-
-
Notifications
You must be signed in to change notification settings - Fork 53
Instruction Generators
Neo edited this page Jul 23, 2021
·
1 revision
Everywhere when we deal with hex string it is often intended to be a sequence of ASM instructions.
While it is perfectly fine to write them directly as hex, it often becomes tedious to remember the opcodes, mod r/m bytes, sib bytes and so forth.
To ease the process, most of the known CPU instructions have been added as 'generator' functions & strings by means of the support scripts.
The functions make use of the [Instr] class along with objects of the other scripted classes to create the equivalent hex string of each instruction.
Based on the type of Registers being dealt with there are 3 categories of generator functions.
Legend used
Imm= Immediate value (Number or Hex).Reg= Any Register object[...]= Memory Pointer which takes the generic form [scale*reg + reg + displacement], all parts of which are optional, but atleast 1 should be there.
| Instruction | Accepted argument forms |
|---|---|
PUSH |
ImmReg[...]
|
POP |
Reg[...]
|
CALL/JMP |
TgtAddr, SrcAddrDistance (number or hex) Reg[...]
|
RETN |
2 byte ImmNone |
ENTER |
Size (number), NestLevel (number or hex)
|
JO/JNO/JB/JC/JNAE/JNB/JNC/JAE/JE/JZ/JNE/JNZ/JBE/JNA/JNBE/JA/JS/JNS/JP/JPE/JNP/JPO/JL/JNGE/JNL/JGE/JLE/JNG/JNLE/JG |
TgtAddr, SrcAddrDistance (number or hex)
|
LEA |
Reg, [...]
|
MOV |
Reg, RegReg, [...]Reg, Imm[...], Reg[...], Imm
|
MOVSX/MOVZX |
Reg, RegReg, [...]
|
CMOVO/CMOVNO/CMOVB/CMOVC/CMOVNAE/CMOVNB/CMOVNC/CMOVAE/CMOVE/CMOVZ/CMOVNE/CMOVNZ/CMOVBE/CMOVNA/CMOVNBE/CMOVA/CMOVS/CMOVNS/CMOVP/CMOVPE/CMOVNP/CMOVPO/CMOVL/CMOVNGE/CMOVNL/CMOVGE/CMOVLE/CMOVNG/<br>CMOVNLE/CMOVG |
Reg, RegReg, [...]
|
SETO/SETNO/SETB/SETC/SETNAE/SETNB/SETNC/SETAE/SETE/SETZ/SETNE/SETNZ/SETBE/SETNA/SETNBE/SETA/SETS/SETNS/SETP/SETPE/SETNP/SETPO/SETL/SETNGE/SETNL/SETGE/SETLE/SETNG/SETNLE/SETG |
8 bit Reg[...]
|
INC/DEC |
Reg[...]
|
NOT/NEG |
Reg[...]
|
MUL/DIV/IDIV |
Reg[...]
|
IMUL |
Reg[...]Reg, RegReg, Reg, ImmReg, [...]Reg, [...], Imm
|
ROL/ROR/RCL/RCR/SHL/SHR/SAL/SAR |
RegReg, Imm[...][...], 1Reg, Reg[...], Reg
|
ADD/OR/ADC/SBB/AND/SUB/XOR/CMP |
Reg, RegReg, [...]Reg, Imm[...], Reg[...], Imm
|
TEST |
Reg[...]Reg, RegReg, [...][...], Reg
|
There is also a NOPs function available for generating a sequence of multi-byte NOPs.
Syntax:
NOPs(count)| Instruction | Accepted argument forms |
|---|---|
FADD/FMUL/FSUB/FSUBR/FDIV/FDIVR |
[...]Reg, Reg
|
FCOM/FCOMP |
Reg[...]
|
FLD/FST/FSTP/FLDENV/FLDCW/FSTENV/FSTCW |
Reg[...]
|
FIADD/FIMUL/FICOM/FICOMP/FISUB/FISUBR/FIDIV/FIDIVR |
[...] |
FILD/FISTTP/FIST/FISTP |
[...] |
FCMOVB/FCMOVE/FCMOVBE/FCMOVU |
Reg, Reg
|
FCMOVNB/FCMOVNE/FCMOVNBE/FCMOVNU |
Reg, Reg
|
FADDP/FMULP/FSUBRP/FSUBP/FDIVRP/FDIVP |
Reg, RegNone |
FFREEP |
Reg |
FSTSW |
AX[...]
|
FUCOMI/FUCOMIP |
ST0, ST Reg
|
| Instruction | Accepted argument forms |
|---|---|
MOVAPD/MOVAPS/MOVDQA/MOVDQU/MOVD/MOVQ/MOVSS/MOVUPD/MOVUPS |
Reg, [...][...], RegReg, Reg
|
MOVLPS/MOVHPS/MOVLPD/MOVHPD |
Reg, [...][...], Reg
|
MOVNTPD/MOVNTPS/MOVNTQ/MOVNTDQ/MOVNTSS |
[...], Reg
|
MOVSLDUP/MOVSHDUP |
Reg, RegReg, [...]
|
UNPCKLPS/UNPCKHPS/PUNPCKLQDQ/PUNPCKHQDQ |
Reg, RegReg, [...]
|
CVTDQ2PD/CVTDQ2PS/CVTPS2DQ |
Reg, RegReg, [...]
|
CVTPD2PI/CVTPI2PD/CVTPI2PS/CVTPD2PS/CVTPS2PD/CVTPS2PI |
Reg, RegReg, [...]
|
CVTSI2SS/CVTSS2SI/CVTSS2SD |
Reg, RegReg, [...]
|
CVTTPD2PI/CVTTPD2DQ/CVTTPS2DQ/CVTTPS2PI/CVTTSS2SI |
Reg, RegReg, [...]
|
UCOMISD/COMISD/UCOMISS/COMISS |
Reg, RegReg, [...]
|
SQRTPD/SQRTPS/SQRTSS/RSQRTPS/RSQRTSS |
Reg, RegReg, [...]
|
ANDPD/ANDNPD/ANDPS/ANDNPS |
Reg, RegReg, [...]
|
ORPD/ORPS/XORPD/XORPS |
Reg, RegReg, [...]
|
ADDPD/ADDPS/ADDSS/ADDSUBPD/HADDPD |
Reg, RegReg, [...]
|
MULPD/MULPS/MULSS/DIVPD/DIVPS/DIVSS/RCPPS/RCPSS |
Reg, RegReg, [...]
|
SUBPD/SUBPS/SUBSS/HSUBPD |
Reg, RegReg, [...]
|
MINPD/MINPS/MINSS/MAXPD/MAXPS/MAXSS |
Reg, RegReg, [...]
|
PSHUFD/PSHUFW/PSHUFHW/SHUFPD/SHUFPS |
Reg, RegReg, [...]
|
UNPCKLPD/UNPCKHPD |
Reg, [...]
|
Some of the CPU instructions work standalone i.e. they do not take any arguments and as a result only have just opcodes.
For these it made better sense to just keep them as global variables containing the opcode hex.
| Name | Hex code |
|---|---|
PUSHAD |
60 |
POPAD |
61 |
NOP |
90 |
CWDE |
98 |
CDQ |
99 |
LEAVE |
C9 |
INT3 |
CC |
In addition to NOP, There are also multi-byte NOPs available as strings as well.
| Name | Actual instruction | Hex code |
|---|---|---|
NOP2 |
NOP with address override |
66 90 |
NOP3 |
NOP DWORD PTR [EAX] |
0F 1F 00 |
NOP4 |
NOP DWORD PTR [EAX + 0] |
0F 1F 40 00 |
NOP5 |
NOP DWORD PTR [EAX + EAX + 0] |
0F 1F 44 00 00 |
NOP6 |
NOP DWORD PTR [AX + AX + 0] |
66 0F 1F 44 00 00 |
NOP7 |
NOP DWORD PTR [EAX + 0] where 0 is 4 bytes long |
0F 1F 80 00 00 00 00 |
NOP8 |
NOP DWORD PTR [EAX + EAX + 0] where 0 is 4 bytes long |
0F 1F 84 00 00 00 00 00 |
NOP9 |
NOP DWORD PTR [AX + AX + 0] where 0 is 4 bytes long |
66 0F 1F 84 00 00 00 00 00 |
| Name | Hex code |
|---|---|
FNOP |
D9 D0 |
FCHS |
D9 E0 |
FABS |
D9 E1 |
FTST |
D9 E4 |
FXAM |
D9 E5 |
FLD1 |
D9 E8 |
FLDL2T |
D9 E9 |
FLDL2E |
D9 EA |
FLDPI |
D9 EB |
FLDLG2 |
D9 EC |
FLDLN2 |
D9 ED |
FLDZ |
D9 EE |
F2XM1 |
D9 F0 |
FYL2X |
D9 F1 |
FPTAN |
D9 F2 |
FPATAN |
D9 F3 |
FXTRACT |
D9 F4 |
FPREM1 |
D9 F5 |
FDECSTP |
D9 F6 |
FINCSTP |
D9 F7 |
FPREM |
D9 F8 |
FYL2XP1 |
D9 F9 |
FSQRT |
D9 FA |
FSINCOS |
D9 FB |
FRNDINT |
D9 FC |
FSCALE |
D9 FD |
FSIN |
D9 FE |
FCOS |
D9 FF |
FUCOMPP |
DA E9 |
FNENI |
DB E0 |
FNDISI |
DB E1 |
FNCLEX |
DB E2 |
FNINIT |
DB E3 |
FCLEX |
9B DB E2 |
FINIT |
9B DB E3 |
FNSETPM |
DB E4 |
FCOMPP |
DE D9 |