imul unpcklps inc repnz sbb bswapcmovna sysenter pmaxsw mov jnle psubq stccmp subss fsqrt stosd

fincstp fstp outsw mfence leave retn phaddsw psadbwidiv cmovpe str smsw fxam finit fcmovnbe out jnle push verr ror shrd mulss cvtpi2pd rdtsc daa sal fiadd bts sgdt fnsave nop cwde int fbld psllq add pushad movsxd emms hlt xor fldlg2 sub phaddd pmovmskb fldz aaa wait cvttss2si fnclex movq movntpd setnge fsubrbsf xlatb movlhps fstenv addsubpd cdq movddup lsl haddpd subps fabs comisd jp lidt jnae scasw movntdq clflush not divps pmuludq lss rcl jrcxz rcpps xchg pop sar orpd

X86 Opcode Reference 64-bit Edition

general, system, x87 FPU, MMX, SSE(1), SSE2, SSE3, SSSE3 opcodes

ref.x86asm.net

Advertisement

X86 Opcode Reference, 64-bit Edition general, system, x87 FPU, MMX, SSE(1), SSE2, SSE3, SSSE3 opcodes Copyright MazeGen First Edition, July 2008 Errata: http://ref.x86asm.net/errata/64/opcode Karel Lejska Bayerova 8 Brno 60200 Czech Republic Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe. For comments, suggestions, questions or bug reports, please contact mazegen@gmail.com For booking a computer-related ad in this reference, please contact mazegen@gmail.com

Quick Guide mnemonic: Instruction mnemonic itself. If the mnemonic is set up using italic, there is no oficial mnemonic and the present one is just a suggested one op1op4: Up to four instruction operands. Implicate operands are set up using italic. Modified operands are bold. Implicate [RSP] operand is not indicated. If the op4 column contains only three dots '...', there are more than four operands pf: Prefix value, or if Primary opcode is present, fixed extraordinary prefix 0F: Dedicated for 0x0F two-byte prefix po: Primary opcode. Second opcode byte in case of multi-byte opcodes. +r means a register code, from 0 through 7, added to the value so: Secondary opcode. Fixed appended value to the primary opcode o: Register/Opcode field. Either the value of an opcode extension (values from 0 through 7) or r indicates that the ModR/M byte contains a register operand and an r/m operand proc: Indicates the instruction's introductory processor. If the column is empty, it means that the instruction is supported since first implementation of Intel EM64T architecture. st: Indicates how is the instruction documented in the Intel manuals. D means fully documented. M means documented only marginally. U undocumented at all. Empty column means D m: Indicates the mode in which is the instruction valid. Virtual-8086 Mode and SMM is not taken into account. R applies for real , protected and 64-bit mode. P applies for protected and 64-bit mode. E applies for 64-bit mode. If this column is empty, it means R rl: The ring level, which is the instruction valid from (3 or 0). f indicates that the level depends on further flag(s) x: For general instructions, L indicates that the instruction is basically valid with LOCK (0xF0) prefix. For x87 FPU instructions, s incidates that the opcode performs additional push of a value to the register stack, p incidates that the opcode performs additional pop of the register stack, P pops twice iext: The instruction extension group, which was the opcode released on tested f, modif f, def f, undef f: For RFlags register, indicates these flags using odiszapc pattern. Present flag fits in with the appropriate group. For x87 FPU flags, indicates these flags using 1234 x87 FPU flag pattern. Present flag fits in with the appropriate group. f values: For RFlags register, indicates the values of flags, which are always set or cleared, using casesensitive odiszapc flag pattern. Lowercase flag means cleared flag, uppercase means set flag. For x87 FPU flags, indicates these flags using 1234 x87 FPU flag pattern. Present flag holds its value description, notes: Generic description

Credits: Christian Ludloff, Martin Mocko (vid), Anthony Lopes, Aquila, EliCZ, Cephexin ISBN 978-80-254-2350-9

ref.x86asm.net

Visit http://ref.x86asm.net for detailed guide.

One-byte General and System Instructions

pf 0F po so o proc st m rl x mnemonic 00 01 02 03 04 05 08 09 0A 0B 0C 0D 0F 10 11 12 13 14 15 18 19 1A 1B 1C 1D 20 21 22 23 24 25 26 28 29 2A 2B 2C 2D 2E 2E 30 31 r r E E r r r r E r r r r r r r r r r r r r r r r r r r r L ADD L ADD ADD ADD ADD ADD L OR L OR OR OR OR OR r/m8, r/m16/32/64, r8, r16/32/64, AL, rAX, r/m8, r/m16/32/64, r8, r16/32/64, AL, rAX, op1 r8 r16/32/64 r/m8 r/m16/32/64 imm8 imm16/32 r8 r16/32/64 r/m8 r/m16/32/64 imm8 imm16/32 op2 op3 op4 iext tested f modif f def f undef f f values description, notes Add Add Add Add Add Add o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc

o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR o..szapc o..sz.pc .....a.. o......c Logical Inclusive OR

Two-byte Instructions L ADC L ADC ADC ADC ADC ADC L SBB L SBB SBB SBB SBB SBB L AND L AND AND AND AND AND null L SUB L SUB SUB SUB SUB SUB r/m8, r/m16/32/64, r8, r16/32/64, AL, rAX, r8 r16/32/64 r/m8 r/m16/32/64 imm8 imm16/32 o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc r/m8, r/m16/32/64, r8, r16/32/64, AL, rAX, r/m8, r8 r16/32/64 r/m8 r/m16/32/64 imm8 imm16/32 .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc .......c o..szapc o..szapc Add with Carry Add with Carry Add with Carry Add with Carry Add with Carry Add with Carry

r/m16/32/64, r8,

r16/32/64, AL, rAX, r/m8,

ref.x86asm.net
r8 .......c o..szapc o..szapc Integer Subtraction with Borrow r16/32/64 r/m8 .......c o..szapc o..szapc Integer Subtraction with Borrow .......c o..szapc o..szapc Integer Subtraction with Borrow r/m16/32/64 imm8 imm16/32 r8 r16/32/64 r/m8 r/m16/32/64 imm8 imm16/32 .......c o..szapc o..szapc Integer Subtraction with Borrow .......c o..szapc o..szapc .......c o..szapc o..szapc Integer Subtraction with Borrow Integer Subtraction with Borrow o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND o..szapc o..sz.pc .....a.. o......c Logical AND Null Prefix in 64-bit Mode Subtract Subtract Subtract Subtract Subtract Subtract (branch hint prefixes have no effect in 64-bit mode) Null Prefix in 64-bit Mode

r/m16/32/64, r8, r16/32/64, AL, rAX,

undefined null L XOR L XOR r/m8, r/m16/32/64, r8 r16/32/64

o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR

pf 0F po so o proc st m rl x mnemonic 32 33 34 35 36 38 39 3A 3B 3C 3D 3E 3E 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50+r 58+r 63 64 65 65 66 66 67 68 69 6A 6B 6C f1 M r E E E E E E E E E E E E E E E E E E E E E E r r r r E r r XOR XOR XOR XOR null CMP CMP CMP CMP CMP CMP r/m8, r8,

op1 r/m8 r16/32/64, AL, rAX,

op2

op3

op4 iext tested f modif f

def f

undef f f values description, notes

o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR o..szapc o..sz.pc .....a.. o......c Logical Exclusive OR Null Prefix in 64-bit Mode

r/m16/32/64 imm8 imm16/32

r8 r16/32/64 r/m8 r/m16/32/64 imm8 imm16/32

o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc o..szapc

Compare Two Operands Compare Two Operands Compare Two Operands Compare Two Operands Compare Two Operands Compare Two Operands (branch hint prefixes have no effect in 64-bit mode) Null Prefix in 64-bit Mode Access to new 8-bit registers Extension of the r/m field, base field, or opcode reg field Extension of the SIB index field REX.X and REX.B combination Extension of the ModR/M reg field REX.R and REX.B combination REX.R and REX.X combination REX.R, REX.X and REX.B combination

r/m16/32/64, r8, r16/32/64, AL, rAX,

undefined null REX REX.B REX.X REX.XB REX.R REX.RB REX.RX REX.RXB REX.W REX.WB REX.WX REX.WXB REX.WR REX.WRB REX.WRX REX.WRXB PUSH POP MOVSXD r64/16 r64/16 r32/64, r/m32

ref.x86asm.net
64 Bit Operand Size REX.W and REX.B combination REX.W and REX.X combination REX.W and REX.R combination Pop a Value from the Stack Move with Sign-Extension GS GS segment override prefix Operand-size override prefix sse2 Precision-size override prefix Address-size override prefix imm16/32 r16/32/64, imm8 r16/32/64, m8, m8, r/m16/32/64, imm8 DX DX .d...... o..szapc o......c ...szap. r/m16/32/64, imm16/32 o..szapc o......c ...szap.

REX.W, REX.X and REX.B combination

REX.W, REX.R and REX.B combination REX.W, REX.R and REX.X combination REX.W, REX.R, REX.X and REX.B combination Push Word, Doubleword or Quadword Onto the Stack

undefined GS

(branch hint prefixes have no effect in 64-bit mode)

undefined no mnemonic no mnemonic no mnemonic PUSH IMUL PUSH IMUL INS INSB

(used only with Jcc instructions)

Push Word, Doubleword or Quadword Onto the Stack Signed Multiply Push Word, Doubleword or Quadword Onto the Stack Signed Multiply Input from Port to String