- •Table of Contents
- •Foreword
- •Do Not Pass GO
- •Counting in Martian
- •Octal: How the Grinch Stole Eight and Nine
- •Hexadecimal: Solving the Digit Shortage
- •From Hex to Decimal and from Decimal to Hex
- •Arithmetic in Hex
- •Binary
- •Hexadecimal as Shorthand for Binary
- •Switches, Transistors, and Memory
- •The Shop Foreman and the Assembly Line
- •The Box That Follows a Plan
- •DOS and DOS files
- •Compilers and Assemblers
- •The Assembly Language Development Process
- •DEBUG and How to Use It
- •Chapter 5: NASM-IDE: A Place to Stand Give me a lever long enough, and a place to stand, and I will move the Earth.
- •NASM-IDE's Place to Stand
- •Using NASM-IDE's Tools
- •NASM-IDE's Editor in Detail
- •Other NASM-IDE Features
- •The Nature of Segments
- •16-Bit and 32-Bit Registers
- •The Three Major Assembly Programming Models
- •Reading and Changing Registers with DEBUG
- •Assembling and Executing Machine Instructions with DEBUG
- •Machine Instructions and Their Operands
- •Reading and Using an Assembly Language Reference
- •Rally Round the Flags, Boys!
- •Using Type Specifiers
- •The Bones of an Assembly Language Program
- •Assembling and Running EAT.ASM
- •One Program, Three Segments
- •Last In, First Out via the Stack
- •Using DOS Services through INT
- •Boxes within Boxes
- •Using BIOS Services
- •Building External Libraries of Procedures
- •Creating and Using Macros
- •Bits Is Bits (and Bytes Is Bits)
- •Shifting Bits
- •Flags, Tests, and Branches
- •Assembly Odds 'n Ends
- •The Notion of an Assembly Language String
- •REP STOSW, the Software Machine Gun
- •The Semiautomatic Weapon: STOSW without REP
- •Storing Data to Discontinuous Strings
- •Chapter 12: The Programmer's View of Linux Tools and Skills to Help You Write Assembly Code under a True 32-Bit OS
- •Prerequisites-Yukkh!
- •NASM for Linux
- •What's GNU?
- •The make Utility and Dependencies
- •Using the GNU Debugger
- •Your Work Strategy
- •Genuflecting to the C Culture
- •A Framework to Build On
- •The Perks of Protected Mode
- •Characters Out
- •Characters In
- •Be a Time Lord
- •Generating Random Numbers
- •Accessing Command-Line Arguments
- •Simple File I/O
- •Conclusion: Not the End, But Only the Beginning
- •Where to Now?
- •Stepping off Square One
- •Notes on the Instruction Set Reference
- •AAA Adjust AL after BCD Addition
- •ADC Arithmetic Addition with Carry
- •ADD Arithmetic Addition
- •AND Logical AND
- •BT Bit Test (386+)
- •CALL Call Procedure
- •CLC Clear Carry Flag (CF)
- •CLD Clear Direction Flag (DF)
- •CMP Arithmetic Comparison
- •DEC Decrement Operand
- •IMUL Signed Integer Multiplication
- •INC Increment Operand
- •INT Software Interrupt
- •IRET Return from Interrupt
- •J? Jump on Condition
- •JMP Unconditional Jump
- •LEA Load Effective Address
- •MOV Move (Copy) Right Operand into Left Operand
- •NOP No Operation
- •NOT Logical NOT (One's Complement)
- •OR Logical OR
- •POP Pop Top of Stack into Operand
- •POPA Pop All 16-Bit Registers (286+)
- •POPF Pop Top of Stack into Flags
- •POPFD Pop Top of Stack into EFlags (386+)
- •PUSH Push Operand onto Top of Stack
- •PUSHA Push All 16-Bit GP Registers (286+)
- •PUSHAD Push All 32-Bit GP Registers (386+)
- •PUSHF Push 16-Bit Flags onto Stack
- •PUSHFD Push 32-Bit EFlags onto Stack (386+)
- •RET Return from Procedure
- •ROL Rotate Left
- •ROR Rotate Right
- •SBB Arithmetic Subtraction with Borrow
- •SHL Shift Left
- •SHR Shift Right
- •STC Set Carry Flag (CF)
- •STD Set Direction Flag (DF)
- •STOS Store String
- •SUB Arithmetic Subtraction
- •XCHG Exchange Operands
- •XOR Exclusive Or
- •Appendix C: Web URLs for Assembly Programmers
- •Appendix D: Segment Register Assumptions
- •Appendix E: What's on the CD-ROM?
- •Index
- •List of Figures
- •List of Tables
JMP Unconditional Jump
Flags affected:
O |
D |
I |
T |
S |
Z A P C |
OF: Overflow flag TF: Trap flag AF: Aux carry |
|||
F |
F |
F |
F |
F |
F F F F DF: Direction |
flag SF: Sign |
flag |
PF: Parity flag |
|
|
|
<none> |
IF: Interrupt |
flag ZF: Zero |
flag |
CF: Carry flag |
|||
Legal forms:
JMP <short displacement> |
|
JMP <near label> |
|
JMP <far label> |
|
JMP r16 |
386+ |
JMP r32 |
|
JMP m16 |
|
JMP m32 |
|
Examples:
JMP RightCloseBy |
;Plus or minus 128 bytes |
JMP InsideMySegment |
;To 16-bit offset from CS |
JMP OutsideMySegment |
;To immediate 32-bit address |
JMP DX |
;To 16-bit offset stored in DX register |
JMP EAX |
;To 32-bit offset stored in EAX register |
JMP WORD [BX+DI+17] |
;To Near address stored at [BX+DI+17] |
JMP DWORD [BX+DI+17] |
;To full 32-bit address stored at [BX+DI+17] |
Notes:
JMP transfers control unconditionally to the destination given as the single operand. In addition to defined labels, JMP can transfer control to a 16-bit signed offset from IP (or 32-bit signed offset from EIP) stored in a general-purpose register, or to an address (either Near or Far) stored in memory and accessed through any legal addressing mode. These m16 and m32 forms are useful for creating jump tables in memory, where a jump table is an array of addresses. For example, JMP [BX+DI+17] would transfer control to the 16-bit offset into the code segment found at the based-indexed-displacement address [BX+DI+17].
No flags are affected, and, unlike CALL, no return address is pushed onto the stack.
r8 = AL AH BL BH CL CH DL DH sr = CS DS SS ES FS GS
m8 = 8-bit memory data
m32 = 32-bit memory data
i16 = 16-bit immediate data
d8 = 8-bit signed displacement
d32 = 32-bit unsigned displacement
r16 = AX BX CX DX BP SP SI DI
r32 = EAX EBX ECX EDX EBP ESP ESI E m16 = 16-bit memory data
i8 = 8-bit immediate data
i32 = 32-bit immediate data
16 = 16-bit signed displacement
LEA Load Effective Address
Flags affected:
O |
D |
I |
T |
S |
Z A P C |
OF: Overflow flag TF: Trap flag AF: Aux carry |
|||
F |
F |
F |
F |
F |
F F F F DF: Direction |
flag SF: Sign |
flag |
PF: Parity flag |
|
|
|
<none> |
IF: Interrupt |
flag ZF: Zero |
flag |
CF: Carry flag |
|||
Legal forms:
LEA r16,m<any size>
LEA r32,m<any size>
Examples:
LEA EBX,[EAX+EDX*4+128] |
;Loads calculated address into EBX |
LEA BP,MyWordVar |
;Loads offset of MyWordVar to BP |
Notes:
LEA derives the offset of the source operand from the start of its segment and loads that offset into the destination operand. The destination operand must be a register and cannot be memory. The source operand must be a memory operand, but it can be any size. The address stored in the destination operand is the address of the first byte of the source in memory, and the size of the source in memory is unimportant.
This is a good, clean way to place the address of a variable into a register prior to a procedure or interrupt call.
LEA can also be used to perform register math, since the address specified in the second operand is calculated but not accessed. The address can thus be an address for which your program does not have permission to access. Any math that can be expressed as a valid address calculation may be done with LEA.
This is one of the few places where NASM does not require a size specifier before an operand that gives a memory address, again, because LEA calculates the address but moves no data to or from that address.
r8 = AL AH BL BH CL CH DL DH sr = CS DS SS ES FS GS
m8 = 8-bit memory data
m32 = 32-bit memory data
i16 = 16-bit immediate data
d8 = 8-bit signed displacement
d32 = 32-bit unsigned displacement
r16 = AX BX CX DX BP SP SI DI
r32 = EAX EBX ECX EDX EBP ESP ESI E m16 = 16-bit memory data
i8 = 8-bit immediate data
i32 = 32-bit immediate data
d16 = 16-bit signed displacement
LOOP Loop until CX/ECX = 0
Flags affected:
O |
D |
I |
T |
S |
Z A P C |
OF: Overflow flag TF: Trap flag AF: Aux carry |
|||
F |
F |
F |
F |
F |
F F F F DF: Direction |
flag SF: Sign |
flag |
PF: Parity flag |
|
|
|
<none> |
IF: Interrupt |
flag ZF: Zero |
flag |
CF: Carry flag |
|||
Legal forms:
LOOP d8
Examples:
LOOP PokeValue
Notes:
LOOP is a combination decrement counter, test, and jump instruction. It uses the CX register in 16-bit modes, and ECX in 32-bit modes. The operation of LOOP is logistically identical in both modes, and I use 16-bit coding as an example here.
LOOP simplifies code by acting as a DEC CX instruction, a CMP CX,0 instruction, and JZ instruction, all at once. A repeat count must be initially loaded into CX. When the LOOP instruction is executed, it first decrements CX. Then it tests to see if CX = 0. If CX is not 0, LOOP transfers control to the displacement specified as its operand:
MOV CX,17
DoIt: CALL CrunchIt
CALL StuffIt
LOOP DoIt
Here, the two procedure CALLs will be made 17 times. The first 16 times through, CX will still be nonzero and LOOP will transfer control to DoIt. On the 17th pass, however, LOOP will decrement CX to 0, and then fall through to the next instruction in sequence when it tests CX.
LOOP does not alter any flags, even when CX is decremented to 0. Warning: Watch your initial conditions! If CX is initially 0, LOOP will decrement it to 65,535 (0FFFFH) and then perform the loop 65,535 times. Worse, if you're working in 32-bit protected mode and enter a loop with ECX = 0, the loop will be performed over 2 billion times, which might be long enough to look like a system lockup.
r8 = AL AH BL BH CL CH DL DH sr = CS DS SS ES FS GS
m8 = 8-bit memory data
m32 = 32-bit memory data
i16 = 16-bit immediate data
d8 = 8-bit signed displacement
d32 = 32-bit unsigned displacement
r16 = AX BX CX DX BP SP SI DI
r32 = EAX EBX ECX EDX EBP ESP ESI E m16 = 16-bit memory data
i8 = 8-bit immediate data
i32 = 32-bit immediate data
d16 = 16-bit signed displacement
LOOPNZ/LOOPNE Loop While CX/ECX > 0 and ZF = 0
Flags affected:
O |
D |
I |
T |
S |
Z A P C |
OF: Overflow flag TF: Trap flag AF: Aux carry |
|||
F |
F |
F |
F |
F |
F F F F DF: Direction |
flag SF: Sign |
flag |
PF: Parity flag |
|
|
|
<none> |
IF: Interrupt |
flag ZF: Zero |
flag |
CF: Carry flag |
|||
Legal forms:
LOOPNZ d8
LOOPNE d8
Examples:
LOOPNZ StartProcess
LOOPNE GoSomewhere
Notes:
LOOPNZ and LOOPNE are synonyms and generate identical opcodes. Like LOOP, they use either CX or ECX depending on the BITS setting and hence the mode. LOOPNZ/LOOPNE decrements CX and jumps to the location specified in the target operand if CX is not 0 and the Zero flag ZF is 0. Otherwise, execution falls through to the next instruction.
What this means is that the loop is pretty much controlled by ZF. If ZF remains 0, the loop is looped until CX is decremented to 0. But as soon as ZF is set to 1, the loop terminates. Think of it as "Loop While Not Zero Flag."
Keep in mind that LOOPNZ does not itself affect ZF. Some instruction within the loop (typically one of the string instructions) must do something to affect ZF to terminate the loop before CX/ECX counts down to 0.
r8 = AL AH BL BH CL CH DL DH sr = CS DS SS ES FS GS
m8 = 8-bit memory data
m32 = 32-bit memory data
i16 = 16-bit immediate data
d8 = 8-bit signed displacement
d32 = 32-bit unsigned displacement
r16 = AX BX CX DX BP SP SI DI
r32 = EAX EBX ECX EDX EBP ESP ESI E m16 = 16-bit memory data
i8 = 8-bit immediate data
i32 = 32-bit immediate data
d16 = 16-bit signed displacement
LOOPZ/LOOPE Loop While CX/ECX > 0 and ZF = 1
Flags affected:
O |
D |
I |
T |
S |
Z A P C |
OF: Overflow flag TF: Trap flag AF: Aux carry |
|||
F |
F |
F |
F |
F |
F F F F DF: Direction |
flag SF: Sign |
flag |
PF: Parity flag |
|
|
|
<none> |
IF: Interrupt |
flag ZF: Zero |
flag |
CF: Carry flag |
|||
Legal forms:
LOOPZ d8
LOOPE d8
Examples:
LOOPZ SenseOneShots
LOOPE CRCGenerate
Notes:
LOOPZ and LOOPE are synonyms and generate identical opcodes. Like LOOP, they use either CX or ECX depending on the BITS setting and hence the mode. LOOPZ/LOOPE decrements CX and jumps to the location specified in the target operand if CX is not 0 and the Zero flag ZF is 1. Otherwise, execution falls through to the next instruction.
What this means is that the loop is pretty much controlled by ZF. If ZF remains 1, the loop is looped until CX is decremented to 0. But as soon as ZF is cleared to 0, the loop terminates. Think of it as "Loop While Zero Flag."
Keep in mind that LOOPZ does not itself affect ZF. Some instruction within the loop (typically one of the string instructions) must do something to affect ZF to terminate the loop before CX/ECX counts down to 0.
r8 |
= AL AH |
BL BH CL CH |
DL DH |
r16 |
= AX BX CX DX BP SP SI DI |
sr = CS DS SS ES FS GS |
|
r32 |
= EAX EBX ECX EDX EBP ESP ESI E |
||
m8 |
= 8-bit memory data |
|
m16 |
= 16-bit memory data |
|
m32 |
= 32-bit memory data |
i8 = 8-bit immediate data |
|||
i16 |
= 16-bit immediate |
data |
i32 |
= 32-bit immediate data |
|
d8 |
= 8-bit signed displacement |
d16 |
= 16-bit signed displacement |
||
d32 |
= 32-bit unsigned displacement |
|
|
||