table 22 for operands.
              1: Word - See Table 21 for operands.

Opcode 2
--------
Test bits in the accumulator register with an immediate.

1010100x
       ^
        Operand Size:
              0: Byte - use AL
              1: Word - use (E)AX

WAIT - Wait until BUSY# pin is inactive
---------------------------------------------------------------------------
Wait halts the CPU until the BUSY# pin becomes high.  The BUSY# pin is
controlled by the math co-processor.

Opcodes: 1

Opcode 1
--------
9B

XCHG - Exchange values
---------------------------------------------------------------------------
Exchanges the values of the two operands.

Opcodes: 2

Opcode 1
--------
Exchange a register with a memory reference or another register.

1000011x
       ^
        Operand Size:
              0: Byte - See Table 22 for operands.
              1: Word - See Table 21 for operands.

Opcode 2
--------
Exchange a (d)word register with the accumulator.

10010xxx
     ^^^
      Register to exchange with (E)AX:
              Case OperandSize of
                 16 - Table 4
                 32 - Table 10

XLAT - Table lookup translation
---------------------------------------------------------------------------
This can be used to read values from a table., basically, this instruction
sets AL to the byte of memory at DS:[(E)BX+ unsigned AL].

Opcodes: 1

Opcode 1
--------
D7

XOR - Logical exclusive or
---------------------------------------------------------------------------
Bitwise exclusive ORs the two operands and stores the result in the first
operand.

Opcodes: 3

Opcode 1
--------
XORs a register with a memory reference or another register.

001100xx
      ^^
       Operand size:
             0 - Byte: Use Table 22 to determine operands.
             1 - Word: Use Table 21 to determine operands.
       Operand order:
              0 - Order of operands same as in tables.
              1 - Swap order of operands.

Opcode 2
--------
XORs an immediate with the accumulator register.

0011010x
       ^
        Operand Size:
              0 - Byte: Immediate byte XORed with AL
              1 - Word: Case OperandSize of
                           16 - Immediate word XORed with AX
                           32 - Immediate dword XORed with EAX

Opcode 3
--------
XORs an immediate with a memory reference or register.

100000xx
      ^^
       Operand size:
             0 - Byte: Immediate byte XORed with first operand
                       Operands - Table 24 - Instruction Selector 110
             1 - Word: Immediate (d)word XORed with first operand
                       Operands - Table 23 - Instruction Selector 110
       Sign-Extension:
              0 - Full immediate stored after opcodes
              1 - Extend sign of byte after opcodes and use as immediate

Math Co-Processor Instructions
==============================

Protected Mode Instructions
===========================

ARPL - Adjust RPL (Requested Priviledge Level) field of selector.
---------------------------------------------------------------------------
The first operand is a 16-bit memory reference or register that holds the
value of a selector.  The second operand is a word register.  If the RPL
field of the first operand (the lower two bits) is less than the RPL field
of the second operand, then ZF = 1 and the RPL of the first operand is
set to the RPL of the second operand.  Otherwise ZF = 0 and the first
operand isn't changed.

This can be used by the operating system to insure that callers to routines
do not have a higher RPL than they should.

*Note: This instruction only takes 16-bit operands according to the
       documentation from TASM.  Apparently, however, it does use 32-bit
       operands.  However, this makes no sense since it deals with
       selectors, which are only 16 bits wide.

Opcodes: 1

Opcode 1
--------
63
   Operands - Table 21

Ŀ
 Prefixes 


Segment Overrides
---------------------------------------------------------------------------
Forces the processor to use the segment represented by the override to be
used in all memory references for the next instruction.

Opcodes: 2

Opcode 1
--------
Segment overrides for ES, DS, CS, and SS.

001xx110
   ^^
    Segment register:
              00 - ES
              01 - CS
              10 - SS
              11 - DS

Opcode 2
--------
Segment overrides for FS and GS

011001xx
      ^^
       Segment register:
              00 - FS
              01 - GS
              1x - most likely reserved for two more segment registers
