x86asm.

net Store HTML Editions Using HTML Editions Columns Description Instruction Operand Codes Source XML Document Current State Why to Contribute - Benefits How to Contribute Implementations License Resources Credits References Download Comments

X86 Opcode and Instruction Reference

MazeGen, 2009-01-20 Revision: 1.11 This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.

Quick Navigation
coder32, coder32-abc, geek32, geek32-abc coder64, coder64-abc, geek64, geek64-abc coder, coder-abc, geek, geek-abc (these contain both x86-32 and x64 instructions). In contrast to other references, primary source of this reference is an XML document, which guarantees clear and structured information base and therefore ability to extract many various informations such as a list of instructions from requested groups, etc. The reference is primarily based on Intel manuals as Intel is the originator of x86 architecture. Additionally, it describes undocumented instructions as well. On appropriate places, it gives a notice if an opcode act differently on AMD architecture. Support for Cyrix, NexGen etc. specific instructions is not scheduled at all.

Store
Get one copy for $20, two copies for $32. Immediately following the initial release of the reference, it emerged that a large number of users are interested in a printed version. You can order a copy in the on-line store.

HTML Editions
These editions are available at the moment: The coder suite is intended to more common use and contains the following editions: coder32, coder64, and coder (sorted by opcode), and coder32-abc, coder64-abc, and coder-abc (sorted by mnemonic). The geek suite is intended for deeper research of x86 architectures' instruction set. This includes geek32, geek64, and geek editions (by opcode) and geek32-abc, geek64-abc, and geek-abc editions (by mnemonic). More on the purpose and use of this suite see close below. Don't get confused by geek(-abc) and coder(-abc) editions. Both of them contains instruction set of both x86-32 and x86-64 architectures. If you don't have a particular reason to use them (such as to view the differencies between the architectures), the other editions would probably suit you better. Editions coder32 a geek32 relate exclusively to x86-32 architecture. Similarly, editions coder64 and geek64 relate exclusively to x86-64 architecture. The following chart illustrates the differencies between editions for current release: Edition Supported Architectures Operand Codes Abandoned Instructions Opcode Bitfields Information Instruction Extension Indicated Instruction Group Indicated general system x87 FPU coder both coder32 pure x86-32 coder64 geek geek32 pure x86-32 geek64 pure x86-64 special yes yes yes yes yes yes yes

pure x86-64 both traditional no no yes no yes yes yes

traditional traditional no no yes no yes yes yes no no yes no yes yes yes

special special yes yes yes yes yes yes yes yes yes yes yes yes yes yes

Present Instructions

MMX

yes

yes yes yes yes no

yes yes yes yes no

yes yes yes yes yes

yes yes yes yes yes

yes yes yes yes yes

Intel SSE (all) yes VMX SMX Itanium yes yes no

The Purpose of Geek Editions in Short

The geek editions contains as much complete information from the source XML document as possible. That's why they may seem quite unclear. You appreciate them only if you need to get to know the instruction set deeply or if you investigate the source XML and you need to visualize it better. These editions use specific operand codes (which are described in Instruction Operand Codes chapter below). These codes may look strange and obscure at the first sight. The reason to use them is that they hold more information than the more common ones. One example can be operand combination r A X ,i m m 1 6 / 3 2 , such as in instruction A D Dr A X ,i m m 1 6 / 3 2in coder64 edition. One can determine that the destination operand is either a x ,e a x , or r a x , and the source one is either i m m 1 6or i m m 3 2 . A problem arises when one needs to determine what magic is behind r a x ,i m m 3 2combination. If one is just getting started with x64 architecture, it is not clear how exactly is 32-bit immediate added to 64-bit r a x . This question is answered by corresponding geek edition, A D Dr A X ,I v d sin geek64 edition. The immediate value is encoded there using I v d s code. Icode means Immediate, vmeans word or doubleword (i m m 1 6or i m m 3 2 ). The most important part is d scode, which means doubleword, sign-extended to 64 bits for 64-bit operand size. Now is it clear. As for Itanium-specific instructions, they are added just for the sake of interest - they give a notice that the appropriate opcodes are already used.

Hypertext Reference to Particular Opcode

If you want to refer to particular opcode (in any edition), e. g., 0 F A 0P U S HF S , it can be easily achieved this way:
r e f . x 8 6 a s m . n e t / g e e k . h t m l # x 0 F A 0(try it)

It works for opcode extension similarly, e. g., 8 3/ 7C M P :

r e f . x 8 6 a s m . n e t / c o d e r 3 2 . h t m l # x 8 3 _ 7(try it)

Browsers, Printing
For browsing, the best seem to me Firefox. Opera 9 seems to be a bit slower. Internet Explorer 6 and 7 doesn't support some CSS features so the reference looks slightly different. Full support for printing is available only as a part of the benefits. You can also order a printed copy in the on-line store. This is how a copy looks like:

Using HTML Editions

Since HTML editions can look complicated at first sight, here goes an outline how to work with them. Following examples come from coder32's edition because it is easier to use than geek's editions.

Example: ADC Instruction

Let's start with more known instruction, such as A D C . We find something similar to the following:

| p f | 0 F | p o | s o | f l d s | o | p r o c | s t | m | r l | l | m n e m o n i c | o p 1 | o p 2 | o p 3 | o p 4 | i e x t | g r p 1 | g r p 2| t e s t e df | m o d i ff| d e ff | u n d e ff | fv a l u e s | d e s c r i p t i o n , | | | 1 1 | | | r | | || | L | A D C | r / m 1 6 / 3 2 | r 1 6 / 3 2 | | | | g e n| a r i t h | . . . . . . . c | o . . s z a p c | o . . s z a p c | | | A d dw i t hC a r r

First column pf (Prefix) is empty. That means the instruction's opcode doesn't contain any fixed prefix. Next column 0F is just allocated for 0 Fprefix for multiple-byte opcodes so it is empty. Next column po (Primary Opcode) holds primary opcode value itself. Because the instruction's opcode doesn't contain any added byte, the column so (Secondary Opcode) is empty too. The opcode doesn't contain any specific bits so the column flds (Opcode Fields) is empty.

The column o (Register/Opcode Field) here holds "r", which indicates that the instruction uses "full" ModR/M byte (no opcode extension). Because this instruction is supported since 8086 processor, proc column (Introduced with Processor) is empty. This instruction is officially documented so st column is empty too. Instruction A D Ccan work on any ring level so the column rl, Ring Level, is empty. The column x holds "L", which means that L O C Kprefix is allowed with this instruction. Next three columns, mnemonic, op1 and op2 show instruction's syntax. The destination operand of this instruction is set up using bold, what always means the operand is modified by the instruction. The column iext (Instruction Extension Group) is empty because the instruction doesn't belong to any instruction set extension. Columns grp1 and grp2 classify the instruction among general arithmetic instructions.
A D Cinstruction is influenced

by CF flag, what represents tested f column.

This instruction influences (overwrites) all status flags. These can be found in next column modif f column. All of these flags are defined (don't contain random values) so the same flags are in next def f column, and undef f column must be empty. No flag is set to a fixed value (all modified flags depend on input operands) so f values column is empty. Last column description, notes contains only a general description of the instruction.

Example: Opcode Extensions

Some opcodes (only a few) depend on Opcode Extension Field in ModR/M byte. Using this field, the opcode is actually extended by three bits. In most cases, different extension of the same opcode means more or less different instruction. An example can be opcode F 6 . We choose last three extensions of the opcode:

| p f | 0 F | p o | s o | f l d s | o | p r o c | s t | m | r l | l | m n e m o n i c | o p 1 | o p 2 | o p 3| o p 4| i e x t | g r p 1 | g r p 2| t e s t e df | m o d i ff| d e ff | u n d e ff| fv a l u e s | d e s c r i p t i o n ,n o t e s | | | F 6 | | | 5 | | || || I M U L | A X| A L| r / m 8 | | | g e n| a r i t h | | o . . s z a p c | o . . . . . . c | . . . s z a p . | | S i g n e dM u l t i p l y | | | F 6 | | | 6 | | || || D I V | A L| A H| A X | r / m 8 | | g e n| a r i t h | | o . . s z a p c | | o . . s z a p c | | U n s i g n e dD i v i d e | | | F 6 | | | 7 | | || || I D I V | A L| A H| A X | r / m 8 | | g e n| a r i t h | | o . . s z a p c | | o . . s z a p c | | S i g n e dD i v i d e

The opcode extension can be a value from 0 through 7. These values are indicated in o (Register/Opcode Field) column. In this example, values 5, 6, and 7 are chosen. Additionally, this example shows that operands, which are not explicitly used (A L ,A H , and A Xoperands), are set up using italic. It also shows that D I Vand I D I Vinstructions always destroy all status flags: both modif f and undef f column contain these flags.

Example: One Opcode, More Syntaxes

Some opcodes are represented by more instructions with the same meaning, using different syntaxes. (This doesn't apply to the case when an opcode depends on Opcode Extension field in ModR/M byte. In this case, these instructions act more or less differently). Best known example are conditional jumps, for example J Z / J E , where we find something similar:
| p f | 0 F | p o | s o | f l d s | o | p r o c | s t | m | r l | l | m n e m o n i c | o p 1 | | | 7 4 | | || | || || J Z | r e l 8 | | | | | || | || || J E | r e l 8

| o p 2 | o p 3 | o p 4 | i e x t | g r p 1 | g r p 2 | t e s t e df | m o d i ff | d e ff | u n d e ff | fv a l u e s | d e s c r i p t i o n ,n o t e s | | | | | g e n| b r a n c h | . . . . z . . . | | | | | J u m ps h o r ti fz e r o / | | | | | | | | | | | |

Each syntax has dedicated row in mnemonic column and in columns with instruction operands. More complex case is, for example, M O V S / M O V S W / M O V S Dinstruction:

| p f | 0 F | p o | s o | f l d s | o | p r o c | s t | m | r l | l | m n e m o n i c | o p 1 | o p 2 | o p 3 | o p 4 | i e x t | g r p 1 | g r p 2 | t e s t e df | m o d i ff | d e ff | u n d e ff | fv a l u e s | d e s c r i p t i o n ,n o t e | | | A 5 | | || | || || M O V S | m 1 6 | m 1 6 | | | | g e n| d a t a m o v | . d . . . . . . | | | | | M o v eD a t af r o mS t | | | | | || | || || M O V S W | m 1 6 | m 1 6 | | | | | s t r i n g| | | | | | | | | A 5 | | || 0 3 +| || || M O V S | m 1 6 / 3 2 | m 1 6 / 3 2 | | | | g e n| d a t a m o v | . d . . . . . . | | | | | M o v eD a t af r o mS t | | | | | || | || || M O V S D | m 3 2 | m 3 2 | | | | | s t r i n g| | | | | |

Here, the opcode's record is complicated by the fact that since 80386 processor, the syntax is extended (thanks to 32-bit operands) with M O V S Dmnemonic and M O V Ssyntax is changed. That's why all four syntaxes have to be split by twos. More examples with multiple syntaxes: P U S H A / P U S H A D ,S H L / S A L , or S L D T .

Example: Undocumented Instruction SETALC

All main editions contain a few undocumented instructions (from the Intel manual point of view). No that in this reference, undocumented doesn't equal invalid. All undocumented instructions mentioned by this reference work well in their shape. It is, for example, S E T A L Cinstruction:

| p f | 0 F | p o | s o | f l d s | o | p r o c | s t | m | r l | l | m n e m o n i c | o p 1 | o p 2 | o p 3 | o p 4 | i e x t | g r p 1 | g r p 2 | t e s t e df | m o d i ff| d e ff | u n d e ff | fv a l u e s | d e s c r i p t i o n ,n o t e s -

5 | | | D 6 | | || 0 2 +| D || || u n d e f i n e d | | | | | | | | | U n d e f i n e da n dR e s e r v e d -

| | | D 6 | | | | | | |

6 || 0 2 +| U || || S A L C | A L| || | || || S E T A L C | A L|

| |

| |

| |

| g e n| d a t a m o v | . . . . . . . c | | | | |

| |

| |

| |

| S e tA LI fC a r r y |

In this case, the documented meaning goes first, as indicated in st column by "D" value. Since this opcode's documented meaning is not a common one, there is additional reference to the description where the opcode is documented. The column mnemonic implies by the value "undefined" (which is set up using italic, which always means here that

it is not an original mnemonic) that the documented meaning of this opcode is "undefined and reserved". This is also stated in the last column. Below goes the undocumented meaning of the opcode - st column holds "U" value. Each undocumented meaning should contain a reference to the description where is the opcode unofficially documented, like in this case. More examples of undocumented instructions: I N T 1 / I C E B Por T E S T .

Columns Description
Quick navigation: pf Prefix 0F 0 FPrefix po Primary Opcode so Secondary Opcode flds Opcode Fields o Register/Opcode Field proc Introduced with Processor st Documentation Status m Mode of Operation rl Ring Level x Lock Prefix/FPU Push/FPU Pop mnemonic Instruction Mnemonic op1, op2, Instruction Operands iext Instruction Extension Group grp1, grp2, grp3 Main Group, Sub-group, Sub-sub-group tested f, modif f, def f, undef f Tested, Modified, Defined, and Undefined Flags f values Flags Values description, notes Name pf
0 F

Meaning Prefix
0 FPrefix

Description, Examples Fixed extraordinary prefix, which may change the semantic of the Primary Opcode. Usually used in case of waiting x87 FPU instructions, and many SSE instructions. F 3 9 0P A U S E ,9 B D 9 / 7F S T C W ,F 3 0 F 1 0M O V S S Dedicated for 0 FPrefix. t w o b y t eo p c o d e s Basic opcode. Second opcode byte in case of two- and three-byte opcodes. For coder's editions: + rmeans a register code, from 0 through 7, added to the value. 5 0P U S H Fixed appended value to the primary opcode. It is used in some special cases, x87 FPU instructions and for new three-byte instructions. D 4 0 AA A M ,D 5 0 AA A D ,D 5 F 8F L D 1 , three-byte escape 0 F 3 8 This column is present only in geek's editions. It contain present Primary Opcode binary fields. These are:
+ rmeans a register code,

po so

Primary Opcode Secondary Opcode

from 0 through 7, added to the basic value of the Primary Opcode. 4 0I N C

The following fields are case-sensitive: if a letter of the code is set up in lower case, it means the appropriate bit is cleared, otherwise is set.
wmeans bit w(bit index 0,

flds

Opcode Fields

operand size) is present; may be combined with bits dor s .0 4A D D Sign-extend) is present; may be combined with bit w .6 BI M U L dmeans bit d(bit index 1, Direction) is present; may be combined with bit w .0 0A D D t t t nmeans bit field t t t n(4 bits, bit index 0, condition). Used only with conditional instructions. 7 0J O s rmeans segment register specifier - a code of one of original four segment registers (2 bits, bit index 3). See also S 2 addressing method. 0 6P U S H s r emeans segment register specifier - a code of any segment registers (3 bits, bit index 0 or 3). See also S 3 0and S 3 3 addressing methods. 0 F A 0P U S H m fmeans bit field MF (2 bits, bit index 1, memory format ); used only with x87 FPU instructions coded with second floatingpoint instruction format. D A / 0F I A D D
smeans bit s(bit index 1,

Register/ Opcode Field

1. The value of the opcode extension (values from 0 through 7). g r o u p8 0 2. rindicates that the ModR/M byte contains a register operand and an r/m operand. 0 0A D D Indicates the instruction's introductory processor (code in curves apply to XML reference):
0 0 : 8086 0 1 : 80186 0 2 : 80286 0 3 : 80386 0 4 : 80486 P 1(0 5 ): Pentium (1) P X(0 6 ): Pentium with MMX P P(0 7 ): Pentium Pro P 2(0 8 ): Pentium II P 3(0 9 ): Pentium III P 4(1 0 ): Pentium 4

proc

Introduced with

C 1(1 1 ): Core (1) C 2(1 2 ): Core 2

proc

Introduced with Processor

C 2(1 2 ): Core 2 C 7(1 3 ): Core i7 I T(9 9 ): Itanium (only geek

editions)

The opcodes that are not forward-compatible (the ones which have been abandoned) are present only in geek's editions. 1. If the processor marking is a range (e.g., 0 3 0 4 ), it means that the instruction is unsupported in latter processors. 0 F 2 4M O V 2. +(e. g., 0 0 + ) means the instruction is supported in any of latter processors and also in 64-bit mode, if the next row doesn't explicitly say otherwise. 0 6P U S HE S 3. + +(e. g., P 4 + + ) the same meaning, but only in the latter steppings of the processor (e. g., SSE3 instruction extensions).
0 F A 2C P U I D

If this column is empty: In case of 32-bit editions, it means 0 0 +(8086 and all latter processors). In case of 64-bit editions, it means P 4 + +(P4, latter stepping, and all latter processors), because Intel 64 Architecture is available since latter stepping of the Pentium 4 processor. Indicates how is the instruction documented in the Intel manuals: 1. Dmeans fully documented. It can contain a reference to description which chapter in Intel manual it is documented in, if it may be unclear. D 6 2. Mmeans documented only marginally. 6 6( S S E 2 ) 3. Uundocumented at all. It should contain a reference to description of the source. Note that in this reference, undocumented doesn't equal invalid. All mentioned undocumented instructions should work well in their scope. D 6S A L C If this column is empty, it means D(documented with no further notes). Indicates the mode, which is the instruction valid on. Virtual-8086 Mode is not taken into account. 1. 2. 3. 4.
Rapplies for real,

st

Document. Status

Mode of Operation

protected and 64-bit mode. SMM is not taken into account. and 64-bit mode. SMM is not taken into account. g r o u p0 F 0 0 Eapplies for 64-bit mode. SMM is not taken into account. 6 3M O V S X D Sapplies for SMM. 0 F A AR S M
Papplies for protected

If this column is empty, it means R . For 64-bit editions, Ecode indicates in most cases that the semantics of the opcode is specific to 64-bit mode. rl Ring Level Lock Prefix The ring level, which is the instruction valid (3 or 0) from; findicates that the level depends on a flag(s) and it should contain a reference to the description of that flag, if the flag is not too complex. If this column is empty, it means ring 3. I N T ,I N S ,R D T S C
Lindicates that the instruction is basically valid

with F 0L O C Kprefix. 0 0A D D

The following codes apply only to x87 FPU instructions (none of them can use L O C Kprefix). x FPU Push/ FPU Pop
sincidates that the opcode performs additional pus h of a value to pincidates that the opcode performs additional pop Pincidates the same like p , but pops twice. D A/ 5F U C O M P P

the register stack. D 9/ 0F L D of the register stack. D 9/ 3F S T P

The instruction mnemonic itself. If there is no mnemonic, it holds additional information about the mnemonic or instruction: If the mnemonic is set up using italic, there is no oficial mnemonic and the present one is just suggested one. D 4A M X ,D 5A D X ,
0 F B 9U D

no mnemonic means that there is no mnemonic for the opcode. 6 6 invalid means that the opcode is invalid. This option is not used everywhere the opcode is invalid, but only in some cases.
0 6( 6 4 b i tm o d e )

undefined means that the behaviour of the instruction is according to official documentation undefined. D 6 nop means that the opcode is treated as integer N O Pinstruction. It should contain a reference to description of the source.
n om n e n o n i cn o p

null means that the prefix has no meaning (no operation). 2 6( 6 4 b i tm o d e ) mnemonic Instr. Mnemonic If there is a mnemonic, it can hold additional attributes of the instruction: nop means that the instruction is treated as integer N O Pinstruction (except N O Pinstructions themselves). It should contain a reference to description of the source. D B E 0F N E N I Only geek's editions: alias means that the opcode is an alias to another opcode. The attribute should be a reference to that instruction. g r o u p8 2 ,
C 0/ 6S A L

part alias means not true alias. It should contain a reference to the description of the differences between referenced instructions. F 1I N T 1 Instruction operands. Geek's editions use special operand codes, explained in Instruction Operand Codes chapter below. If an operand is set up using italic, it is an implicit operand, which is not explicitly used. If an operand is set up using boldface, it is modified by the instruction. The instruction extension group, which was the opcode released on: 1. 2. 3. 4.
M M XMMX Technology S S E 1Streaming SIMD Extensions (1) S S E 2Streaming SIMD Extensions 2 S S E 3Streaming SIMD Extensions 3

op1, op2, ...

Instr. Operands

Instr. Extension

iext

Instr. Extension Group

4. 5. 6. 7. 8. 9.

S S E 3Streaming SIMD Extensions 3 S S S E 3Supplemental Streaming SIMD Extensions 3 S S E 4 1Streaming SIMD Extensions 4.1 S S E 4 2Streaming SIMD Extensions 4.2 V M XVirtualization Technology Extensions S M XSafer Mode Extensions

These columns are present only in geek's editions. They classifies the instruction among groups. These groups don't match the instruction groups given by the Intel manual (I found them too loose). One instruction may fit into more groups. 1. prefix 1. segreg segment register 2. branch 1. cond conditional 3. x87fpu 1. control (only W A I T ) 2. obsol obsolete 1. control 3. gen general 1. datamov data movement 2. stack 3. conver type conversion 4. arith arithmetic 1. binary 2. decimal 5. logical 6. shftrot shift&rotate 7. bit bit manipulation 8. branch 1. cond conditional 9. break interrupt 10. string (means that the instruction can make use of the REP family prefixes) 11. inout I/O 12. flgctrl flag control 13. segreg segment register manipulation 14. control 4. system 1. branch 1. trans transitional (implies sensitivity to operand-size attribute) 5. x87fpu x87 FPU 1. datamov data movement 2. arith basic arithmetic 3. compar comparison 4. trans transcendental 5. ldconst load constant 6. control 7. conv conversion 6. sm x87 FPU and SIMD state management
M M Xinstruction extensions technology groups.

Note that these groups are just experimental and may change in future.

1. 2. 3. 4. 5. 6. 7.

datamov data movement arith packed arithmetic compar comparison conver conversion logical shift unpack unpacking Note that these groups are just experimental and may change in future.

S S E 1instruction extensions groups.

grp1, grp2, grp3

Main Group, Subgroup, Sub -subgroup

1. simdfp SIMD single-precision floating-point 1. datamov data movement 2. arith packed arithmetic 3. compar comparison 4. logical 5. shunpck shuffle&unpacking 2. conver conversion instructions 3. simdint 64-bit SIMD integer 4. mxcsrsm M X C S Rstate management 5. cachect cacheability control 6. fetch prefetch 7. order instruction ordering
S S E 2instruction extensions groups.

Note that these groups are just experimental and may change in future.

1. pcksclr packed and scalar double-precision floating-point 1. datamov data movement 2. conver conversion

2. 3.

4. 5.

2. conver conversion 3. arith packed arithmetic 4. compar comparison 5. logical 6. shunpck shuffle&unpacking pcksp packed single-precision floating-point simdint 128-bit SIMD integer 1. datamov data movement 2. arith packed arithmetic 3. shunpck shuffle&unpacking 4. shift 5. compar comparison 6. conver conversion 7. logical cachect cacheability control order instruction ordering Note that these groups are just experimental and may change in future.

S S E 3instruction extensions groups.

1. simdfp SIMD single-precision floating-point (SIMD packed) 1. datamov data movement 2. arith packed arithmetic 2. cachect cacheability control 3. sync agent synchronization
S S S E 3instruction extensions group.

Note that these groups are just experimental and may change in future.

1. simdint SIMD integer

S S E 4 . 1instruction extensions group.

Note that these groups are just experimental and may change in future.

1. simdint SIMD integer 1. datamov data movement 2. arith packed arithmetic 3. compar comparison 4. conver conversion 2. simdfp SIMD SIMD floating-point 1. datamov data movement 2. arith packed arithmetic 3. conver conversion 3. cachect cacheability control
S S E 4 . 2instruction extensions group.

Note that these groups are just experimental and may change in future.

1. simdint SIMD integer 1. compar comparison 2. strtxt string and text processing
V M Xand S M Xinstruction extensions has no

groups at the moment. The grouping may be added in future.

tested f, Tested, Modified, modif f, Defined, and def f, undef f Undefined Flags

For r F l a g sregister, indicates these flags using odiszapc pattern. Present flag fits in with the appropriate group. g r o u pC 0 For x87 FPU flags, indicates these flags using 1234 x87 FPU flag pattern. Present flag fits in with the appropriate group.
D B / 7F S T P

Note that if a flag is present in both Defined and Undefined column, the flag fits in under further conditions, which are not described by this reference. For r F l a g sregister, indicates the values of flags, which are always set or cleared, using case-sensitive odiszapc flag pattern. Lower-case flag means cleared flag, upper-case means set flag. S T C For x87 FPU flags, indicates these flags using 1234 x87 FPU flag pattern. Present flag holds its value. D B E 3F N I N I T

f values

Flags Values

description, notes

Short desciption of the opcode. For now, the descriptions are very general. They will be improved in future perhaps.

Instruction Operand Codes

These codes come from official codes used in Intel manual Instruction Set Reference, N-Z for Pentium 4 processor, revision 17. The reason of using this particular, out-of-date revision is that the codes from this revision are most apposite ones. In next revisions the codes changed unfortunately. These codes were modified and completed mainly because of the possibility to code operands simultaneously for 64-bit mode. Ideally, it would be the best to make brand new codes, but I'm afraid those wouldn't be widely acceptable. The State column says if the code is original, added or changed. The "Geek" part in these tables in the first column indicates codes used in HTML geek's editions and in the source XML document as well. The "Coder" part indicates alternative codes used in HTML coder's editions. These are used also within instruction reference in Intel manual.

Codes for Addressing Method

The following abbreviations are used for addressing methods: Geek Coder
A p t r B A m B B m B D m C C R n D D R n E r / m E S

State

Description

Original

Direct address. The instruction has no ModR/M byte; the address of the operand is encoded in the instruction; no base register, index register, or scaling factor can be applied (for example, far J M P(E A )).

Added

Memory addressed by D S : E A X , or by r A Xin 64-bit mode (only 0 F 0 1 C 8M O N I T O R ).

Added

Memory addressed by D S : e B X + A L , or by r B X + A Lin 64-bit mode (only X L A T ). (This code changed from single Bin revision 1.00)

Added

Memory addressed by D S : e D Ior by R D I(only 0 F F 7M A S K M O V Qand 6 6 0 F F 7M A S K M O V D Q U ) (This code changed from Y D(introduced in 1.00) in revision 1.02)

Original The reg field of the ModR/M byte selects a control register (only M O V(0 F 2 0 ,0 F 2 2 )).

Original The reg field of the ModR/M byte selects a debug register (only M O V(0 F 2 1 ,0 F 2 3 )). A ModR/M byte follows the opcode and specifies the operand. The operand is either a general-purpose register or a memory address. If it is a memory Original address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, or a displacement. Added (Implies original E ). A ModR/M byte follows the opcode and specifies the operand. The operand is either a x87 FPU stack register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, or a displacement. (Implies original E ). A ModR/M byte follows the opcode and specifies the x87 FPU stack register.

S T i / m E S T S T i F

Added

G r H

Original rFLAGS register.

Original The reg field of the ModR/M byte selects a general register (for example, A X(0 0 0 )).

r
I i m m J r e l M m N m m O m o f f s P m m

Added

The r/m field of the ModR/M byte always selects a general register, regardless of the mod field (for example, M O V(0 F 2 0 )).

Original Immediate data. The operand value is encoded in subsequent bytes of the instruction.

Original The instruction contains a relative offset to be added to the instruction pointer register (for example, J M P(E 9 ), L O O P )).

Original

The ModR/M byte may refer only to memory: mod != 11bin (B O U N D ,L E A ,C A L L F ,J M P F ,L E S ,L D S ,L S S ,L F S ,L G S ,C M P X C H G 8 B ,C M P X C H G 1 6 B , F 2 0 F F 0L D D Q U ).

Original The R/M field of the ModR/M byte selects a packed quadword MMX technology register.

Original

The instruction has no ModR/M byte; the offset of the operand is coded as a word, double word or quad word (depending on address size attribute) in the instruction. No base register, index register, or scaling factor can be applied (only M O V (A 0 ,A 1 ,A 2 ,A 3 )).

Original The reg field of the ModR/M byte selects a packed quadword MMX technology register.

A ModR/M byte follows the opcode and specifies the operand. The operand is either an MMX technology register or a memory address. If it is a Original memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, and m m / m 6 4 a displacement.
Q R r S S r e g

Original The mod field of the ModR/M byte may refer only to a general register (only M O V(0 F 2 0 -0 F 2 4 ,0 F 2 6 )).

Original The reg field of the ModR/M byte selects a segment register (only M O V(8 C ,8 E )).

Original The reg field of the ModR/M byte selects a segment register (only M O V(8 C ,8 E )).
S r e g S C

T T R n U x m m V x m m W x m m / m X m Y m Z r

Added

Stack operand, used by instructions which either push an operand to the stack or pop an operand from the stack. Pop-like instructions are, for example, P O P ,R E T ,I R E T ,L E A V E . Push-like are, for example, P U S H ,C A L L ,I N T . No Operand type is provided along with this method because it depends on source/destination operand(s).

Original The reg field of the ModR/M byte selects a test register (only M O V(0 F 2 4 ,0 F 2 6 )).

Original The R/M field of the ModR/M byte selects a 128-bit XMM register.

Original The reg field of the ModR/M byte selects a 128-bit XMM register. A ModR/M byte follows the opcode and specifies the operand. The operand is either a 128-bit XMM register or a memory address. If it is a memory Original address, the address is computed from a segment register and any of the following values: a base register, an index register, a scaling factor, and a displacement Original Memory addressed by the D S : e S Ior by R S I(only M O V S ,C M P S ,O U T S , and L O D S ). In 64-bit mode, only 64-bit (R S I ) and 32-bit (E S I ) address sizes are supported. In non-64-bit modes, only 32-bit (E S I ) and 16-bit (S I ) address sizes are supported.

Memory addressed by the E S : e D Ior by R D I(only M O V S ,C M P S ,I N S ,S T O S , and S C A S ). In 64-bit mode, only 64-bit (R D I ) and 32-bit (E D I ) address Original sizes are supported. In non-64-bit modes, only 32-bit (E D I ) and 16-bit (D I ) address sizes are supported. The implicit E Ssegment register cannot be overriden by a segment prefix. Added The instruction has no ModR/M byte; the three least-significant bits of the opcode byte selects a general-purpose register

The following abbreviations are used for addressing methods only in case of direct segment registers and are accessible only in HTML geek's editions as segment register's title. As for source XML document, they are used within address atribute of syntax/dst or syntax/src elements. All of them are added:
S 2 S 3 0 S 3 3

The two bits at bit index three of the opcode byte selects one of original four segment registers (for example, P U S HE S ). The three least-significant bits of the opcode byte selects segment register S S ,F S , or G S(for example, L S S ). The three bits at bit index three of the opcode byte selects segment register F Sor G S(for example, P U S HF S ).

Codes for Operand Type

The following abbreviations are used for operand types: Geek Coder
a 1 6 / 3 2 & 1 6 / 3 2 b 8 b c d 8 0 d e c b s 8 b s q

State

Description

Original

Two one-word operands in memory or two double-word operands in memory, depending on operand-size attribute (only B O U N D ).

Original

Byte, regardless of operand-size attribute.

Added

Packed-BCD. Only x87 FPU instructions (for example, F B L D ).

Added; simplified b s q

Byte, sign-extended to the size of the destination operand.

Original; replaced by
b s

b s s 8 c

(Byte, sign-extended to 64 bits.)

Original

Byte, sign-extended to the size of the stack pointer (for example, P U S H(6 A )).

?
d 3 2 d i 3 2 i n t

Original

Byte or word, depending on operand-size attribute. (unused even by Intel?)

Original

Doubleword, regardless of operand-size attribute.

Added

Doubleword-integer. Only x87 FPU instructions (for example, F I A D D ).

3 2 i n t d q 1 2 8 d q p 3 2 / 6 4 d r 6 4 r e a l d s 3 2 e 1 4 / 2 8 e r 8 0 r e a l p 1 6 : 1 6 / 3 2 p i

Original

Double-quadword, regardless of operand-size attribute (for example, C M P X C H G 1 6 B ).

Added; combines d and q p

Doubleword, or quadword, promoted by R E X . Win 64-bit mode (for example, M O V S X D ).

Added

Double-real. Only x87 FPU instructions (for example, F A D D ).

Original

Doubleword, sign-extended to 64 bits (for example, C A L L(E 8 ).

Added

x87 FPU environment (for example, F S T E N V ).

Added

Extended-real. Only x87 FPU instructions (for example, F L D ).

Original

32-bit or 48-bit pointer, depending on operand-size attribute (for example, C A L L F(9 A ).

(6 4 )
p d

Original

Quadword MMX technology data.

Original

128-bit packed double-precision floating-point data.

p s

(1 2 8 )
p s q 6 4 p t

Original

128-bit packed single-precision floating-point data.

Added

64-bit packed single-precision floating-point data.

Original; replaced by
p t p

p t p 1 6 : 1 6 / 3 2 / 6 4 q 6 4 q i 6 4 i n t q p 6 4 s

(80-bit far pointer.)

Added

32-bit or 48-bit pointer, depending on operand-size attribute, or 80-bit far pointer, promoted by R E X . Win 64-bit mode (for example, C A L L F(F F/ 3 )).

Original

Quadword, regardless of operand-size attribute (for example, C A L L(F F/ 2 )).

Added

Qword-integer. Only x87 FPU instructions (for example, F I L D ).

Original Changed to Changed from Original

Quadword, promoted by R E X . W(for example, I R E T Q ). 6-byte pseudo-descriptor, or 10-byte pseudo-descriptor in 64-bit mode (for example, S G D T ). 6-byte pseudo-descriptor. Scalar element of a 128-bit packed double-precision floating data.

s d

s i

?
s r 3 2 r e a l s s

Original

Doubleword integer register (e. g., e a x ). (unused even by Intel?)

Added

Single-real. Only x87 FPU instructions (for example, F A D D ).

Original

Scalar element of a 128-bit packed single-precision floating data.

s t 9 4 / 1 0 8

Added

x87 FPU state (for example, F S A V E ).

s t x 5 1 2 t

Added

x87 FPU and SIMD state (F X S A V Eand F X R S T O R ).

Original; replaced by
p t p

v 1 6 / 3 2 v d s 1 6 / 3 2 v q 6 4 / 1 6 v q p 1 6 / 3 2 / 6 4 v s 1 6 / 3 2 w 1 6 w i 1 6 i n t

10-byte far pointer.

Original

Word or doubleword, depending on operand-size attribute (for example, I N C(4 0 ), P U S H(5 0 )).

Added; combines v and d s

Word or doubleword, depending on operand-size attribute, or doubleword, sign-extended to 64 bits for 64-bit operand size.

Original

Quadword (default) or word if operand-size prefix is used (for example, P U S H(5 0 )).

Added; combines v and q p

Word or doubleword, depending on operand-size attribute, or quadword, promoted by R E X . Win 64-bit mode.

Original

Word or doubleword sign extended to the size of the stack pointer (for example, P U S H(6 8 )).

Original

Word, regardless of operand-size attribute (for example, E N T E R ).

Added

Word-integer. Only x87 FPU instructions (for example, F I A D D ).

The following abbreviations are used for operand types and are accessible only in HTML geek's editions as operand's code title. They are issued to indicate a dependency on address-size attribute instead of operand-size attribute. As for source XML document, they are used within address atribute of syntax/dst or syntax/src elements. All of them are added:
v a d q a w a w o w s d a d o q a q s

Word or doubleword, according to address-size attribute (only R E Pand L O O Pfamilies). Doubleword or quadword, according to address-size attribute (only R E Pand L O O Pfamilies). Word, according to address-size attribute (only J C X Zinstruction). Word, according to current operand size (e. g., M O V S Winstruction). Word, according to current stack size (only P U S H Fand P O P Finstructions in 64-bit mode). Doubleword, according to address-size attribute (only J E C X Zinstruction). Doubleword, according to current operand size (e. g., M O V S Dinstruction). Quadword, according to address-size attribute (only J R C X Zinstruction). Quadword, according to current stack size (only P U S H F Qand P O P F Qinstructions).

Source XML Document

Description of the source XML structure is available only as a part of the benefits. Brief notes are also inside the DTD file.

Current State
In this version, the reference is almost complete. It contains general, system, x87 FPU, MMX, SSE, SSE1, SSE2, SSE3, SSSE3, SSE4, VMX, and SMX instructions (both one-byte and two-byte ones). We are working on AMD-specific instructions and Intel AVX instructions now. The MMX and SSE* instruction classification among groups is considered experimental and may change in future.

Future plans
For future, many new specific editions are planned, for example editions containg only instructions from particular group or extension, etc.

Why to Contribute - Benefits

Contributors can get access to benefits, which are not available for passive users. Benefits include HTML editions, which supports printing, PDF editions, many XSL transformations, working drafts, articles, and other related files.

Why are not all these features free?

A few contributors worked hard to help me complete this reference so I gave them advantage this way. I believe that this benefits program can encourage you to find your way how to become an active contributor.

How to Contribute
The following list shows possible contributions: Write an article or a blog entry about your experiences with this reference. You can write this article for x86asm.net, too If you are native English speaker, review this page's text and correct the worst mistakes Help us to find the way how to add AVX instructions to the XML reference. Note that from the point of project's progress, modifications of any of HTML editions is almost useless. A HTML edition is just a result of transformation of source XML file, so all modifications need to be done there.

Implementations
Bukowski's disassembler is first public implementation of the XML reference. See also project's blog.

License
The license is here not to restrict regular use of the reference. All I want is to keep control over its development. 1. If you improve this reference, whether its source files (XML, DTD, XSL transformations) or any of derived files (in any format), send these files to the author. The author reserve the right to use these files for any purpose. 2. You can publish source or any derivative files in any form only with author's permission and under the following conditions: 1. Mention the name of the author 2. Mention this hypertext reference to the source: ref.x86asm.net 3. Mention this license agreement 3. You can't sell printed copies of any files (original or derived) of this reference, including cases when it is a part of other project.

Resources
This reference has been completed using the following resources: Intel manuals Sandpile.org AMD manuals Intel iAPX 86/88, 186/188 User's manual

Credits
Thanks to all these geeks involved in some way in this project: Christian Ludloff: maintainer of great Sandpile.org site, one of important sources for this project Martin Mocko a.k.a. vid: many design ideas for HTML editions Anthony Lopes: great XML and XSL contributions Aquila: many great contributions EliCZ: bug reports, design ideas Cephexin: many great contributions to XML Miloslav Ponkrc: helped with PHP and JavaScript on this site William Whistler: valuable reviews and bug reports Mikae : reviews, bug reports

References
Handily-organized x86 instruction and opcode references x86 Referencia de Instrucciones y Cdigos de Operacin (OPCodes) x86

Download
Here go all main files of the reference together. A lot of other files are available only as a part of the benefits. x86reference.xml 491 kB x86reference.dtd

HTML Editions Files

coder.html

coder-abc.html

coder32.html coder32-abc.html coder64.html coder64-abc.html geek.html geek32.html geek64.html geek-abc.html geek32-abc.html geek64-abc.html

Comments
Continue to discussion board. My contact information is here.

Revisions
Mostly a bugfix release Bugfixes: Many missing SSE2 instructions (actually MMX instructions promoted to XMM registers) added (reported by Phil Keenan):
6 6 0 F 6 0/ rP U N P C K L B WV d q ,W d q 6 6 0 F 6 1/ rP U N P C K L W DV d q ,W d q 6 6 0 F 6 2/ rP U N P C K L D QV d q ,W d q 6 6 0 F 6 3/ rP A C K S S W BV d q ,W d q 6 6 0 F 6 4/ rP C M P G T BV d q ,W d q 6 6 0 F 6 5/ rP C M P G T WV d q ,W d q 6 6 0 F 6 6/ rP C M P G T DV d q ,W d q 6 6 0 F 6 7/ rP A C K U S W BV d q ,W d q 6 6 0 F 6 8/ rP U N P C K H B WV d q ,W d q 6 6 0 F 6 9/ rP U N P C K H W DV d q ,W d q 6 6 0 F 6 A/ rP U N P C K H D QV d q ,W d q 6 6 0 F 6 B/ rP A C K S S D WV d q ,W d q 6 6 0 F D 1/ rP S R L WV d q ,W d q 6 6 0 F D 2/ rP S R L DV d q ,W d q 6 6 0 F D 3/ rP S R L QV d q ,W d q 6 6 0 F D 5/ rP M U L L WV d q ,W d q 6 6 0 F D 8/ rP S U B U S BV d q ,W d q 6 6 0 F D 9/ rP S U B U S WV d q ,W d q 6 6 0 F D B/ rP A N DV d q ,W d q 6 6 0 F D C/ rP A D D U S BV d q ,W d q 6 6 0 F D D/ rP A D D U S WV d q ,W d q 6 6 0 F D F/ rP A N D NV d q ,W d q 6 6 0 F E 1/ rP S R A WV d q ,W d q 6 6 0 F E 2/ rP S R A DV d q ,W d q 6 6 0 F E 5/ rP M U L H WV d q ,W d q 6 6 0 F E 8/ rP S U B S BV d q ,W d q 6 6 0 F E 9/ rP S U B S WV d q ,W d q 6 6 0 F E B/ rP O RV d q ,W d q 6 6 0 F E C/ rP A D D S BV d q ,W d q 6 6 0 F E D/ rP A D D S WV d q ,W d q 6 6 0 F E F/ rP X O RV d q ,W d q 6 6 0 F F 1/ rP S L L WV d q ,W d q 6 6 0 F F 2/ rP S L L DV d q ,W d q 6 6 0 F F 3/ rP S L L QV d q ,W d q 6 6 0 F F 5/ rP M A D D W DV d q ,W d q 6 6 0 F F 8/ rP S U B BV d q ,W d q 6 6 0 F F 9/ rP S U B WV d q ,W d q 6 6 0 F F A/ rP S U B DV d q ,W d q 6 6 0 F F C/ rP A D D BV d q ,W d q 6 6 0 F F D/ rP A D D WV d q ,W d q 6 6 0 F F E/ rP A D D DV d q ,W d q

20091.11 01-20

MazeGen

For the following instructions, Pmethod was fixed to Nmethod (reported by Will Whistler):
0 F 7 1/ 2P S R L WN q ,I b 0 F 7 1/ 4P S R A WN q ,I b 0 F 7 1/ 6P S L L WN q ,I b 0 F 7 2/ 2P S R L DN q ,I b 0 F 7 2/ 4P S R A DN q ,I b 0 F 7 2/ 6P S L L DN q ,I b 0 F 7 3/ 2P S R L QN q ,I b 0 F 7 3/ 6P S L L QN q ,I b

Many other small bugfixes, including the DTD

Other: Hintable NOP instructions added (suggested by Mikae) New SSE2 subgroups: simdint/conver and simdint/logical News: All SSE4 instructions (Aquila contribution) All VMX instructions (the only) SMX instruction All new general instructions: P O P C N T ,M O V B E All new system instructions: X G E T B V ,X S E T B V ,R D T S C P ,X S A V E ,X R S T O R Processor code C 7to indicate Core i7 Implicate register operand group x c r(extended control register) added because of X G E T B Vand X S E T B Vinstructions HTML editions: 20091.10 08-19 Many new general notes ModR/M byte and SIB byte encoding tables Bugfixes:
M O V Dand M O V Qinstructions added: 0 F 6 EM O V QP q ,E q p(in 64-bit mode with R E X . W ) 0 F 7 EM O V QE q p ,P q(in 64-bit mode with R E X . W ) 6 6 0 F 6 EM O V DV d q ,E d 6 6 0 F 6 EM O V QV d q ,E q p(in 64-bit mode with R E X . W ) 6 6 0 F 7 EM O V DE d ,V d q 6 6 0 F 7 EM O V QE q p ,V d q(in 64-bit mode with R E X . W ) F 3 0 F 7 EM O V QV q ,W q 6 6 0 F D 6M O V QW q ,V q

MazeGen

Many other small bugfixes

This is the first revision considered stable (after more than two years of development) Bugfixes:
L O D S B(A C ): addressing method

corrected to X All L O D Svariants: d e p e n d = ' n o 'attribute removed from s r celement S C A S D(A F ), 64-bit entry: E A Xtype corrected to d U D(0 F B 9 ): e n t r yattribute r = ' y e s 'added Duplicated syntaxes for P U S H A ,P O P A ,P U S H Fand P O P Fin 386+ entries removed Duplicated t w o b y t e / p r i _ o p c delement with value 1 8merged into one H S U B P S(F 2 0 F 7 D ): fixed prefix corrected to F 2 F S T P 1(D 9 / 3 ), F C O M 2(D C / 2 ), F C O M P 3(D C / 3 ), F X C H 4(D D / 1 ), F C O M P 5(D E / 2 ), F X C H 7(D F / 1 ), F S T P 8(D F / 2 ), F S T P 9(D F / 3 ): p r o c _ e n d = ' 0 2 'element added First e n t r yfor opcode F 3 9 0 :p r o c _ e n d = ' 0 9 'element added C M P X C H G 8 Band C M P X C H G 1 6 B(0 F C 7 / 1 ) merged into one 64-bit entry Entries for C A L L(E 8 ), J M P(E 9 ), and J c c(0 F 8 0 -0 F 8 F ) merged while merging operand types vand d sto (documented) v d s All J M P Einstruction entries and R S Me n t r y :g r p 1 = ' s y s t e m ' ,g r p 2 = ' b r a n c h 'elements added C L T Se n t r y :g r p 1 = ' s y s t e m 'element added E M M Se n t r y :g r p 1 = ' x 8 7 f p u ' ,g r p 2 = ' c o n t r o l 'elements added Missing d e p e n d = ' n o 'attribute added to many d s telements at various places U Dand U D 2entries: attribute a t t r = ' i n v d 'added I M U L(6 9 ,6 B ) entries: r = ' y e s 'attribute added E N T E Rand L E A V E : 64-bit entry added while correcting e B Ptype to vand r B Ptype to v q L O O P E(E 1 ), non-64-bit e n t r y : type of e C Xcorrected to v a M O VD R n , r(0 F 2 3 ), undocumented e n t r y : addressing method corrected to H Branch hint prefixes (2 E ,3 E ,6 4 ) entries: p r o c _ s t a r t @ p o s t = ' n o 'attribute added, p r o c _ e n d = ' 1 0 'element added All entries with a t t r = ' u n d e f 'and p r e f i x b r a n c h c o n dgrouping for opcodes 2 E ,3 E , and 6 4removed S Y S E N T E Rand S Y S E X I Tentries: g r p 2 = ' s t a c k 'removed, S Sand E S Por R S Pregister operands added S Y S E N T E R : 64-bit entry added because R S Pis fixed to 64 bits in 64-bit mode Either s r cor d s telement with new implicate addressing method S Cadded to entries with g r p 2 = ' s t a c k 'element value M O Vfrom segment register (8 C ): memory operand size and register operand size differ (reported by Mikae) M O Vto segment register (8 E ): source operand is always a word (reported by Mikae) The following SSE2 instructions added (reported by Mikae):
6 6 0 F 7 1/ 2P S R L WU d q ,I b

20091.02 06-30

6 6 0 F 7 1/ 4P S R A WU d q ,I b 6 6 0 F 7 1/ 6P S L L WU d q ,I b 6 6 0 F 7 2/ 2P S R L DU d q ,I b 6 6 0 F 7 2/ 4P S R A DU d q ,I b 6 6 0 F 7 2/ 6P S L L DU d q ,I b 6 6 0 F 7 3/ 2P S R L QU d q ,I b 6 6 0 F 7 3/ 6P S L L QU d q ,I b 6 6 0 F 7 4/ rP C M P E Q BV d q ,W d q 6 6 0 F 7 5/ rP C M P E Q WV d q ,W d q 6 6 0 F 7 6/ rP C M P E Q DV d q ,W d q M O Vfrom/to D R nregister (0 F 2 1 ,0 F 2 3 ): size of the other operand

MazeGen

differs between 64-bit mode and non-64-bit modes, regardless of R E X . W

prefix (reported by Mikae)

prefix (reported by Mikae) L A R(0 F 0 2 ) and L S L(0 F 0 3 ): attribute e n t r y / @ r = " y e s "added (reported by Mikae) Backward-incompatible changes to the XML and DTD: All default attribute values removed from DTD Addressing methods B A ,B B ,F ,X ,Y , and Y Dare always implicate so they are not indicated using aand telements Addressing method Y Drenamed to B D New implicate type w oissued for P U S H A ,P O P A ,I N S ,I N S W ,O U T S ,O U T S W ,C B W ,C W D ,P U S H F ,P O P F ,M O V S ,M O V S W ,C M P S ,C M P S W ,S T O S , S T O S W ,L O D S ,L O D S W ,S C A S ,S C A S W , and I R E Tto indicate fixed operand size according to current operand size New implicate type d oissued for P U S H A D ,P O P A D ,I N S D ,O U T S D ,C W D E ,C D Q ,P U S H F D ,P O P F D ,M O V S D ,C M P S D ,S T O S D ,L O D S D ,S C A S D , I R E T Dto indicate fixed operand size according to current operand size New implicate type w sissued for P U S H Fand P O P Fin 64-bit mode to indicate fixed operand size according to current stack size New implicate type q sissued for P U S H F Qand P O P F Qto indicate fixed operand size according to current stack size News to the XML and DTD: Attribute i s _ d o c(only value y e s ) for e n t r yelement, used along with d o c = ' u 'attribute value Attribute i s _ u n d o c(only value y e s ) for e n t r yelement Implicate addressing method S C Node n o t ehas two new nodes: b r i e f , which contains original n o t econtents, and d e t , not used yet Other changes:
C B W(9 8 ): destination operand

changed to A X The s t a c ksubgroup of s y s t e mmain group is no longer used

I forgot to upload the XML reference for previous revision. Now it comes in this revision Bugfixes:
C A L L F(F F/ 3 ) and J M P F(F F/ 5 ): only a memory operand P S R L D(0 F 7 2/ 2 ): typo

is allowed (reported by Fabio Fernandes)

in mnemonic (reported by Japheth) P M A D D U B S W([ 6 6 ] 0 F 3 8 0 4 ) description fixed The following bugfixes affect the geek suite: Opcodes F F/ 2 ,F F/ 3 ,F F/ 4 ,F F/ 5 ,F F/ 6had unfounded Wopcode field (reported by William Whistler) 20081.01 The following changes and bugfixes affects mostly only the XML reference and DTD: 12-17 Backward-incompatible change: Operand type v a q premoved, was wrong Backward-incompatible change: New operand type d q aissued to replace removed v a q pfor R E Pfamily operands and L O O Pfamily operands in 64-bit mode Backward-incompatible change: Decided not to indicate sign extension on M O V S X Doperand New attribute e s c a p efor s e c _ o p c delement to indicate three-byte escapes 0 F 3 8 X Xand 0 F 3 A X X Removed all entities from DTD to make it ready to convert to XSD (suggested by Herbert Oppmann) Bugfix: all @ o p _ s i z eattributes removed from opcodes F F/ 2 ,F F/ 3 ,F F/ 4 ,F F/ 5 ,F F/ 6(reported by William Whistler) Bugfix: No (implicate) rFlags operand was declared correctly (reported by William Whistler) New implicate Addressing method Ffor rFlags operand defined in DTD Bugfix: Many e n t r y / @ m o dand s y n t a x @ m o dattributes changed and fixed News: All SSE, SSE2, SSE3, and SSSE3 instructions added (Aquila and Cephexin contributions) Alphabetically sorted editions (postfixed with -abc) On-line store improved, prices discounted The HTML transformation process is not documented now Bugfixes:
F D I V R PS T 1 ,S Tsecondary opcode was missing, P A U S Einstruction came with SSE2 P U S HF F / 6 ,F C O M I ,F C O M I P ,F I S T T P ,F N S A V E ,F S A V Eand T A K E Nprefix description fixed 20081.00 10-19 The following changes and bugfixes affect mostly only the XML reference: C A L LF F / 2 ,C A L L FF F / 3 ,J M PF F / 4 ,J M P FF F / 5 ,P U S HF F / 6 : the operand

MazeGen

it should be F 1

MazeGen

must be s r cinstead of d s t

Opcode D 9 / 3 ,d o c _ p a r t _ a l i a s _ r e fattribute fixed All MMX instructions' operand codes fixed using aand telements Backward-incompatible change of Baddressing code to B B The g e n _ n o t e sand r i n g _ n o t e snodes are no longer present in the XML All i dattributes renamed to x m l : i d New s u pand s u bchild elements for n o t e snode New addressing code B A New p a r t i c u l a rattribute for e n t r ynode News: All MMX instructions added (Anthony Lopes contribution) HTML transformation process has changed

HTML transformation process has changed Support for printing from the public files is no longer available (i. e., PDF editions are no longer publicly available as well) Bugfixes:
C L T S(0F06): valid S T D(FD): typo

20080.40 05-15

only at ring 0; valid also in real mode (reported by Anthony Lopes, EliCZ) in mnemonic (reported by EliCZ, andrewl) W R M S R(0F30): confusing and unnecessary 64-bit operands (reported by EliCZ) R D T S C(0F31), R D P M C(0F33): unnecessary 64-bit entry (reported by EliCZ) L A R(0F02), L S L(0F03): valid only in protected mode (reported by EliCZ) H L T(F4), S Y S R E T(0F07), S W A P G S(0F01 /7): valid only at ring 0 (reported by EliCZ) The following changes and bugfixes affect mostly only the XML reference:
M O V(A2,

MazeGen

A3): d s tmust be d e p e n d = ' n o ' ,s r cmust not A7): first s r cmust not be d e p e n d = ' n o ' S C A S(AE): no d s toperand, both operands are s r c S C A S(AF): first s r coperand must not be d e p e n d = ' n o ' Attribute p r o c _ s t a r t / @ p o s t = " n o "duplicated using p r o c _ e n delement Operand address and type codes split into aand tsubelements (DTD changed along)
C M P S(A6,

20080.30 03-11

All x87 FPU instructions added, including new ones The l column was renamed to x and now holds more information In HTML a PDF editions, the prefix values were moved to pf column On-line store opened The project was renamed to X86 Opcode and Instruction Reference

MazeGen

20070.21 11-29

The HTML table is split into two parts: one-byte and two-byte opcode part. This should make browsers to render it faster and more easily. I hope this also helps Firefox to render the table at first (without refresh) Instructions, which doesn't really test all flags but push them on the stack (P U S H F ,I N Tand few others) are corrected (suggested by Wolfgang MazeGen Kern) PDF edition for each HTML edition MazeGen MazeGen

20070.20 Added coder, coder32, coder64, geek32, and geek64 editions. All main project's files modified. Project's documentation completed. 11-06 20070.10 First public version 06-04 (dates format correspond to ISO 8601)