summaryrefslogtreecommitdiff
path: root/instructions.txt
blob: 52dcea5143cb1eaef782626b2a0d5c14b60de93e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Linux syscall calling convention:
rax  - syscall number
rdi, rsi, rdx, r10, r8, r9  - arguments
return value placed in rax

Instruction set:

mov rax, imm64
>48 b8 IMM64
xor eax, eax (sets rax to 0, much shorter than mov rax, 0)
>31 c0
mov rdest, rsrc
ax	bx	cx	dx	sp	bp	si	di
0	3	1	2	4	5	6	7
>48 89 (dest | src << 3 | 0xc0)
mov r8, rax (for syscalls)
>49 89 c0
mov r9, rax (for syscalls)
>49 89 c1
mov r10, rax (for syscalls)
>49 89 c2
xchg rax, rbx
>48 93
mov qword [rbx], rax
>48 89 03
mov rax, qword [rbx]
>48 8b 03
mov dword [rbx], eax
>89 03
mov eax, dword [rbx]
>8b 03
mov word [rbx], ax
>66 89 03
mov ax, word [rbx]
>66 8b 03
mov byte [rbx], al
>88 03
mov al, byte [rbx]
>8a 03
mov rax, qword [rbp+imm32]
>48 8b 85 IMM32  (note: imm may be negative)
mov qword [rbp+imm32], rax
>48 89 85 IMM32  (note: imm may be negative)
mov qword [rsp], rbp
>48 89 2c 24
mov rbp, qword [rsp]
>48 8b 2c 24
mov ebx, imm32
>bb IMM32
neg rax
>48 f7 d8
add rax, rbx
>48 01 d8
imul rbx
>48 f7 eb
idiv rbx
>48 f7 fb
mul rbx
>48 f7 e3
div rbx
>48 f7 f3
not rax
>48 f7 d0
and rax, rbx
>48 21 d8
or rax, rbx
>48 09 d8
xor rax, rbx
>48 31 d8
shl rax, cl
>48 d3 e0
shl rax, imm8
>48 c1 e0 IMM8
shr rax, cl
>48 d3 e8
shr rax, imm8
>48 c1 e8 IMM8
sar rax, cl
>48 d3 f8
sar rax, imm8
>48 c1 f8 IMM8
sub rsp, imm32
>48 81 ec IMM32
add rsp, imm32
>48 81 c4 IMM32
cmp rax, rbx
>48 39 d8
test rax, rax
>48 85 c0
jmp rel32
>e9 REL32
je rel32
>0f 84 REL32
jne rel32
>0f 85 REL32
jl rel32
>0f 8c REL32
jg rel32
>0f 8f REL32
jb rel32
>0f 82 REL32
ja rel32
>0f 87 REL32
call rax
>ff d0
ret
>c3
syscall
>0f 05
nop
>90
(more will be added as needed)

to be removed:
mov qword [rsp], rax
>48 89 04 24
mov rax, qword [rsp]
>48 8b 04 24