This is nasm.info, produced by Makeinfo version 3.12f from nasmdoc.texi. INFO-DIR-SECTION Programming START-INFO-DIR-ENTRY * NASM: (nasm). The Netwide Assembler for x86. END-INFO-DIR-ENTRY This file documents NASM, the Netwide Assembler: an assembler targetting the Intel x86 series of processors, with portable source. Copyright 1997 Simon Tatham All rights reserved. This document is redistributable under the licence given in the file "Licence" distributed in the NASM archive.  File: nasm.info, Node: Section A.131, Next: Section A.132, Prev: Section A.130, Up: Appendix A A.131. `PSUBxx': MMX Packed Subtraction *************************************** PSUBB mmxreg,r/m64 ; 0F F8 /r [PENT,MMX] PSUBW mmxreg,r/m64 ; 0F F9 /r [PENT,MMX] PSUBD mmxreg,r/m64 ; 0F FA /r [PENT,MMX] PSUBSB mmxreg,r/m64 ; 0F E8 /r [PENT,MMX] PSUBSW mmxreg,r/m64 ; 0F E9 /r [PENT,MMX] PSUBUSB mmxreg,r/m64 ; 0F D8 /r [PENT,MMX] PSUBUSW mmxreg,r/m64 ; 0F D9 /r [PENT,MMX] `PSUBxx' all perform packed subtraction between their two 64-bit operands, storing the result in the destination (first) operand. The `PSUBxB' forms treat the 64-bit operands as vectors of eight bytes, and subtract each byte individually; `PSUBxW' treat the operands as vectors of four words; and `PSUBD' treats its operands as vectors of two doublewords. In all cases, the elements of the operand on the right are subtracted from the corresponding elements of the operand on the left, not the other way round. `PSUBSB' and `PSUBSW' perform signed saturation on the sum of each pair of bytes or words: if the result of a subtraction is too large or too small to fit into a signed byte or word result, it is clipped (saturated) to the largest or smallest value which _will_ fit. `PSUBUSB' and `PSUBUSW' similarly perform unsigned saturation, clipping to `0FFh' or `0FFFFh' if the result is larger than that.  File: nasm.info, Node: Section A.132, Next: Section A.133, Prev: Section A.131, Up: Appendix A A.132. `PSUBSIW': MMX Packed Subtract with Saturation to Implied Destination **************************************************************************** PSUBSIW mmxreg,r/m64 ; 0F 55 /r [CYRIX,MMX] `PSUBSIW', specific to the Cyrix extensions to the MMX instruction set, performs the same function as `PSUBSW', except that the result is not placed in the register specified by the first operand, but instead in the implied destination register, specified as for `PADDSIW' (*Note Section A.115::).  File: nasm.info, Node: Section A.133, Next: Section A.134, Prev: Section A.132, Up: Appendix A A.133. `PUNPCKxxx': Unpack Data ******************************* PUNPCKHBW mmxreg,r/m64 ; 0F 68 /r [PENT,MMX] PUNPCKHWD mmxreg,r/m64 ; 0F 69 /r [PENT,MMX] PUNPCKHDQ mmxreg,r/m64 ; 0F 6A /r [PENT,MMX] PUNPCKLBW mmxreg,r/m64 ; 0F 60 /r [PENT,MMX] PUNPCKLWD mmxreg,r/m64 ; 0F 61 /r [PENT,MMX] PUNPCKLDQ mmxreg,r/m64 ; 0F 62 /r [PENT,MMX] `PUNPCKxx' all treat their operands as vectors, and produce a new vector generated by interleaving elements from the two inputs. The `PUNPCKHxx' instructions start by throwing away the bottom half of each input operand, and the `PUNPCKLxx' instructions throw away the top half. The remaining elements, totalling 64 bits, are then interleaved into the destination, alternating elements from the second (source) operand and the first (destination) operand: so the leftmost element in the result always comes from the second operand, and the rightmost from the destination. `PUNPCKxBW' works a byte at a time, `PUNPCKxWD' a word at a time, and `PUNPCKxDQ' a doubleword at a time. So, for example, if the first operand held `0x7A6A5A4A3A2A1A0A' and the second held `0x7B6B5B4B3B2B1B0B', then: * `PUNPCKHBW' would return `0x7B7A6B6A5B5A4B4A'. * `PUNPCKHWD' would return `0x7B6B7A6A5B4B5A4A'. * `PUNPCKHDQ' would return `0x7B6B5B4B7A6A5A4A'. * `PUNPCKLBW' would return `0x3B3A2B2A1B1A0B0A'. * `PUNPCKLWD' would return `0x3B2B3A2A1B0B1A0A'. * `PUNPCKLDQ' would return `0x3B2B1B0B3A2A1A0A'.  File: nasm.info, Node: Section A.134, Next: Section A.135, Prev: Section A.133, Up: Appendix A A.134. `PUSH': Push Data on Stack ********************************* PUSH reg16 ; o16 50+r [8086] PUSH reg32 ; o32 50+r [386] PUSH r/m16 ; o16 FF /6 [8086] PUSH r/m32 ; o32 FF /6 [386] PUSH CS ; 0E [8086] PUSH DS ; 1E [8086] PUSH ES ; 06 [8086] PUSH SS ; 16 [8086] PUSH FS ; 0F A0 [386] PUSH GS ; 0F A8 [386] PUSH imm8 ; 6A ib [286] PUSH imm16 ; o16 68 iw [286] PUSH imm32 ; o32 68 id [386] `PUSH' decrements the stack pointer (`SP' or `ESP') by 2 or 4, and then stores the given value at `[SS:SP]' or `[SS:ESP]'. The address-size attribute of the instruction determines whether `SP' or `ESP' is used as the stack pointer: to deliberately override the default given by the `BITS' setting, you can use an `a16' or `a32' prefix. The operand-size attribute of the instruction determines whether the stack pointer is decremented by 2 or 4: this means that segment register pushes in `BITS 32' mode will push 4 bytes on the stack, of which the upper two are undefined. If you need to override that, you can use an `o16' or `o32' prefix. The above opcode listings give two forms for general-purpose register push instructions: for example, `PUSH BX' has the two forms `53' and `FF F3'. NASM will always generate the shorter form when given `PUSH BX'. NDISASM will disassemble both. Unlike the undocumented and barely supported `POP CS', `PUSH CS' is a perfectly valid and sensible instruction, supported on all processors. The instruction `PUSH SP' may be used to distinguish an 8086 from later processors: on an 8086, the value of `SP' stored is the value it has _after_ the push instruction, whereas on later processors it is the value _before_ the push instruction.  File: nasm.info, Node: Section A.135, Next: Section A.136, Prev: Section A.134, Up: Appendix A A.135. `PUSHAx': Push All General-Purpose Registers *************************************************** PUSHA ; 60 [186] PUSHAD ; o32 60 [386] PUSHAW ; o16 60 [186] `PUSHAW' pushes, in succession, `AX', `CX', `DX', `BX', `SP', `BP', `SI' and `DI' on the stack, decrementing the stack pointer by a total of 16. `PUSHAD' pushes, in succession, `EAX', `ECX', `EDX', `EBX', `ESP', `EBP', `ESI' and `EDI' on the stack, decrementing the stack pointer by a total of 32. In both cases, the value of `SP' or `ESP' pushed is its _original_ value, as it had before the instruction was executed. `PUSHA' is an alias mnemonic for either `PUSHAW' or `PUSHAD', depending on the current `BITS' setting. Note that the registers are pushed in order of their numeric values in opcodes (see *Note Section A.2.1::). See also `POPA' (*Note Section A.127::).  File: nasm.info, Node: Section A.136, Next: Section A.137, Prev: Section A.135, Up: Appendix A A.136. `PUSHFx': Push Flags Register ************************************ PUSHF ; 9C [186] PUSHFD ; o32 9C [386] PUSHFW ; o16 9C [186] `PUSHFW' pops a word from the stack and stores it in the bottom 16 bits of the flags register (or the whole flags register, on processors below a 386). `PUSHFD' pops a doubleword and stores it in the entire flags register. `PUSHF' is an alias mnemonic for either `PUSHFW' or `PUSHFD', depending on the current `BITS' setting. See also `POPF' (*Note Section A.128::).  File: nasm.info, Node: Section A.137, Next: Section A.138, Prev: Section A.136, Up: Appendix A A.137. `PXOR': MMX Bitwise XOR ****************************** PXOR mmxreg,r/m64 ; 0F EF /r [PENT,MMX] `PXOR' performs a bitwise XOR operation between its two operands (i.e. each bit of the result is 1 if and only if exactly one of the corresponding bits of the two inputs was 1), and stores the result in the destination (first) operand.  File: nasm.info, Node: Section A.138, Next: Section A.139, Prev: Section A.137, Up: Appendix A A.138. `RCL', `RCR': Bitwise Rotate through Carry Bit ***************************************************** RCL r/m8,1 ; D0 /2 [8086] RCL r/m8,CL ; D2 /2 [8086] RCL r/m8,imm8 ; C0 /2 ib [286] RCL r/m16,1 ; o16 D1 /2 [8086] RCL r/m16,CL ; o16 D3 /2 [8086] RCL r/m16,imm8 ; o16 C1 /2 ib [286] RCL r/m32,1 ; o32 D1 /2 [386] RCL r/m32,CL ; o32 D3 /2 [386] RCL r/m32,imm8 ; o32 C1 /2 ib [386] RCR r/m8,1 ; D0 /3 [8086] RCR r/m8,CL ; D2 /3 [8086] RCR r/m8,imm8 ; C0 /3 ib [286] RCR r/m16,1 ; o16 D1 /3 [8086] RCR r/m16,CL ; o16 D3 /3 [8086] RCR r/m16,imm8 ; o16 C1 /3 ib [286] RCR r/m32,1 ; o32 D1 /3 [386] RCR r/m32,CL ; o32 D3 /3 [386] RCR r/m32,imm8 ; o32 C1 /3 ib [386] `RCL' and `RCR' perform a 9-bit, 17-bit or 33-bit bitwise rotation operation, involving the given source/destination (first) operand and the carry bit. Thus, for example, in the operation `RCR AL,1', a 9-bit rotation is performed in which `AL' is shifted left by 1, the top bit of `AL' moves into the carry flag, and the original value of the carry flag is placed in the low bit of `AL'. The number of bits to rotate by is given by the second operand. Only the bottom five bits of the rotation count are considered by processors above the 8086. You can force the longer (286 and upwards, beginning with a `C1' byte) form of `RCL foo,1' by using a `BYTE' prefix: `RCL foo,BYTE 1'. Similarly with `RCR'.  File: nasm.info, Node: Section A.139, Next: Section A.140, Prev: Section A.138, Up: Appendix A A.139. `RDMSR': Read Model-Specific Registers ********************************************* RDMSR ; 0F 32 [PENT] `RDMSR' reads the processor Model-Specific Register (MSR) whose index is stored in `ECX', and stores the result in `EDX:EAX'. See also `WRMSR' (*Note Section A.165::).  File: nasm.info, Node: Section A.140, Next: Section A.141, Prev: Section A.139, Up: Appendix A A.140. `RDPMC': Read Performance-Monitoring Counters **************************************************** RDPMC ; 0F 33 [P6] `RDPMC' reads the processor performance-monitoring counter whose index is stored in `ECX', and stores the result in `EDX:EAX'.  File: nasm.info, Node: Section A.141, Next: Section A.142, Prev: Section A.140, Up: Appendix A A.141. `RDTSC': Read Time-Stamp Counter *************************************** RDTSC ; 0F 31 [PENT] `RDTSC' reads the processor's time-stamp counter into `EDX:EAX'.  File: nasm.info, Node: Section A.142, Next: Section A.143, Prev: Section A.141, Up: Appendix A A.142. `RET', `RETF', `RETN': Return from Procedure Call ******************************************************** RET ; C3 [8086] RET imm16 ; C2 iw [8086] RETF ; CB [8086] RETF imm16 ; CA iw [8086] RETN ; C3 [8086] RETN imm16 ; C2 iw [8086] `RET', and its exact synonym `RETN', pop `IP' or `EIP' from the stack and transfer control to the new address. Optionally, if a numeric second operand is provided, they increment the stack pointer by a further `imm16' bytes after popping the return address. `RETF' executes a far return: after popping `IP'/`EIP', it then pops `CS', and _then_ increments the stack pointer by the optional argument if present.  File: nasm.info, Node: Section A.143, Next: Section A.144, Prev: Section A.142, Up: Appendix A A.143. `ROL', `ROR': Bitwise Rotate *********************************** ROL r/m8,1 ; D0 /0 [8086] ROL r/m8,CL ; D2 /0 [8086] ROL r/m8,imm8 ; C0 /0 ib [286] ROL r/m16,1 ; o16 D1 /0 [8086] ROL r/m16,CL ; o16 D3 /0 [8086] ROL r/m16,imm8 ; o16 C1 /0 ib [286] ROL r/m32,1 ; o32 D1 /0 [386] ROL r/m32,CL ; o32 D3 /0 [386] ROL r/m32,imm8 ; o32 C1 /0 ib [386] ROR r/m8,1 ; D0 /1 [8086] ROR r/m8,CL ; D2 /1 [8086] ROR r/m8,imm8 ; C0 /1 ib [286] ROR r/m16,1 ; o16 D1 /1 [8086] ROR r/m16,CL ; o16 D3 /1 [8086] ROR r/m16,imm8 ; o16 C1 /1 ib [286] ROR r/m32,1 ; o32 D1 /1 [386] ROR r/m32,CL ; o32 D3 /1 [386] ROR r/m32,imm8 ; o32 C1 /1 ib [386] `ROL' and `ROR' perform a bitwise rotation operation on the given source/destination (first) operand. Thus, for example, in the operation `ROR AL,1', an 8-bit rotation is performed in which `AL' is shifted left by 1 and the original top bit of `AL' moves round into the low bit. The number of bits to rotate by is given by the second operand. Only the bottom 3, 4 or 5 bits (depending on the source operand size) of the rotation count are considered by processors above the 8086. You can force the longer (286 and upwards, beginning with a `C1' byte) form of `ROL foo,1' by using a `BYTE' prefix: `ROL foo,BYTE 1'. Similarly with `ROR'.  File: nasm.info, Node: Section A.144, Next: Section A.145, Prev: Section A.143, Up: Appendix A A.144. `RSM': Resume from System-Management Mode ************************************************ RSM ; 0F AA [PENT] `RSM' returns the processor to its normal operating mode when it was in System-Management Mode.  File: nasm.info, Node: Section A.145, Next: Section A.146, Prev: Section A.144, Up: Appendix A A.145. `SAHF': Store AH to Flags ******************************** SAHF ; 9E [8086] `SAHF' sets the low byte of the flags word according to the contents of the `AH' register. See also `LAHF' (*Note Section A.90::).  File: nasm.info, Node: Section A.146, Next: Section A.147, Prev: Section A.145, Up: Appendix A A.146. `SAL', `SAR': Bitwise Arithmetic Shifts ********************************************** SAL r/m8,1 ; D0 /4 [8086] SAL r/m8,CL ; D2 /4 [8086] SAL r/m8,imm8 ; C0 /4 ib [286] SAL r/m16,1 ; o16 D1 /4 [8086] SAL r/m16,CL ; o16 D3 /4 [8086] SAL r/m16,imm8 ; o16 C1 /4 ib [286] SAL r/m32,1 ; o32 D1 /4 [386] SAL r/m32,CL ; o32 D3 /4 [386] SAL r/m32,imm8 ; o32 C1 /4 ib [386] SAR r/m8,1 ; D0 /0 [8086] SAR r/m8,CL ; D2 /0 [8086] SAR r/m8,imm8 ; C0 /0 ib [286] SAR r/m16,1 ; o16 D1 /0 [8086] SAR r/m16,CL ; o16 D3 /0 [8086] SAR r/m16,imm8 ; o16 C1 /0 ib [286] SAR r/m32,1 ; o32 D1 /0 [386] SAR r/m32,CL ; o32 D3 /0 [386] SAR r/m32,imm8 ; o32 C1 /0 ib [386] `SAL' and `SAR' perform an arithmetic shift operation on the given source/destination (first) operand. The vacated bits are filled with zero for `SAL', and with copies of the original high bit of the source operand for `SAR'. `SAL' is a synonym for `SHL' (see *Note Section A.152::). NASM will assemble either one to the same code, but NDISASM will always disassemble that code as `SHL'. The number of bits to shift by is given by the second operand. Only the bottom 3, 4 or 5 bits (depending on the source operand size) of the shift count are considered by processors above the 8086. You can force the longer (286 and upwards, beginning with a `C1' byte) form of `SAL foo,1' by using a `BYTE' prefix: `SAL foo,BYTE 1'. Similarly with `SAR'.  File: nasm.info, Node: Section A.147, Next: Section A.148, Prev: Section A.146, Up: Appendix A A.147. `SALC': Set AL from Carry Flag ************************************* SALC ; D6 [8086,UNDOC] `SALC' is an early undocumented instruction similar in concept to `SETcc' (*Note Section A.150::). Its function is to set `AL' to zero if the carry flag is clear, or to `0xFF' if it is set.  File: nasm.info, Node: Section A.148, Next: Section A.149, Prev: Section A.147, Up: Appendix A A.148. `SBB': Subtract with Borrow ********************************** SBB r/m8,reg8 ; 18 /r [8086] SBB r/m16,reg16 ; o16 19 /r [8086] SBB r/m32,reg32 ; o32 19 /r [386] SBB reg8,r/m8 ; 1A /r [8086] SBB reg16,r/m16 ; o16 1B /r [8086] SBB reg32,r/m32 ; o32 1B /r [386] SBB r/m8,imm8 ; 80 /3 ib [8086] SBB r/m16,imm16 ; o16 81 /3 iw [8086] SBB r/m32,imm32 ; o32 81 /3 id [386] SBB r/m16,imm8 ; o16 83 /3 ib [8086] SBB r/m32,imm8 ; o32 83 /3 ib [8086] SBB AL,imm8 ; 1C ib [8086] SBB AX,imm16 ; o16 1D iw [8086] SBB EAX,imm32 ; o32 1D id [386] `SBB' performs integer subtraction: it subtracts its second operand, plus the value of the carry flag, from its first, and leaves the result in its destination (first) operand. The flags are set according to the result of the operation: in particular, the carry flag is affected and can be used by a subsequent `SBB' instruction. In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign- extended to the length of the first operand. In these cases, the `BYTE' qualifier is necessary to force NASM to generate this form of the instruction. To subtract one number from another without also subtracting the contents of the carry flag, use `SUB' (*Note Section A.159::).  File: nasm.info, Node: Section A.149, Next: Section A.150, Prev: Section A.148, Up: Appendix A A.149. `SCASB', `SCASW', `SCASD': Scan String ********************************************* SCASB ; AE [8086] SCASW ; o16 AF [8086] SCASD ; o32 AF [386] `SCASB' compares the byte in `AL' with the byte at `[ES:DI]' or `[ES:EDI]', and sets the flags accordingly. It then increments or decrements (depending on the direction flag: increments if the flag is clear, decrements if it is set) `DI' (or `EDI'). The register used is `DI' if the address size is 16 bits, and `EDI' if it is 32 bits. If you need to use an address size not equal to the current `BITS' setting, you can use an explicit `a16' or `a32' prefix. Segment override prefixes have no effect for this instruction: the use of `ES' for the load from `[DI]' or `[EDI]' cannot be overridden. `SCASW' and `SCASD' work in the same way, but they compare a word to `AX' or a doubleword to `EAX' instead of a byte to `AL', and increment or decrement the addressing registers by 2 or 4 instead of 1. The `REPE' and `REPNE' prefixes (equivalently, `REPZ' and `REPNZ') may be used to repeat the instruction up to `CX' (or `ECX' - again, the address size chooses which) times until the first unequal or equal byte is found.  File: nasm.info, Node: Section A.150, Next: Section A.151, Prev: Section A.149, Up: Appendix A A.150. `SETcc': Set Register from Condition ******************************************* SETcc r/m8 ; 0F 90+cc /2 [386] `SETcc' sets the given 8-bit operand to zero if its condition is not satisfied, and to 1 if it is.  File: nasm.info, Node: Section A.151, Next: Section A.152, Prev: Section A.150, Up: Appendix A A.151. `SGDT', `SIDT', `SLDT': Store Descriptor Table Pointers ************************************************************** SGDT mem ; 0F 01 /0 [286,PRIV] SIDT mem ; 0F 01 /1 [286,PRIV] SLDT r/m16 ; 0F 00 /0 [286,PRIV] `SGDT' and `SIDT' both take a 6-byte memory area as an operand: they store the contents of the GDTR (global descriptor table register) or IDTR (interrupt descriptor table register) into that area as a 32-bit linear address and a 16-bit size limit from that area (in that order). These are the only instructions which directly use _linear_ addresses, rather than segment/offset pairs. `SLDT' stores the segment selector corresponding to the LDT (local descriptor table) into the given operand. See also `LGDT', `LIDT' and `LLDT' (*Note Section A.95::).  File: nasm.info, Node: Section A.152, Next: Section A.153, Prev: Section A.151, Up: Appendix A A.152. `SHL', `SHR': Bitwise Logical Shifts ******************************************* SHL r/m8,1 ; D0 /4 [8086] SHL r/m8,CL ; D2 /4 [8086] SHL r/m8,imm8 ; C0 /4 ib [286] SHL r/m16,1 ; o16 D1 /4 [8086] SHL r/m16,CL ; o16 D3 /4 [8086] SHL r/m16,imm8 ; o16 C1 /4 ib [286] SHL r/m32,1 ; o32 D1 /4 [386] SHL r/m32,CL ; o32 D3 /4 [386] SHL r/m32,imm8 ; o32 C1 /4 ib [386] SHR r/m8,1 ; D0 /5 [8086] SHR r/m8,CL ; D2 /5 [8086] SHR r/m8,imm8 ; C0 /5 ib [286] SHR r/m16,1 ; o16 D1 /5 [8086] SHR r/m16,CL ; o16 D3 /5 [8086] SHR r/m16,imm8 ; o16 C1 /5 ib [286] SHR r/m32,1 ; o32 D1 /5 [386] SHR r/m32,CL ; o32 D3 /5 [386] SHR r/m32,imm8 ; o32 C1 /5 ib [386] `SHL' and `SHR' perform a logical shift operation on the given source/destination (first) operand. The vacated bits are filled with zero. A synonym for `SHL' is `SAL' (see *Note Section A.146::). NASM will assemble either one to the same code, but NDISASM will always disassemble that code as `SHL'. The number of bits to shift by is given by the second operand. Only the bottom 3, 4 or 5 bits (depending on the source operand size) of the shift count are considered by processors above the 8086. You can force the longer (286 and upwards, beginning with a `C1' byte) form of `SHL foo,1' by using a `BYTE' prefix: `SHL foo,BYTE 1'. Similarly with `SHR'.  File: nasm.info, Node: Section A.153, Next: Section A.154, Prev: Section A.152, Up: Appendix A A.153. `SHLD', `SHRD': Bitwise Double-Precision Shifts ****************************************************** SHLD r/m16,reg16,imm8 ; o16 0F A4 /r ib [386] SHLD r/m16,reg32,imm8 ; o32 0F A4 /r ib [386] SHLD r/m16,reg16,CL ; o16 0F A5 /r [386] SHLD r/m16,reg32,CL ; o32 0F A5 /r [386] SHRD r/m16,reg16,imm8 ; o16 0F AC /r ib [386] SHRD r/m32,reg32,imm8 ; o32 0F AC /r ib [386] SHRD r/m16,reg16,CL ; o16 0F AD /r [386] SHRD r/m32,reg32,CL ; o32 0F AD /r [386] `SHLD' performs a double-precision left shift. It notionally places its second operand to the right of its first, then shifts the entire bit string thus generated to the left by a number of bits specified in the third operand. It then updates only the _first_ operand according to the result of this. The second operand is not modified. `SHRD' performs the corresponding right shift: it notionally places the second operand to the _left_ of the first, shifts the whole bit string right, and updates only the first operand. For example, if `EAX' holds `0x01234567' and `EBX' holds `0x89ABCDEF', then the instruction `SHLD EAX,EBX,4' would update `EAX' to hold `0x12345678'. Under the same conditions, `SHRD EAX,EBX,4' would update `EAX' to hold `0xF0123456'. The number of bits to shift by is given by the third operand. Only the bottom 5 bits of the shift count are considered.  File: nasm.info, Node: Section A.154, Next: Section A.155, Prev: Section A.153, Up: Appendix A A.154. `SMI': System Management Interrupt ***************************************** SMI ; F1 [386,UNDOC] This is an opcode apparently supported by some AMD processors (which is why it can generate the same opcode as `INT1'), and places the machine into system-management mode, a special debugging mode.  File: nasm.info, Node: Section A.155, Next: Section A.156, Prev: Section A.154, Up: Appendix A A.155. `SMSW': Store Machine Status Word **************************************** SMSW r/m16 ; 0F 01 /4 [286,PRIV] `SMSW' stores the bottom half of the `CR0' control register (or the Machine Status Word, on 286 processors) into the destination operand. See also `LMSW' (*Note Section A.96::).  File: nasm.info, Node: Section A.156, Next: Section A.157, Prev: Section A.155, Up: Appendix A A.156. `STC', `STD', `STI': Set Flags ************************************* STC ; F9 [8086] STD ; FD [8086] STI ; FB [8086] These instructions set various flags. `STC' sets the carry flag; `STD' sets the direction flag; and `STI' sets the interrupt flag (thus enabling interrupts). To clear the carry, direction, or interrupt flags, use the `CLC', `CLD' and `CLI' instructions (*Note Section A.15::). To invert the carry flag, use `CMC' (*Note Section A.16::).  File: nasm.info, Node: Section A.157, Next: Section A.158, Prev: Section A.156, Up: Appendix A A.157. `STOSB', `STOSW', `STOSD': Store Byte to String ****************************************************** STOSB ; AA [8086] STOSW ; o16 AB [8086] STOSD ; o32 AB [386] `STOSB' stores the byte in `AL' at `[ES:DI]' or `[ES:EDI]', and sets the flags accordingly. It then increments or decrements (depending on the direction flag: increments if the flag is clear, decrements if it is set) `DI' (or `EDI'). The register used is `DI' if the address size is 16 bits, and `EDI' if it is 32 bits. If you need to use an address size not equal to the current `BITS' setting, you can use an explicit `a16' or `a32' prefix. Segment override prefixes have no effect for this instruction: the use of `ES' for the store to `[DI]' or `[EDI]' cannot be overridden. `STOSW' and `STOSD' work in the same way, but they store the word in `AX' or the doubleword in `EAX' instead of the byte in `AL', and increment or decrement the addressing registers by 2 or 4 instead of 1. The `REP' prefix may be used to repeat the instruction `CX' (or `ECX' - again, the address size chooses which) times.  File: nasm.info, Node: Section A.158, Next: Section A.159, Prev: Section A.157, Up: Appendix A A.158. `STR': Store Task Register ********************************* STR r/m16 ; 0F 00 /1 [286,PRIV] `STR' stores the segment selector corresponding to the contents of the Task Register into its operand.  File: nasm.info, Node: Section A.159, Next: Section A.160, Prev: Section A.158, Up: Appendix A A.159. `SUB': Subtract Integers ******************************* SUB r/m8,reg8 ; 28 /r [8086] SUB r/m16,reg16 ; o16 29 /r [8086] SUB r/m32,reg32 ; o32 29 /r [386] SUB reg8,r/m8 ; 2A /r [8086] SUB reg16,r/m16 ; o16 2B /r [8086] SUB reg32,r/m32 ; o32 2B /r [386] SUB r/m8,imm8 ; 80 /5 ib [8086] SUB r/m16,imm16 ; o16 81 /5 iw [8086] SUB r/m32,imm32 ; o32 81 /5 id [386] SUB r/m16,imm8 ; o16 83 /5 ib [8086] SUB r/m32,imm8 ; o32 83 /5 ib [386] SUB AL,imm8 ; 2C ib [8086] SUB AX,imm16 ; o16 2D iw [8086] SUB EAX,imm32 ; o32 2D id [386] `SUB' performs integer subtraction: it subtracts its second operand from its first, and leaves the result in its destination (first) operand. The flags are set according to the result of the operation: in particular, the carry flag is affected and can be used by a subsequent `SBB' instruction (*Note Section A.148::). In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign- extended to the length of the first operand. In these cases, the `BYTE' qualifier is necessary to force NASM to generate this form of the instruction.  File: nasm.info, Node: Section A.160, Next: Section A.161, Prev: Section A.159, Up: Appendix A A.160. `TEST': Test Bits (notional bitwise AND) *********************************************** TEST r/m8,reg8 ; 84 /r [8086] TEST r/m16,reg16 ; o16 85 /r [8086] TEST r/m32,reg32 ; o32 85 /r [386] TEST r/m8,imm8 ; F6 /7 ib [8086] TEST r/m16,imm16 ; o16 F7 /7 iw [8086] TEST r/m32,imm32 ; o32 F7 /7 id [386] TEST AL,imm8 ; A8 ib [8086] TEST AX,imm16 ; o16 A9 iw [8086] TEST EAX,imm32 ; o32 A9 id [386] `TEST' performs a `mental' bitwise AND of its two operands, and affects the flags as if the operation had taken place, but does not store the result of the operation anywhere.  File: nasm.info, Node: Section A.161, Next: Section A.162, Prev: Section A.160, Up: Appendix A A.161. `UMOV': User Move Data ***************************** UMOV r/m8,reg8 ; 0F 10 /r [386,UNDOC] UMOV r/m16,reg16 ; o16 0F 11 /r [386,UNDOC] UMOV r/m32,reg32 ; o32 0F 11 /r [386,UNDOC] UMOV reg8,r/m8 ; 0F 12 /r [386,UNDOC] UMOV reg16,r/m16 ; o16 0F 13 /r [386,UNDOC] UMOV reg32,r/m32 ; o32 0F 13 /r [386,UNDOC] This undocumented instruction is used by in-circuit emulators to access user memory (as opposed to host memory). It is used just like an ordinary memory/register or register/register `MOV' instruction, but accesses user space.  File: nasm.info, Node: Section A.162, Next: Section A.163, Prev: Section A.161, Up: Appendix A A.162. `VERR', `VERW': Verify Segment Readability/Writability ************************************************************* VERR r/m16 ; 0F 00 /4 [286,PRIV] VERW r/m16 ; 0F 00 /5 [286,PRIV] `VERR' sets the zero flag if the segment specified by the selector in its operand can be read from at the current privilege level. `VERW' sets the zero flag if the segment can be written.  File: nasm.info, Node: Section A.163, Next: Section A.164, Prev: Section A.162, Up: Appendix A A.163. `WAIT': Wait for Floating-Point Processor ************************************************ WAIT ; 9B [8086] `WAIT', on 8086 systems with a separate 8087 FPU, waits for the FPU to have finished any operation it is engaged in before continuing main processor operations, so that (for example) an FPU store to main memory can be guaranteed to have completed before the CPU tries to read the result back out. On higher processors, `WAIT' is unnecessary for this purpose, and it has the alternative purpose of ensuring that any pending unmasked FPU exceptions have happened before execution continues.  File: nasm.info, Node: Section A.164, Next: Section A.165, Prev: Section A.163, Up: Appendix A A.164. `WBINVD': Write Back and Invalidate Cache ************************************************ WBINVD ; 0F 09 [486] `WBINVD' invalidates and empties the processor's internal caches, and causes the processor to instruct external caches to do the same. It writes the contents of the caches back to memory first, so no data is lost. To flush the caches quickly without bothering to write the data back first, use `INVD' (*Note Section A.84::).  File: nasm.info, Node: Section A.165, Next: Section A.166, Prev: Section A.164, Up: Appendix A A.165. `WRMSR': Write Model-Specific Registers ********************************************** WRMSR ; 0F 30 [PENT] `WRMSR' writes the value in `EDX:EAX' to the processor Model- Specific Register (MSR) whose index is stored in `ECX'. See also `RDMSR' (*Note Section A.139::).  File: nasm.info, Node: Section A.166, Next: Section A.167, Prev: Section A.165, Up: Appendix A A.166. `XADD': Exchange and Add ******************************* XADD r/m8,reg8 ; 0F C0 /r [486] XADD r/m16,reg16 ; o16 0F C1 /r [486] XADD r/m32,reg32 ; o32 0F C1 /r [486] `XADD' exchanges the values in its two operands, and then adds them together and writes the result into the destination (first) operand. This instruction can be used with a `LOCK' prefix for multi-processor synchronisation purposes.  File: nasm.info, Node: Section A.167, Next: Section A.168, Prev: Section A.166, Up: Appendix A A.167. `XBTS': Extract Bit String ********************************* XBTS reg16,r/m16 ; o16 0F A6 /r [386,UNDOC] XBTS reg32,r/m32 ; o32 0F A6 /r [386,UNDOC] No clear documentation seems to be available for this instruction: the best I've been able to find reads `Takes a string of bits from the first operand and puts them in the second operand'. It is present only in early 386 processors, and conflicts with the opcodes for `CMPXCHG486'. NASM supports it only for completeness. Its counterpart is `IBTS' (see *Note Section A.75::).  File: nasm.info, Node: Section A.168, Next: Section A.169, Prev: Section A.167, Up: Appendix A A.168. `XCHG': Exchange *********************** XCHG reg8,r/m8 ; 86 /r [8086] XCHG reg16,r/m8 ; o16 87 /r [8086] XCHG reg32,r/m32 ; o32 87 /r [386] XCHG r/m8,reg8 ; 86 /r [8086] XCHG r/m16,reg16 ; o16 87 /r [8086] XCHG r/m32,reg32 ; o32 87 /r [386] XCHG AX,reg16 ; o16 90+r [8086] XCHG EAX,reg32 ; o32 90+r [386] XCHG reg16,AX ; o16 90+r [8086] XCHG reg32,EAX ; o32 90+r [386] `XCHG' exchanges the values in its two operands. It can be used with a `LOCK' prefix for purposes of multi-processor synchronisation. `XCHG AX,AX' or `XCHG EAX,EAX' (depending on the `BITS' setting) generates the opcode `90h', and so is a synonym for `NOP' (*Note Section A.109::).  File: nasm.info, Node: Section A.169, Next: Section A.170, Prev: Section A.168, Up: Appendix A A.169. `XLATB': Translate Byte in Lookup Table ********************************************** XLATB ; D7 [8086] `XLATB' adds the value in `AL', treated as an unsigned byte, to `BX' or `EBX', and loads the byte from the resulting address (in the segment specified by `DS') back into `AL'. The base register used is `BX' if the address size is 16 bits, and `EBX' if it is 32 bits. If you need to use an address size not equal to the current `BITS' setting, you can use an explicit `a16' or `a32' prefix. The segment register used to load from `[BX+AL]' or `[EBX+AL]' can be overridden by using a segment register name as a prefix (for example, `es xlatb').  File: nasm.info, Node: Section A.170, Prev: Section A.169, Up: Appendix A A.170. `XOR': Bitwise Exclusive OR ********************************** XOR r/m8,reg8 ; 30 /r [8086] XOR r/m16,reg16 ; o16 31 /r [8086] XOR r/m32,reg32 ; o32 31 /r [386] XOR reg8,r/m8 ; 32 /r [8086] XOR reg16,r/m16 ; o16 33 /r [8086] XOR reg32,r/m32 ; o32 33 /r [386] XOR r/m8,imm8 ; 80 /6 ib [8086] XOR r/m16,imm16 ; o16 81 /6 iw [8086] XOR r/m32,imm32 ; o32 81 /6 id [386] XOR r/m16,imm8 ; o16 83 /6 ib [8086] XOR r/m32,imm8 ; o32 83 /6 ib [386] XOR AL,imm8 ; 34 ib [8086] XOR AX,imm16 ; o16 35 iw [8086] XOR EAX,imm32 ; o32 35 id [386] `XOR' performs a bitwise XOR operation between its two operands (i.e. each bit of the result is 1 if and only if exactly one of the corresponding bits of the two inputs was 1), and stores the result in the destination (first) operand. In the forms with an 8-bit immediate second operand and a longer first operand, the second operand is considered to be signed, and is sign- extended to the length of the first operand. In these cases, the `BYTE' qualifier is necessary to force NASM to generate this form of the instruction. The MMX instruction `PXOR' (see *Note Section A.137::) performs the same operation on the 64-bit MMX registers.