Professional Documents
Culture Documents
The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The
instructions are usually part of an executable program, often stored as a computer file and executed on the
processor.
The x86 instruction set has been extended several times, introducing wider registers and datatypes as well as new
functionality.[1]
1/31
20/10/2016
4
5
6
7
8
This is the full 8086/8088 instruction set. Most if not all of these instructions are available in 32-bit mode; they just
operate on 32-bit registers (eax, ebx, etc.) and values instead of their 16-bit (ax, bx, etc.) counterparts. See also x86
assembly language for a quick tutorial for this processor family. The updated instruction set is also grouped
according to architecture (i386, i486, i686) and more generally is referred to as x86_32 and x86_64 (also known as
AMD64).
https://en.wikipedia.org/wiki/X86_instruction_listings
2/31
20/10/2016
AAA
0x37
AAD
AAM
AAS
0xD4
0x3f
0x10
0x15,
0x80/2
0x83/2
0x00
0x05,
0x80/0
0x83/0
Logical AND
0x20
0x25,
0x80/4
0x83/4
CALL
Call procedure
0x9A,
0xE8,
0xFF/2,
0xFF/3
CBW
CLC
CF = 0;
0xF8
CLD
DF = 0;
0xFC
CLI
IF = 0;
0xFA
CMC
0xF5
CMP
Compare operands
0x38
0x3D,
0x80/7
0x83/7
CMPSB
0xA6
CMPSW
Compare words
0xA7
CWD
0x99
DAA
DAS
ADC
ADD
AND
Add
https://en.wikipedia.org/wiki/X86_instruction_listings
0x98
0x27
0x2F
3/31
20/10/2016
DEC
Decrement by 1
DIV
Unsigned divide
ESC
HLT
IDIV
Signed divide
IMUL
IN
Signed multiply
0x48,
0xFE/1,
0xFF/1
DX:AX = DX:AX / r/m;
remainder
resulting DX ==
0xF6/6,
0xF7/6
0xF4
resulting DX ==
0xF6/7,
0xF7/7
0x69,
0x6B,
0xF6/5,
0xF7/5,
0x0FAF
0xE4,
0xE5,
0xEC,
0xED
INC
Increment by 1
0x40,
0xFE/0,
0xFF/0
INT
Call to interrupt
0xCD
INTO
0xCE
IRET
0xCF
(JA, JAE, JB, JBE, JC, JE, JG, JGE, JL,
JLE, JNA, JNAE, JNB, JNBE, JNC, JNE, JNG,
JNGE, JNL, JNLE, JNO, JNP, JNS, JNZ, JO,
JP, JPE, JPO, JS, JZ)
0x70
0x7F,
0xE3,
0x0F83,
0x0F87
Jcc
Jump if condition
JCXZ
Jump if CX is zero
0xE3
JMP
Jump
0xE9
0xEB,
0xFF/4,
0xFF/5
LAHF
0x9F
LDS
0xC5
LEA
0x8D
LES
0xC4
LOCK
(for multiprocessing)
0xF0
LODSB
0xAC
LODSW
0xAD
https://en.wikipedia.org/wiki/X86_instruction_listings
0xE0..0xE2
4/31
20/10/2016
MOV
Move
MOVSB
if (DF==0)
*(byte*)DI++ = *(byte*)SI++;
else
*(byte*)DI-- = *(byte*)SI--;
0xA4
MOVSW
if (DF==0)
*(word*)DI++ = *(word*)SI++;
else
*(word*)DI-- = *(word*)SI--;
0xA5
MUL
Unsigned multiply
NEG
r/m *= -1;
NOP
No operation
NOT
r/m ^= -1;
OR
Logical OR
OUT
Output to port
POP
POPF
FLAGS = *SP++;
PUSH
*--SP = r/m;
PUSHF
*--SP = FLAGS;
RCL
RCR
REPxx
Repeat
(REP, REPE, REPNE, REPNZ, REPZ)
MOVS/STOS/CMPS/LODS/SCAS
RET
RETN
RETF
ROL
Rotate left
ROR
Rotate right
SAHF
SAL
0x90
https://en.wikipedia.org/wiki/X86_instruction_listings
0x9D
0x9C
0x9E
(1) r/m <<= 1; (2) r/m <<= CL;
5/31
20/10/2016
SAR
SBB
SCASB
0xAE
SCASW
0xAF
SHL
SHR
STC
CF = 1;
0xF9
STD
DF = 1;
0xFD
STI
IF = 1;
0xFB
STOSB
0xAA
STOSW
0xAB
SUB
Subtraction
TEST
WAIT
XCHG
Exchange data
XLAT
XOR
Exclusive OR
https://en.wikipedia.org/wiki/X86_instruction_listings
CL;
0x9B
r :=: r/m;
6/31
20/10/2016
BOUND
ENTER
Check array
index against
bounds
Enter stack
frame
INS
IN (E)AX, DX
MOV ES:[(E)DI], (E)AX
; adjust (E)DI according to operand size and DF
LEAVE
Leave stack
frame
OUTS
Output string to
port
equivalent to
POPA
POP
POP
POP
POP
POP
POP
POP
POP
DI
SI
BP
AX ;no POP SP here, only ADD SP,2
BX
DX
CX
AX
equivalent to
PUSHA
PUSH immediate
Push an
immediate
byte/word
value onto the
stack
PUSH
PUSH
PUSH
PUSH
PUSH
PUSH
PUSH
PUSH
AX
CX
DX
BX
SP ; The value stored is the initial SP value
BP
SI
DI
equivalent to
PUSH 12h
PUSH 1200h
equivalent to
IMUL immediate
https://en.wikipedia.org/wiki/X86_instruction_listings
Signed
multiplication
of immediate
IMUL
IMUL
IMUL
IMUL
BX,12h
DX,1200h
CX, DX, 12h
BX, SI, 1200h
7/31
20/10/2016
byte/word
value
ARPL
CLTS
LAR
LGDT
LIDT
LLDT
LMSW
LOADALL Load all CPU registers, including internal ones such as GDT Undocumented, 80286 and 80386 only
LSL
LTR
SGDT
SIDT
SLDT
SMSW
STR
VERR
VERW
https://en.wikipedia.org/wiki/X86_instruction_listings
8/31
20/10/2016
BSF
BSR
BT
Bit test
BTC
BTR
BTS
CDQ
CMPSD
CWDE
INSD
IRETx
JECXZ
LFS, LGS
LSS
LODSD
LOOPW,
Loop, conditional loop
LOOP W
LOOPD,
LOOPccD
(on) (qual)
MOV
to/from
Move to/from special registers
CR/DR/TR
MOVSD
*(dword*)ES:EDI = (dword*)ESI;
MOVSX
MOVZX
OUTSD
port[DX] = *(long*)ESI;
POPAD
POPFD
PUSHAD
PUSHFD
https://en.wikipedia.org/wiki/X86_instruction_listings
( depends on DF)
and similar
and similar
( depends on DF)
9/31
20/10/2016
SCASD
SETcc
SHLD
SHRD
STOSD
BSWAP
Byte Swap
CMPXCHG
INVD
Invalidate Internal
Caches
INVLPG
Invalidate TLB
Entry
WBINVD
Writes back all modified cache lines in the processor's internal cache to main
memory and invalidates the internal caches.
XADD
Exchanges the first operand with the second operand, then loads the sum of
the two values into the destination operand.
https://en.wikipedia.org/wiki/X86_instruction_listings
r1 = r1>>CL r2<<(32-CL);
used
*ES:EDI = EAX;
32 bit registers
10/31
20/10/2016
CPUID
CMPXCHG8B
RDMSR
ReaD from
Modelspecific
register
RDTSC
ReaD Time
Stamp
Counter
WRMSR
WRite to
ModelSpecific
Register
Resume from
System
Management
Mode
RDPMC
Also MMX registers and MMX support instructions were added. They are usable for both integer and floating
point operations, see below.
SYSCALL
SYSRET
AMD changed the CPUID detection bit for this feature from the K6-II on.
https://en.wikipedia.org/wiki/X86_instruction_listings
11/31
20/10/2016
CMOVcc
Conditional
move
UD2
SYStem Sometimes called the Fast System Call instruction, this instruction was intended to
SYSENTER call
increase the performance of operating system calls. Note that on the Pentium Pro, the
ENTER CPUID instruction incorrectly reports these instructions as available.
SYSEXIT
SYStem
call
EXIT
MASKMOVQ
MOVNTPS
MOVNTQ
PREFETCH0
PREFETCH1
PREFETCH2
SFENCE
Processor hint to make sure all store operations that took place
prior to the SFENCE call are globally visible
Store Fence
https://en.wikipedia.org/wiki/X86_instruction_listings
12/31
20/10/2016
CLFLUSH
LFENCE
Load Fence
MASKMOVDQU
MFENCE
Memory Fence
MOVNTDQ
Move Double Quadword Non- Move double quadword from xmm to m128, minimizing
Temporal
pollution in the cache hierarchy.
MOVNTI
MOVNTPD
PAUSE
for cacheability
Setup
Monitor
Address
Monitor
Wait
Processor hint to stop instruction execution and enter an implementationdependent optimized state until occurrence of a class of events.
https://en.wikipedia.org/wiki/X86_instruction_listings
13/31
20/10/2016
CDQE
CQO
CMPSQ
JRCXZ
LODSQ
MOVSXD
POPFQ
PUSHFQ
RDTSCP
SCASQ
STOSQ
SWAPGS
CLGI
INVLPGA
Invalidates the TLB mapping for the virtual page specified in RAX
and the ASID specified in ECX.
MOV(CRn)
SKINIT
STGI
VMLOAD
VMRUN
VMSAVE
https://en.wikipedia.org/wiki/X86_instruction_listings
14/31
20/10/2016
BEXTR, BLCFILL, BLCI, BLCIC, BLCMASK, BLCS, BLSFILL, BLSIC, T1MSKC, TZMSK
https://en.wikipedia.org/wiki/X86_instruction_listings
15/31
20/10/2016
F2XM1
for
close to zero
FABS
Absolute value
FADD
Add
FADDP
FBLD
Load BCD
FBSTP
FCHS
Change sign
FCLEX
Clear exceptions
FCOM
Compare
FCOMP
FCOMPP
FDECSTP
FDISI
Disable interrupts
FDIV
Divide
FDIVP
FDIVR
Divide reversed
FDIVRP
FENI
Enable interrupts
FFREE
Free register
FIADD
Integer add
FICOM
Integer compare
FICOMP
FIDIV
Integer divide
FIDIVR
FILD
Load integer
FIMUL
Integer multiply
FINCSTP
FINIT
FIST
Store integer
FISTP
FISUB
Integer subtract
FISUBR
FLD
FLD1
FLDCW
FLDENV
FLDENVW
FLDL2E
https://en.wikipedia.org/wiki/X86_instruction_listings
16/31
20/10/2016
FLDL2T
FLDLG2
FLDLN2
FLDPI
FLDZ
FMUL
Multiply
FMULP
FNCLEX
FNDISI
FNENI
FNINIT
FNOP
No operation
FNSAVE
FNSAVEW
FNSTCW
FNSTENV
FPATAN
Partial arctangent
FPREM
Partial remainder
FPTAN
Partial tangent
FRNDINT
Round to integer
FRSTOR
FRSTORW
FSAVE
FSAVEW
FSCALE
Scale by factor of 2
FSQRT
Square root
FST
FSTCW
FSTENV
FSTENVW
FSTP
FSTSW
FSUB
Subtract
FSUBP
FSUBR
Reverse subtract
FSUBRP
https://en.wikipedia.org/wiki/X86_instruction_listings
17/31
20/10/2016
FTST
FWAIT
FXAM
FXCH
Exchange registers
FXTRACT
FYL2X
log2
if
FYL2XP1
log2 ( +1)
FSETPM
FCOS
Cosine
if x is close to zero
Partial remainder
Sine
FSINCOS
Unordered compare
FUCOMP
FXRSTOR, FXSAVE
These are also supported on later Pentium IIs which do not contain SSE support
https://en.wikipedia.org/wiki/X86_instruction_listings
18/31
20/10/2016
https://en.wikipedia.org/wiki/X86_instruction_listings
19/31
20/10/2016
EMMS
Move doubleword
Move quadword
PACKSSDW mm1,
mm2/m64
PACKSSWB mm1,
mm2/m64
PACKUSWB mm1,
mm2/m64
PADDSB mm, mm/m64 Add packed signed byte integers and saturate
PADDSW mm,
mm/m64
PADDUSB mm,
mm/m64
PADDUSW mm,
mm/m64
Bitwise AND
Bitwise OR
Bitwise XOR
PCMPEQB mm,
mm/m64
PCMPEQW mm,
mm/m64
PCMPEQD mm,
mm/m64
PCMPGTB mm,
mm/m64
PCMPGTW mm,
mm/m64
PCMPGTD mm,
mm/m64
PMADDWD mm,
mm/m64
PMULHW mm,
mm/m64
PMULLW mm,
mm/m64
https://en.wikipedia.org/wiki/X86_instruction_listings
20/31
20/10/2016
PSUBUSB mm,
mm/m64
PSUBUSW mm,
mm/m64
PUNPCKHBW mm,
mm/m64
PUNPCKHWD mm,
mm/m64
PUNPCKHDQ mm,
mm/m64
PUNPCKLBW mm,
mm/m64
PUNPCKLDQ mm,
mm/m64
PUNPCKLWD mm,
mm/m64
Same as the SSE SIMD integer instructions which operated on MMX registers.
https://en.wikipedia.org/wiki/X86_instruction_listings
21/31
20/10/2016
PAVEB, PADDSIW, PMAGW, PDISTIB, PSUBSIW, PMVZB, PMULHRW, PMVNZB, PMVLZB, PMVGEZB,
PMULHRIW, PMACHRIW
FEMMS, PAVGUSB, PF2ID, PFACC, PFADD, PFCMPEQ, PFCMPGE, PFCMPGT, PFMAX, PFMIN, PFMUL,
PFRCP, PFRCPIT1, PFRCPIT2, PFRSQIT1, PFRSQRT, PFSUB, PFSUBR, PI2FD, PMULHRW, PREFETCH,
PREFETCHW
PFRSQRTV, PFRCPV
ADDPS, ADDSS, CMPPS, CMPSS, COMISS, CVTPI2PS, CVTPS2PI, CVTSI2SS, CVTSS2SI, CVTTPS2PI,
CVTTSS2SI, DIVPS, DIVSS, LDMXCSR, MAXPS, MAXSS, MINPS, MINSS, MOVAPS, MOVHLPS,
MOVHPS, MOVLHPS, MOVLPS, MOVMSKPS, MOVNTPS, MOVSS, MOVUPS, MULPS, MULSS, RCPPS,
RCPSS, RSQRTPS, RSQRTSS, SHUFPS, SQRTPS, SQRTSS, STMXCSR, SUBPS, SUBSS, UCOMISS,
UNPCKHPS, UNPCKLPS
ANDNPS, ANDPS, ORPS, PAVGB, PAVGW, PEXTRW, PINSRW, PMAXSW, PMAXUB, PMINSW, PMINUB,
PMOVMSKB, PMULHUW, PSADBW, PSHUFW, XORPS
https://en.wikipedia.org/wiki/X86_instruction_listings
22/31
20/10/2016
MOVUPS xmm1,
xmm2/m128
0F 10 /r
MOVUPS xmm2/m128,
xmm1
0F 11 /r
0F 12 /r
0F 12 /r
0F 13 /r
UNPCKLPS xmm1,
xmm2/m128
0F 14 /r
UNPCKHPS xmm1,
xmm2/m128
0F 15 /r
0F 16 /r
0F 16 /r
0F 17 /r
PREFETCHNTA
0F 18 /0
Prefetch Data Into Caches (non-temporal data with respect to all cache
levels)
PREFETCHT0
0F 18 /1
PREFETCHT1
0F 18 /2
Prefetch Data Into Caches (temporal data with respect to first level
cache)
PREFETCHT2
0F 18 /3
Prefetch Data Into Caches (temporal data with respect to second level
cache)
NOP
0F 1F /0
No Operation
MOVAPS xmm1,
xmm2/m128
0F 28 /r
MOVAPS xmm2/m128,
xmm1
0F 29 /r
0F 2A /r
F3 0F 2A
/r
0F 2B /r
F3 0F 2C
/r
0F 2D /r
F3 0F 2D
/r
UCOMISS xmm1,
xmm2/m32
0F 2E /r
https://en.wikipedia.org/wiki/X86_instruction_listings
23/31
20/10/2016
SQRTPS xmm1,
xmm2/m128
0F 51 /r
SQRTSS xmm1, xmm2/m32 F3 0F 51 /r Compute Square Root of Scalar Single-Precision Floating-Point Value
RSQRTPS xmm1,
xmm2/m128
0F 52 /r
RSQRTSS xmm1,
xmm2/m32
F3 0F 52 /r
0F 53 /r
ANDNPS xmm1,
xmm2/m128
0F 55 /r
0F 56 /r
F3 0F 5C
/r
F3 0F 5D
/r
0F 5E /r
F3 0F 5E
/r
F3 0F 5F
/r
LDMXCSR m32
0F AE /2
STMXCSR m32
0F AE /3
SFENCE
0F AE /7
Store Fence
F3 0F C2
/r ib
24/31
20/10/2016
imm8
0F C4 /r
Insert Word
0F C5 /r
Extract Word
SHUFPS xmm1,
xmm2/m128, imm8
PMOVMSKB r32, mm
0F D7 /r
0F DA /r
0F DE /r
0F E0 /r
0F E3 /r
PMULHUW mm1,
mm2/m64
0F E4 /r
MOVNTQ m64, mm
0F E7 /r
0F EA /r
0F EE /r
0F F6 /r
0F F7 /r
66 0F 58 /r
F2 0F 58 /r
66 0F 55 /r
https://en.wikipedia.org/wiki/X86_instruction_listings
CMPSD (CMPS)
25/31
20/10/2016
MOVDQ2Q
MOVDQA
MOVDQU
MOVQ2DQ
PADDQ
PSUBQ
PMULUDQ
PSHUFHW
PSHUFLW
PSHUFD
PSLLDQ
PSRLDQ
https://en.wikipedia.org/wiki/X86_instruction_listings
26/31
20/10/2016
DPPS, DPPD
BLENDPS, BLENDPD, BLENDVPS, BLENDVPD
ROUNDPS, ROUNDSS, ROUNDPD, ROUNDSD
INSERTPS, EXTRACTPS
MPSADBW
PHMINPOSUW
PMULLD, PMULDQ
PBLENDVB, PBLENDW
PMINSB, PMAXSB, PMINUW, PMAXUW, PMINUD, PMAXUD, PMINSD, PMAXSD
PINSRB, PINSRD/PINSRQ, PEXTRB, PEXTRW, PEXTRD/PEXTRQ
PMOVSXBW, PMOVZXBW, PMOVSXBD, PMOVZXBD, PMOVSXBQ, PMOVZXBQ, PMOVSXWD,
PMOVZXWD, PMOVSXWQ, PMOVZXWQ, PMOVSXDQ, PMOVZXDQ
PTEST
PCMPEQQ
PACKUSDW
MOVNTDQA
EXTRQ/INSERTQ
MOVNTSD/MOVNTSS
CRC32
PCMPESTRI
PCMPESTRM
PCMPISTRI
PCMPISTRM
PCMPGTQ
https://en.wikipedia.org/wiki/X86_instruction_listings
27/31
20/10/2016
C4E3
VFMADDPD xmm0, xmm1,
Fused Multiply-Add of Packed Double-Precision
WvvvvL01 69 /r
xmm2, xmm3
Floating-Point Values
/is4
VFMADDPS xmm0, xmm1,
xmm2, xmm3
C4E3
Fused Multiply-Add of Packed Single-Precision
WvvvvL01 68 /r
Floating-Point Values
/is4
C4E3
VFMADDSD xmm0, xmm1,
Fused Multiply-Add of Scalar Double-Precision
WvvvvL01 6B /r
xmm2, xmm3
Floating-Point Values
/is4
VFMADDSS xmm0, xmm1,
xmm2, xmm3
C4E3
WvvvvL01 6A
/r /is4
VFMADDSUBPD xmm0,
xmm1, xmm2, xmm3
C4E3
WvvvvL01 5D
/r /is4
VFMADDSUBPS xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Multiply-Alternating Add/Subtract of Packed
WvvvvL01 5C /r
Single-Precision Floating-Point Values
/is4
VFMSUBADDPD xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Multiply-Alternating Subtract/Add of Packed
WvvvvL01 5F /r
Double-Precision Floating-Point Values
/is4
VFMSUBADDPS xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Multiply-Alternating Subtract/Add of Packed
WvvvvL01 5E /r
Single-Precision Floating-Point Values
/is4
C4E3
WvvvvL01 6D
/r /is4
C4E3
Fused Multiply-Subtract of Packed Single-Precision
WvvvvL01 6C /r
Floating-Point Values
/is4
C4E3
Fused Multiply-Subtract of Scalar Double-Precision
WvvvvL01 6F /r
Floating-Point Values
/is4
C4E3
Fused Multiply-Subtract of Scalar Single-Precision
WvvvvL01 6E /r
Floating-Point Values
/is4
VFNMADDPD xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Negative Multiply-Add of Packed DoubleWvvvvL01 79 /r
Precision Floating-Point Values
/is4
VFNMADDPS xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Negative Multiply-Add of Packed SingleWvvvvL01 78 /r
Precision Floating-Point Values
/is4
VFNMADDSD xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Negative Multiply-Add of Scalar DoubleWvvvvL01 7B /r
Precision Floating-Point Values
/is4
VFNMADDSS xmm0,
C4E3
https://en.wikipedia.org/wiki/X86_instruction_listings
20/10/2016
WvvvvL01 7A
/r /is4
C4E3
WvvvvL01 7D
/r /is4
Floating-Point Values
Fused Negative Multiply-Subtract of Packed DoublePrecision Floating-Point Values
C4E3
VFNMSUBPS xmm0, xmm1,
Fused Negative Multiply-Subtract of Packed SingleWvvvvL01 7C /r
xmm2, xmm3
Precision Floating-Point Values
/is4
VFNMSUBSD xmm0,
xmm1, xmm2, xmm3
C4E3
Fused Negative Multiply-Subtract of Scalar DoubleWvvvvL01 7F /r
Precision Floating-Point Values
/is4
C4E3
VFNMSUBSS xmm0, xmm1,
Fused Negative Multiply-Subtract of Scalar SingleWvvvvL01 7E /r
xmm2, xmm3
Precision Floating-Point Values
/is4
6 new instructions.
AESENC
AESENCLAST
AESDEC
AESDECLAST
7 new instructions.
SHA1RNDS4
SHA1NEXTE
SHA1MSG1
SHA1MSG2
SHA256RNDS2
SHA256MSG1
SHA256MSG2
https://en.wikipedia.org/wiki/X86_instruction_listings
29/31
20/10/2016
The x86 CPUs contain undocumented instructions which are implemented on the chips but not listed in some
official documents. They can be found in various sources across the Internet, such as Ralf Brown's Interrupt List
and at http://web.archive.org/web/20101127004526/http://www.sandpile.org:80/
AAM imm8
D4 imm8
AAD imm8
SALC
D6
ICEBP
F1
0F 04
LOADALL
0F 05
LOADALLD 0F 07
UD1
0F B9
CLMUL
XOP
F16C
FMA
RdRand
Larrabee extensions
Advanced Vector Extensions 2
Bit Manipulation Instruction Sets
CPUID
1. "Re: Intel Processor Identification and the CPUID Instruction". Retrieved 2013-04-21.
2. "Re: Undocumented opcodes (HINT_NOP)". Retrieved 2010-11-07.
3. "Re: Also some undocumented 0Fh opcodes". Retrieved 2010-11-07.
Intel Software Developer's Manuals (http://www.intel.com/products/processor/manuals/)
https://en.wikipedia.org/wiki/X86_instruction_listings
30/31
20/10/2016
https://en.wikipedia.org/wiki/X86_instruction_listings
31/31