x86-session05.ppt

X86 Session_05Instructions in X86

Property of Accel Technologies Ltd., Copyright protected

Bit Manipulation Instructions NOT : Invert each bit of a word or a byte AND : AND each bit in a byte or word with the corresponding bit in another byte or word OR : OR each bit in a byte or word with the corresponding bit in another byte or word XOR : Exclusive OR each bit in a byte or word with the corresponding bit in another byte or word TEST : AND operands to update flags, but dont change the operands


Bit Manipulation Instructions NOT BX : complement the contents of BX register AND BH,CL : AND byte in CL with byte in BH AND CX,[SI] : AND word in DS at offset [SI] with word in CX register OR AH,CL : CL Ored with AH ; result in AH OR BP,SI : SI Ored with BP ,result in BP TEST AL,BH : AND BH with AL and update PF,SF,ZF ;no result stored

Property of Accel Technologies Ltd., Copyright protectedThe TEST instruction is used to set flags before a conditional jump instruction.Example of a polling sequence using TEST:AGAIN: IN AL,2AH TEST AL,01H ;to test if the LSB of AL is 1 0r 0 JZ AGAIN

Bit Manipulation Instructions SHL/SAL : Shift operand bits of word or byte left, put zeroes in LSBs, MSB in the CF; In the case of multiple bit shifts,CF will contain the bit most recently shifted in SAL BX,1 : Shift word in BX 1 bit position left SHR : Shift bits of word or byte right, put zeroes in MSBs,LSB in to CF SAR : Shift bits of word or byte right, copy old MSB into new MSB ;LSB in to CF

Property of Accel Technologies Ltd., Copyright protectedIf the desired number of shifts is 1,this can be specified by putting a 1 in the count position.For shifts of more than 1 bit position, the desired number of shifts is loaded into the CL register.OF will be 1 if CF and the current MSB are not the same.For multiple bit shifts,OF is undefined.The SAR instruction copies the old MSB as a bit in the MSB is shifted out.

Bit Manipulation Instructions ROL : Rotate bits of byte or word left, MSB to LSB and to CF ROR : Rotate bits of byte or word right, LSB to MSB and to CF RCL : Rotate bits of byte or word left, MSB to CF and CF to LSB RCR : Rotate bits of byte or word right, LSB to CF and CF to MSB

Property of Accel Technologies Ltd., Copyright protectedTo rotate more than one bit position,load the desired number into the CL register.E.g: RCL DX,1 MOV CL,4 RCL SUM[BX],CLOF flag=1 for a single bit RCL =undefined after a multi bit rotateThe 80186/286/386 allow the specification of rotations up to 32 bit positions.

Rotate InstructionsCF MSB LSB : ROL

CF MSB LSB : ROR

CF MSB LSB : RCL

CF MSB LSB : RCR


String Instructions

REP : Repeat following instruction until CX =0 REPE/REPZ : Repeat following instruction until CX =0 or zero flag not equal to 1 REPNE/REPNZ:Repeat until CX =0 or ZF =1 MOVS/MOVSB/MOVSW : Move byte or word from one string to another CMPS/CMPSB/CMPSW :Compare two string bytes or two string words;Uses SI an DI; AF,CF,OF,PF,SF,ZF are affected; Can be used with REPE instructions


ExamplesREP MOVSB - continues to copy string bytes until the number of bytes loaded into CX has been copiedREPE CMPSB - compares string bytes until end of string or until string bytes not equal

E.g.: MOV SI,OFFSET FIRST_STRING MOV DI,OFFSET SECOND_STRING CLD MOV CX,100 REPE CMPSB

Property of Accel Technologies Ltd., Copyright protectedThe B in the CMPS tells the assembler that the strings are of type byte.If you want to tell the assembler that the strings are of type word,write the instructions as CMPSW.The REPE CMPSW instruction will cause the pointers in SI and DI to be incremented by 2 after each compare if the DF is cleared or decremented by 2 if the DF is set.

String Instructions

INS/INSB/INSW : Input string byte or word from port(80186/80188)OUTS/OUTSB/OUTSW : Output string byte or word from port(80186/80188)SCAS/SCASB/SCASW: Scan a string.Compare a string byte with a byte in AL or a string word with a word in AX.The byte or the word is pointed to by DI in ESLODS/LODSB/LODSW:Load string byte into AL or string word into AX pointed by SISTOS/STOSB/STOSW: store byte from AL or word from AX into string

Property of Accel Technologies Ltd., Copyright protectedSCAS compares a byte or aword in AX with a byte or a word pointed to by DI in ES.That is the string to be scanned must be in the extra segment.For byte strings,the DI will be incremented or decremented by 1 depending on whether DF is 0 or 1.For word strings, DI will be incremented or decremented by 2.

Examples;scan a text string of 80 characters for a carriage ;return,ODH

MOV DI,OFFSET TEXT_STRINGMOV AL,0DH ;Byte to be scannedMOV CX,80CLD ;DI to be auto incrementedREPNE SCAS TEXT_STRING

Scanning is repeated as long as the bytes are not equal and end of the string has not been reached


8086 InstructionsProgram Execution Transfer Instructions

CALL : Call a procedure ,saving return address in stackRET : Return from procedure to calling programJMP : Go to specified address to get next instructionJA/JNBE : Jump if above / Jump if not below or equalJAE/JNB : Jump if above or equal/jump if not belowJB/JNAE : Jump if below/Jump if not above or equalJBE/JNA : Jump if below or equal/Jump if not aboveJC : Jump if carry flag =1

Property of Accel Technologies Ltd., Copyright protectedThe CALL instruction can be a near call or a far call. A near call is within a segment same as the code segment.For this type of call the IP is saved to get the return address.For a far call,or inter segment calls,the CS and the IP are saved.A RET instruction can be followed by a number for example,RET 6.In this case,the SP will be incremented by an additional 6 addresses .Used to increment the SP over parameters passed to the procedure on the stackBelow and above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersAll conditional jumps will have a jump range of -128 bytes to +127 bytes

CALL instructionNear CALL: procedure within the same segment;copies the offset of the next instruction after the CALL onto the stackFar CALL:copies the CS contents onto the stack;again decrements the SP by 2 and stores the offset of the next instruction after the CALL onto the stackThen loads the CS with the segment base of the segment containing the procedure and loads the IP with the offset of the first instruction of the procedure


ExamplesCALL MULTO ; A direct near callCALL BX ; An indirect near call,replaces IP with the contents of BXCALL WORD PTR [BX] ; offset of first instruction of procedure is in two memory addresses in DSSMART_DIVIDE PROC FARCALL SMART_DIVIDE ; A direct call to another segment

CALL DWORD PTR[BX] ; An indirect call to another segment;New value for CS is fetched from [BX] and [BX+1] and IP is fetched from [BX+2] and [BX+3]


Examples

JMP CONTINUE ; jump to the label continueJMP BX ; near indirect jumpJMP WORD PTR[BX] ; indirect near jumpJMP DWORD PTR[SI]; indirect far jumpCMP AX,4371H ; if AX is larger than 4371HJA RUN_PRESS ; jump to label RUN_PRESSCMP AX,4371H ; jump to label RUN_PRESS if AXJNBE RUN_PRESS ; is not below or equal to 4371HNote: The label must be in the range of -128 bytes to +127 bytes


JMP Instruction1) Near Jump: destination is in the same code segment as the JM instruction. Only the IP is changed to get the new address.2) Far Jump: destination is in a different segment.Both the IP and the CS are changed to get the new address Note: This instruction does not affect the flags



JE/JZ : Jump if equal/Jump if zero flag=1 JG/JNLE: Jump if greater/Jump if not less than or equalJGE/JNL: Jump if greater or equal/Jump if not less thanJL/JNGE : Jump if less / Jump if not greater or equalJLE/JNG : Jump if less or equal/jump if not greater than JNC : Jump if carry flag =0JNE/JNZ : Jump if not equal /Jump if not zero JNO : Jump if no overflow (OV =0)

Property of Accel Technologies Ltd., Copyright protectedBelo wand above refer to unsigned binary numbersGreater than and less than refer to signed binary numbers


JNP/JPO : Jump if not parity /Jump if parity odd JNS : Jump if not sign (SF =0) JO : Jump if overflow flag =1JP/JPE : Jump if parity/Jump if parity even(PF=1)JS : Jump if sign (SF=1)



LOOP : Loop through a sequence of instructions until CX=0 LOOPE/LOOPZ : Loop through a sequence of instructions while ZF =1 and CX not equal to 0LOOPNE/LOOPNZ : Loop through a sequence of instructions while ZF=0 and CX not equal to zeroJCXZ : Jump to specified address if CX = 0

Property of Accel Technologies Ltd., Copyright protectedBelow and above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersLOOP Next: the address range to be -128 bytes to +127 bytesMOV BX,OFFSET PRICESMOV CX,40NEXT: MOV AL,[BX] ADD AL,07H DAA MOV [BX],AL INC BX LOOP NEXT

ExamplesMOV BX,OFFSET PRICES ; point BX at first element in arrayMOV CX,40 ; load CX with number of elements in arrayNEXT: MOV AL,[BX] ; get element from array ADD AL,07H ; add correction factor DAA MOV [BX],AL INC BX LOOP NEXT ; repeat until all elements adjusted



INT : Interrupt program execution,call service procedureINT0 : Interrupt program execution if OF =1IRET : Return from interrupt service procedure to main programENTER : Enter procedure (80186/80188 only) LEAVE: Leave procedure (80186/80188 only) BOUND: Check if effective address within specified array bounds (80186/80188 only)

Property of Accel Technologies Ltd., Copyright protectedINTO will get the new value for the IP from address 00010H and a new value of CS from address 00012H.IRET copies the previous flags when returning from interrupt service procedure whereas RET instruction doesnt copy the flags from the stack.

More About INTINT Type can be between 0 and 255. When 8086 encounters an INT instruction1) decrement SP by 2 and push the flags2) decrement SP by 2 and push CS 3) decrement SP by 2 and push offset of the next instruction4) Store IP with a value 4 x type; For e.g: INT 8 will read from 00020H5) Store CS from an absolute memory address of (4 x type) +2; For e.g: INT 8 will read from 00022H6) Reset IF and TF


More About INTThree sourcesHardware interruptNMI input pinINTR input pinSoftware interruptExecution of INT instructionError condition caused by the execution of an instruction


8086 interrupt response

Push flagsClear IFClear TFPush CSPush IPFetch ISR addressPop IPPop CSPop FlagsMain line programInterrupt service procedure

Push RegistersPop registersIRET


8086 interrupt responseThe first 1Kbyte of memory from 00000H to 003FFH is set as a table for storing the starting addresses of ISRsThe starting address of an interrupt service procedure is called the interrupt vector or interrupt pointerThe table is known as interrupt vector table or the interrupt pointer table


8086 interrupt responseOf the 256 types interrupts,Type 0 is for Divide error,Type 1 is for single step,Type 2 pointer is NMI,Type 3 for breakpoint function,Type 4 for INTOType 5 t0 31 are reserved for 80286,80386 and 8048632 to 255 are available as hardware and software interrupts


8086 interrupt response

Software interrupts types 0 to 255 can be usedFor an INTR interrupt,the interrupt type is sent to the 8086 from a Programmable interrupt controller such as 8259A


Priority of 8086 interruptsDivide error,INT n,INTONMIINTRSingle stepBut,when an NMI and divide operation occur at the same time,processor starts to do the divide by zero but performs NMI


8086 InstructionsProcessor Control Instructions

STC : Set carry flag CF to 1CLC: Clear carry flag to 0CMC : Complement the state of the carry flagSTD : Set direction flag DF to 1CLD : Clear direction flag to 1STI : Set interrupt enable flag to 1CLI : Clear interrupt enable flag to 0


Processor Control InstructionsHLT : halt until interrupt or resetWAIT: Wait until signal on the TEST pin is low or until an interrupt signal is received on the INTR or the NMI interrupt input pins.ESC : Escape to external coprocessor such as 8087 or 8089LOCK : prevents another processor from taking the system bus while the adjacent instruction executesNOP : No action except fetch and decode

Property of Accel Technologies Ltd., Copyright protectedThe WAIT instruction is used to synchronize the 8086 with external hardware such as the 8087 math coprocessor.

The TEST instruction is used to set flags before a conditional jump instruction.Example of a polling sequence using TEST:AGAIN: IN AL,2AH TEST AL,01H ;to test if the LSB of AL is 1 0r 0 JZ AGAINIf the desired number of shifts is 1,this can be specified by putting a 1 in the count position.For shifts of more than 1 bit position, the desired number of shifts is loaded into the CL register.OF will be 1 if CF and the current MSB are not the same.For multiple bit shifts,OF is undefined.The SAR instruction copies the old MSB as a bit in the MSB is shifted out.To rotate more than one bit position,load the desired number into the CL register.E.g: RCL DX,1 MOV CL,4 RCL SUM[BX],CLOF flag=1 for a single bit RCL =undefined after a multi bit rotateThe 80186/286/386 allow the specification of rotations up to 32 bit positions.

The B in the CMPS tells the assembler that the strings are of type byte.If you want to tell the assembler that the strings are of type word,write the instructions as CMPSW.The REPE CMPSW instruction will cause the pointers in SI and DI to be incremented by 2 after each compare if the DF is cleared or decremented by 2 if the DF is set.SCAS compares a byte or aword in AX with a byte or a word pointed to by DI in ES.That is the string to be scanned must be in the extra segment.For byte strings,the DI will be incremented or decremented by 1 depending on whether DF is 0 or 1.For word strings, DI will be incremented or decremented by 2.The CALL instruction can be a near call or a far call. A near call is within a segment same as the code segment.For this type of call the IP is saved to get the return address.For a far call,or inter segment calls,the CS and the IP are saved.A RET instruction can be followed by a number for example,RET 6.In this case,the SP will be incremented by an additional 6 addresses .Used to increment the SP over parameters passed to the procedure on the stackBelow and above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersAll conditional jumps will have a jump range of -128 bytes to +127 bytes

Belo wand above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersBelo wand above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersBelow and above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersLOOP Next: the address range to be -128 bytes to +127 bytesMOV BX,OFFSET PRICESMOV CX,40NEXT: MOV AL,[BX] ADD AL,07H DAA MOV [BX],AL INC BX LOOP NEXT

INTO will get the new value for the IP from address 00010H and a new value of CS from address 00012H.IRET copies the previous flags when returning from interrupt service procedure whereas RET instruction doesnt copy the flags from the stack.

Belo wand above refer to unsigned binary numbersGreater than and less than refer to signed binary numbersThe WAIT instruction is used to synchronize the 8086 with external hardware such as the 8087 math coprocessor.

x86-session05.ppt

Documents

Transcript of x86-session05.ppt