Complete X86 Opcodes Reference Guide
Complete X86 Opcodes Reference Guide
Reference guide for common x86 instruction opcodes with a description and example.
Basic Data Movement Instructions
| Opcode |
Description |
Example |
MOV |
Move data between registers or memory |
MOV EAX, 42 |
PUSH |
Push value onto stack |
PUSH EBX |
POP |
Pop value from stack |
POP ECX |
XCHG |
Exchange values |
XCHG AX, BX |
LEA |
Load effective address |
LEA EAX, [EBX + 4*ECX] |
MOVSX |
Move with sign extension |
MOVSX EAX, AL |
MOVZX |
Move with zero extension |
MOVZX EAX, BL |
Arithmetic Operations
| Opcode |
Description |
Example |
ADD |
Add two operands |
ADD EAX, EBX |
SUB |
Subtract second operand from first |
SUB ECX, 10 |
MUL |
Unsigned multiply |
MUL EBX |
IMUL |
Signed multiply |
IMUL EAX, ECX, 4 |
DIV |
Unsigned divide |
DIV ECX |
IDIV |
Signed divide |
IDIV EBX |
INC |
Increment by 1 |
INC EAX |
DEC |
Decrement by 1 |
DEC ECX |
NEG |
Negate operand (two’s complement) |
NEG EAX |
Logical Operations
| Opcode |
Description |
Example |
AND |
Bitwise AND |
AND EAX, 0xF |
OR |
Bitwise OR |
OR AL, BL |
XOR |
Bitwise XOR |
XOR EAX, EAX |
NOT |
Bitwise NOT (one’s complement) |
NOT DX |
SHL/SAL |
Shift left |
SHL EAX, 2 |
SHR |
Logical shift right |
SHR EBX, CL |
SAR |
Arithmetic shift right |
SAR AL, 1 |
ROL |
Rotate left |
ROL DL, 3 |
ROR |
Rotate right |
ROR BX, 4 |
RCL |
Rotate left through carry |
RCL EAX, 1 |
RCR |
Rotate right through carry |
RCR ECX, 2 |
BT |
Bit test |
BT EAX, 15 |
BTS |
Bit test and set |
BTS ECX, 7 |
BTR |
Bit test and reset |
BTR EDX, 3 |
BTC |
Bit test and complement |
BTC EAX, 10 |
BSF |
Bit scan forward |
BSF EAX, EBX |
BSR |
Bit scan reverse |
BSR EDX, ECX |
Control Flow Instructions
| Opcode |
Description |
Example |
JMP |
Unconditional jump |
JMP label |
JE/JZ |
Jump if equal/zero |
JE exit_loop |
JNE/JNZ |
Jump if not equal/not zero |
JNE continue |
JG/JNLE |
Jump if greater/not less or equal |
JG positive |
JGE/JNL |
Jump if greater or equal/not less |
JGE non_negative |
JL/JNGE |
Jump if less/not greater or equal |
JL negative |
JLE/JNG |
Jump if less or equal/not greater |
JLE non_positive |
JA/JNBE |
Jump if above/not below or equal |
JA larger |
JAE/JNB |
Jump if above or equal/not below |
JAE greater_equal |
JB/JNAE |
Jump if below/not above or equal |
JB smaller |
JBE/JNA |
Jump if below or equal/not above |
JBE less_equal |
JC |
Jump if carry |
JC error |
JNC |
Jump if not carry |
JNC success |
JS |
Jump if sign |
JS negative_value |
JNS |
Jump if not sign |
JNS positive_value |
JO |
Jump if overflow |
JO overflow_handler |
JNO |
Jump if not overflow |
JNO continue_calc |
JP/JPE |
Jump if parity/parity even |
JP check_again |
JNP/JPO |
Jump if no parity/parity odd |
JNP continue |
CALL |
Call procedure |
CALL my_procedure |
RET |
Return from procedure |
RET |
LOOP |
Loop with ECX counter |
LOOP iteration |
LOOPE/LOOPZ |
Loop if equal/zero |
LOOPE find_match |
LOOPNE/LOOPNZ |
Loop if not equal/not zero |
LOOPNE scan_next |
Comparison Instructions
| Opcode |
Description |
Example |
CMP |
Compare operands |
CMP EAX, 100 |
TEST |
Test operands (logical AND without storing) |
TEST AL, 0x80 |
String Operations
| Opcode |
Description |
Example |
MOVS/MOVSB/MOVSW/MOVSD |
Move string data |
REP MOVSB |
CMPS/CMPSB/CMPSW/CMPSD |
Compare strings |
REPE CMPSB |
SCAS/SCASB/SCASW/SCASD |
Scan string |
REPNE SCASB |
LODS/LODSB/LODSW/LODSD |
Load string |
LODSB |
STOS/STOSB/STOSW/STOSD |
Store string |
REP STOSW |
Stack Instructions
| Opcode |
Description |
Example |
PUSHAD |
Push all general-purpose registers |
PUSHAD |
PUSHA |
Push all 16-bit general-purpose registers |
PUSHA |
PUSHFD |
Push EFLAGS register |
PUSHFD |
PUSHF |
Push FLAGS register |
PUSHF |
POPAD |
Pop all general-purpose registers |
POPAD |
POPA |
Pop all 16-bit general-purpose registers |
POPA |
POPFD |
Pop EFLAGS register |
POPFD |
POPF |
Pop FLAGS register |
POPF |
System Instructions
| Opcode |
Description |
Example |
INT |
Generate interrupt |
INT 0x80 |
IRET/IRETD |
Return from interrupt |
IRETD |
CLI |
Clear interrupt flag |
CLI |
STI |
Set interrupt flag |
STI |
HLT |
Halt processor |
HLT |
NOP |
No operation |
NOP |
CPUID |
CPU identification |
CPUID |
RDTSC |
Read time-stamp counter |
RDTSC |
IN |
Input from port |
IN AL, 0x60 |
OUT |
Output to port |
OUT 0x43, AL |
Floating Point Instructions
| Opcode |
Description |
Example |
FLD |
Load floating-point value |
FLD DWORD PTR [EBX] |
FST |
Store floating-point value |
FST DWORD PTR [ECX] |
FSTP |
Store floating-point value and pop |
FSTP QWORD PTR [EDX] |
FADD |
Add floating-point values |
FADD ST, ST(1) |
FSUB |
Subtract floating-point values |
FSUB ST, ST(2) |
FMUL |
Multiply floating-point values |
FMUL ST(1), ST |
FDIV |
Divide floating-point values |
FDIV ST, ST(3) |
FCOM |
Compare floating-point values |
FCOM ST(1) |
FCOMP |
Compare floating-point values and pop |
FCOMP ST(2) |
FABS |
Absolute value |
FABS |
FSQRT |
Square root |
FSQRT |
FSIN |
Sine |
FSIN |
FCOS |
Cosine |
FCOS |
FPTAN |
Partial tangent |
FPTAN |
FRNDINT |
Round to integer |
FRNDINT |
FINIT |
Initialize FPU |
FINIT |
SIMD Instructions (MMX/SSE/SSE2)
| Opcode |
Description |
Example |
MOVDQA |
Move aligned packed data |
MOVDQA XMM0, [ESI] |
MOVDQU |
Move unaligned packed data |
MOVDQU XMM1, [EDI] |
PADDB |
Add packed byte integers |
PADDB MM0, MM1 |
PADDW |
Add packed word integers |
PADDW XMM0, XMM1 |
PADDD |
Add packed doubleword integers |
PADDD XMM2, XMM3 |
PSUBB |
Subtract packed byte integers |
PSUBB MM2, MM3 |
PSUBW |
Subtract packed word integers |
PSUBW XMM0, [EAX] |
PSUBD |
Subtract packed doubleword integers |
PSUBD XMM1, XMM2 |
PMULLW |
Multiply packed word integers |
PMULLW MM0, MM1 |
PMULLD |
Multiply packed doubleword integers |
PMULLD XMM0, XMM1 |
PAND |
Bitwise AND of packed data |
PAND XMM0, XMM2 |
POR |
Bitwise OR of packed data |
POR MM0, MM1 |
PXOR |
Bitwise XOR of packed data |
PXOR XMM0, XMM0 |
PCMPEQB |
Compare packed bytes for equality |
PCMPEQB XMM1, XMM2 |
PCMPGTW |
Compare packed words for greater than |
PCMPGTW MM0, MM1 |
PSHUFD |
Shuffle packed doublewords |
PSHUFD XMM0, XMM1, 0x1B |
ADDPS |
Add packed single-precision values |
ADDPS XMM0, XMM1 |
MULPS |
Multiply packed single-precision values |
MULPS XMM2, XMM3 |
SQRTPS |
Square root of packed single-precision values |
SQRTPS XMM0, XMM1 |
MAXPS |
Maximum of packed single-precision values |
MAXPS XMM0, [EBX] |
MINPS |
Minimum of packed single-precision values |
MINPS XMM1, XMM2 |
Special-Purpose Instructions
| Opcode |
Description |
Example |
ENTER |
Create stack frame |
ENTER 16, 0 |
LEAVE |
High-level procedure exit |
LEAVE |
BOUND |
Check array index against bounds |
BOUND AX, [BX] |
ARPL |
Adjust requested privilege level |
ARPL [EDI], DX |
LAR |
Load access rights |
LAR EAX, BX |
LSL |
Load segment limit |
LSL ECX, EDX |
SGDT |
Store global descriptor table |
SGDT [EAX] |
SIDT |
Store interrupt descriptor table |
SIDT [ECX] |
LGDT |
Load global descriptor table |
LGDT [EBX] |
LIDT |
Load interrupt descriptor table |
LIDT [EDX] |
LDS |
Load far pointer using DS |
LDS SI, [BX] |
LES |
Load far pointer using ES |
LES DI, [SI] |
LFS |
Load far pointer using FS |
LFS ECX, [EDX] |
LGS |
Load far pointer using GS |
LGS ESI, [EDI] |
LSS |
Load far pointer using SS |
LSS ESP, [EBP] |
Covers the most commonly used x86 opcodes. Modern x86 processors support many more specialized instructions, including virtualization extensions, advanced vector extensions (AVX), and other instruction set extensions not covered here.