X86 Instruction Encoding
From OSDev Wiki
This article describes how X86 and X86-64 instructions are encoded.
Contents |
General Overview
An X86 instruction may be at most 15 bytes in length. It consists of the following components in the given order, where the prefixes are at the least-significant (lowest) address in memory:
- Legacy prefixes (optional):
- Lock prefix (1 byte)
- Repeat prefix (1 byte)
- Segment override prefix (1 byte)
- Operand-size override prefix (1 byte)
- Address-size override prefix (1 byte)
- REX prefix (1 byte, 64-bit only)
- Opcode (1, 2 or 3 bytes, required)
- ModR/M (1 byte, if required)
- SIB (1 byte, if required)
- Displacement (1, 2 or 4 bytes, if required)
- Immediate (1, 2 or 4 bytes, if required)
Legacy Prefixes
Each instruction can have up to four prefixes. Sometimes a prefix is required for the instruction while it loses it's original meaning. The following prefixes can be used:
- Prefix group 1
- 0xF0: LOCK prefix
- 0xF2: REPNE/REPNZ prefix
- 0xF3: REP or REPE/REPZ prefix
- Prefix group 2
- 0x2E: CS segment override
- 0x36: SS segment override
- 0x3E: DS segment override
- 0x26: ES segment override
- 0x64: FS segment override
- 0x65: GS segment override
- 0x2E: Branch not taken
- 0x3E: Branch taken
- Prefix group 3
- 0x66: Operand-size override prefix
- Prefix group 4
- 0x67: Address-size override prefix
LOCK prefix
With the LOCK prefix, certain read-modify-write instructions are executed atomically. The LOCK prefix can only be used with the following instructions or an Invalid Opcode Exception occurs: ADC, ADD, AND, BTC, BTR, BTS, CMPXCHG, CMPXCHG8B, CMPXCHG16B, DEC, INC, NEG, NOT, OR, SBB, SUB, XADD, XCHG and XOR.
REPNE/REPNZ, REP and REPE/REPZ prefixes
The repeat prefixes cause string handling instructions to be repeated.
The REP prefix will repeat the associated instruction up to CX times, decreasing CX with every repetition. It can be used with the INS, LODS, MOVS, OUTS and STOS instructions.
REPE and REPZ are synonyms and repeat the instruction until CX reaches 0 or when ZF is set to 0. It can be used with the CMPS, CMPSB, CMPSD, CMPSW, SCAS, SCASB, SCASD and SCASW instructions.
REPNE and REPNZ also are synonyms and repeat the instruction until CX reaches 0 or when ZF is set to 1. It can be used with the CMPS, CMPSB, CMPSD, CMPSW, SCAS, SCASB, SCASD and SCASW instructions
CS, SS, DS, ES, FS and GS segment override prefixes
Segment overrides are used with instructions that reference non-stack memory. The default segment is implied by the instruction, and using a specific override forces the use of the specified segment for memory operands.
In 64-bit the CS, SS, DS and ES segment overrides are ignored.
Branch taken/not taken prefixes
Branch hints may be used to lessen the impact of branch misprediction somewhat. The 'branch taken' hint is a strong hint, while the 'branch not taken' hint is a weak hint. The branch hints are only supported by Intel since the Pentium 4. Whether using them on AMD architectures has any (positive or negative) effect at all is not known.
Operand-size and address-size override prefix
The default operand-size and address-size can be overridden using these prefix. See the following table:
| Operating mode | CS.d | 0x66 prefix (operand) | 0x67 prefix (address) | REX.w | Operand-size | Address-size |
|---|---|---|---|---|---|---|
| Real mode | N/A | N/A | N/A | N/A | 16-bit | 16-bit |
| Virtual 8086 mode | N/A | N/A | N/A | N/A | 16-bit | 16-bit |
| Protected mode | 0 | no | no | N/A | 16-bit | 16-bit |
| 0 | no | yes | N/A | 16-bit | 32-bit | |
| 0 | yes | no | N/A | 32-bit | 16-bit | |
| 0 | yes | yes | N/A | 32-bit | 32-bit | |
| 1 | no | no | N/A | 32-bit | 32-bit | |
| 1 | no | yes | N/A | 32-bit | 16-bit | |
| 1 | yes | no | N/A | 16-bit | 32-bit | |
| 1 | yes | yes | N/A | 16-bit | 16-bit | |
| Long compatibility mode | 0 | no | no | N/A | 16-bit | 16-bit |
| 0 | no | yes | N/A | 16-bit | 32-bit | |
| 0 | yes | no | N/A | 32-bit | 16-bit | |
| 0 | yes | yes | N/A | 32-bit | 32-bit | |
| 1 | no | no | N/A | 32-bit | 32-bit | |
| 1 | no | yes | N/A | 32-bit | 16-bit | |
| 1 | yes | no | N/A | 16-bit | 32-bit | |
| 1 | yes | yes | N/A | 16-bit | 16-bit | |
| Long 64-bit mode | ignored | no | no | 0 | 32-bit | 64-bit |
| ignored | no | yes | 0 | 32-bit1 | 32-bit | |
| ignored | yes | no | 0 | 16-bit | 64-bit | |
| ignored | yes | yes | 0 | 16-bit | 32-bit | |
| ignored | ignored | no | 1 | 64-bit1 | 64-bit | |
| ignored | ignored | yes | 1 | 64-bit | 32-bit |
1: The following instructions default to (or are fixed at) 64-bit operands and do not need the REX prefix for this: CALL (near), ENTER, Jcc, JrCXZ, JMP (near), LEAVE, LGDT, LIDT, LLDT, LOOP, LOOPcc, LTR, MOV CR(n), MOV DR(n), POP reg/mem, POP reg, POP FS, POP GS, POPFQ, PUSH imm8, PUSH imm32, PUSH reg/mem, PUSH reg, PUSH FS, PUSH GS, PUSHFQ and RET (near).
NASM determines the operand size by looking at the MODRM.reg or (for a register) MODRM.rm fields. When they are both 32-bit, the operand size becomes 32-bit. Same for 16-bit and 64-bit. When they differ, an error occurs at compile time. The address size is determined by looking at (for a memory operand) the MODRM.rm field, or the SIB.base, SIB.index and displacement, in that order. So when SIB.base uses a 16-bit register (such as AX), the address size becomes 16-bit. Using a 32-bit displacement will result in the displacement being truncated.
REX prefix
The REX prefix enabled 64-bit specific features. The layout is as follows:
7 0 +---+---+---+---+---+---+---+---+ | 0 1 0 0 | w | r | x | b | +---+---+---+---+---+---+---+---+
- b0100 (4 bits)
- REX.w (1 bit)
- REX.r (1 bit)
- REX.x (1 bit)
- REX.b (1 bit)
REX.w
When this 1-bit value is 0, the default operand size is used (which is 32-bit for most but not all instructions, see this table). When 1, a 64-bit operand size is used.
REX.r
This 1-bit value is an extension to the MODRM.reg field. See Registers.
REX.x
This 1-bit value is an extension to the SIB.index field. See 64-bit addressing.
REX.b
This 1-bit value is an extension to the MODRM.rm field or the SIB.base field. See 64-bit addressing.
Opcode
There are 1, 2 and 3-byte opcodes. Some opcodes start with the same bytes as some prefixes, without taking the meaning of the prefix.
ModR/M and SIB bytes
The ModR/M and SIB bytes is used to encode the source and destination register or memory offset of an instruction.
ModR/M
The ModR/M byte encodes a register or an opcode extension, and a register or a memory address. It is only required when /r or /0 through /7 is specified at the opcode syntax. It has the following fields:
7 0 +---+---+---+---+---+---+---+---+ | mod | reg | rm | +---+---+---+---+---+---+---+---+
- MODRM.mod (2 bits)
- MODRM.reg (3 bits)
- MODRM.rm (3 bits)
The MODRM.mod and MODRM.rm fields are explained in the table. The MODRM.reg field can have one of two values:
- A 3-bit opcode extension, which is used by some instructions but has no futher meaning other than distincting the instruction from other instructions. When /0 through /7 is specified at the opcode syntax, use that value as the value for the MODRM.reg field.
- A 3-bit register reference, which can be used as the source or the destination of an instruction (depending on the instruction). This is the case when /r is specified at the opcode syntax. Which register is meant depends on the operand-size of the instruction and the instruction itself. See the Value column of the following table for the possible values of the MODRM.reg field:
Registers
| REX.b,r,x | Value | 8-bit GP | 16-bit GP | 32-bit GP | 64-bit GP | 64-bit MMX | 128-bit XMM | 16-bit Seg. reg | 32-bit Contr. reg | 32-bit Debug. reg |
|---|---|---|---|---|---|---|---|---|---|---|
| 0 | 0 | AL | AX | EAX | RAX | MM0 | XMM0 | ES | CR0 | DR0 |
| 0 | 1 | CL | CX | ECX | RCX | MM1 | XMM1 | CS | CR1 | DR1 |
| 0 | 2 | DL | DX | EDX | RDX | MM2 | XMM2 | SS | CR2 | DR2 |
| 0 | 3 | BL | BX | EBX | RBX | MM3 | XMM3 | DS | CR3 | DR3 |
| 0 | 4 | AH, SPL1 | SP | ESP | RSP | MM4 | XMM4 | FS | CR4 | DR4 |
| 0 | 5 | CH, BPL1 | BP | EBP | RBP | MM5 | XMM5 | GS | CR5 | DR5 |
| 0 | 6 | DH, SIL1 | SI | ESI | RSI | MM6 | XMM6 | invalid | CR6 | DR6 |
| 0 | 7 | BH, DIL1 | DI | EDI | RDI | MM7 | XMM7 | invalid | CR7 | DR7 |
| 1 | 0 | R8L | R8W | R8D | R8 | MM0 | XMM8 | ES | CR8 | DR8 |
| 1 | 1 | R9L | R9W | R9D | R9 | MM1 | XMM9 | CS | CR9 | DR9 |
| 1 | 2 | R10L | R10W | R10D | R10 | MM2 | XMM10 | SS | CR10 | DR10 |
| 1 | 3 | R11L | R11W | R11D | R11 | MM3 | XMM11 | DS | CR11 | DR11 |
| 1 | 4 | R12L | R12W | R12D | R12 | MM4 | XMM12 | FS | CR12 | DR12 |
| 1 | 5 | R13L | R13W | R13D | R13 | MM5 | XMM13 | GS | CR13 | DR13 |
| 1 | 6 | R14L | R14W | R14D | R14 | MM6 | XMM14 | invalid | CR14 | DR14 |
| 1 | 7 | R15L | R15W | R15D | R15 | MM7 | XMM15 | invalid | CR15 | DR15 |
1: When any REX prefix is used, SPL, BPL, SIL and DIL are used. Otherwise, without any REX prefix AH, CH, DH and BH are used.
SIB
The SIB byte has the following fields:
7 0 +---+---+---+---+---+---+---+---+ | scale | index | base | +---+---+---+---+---+---+---+---+
- SIB.scale (2 bits)
- SIB.index (3 bits)
- SIB.base (3 bits)
The SIB.scale field indicates the scaling factor, where s (as used in the tables) equals 2SIB.scale.
| SIB.scale | factor s |
|---|---|
| b00 | 1 |
| b01 | 2 |
| b10 | 4 |
| b11 | 8 |
16-bit addressing
These are the meanings of the Mod (vertically) and R/M (horizontally) bits for 16-bit addressing: (The SIB-byte is not used in 16-bit addressing.)
| Mod | R/M=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
|---|---|---|---|---|---|---|---|---|
| b00 | [BX+SI] | [BX+DI] | [BP+SI] | [BP+DI] | [SI] | [DI] | disp16 | [BX] |
| b01 | [BX+SI]+disp8 | [BX+DI]+disp8 | [BP+SI]+disp8 | [BP+DI]+disp8 | [SI]+disp8 | [DI]+disp8 | [BP]+disp8 | [BX]+disp8 |
| b10 | [BX+SI]+disp16 | [BX+DI]+disp16 | [BP+SI]+disp16 | [BP+DI]+disp16 | [SI]+disp16 | [DI]+disp16 | [BP]+disp16 | [BX]+disp16 |
| b11 | AL, AX | CL, CX | DL, DX | BL, BX | AH, SP | CH, BP | DH, SI | BH, DI |
32-bit addressing
These are the meanings of the Mod (vertically) and R/M (horizontally) bits for 32-bit addressing:
| Mod | R/M=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
|---|---|---|---|---|---|---|---|---|
| b00 | [EAX] | [ECX] | [EDX] | [EBX] | SIB | disp32 | [ESI] | [EDI] |
| b01 | [EAX]+disp8 | [ECX]+disp8 | [EDX]+disp8 | [EBX]+disp8 | SIB+disp8 | [EBP]+disp8 | [ESI]+disp8 | [EDI]+disp8 |
| b10 | [EAX]+disp32 | [ECX]+disp32 | [EDX]+disp32 | [EBX]+disp32 | SIB+disp32 | [EBP]+disp32 | [ESI]+disp32 | [EDI]+disp32 |
| b11 | EAX, MM0, XMM0 | ECX, MM1, XMM1 | EDX, MM2, XMM2 | EBX, MM3, XMM3 | ESP, MM4, XMM4 | EBP, MM5, XMM5 | ESI, MM6, XMM6 | EDI, MM7, XMM7 |
32-bit SIB byte
The meaning of the SIB byte while using 32-bit addressing is as follows. The ModR/M byte's Mod field and the SIB byte's index field are used vertically, the SIB byte's base field horizontally. The s is the scaling factor.
| Mod | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
|---|---|---|---|---|---|---|---|---|---|
| b00 | b000 | [EAX] + ([EAX] * s) | [ECX] + ([EAX] * s) | [EDX] + ([EAX] * s) | [EBX] + ([EAX] * s) | [ESP] + ([EAX] * s) | ([EAX] * s) + disp32 | [ESI] + ([EAX] * s) | [EDI] + ([EAX] * s) |
| b001 | [EAX] + ([ECX] * s) | [ECX] + ([ECX] * s) | [EDX] + ([ECX] * s) | [EBX] + ([ECX] * s) | [ESP] + ([ECX] * s) | ([ECX] * s) + disp32 | [ESI] + ([ECX] * s) | [EDI] + ([ECX] * s) | |
| b010 | [EAX] + ([EDX] * s) | [ECX] + ([EDX] * s) | [EDX] + ([EDX] * s) | [EBX] + ([EDX] * s) | [ESP] + ([EDX] * s) | ([EDX] * s) + disp32 | [ESI] + ([EDX] * s) | [EDI] + ([EDX] * s) | |
| b011 | [EAX] + ([EBX] * s) | [ECX] + ([EBX] * s) | [EDX] + ([EBX] * s) | [EBX] + ([EBX] * s) | [ESP] + ([EBX] * s) | ([EBX] * s) + disp32 | [ESI] + ([EBX] * s) | [EDI] + ([EBX] * s) | |
| b100 | [EAX] | [ECX] | [EDX] | [EBX] | [ESP] | disp32 | [ESI] | [EDI] | |
| b101 | [EAX] + ([EBP] * s) | [ECX] + ([EBP] * s) | [EDX] + ([EBP] * s) | [EBX] + ([EBP] * s) | [ESP] + ([EBP] * s) | ([EBP] * s) + disp32 | [ESI] + ([EBP] * s) | [EDI] + ([EBP] * s) | |
| b110 | [EAX] + ([ESI] * s) | [ECX] + ([ESI] * s) | [EDX] + ([ESI] * s) | [EBX] + ([ESI] * s) | [ESP] + ([ESI] * s) | ([ESI] * s) + disp32 | [ESI] + ([ESI] * s) | [EDI] + ([ESI] * s) | |
| b111 | [EAX] + ([EDI] * s) | [ECX] + ([EDI] * s) | [EDX] + ([EDI] * s) | [EBX] + ([EDI] * s) | [ESP] + ([EDI] * s) | ([EDI] * s) + disp32 | [ESI] + ([EDI] * s) | [EDI] + ([EDI] * s) | |
| b01 | b000 | [EAX] + ([EAX] * s) + disp8 | [ECX] + ([EAX] * s) + disp8 | [EDX] + ([EAX] * s) + disp8 | [EBX] + ([EAX] * s) + disp8 | [ESP] + ([EAX] * s) + disp8 | [EBP] + ([EAX] * s) + disp8 | [ESI] + ([EAX] * s) + disp8 | [EDI] + ([EAX] * s) + disp8 |
| b001 | [EAX] + ([ECX] * s) + disp8 | [ECX] + ([ECX] * s) + disp8 | [EDX] + ([ECX] * s) + disp8 | [EBX] + ([ECX] * s) + disp8 | [ESP] + ([ECX] * s) + disp8 | [EBP] + ([ECX] * s) + disp8 | [ESI] + ([ECX] * s) + disp8 | [EDI] + ([ECX] * s) + disp8 | |
| b010 | [EAX] + ([EDX] * s) + disp8 | [ECX] + ([EDX] * s) + disp8 | [EDX] + ([EDX] * s) + disp8 | [EBX] + ([EDX] * s) + disp8 | [ESP] + ([EDX] * s) + disp8 | [EBP] + ([EDX] * s) + disp8 | [ESI] + ([EDX] * s) + disp8 | [EDI] + ([EDX] * s) + disp8 | |
| b011 | [EAX] + ([EBX] * s) + disp8 | [ECX] + ([EBX] * s) + disp8 | [EDX] + ([EBX] * s) + disp8 | [EBX] + ([EBX] * s) + disp8 | [ESP] + ([EBX] * s) + disp8 | [EBP] + ([EBX] * s) + disp8 | [ESI] + ([EBX] * s) + disp8 | [EDI] + ([EBX] * s) + disp8 | |
| b100 | [EAX] + disp8 | [ECX] + disp8 | [EDX] + disp8 | [EBX] + disp8 | [ESP] + disp8 | [EBP] + disp8 | [ESI] + disp8 | [EDI] + disp8 | |
| b101 | [EAX] + ([EBP] * s) + disp8 | [ECX] + ([EBP] * s) + disp8 | [EDX] + ([EBP] * s) + disp8 | [EBX] + ([EBP] * s) + disp8 | [ESP] + ([EBP] * s) + disp8 | [EBP] + ([EBP] * s) + disp8 | [ESI] + ([EBP] * s) + disp8 | [EDI] + ([EBP] * s) + disp8 | |
| b110 | [EAX] + ([ESI] * s) + disp8 | [ECX] + ([ESI] * s) + disp8 | [EDX] + ([ESI] * s) + disp8 | [EBX] + ([ESI] * s) + disp8 | [ESP] + ([ESI] * s) + disp8 | [EBP] + ([ESI] * s) + disp8 | [ESI] + ([ESI] * s) + disp8 | [EDI] + ([ESI] * s) + disp8 | |
| b111 | [EAX] + ([EDI] * s) + disp8 | [ECX] + ([EDI] * s) + disp8 | [EDX] + ([EDI] * s) + disp8 | [EBX] + ([EDI] * s) + disp8 | [ESP] + ([EDI] * s) + disp8 | [EBP] + ([EDI] * s) + disp8 | [ESI] + ([EDI] * s) + disp8 | [EDI] + ([EDI] * s) + disp8 | |
| b10 | b000 | [EAX] + ([EAX] * s) + disp32 | [ECX] + ([EAX] * s) + disp32 | [EDX] + ([EAX] * s) + disp32 | [EBX] + ([EAX] * s) + disp32 | [ESP] + ([EAX] * s) + disp32 | [EBP] + ([EAX] * s) + disp32 | [ESI] + ([EAX] * s) + disp32 | [EDI] + ([EAX] * s) + disp32 |
| b001 | [EAX] + ([ECX] * s) + disp32 | [ECX] + ([ECX] * s) + disp32 | [EDX] + ([ECX] * s) + disp32 | [EBX] + ([ECX] * s) + disp32 | [ESP] + ([ECX] * s) + disp32 | [EBP] + ([ECX] * s) + disp32 | [ESI] + ([ECX] * s) + disp32 | [EDI] + ([ECX] * s) + disp32 | |
| b010 | [EAX] + ([EDX] * s) + disp32 | [ECX] + ([EDX] * s) + disp32 | [EDX] + ([EDX] * s) + disp32 | [EBX] + ([EDX] * s) + disp32 | [ESP] + ([EDX] * s) + disp32 | [EBP] + ([EDX] * s) + disp32 | [ESI] + ([EDX] * s) + disp32 | [EDI] + ([EDX] * s) + disp32 | |
| b011 | [EAX] + ([EBX] * s) + disp32 | [ECX] + ([EBX] * s) + disp32 | [EDX] + ([EBX] * s) + disp32 | [EBX] + ([EBX] * s) + disp32 | [ESP] + ([EBX] * s) + disp32 | [EBP] + ([EBX] * s) + disp32 | [ESI] + ([EBX] * s) + disp32 | [EDI] + ([EBX] * s) + disp32 | |
| b100 | [EAX] + disp32 | [ECX] + disp32 | [EDX] + disp32 | [EBX] + disp32 | [ESP] + disp32 | [EBP] + disp32 | [ESI] + disp32 | [EDI] + disp32 | |
| b101 | [EAX] + ([EBP] * s) + disp32 | [ECX] + ([EBP] * s) + disp32 | [EDX] + ([EBP] * s) + disp32 | [EBX] + ([EBP] * s) + disp32 | [ESP] + ([EBP] * s) + disp32 | [EBP] + ([EBP] * s) + disp32 | [ESI] + ([EBP] * s) + disp32 | [EDI] + ([EBP] * s) + disp32 | |
| b110 | [EAX] + ([ESI] * s) + disp32 | [ECX] + ([ESI] * s) + disp32 | [EDX] + ([ESI] * s) + disp32 | [EBX] + ([ESI] * s) + disp32 | [ESP] + ([ESI] * s) + disp32 | [EBP] + ([ESI] * s) + disp32 | [ESI] + ([ESI] * s) + disp32 | [EDI] + ([ESI] * s) + disp32 | |
| b111 | [EAX] + ([EDI] * s) + disp32 | [ECX] + ([EDI] * s) + disp32 | [EDX] + ([EDI] * s) + disp32 | [EBX] + ([EDI] * s) + disp32 | [ESP] + ([EDI] * s) + disp32 | [EBP] + ([EDI] * s) + disp32 | [ESI] + ([EDI] * s) + disp32 | [EDI] + ([EDI] * s) + disp32 | |
64-bit addressing
These are the meanings of the Mod (vertically), R/M (horizontally) and REX.B (also horizontally) bits for 64-bit addressing:
| REX.B = 0 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Mod | R/M=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b00 | [RAX] | [RCX] | [RDX] | [RBX] | SIB | RIP+disp32 | [RSI] | [RDI] |
| b01 | [RAX]+disp8 | [RCX]+disp8 | [RDX]+disp8 | [RBX]+disp8 | SIB+disp8 | [RBP]+disp8 | [RSI]+disp8 | [RDI]+disp8 |
| b10 | [RAX]+disp32 | [RCX]+disp32 | [RDX]+disp32 | [RBX]+disp32 | SIB+disp32 | [RBP]+disp32 | [RSI]+disp32 | [RDI]+disp32 |
| b11 | RAX, MM0, XMM0 | RCX, MM1, XMM1 | RDX, MM2, XMM2 | RBX, MM3, XMM3 | RSP, MM4, XMM4 | RBP, MM5, XMM5 | RSI, MM6, XMM6 | RDI, MM7, XMM7 |
| REX.B = 1 | ||||||||
| Mod | R/M=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b00 | [R8] | [R9] | [R10] | [R11] | SIB | RIP+disp32 | [R14] | [R15] |
| b01 | [R8]+disp8 | [R9]+disp8 | [R10]+disp8 | [R11]+disp8 | SIB+disp8 | [R13]+disp8 | [R14]+disp8 | [R15]+disp8 |
| b10 | [R8]+disp32 | [R9]+disp32 | [R10]+disp32 | [R11]+disp32 | SIB+disp32 | [R13]+disp32 | [R14]+disp32 | [R15]+disp32 |
| b11 | R8, MM0, XMM8 | R9, MM1, XMM9 | R10, MM2, XMM10 | R11, MM3, XMM11 | R12, MM4, XMM12 | R13, MM5, XMM13 | R14, MM6, XMM14 | R15, MM7, XMM15 |
64-bit SIB byte
The meaning of the SIB byte while using 64-bit addressing is as follows. The ModR/M byte's mod field and the SIB byte's index field and REX.X bit (denoted as X) are used vertically, the SIB byte's base field and REX.B bit horizontally. The s is the scaling factor.
| REX.B = 0 | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Mod | X | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b00 | 0 | b000 | [RAX] + ([RAX] * s) | [RCX] + ([RAX] * s) | [RDX] + ([RAX] * s) | [RBX] + ([RAX] * s) | [RSP] + ([RAX] * s) | ([RAX] * s) + disp32 | [RSI] + ([RAX] * s) | [RDI] + ([RAX] * s) |
| 0 | b001 | [RAX] + ([RCX] * s) | [RCX] + ([RCX] * s) | [RDX] + ([RCX] * s) | [RBX] + ([RCX] * s) | [RSP] + ([RCX] * s) | ([RCX] * s) + disp32 | [RSI] + ([RCX] * s) | [RDI] + ([RCX] * s) | |
| 0 | b010 | [RAX] + ([RDX] * s) | [RCX] + ([RDX] * s) | [RDX] + ([RDX] * s) | [RBX] + ([RDX] * s) | [RSP] + ([RDX] * s) | ([RDX] * s) + disp32 | [RSI] + ([RDX] * s) | [RDI] + ([RDX] * s) | |
| 0 | b011 | [RAX] + ([RBX] * s) | [RCX] + ([RBX] * s) | [RDX] + ([RBX] * s) | [RBX] + ([RBX] * s) | [RSP] + ([RBX] * s) | ([RBX] * s) + disp32 | [RSI] + ([RBX] * s) | [RDI] + ([RBX] * s) | |
| 0 | b100 | [RAX] | [RCX] | [RDX] | [RBX] | [RSP] | disp32 | [RSI] | [RDI] | |
| 0 | b101 | [RAX] + ([RBP] * s) | [RCX] + ([RBP] * s) | [RDX] + ([RBP] * s) | [RBX] + ([RBP] * s) | [RSP] + ([RBP] * s) | ([RBP] * s) + disp32 | [RSI] + ([RBP] * s) | [RDI] + ([RBP] * s) | |
| 0 | b110 | [RAX] + ([RSI] * s) | [RCX] + ([RSI] * s) | [RDX] + ([RSI] * s) | [RBX] + ([RSI] * s) | [RSP] + ([RSI] * s) | ([RSI] * s) + disp32 | [RSI] + ([RSI] * s) | [RDI] + ([RSI] * s) | |
| 0 | b111 | [RAX] + ([RDI] * s) | [RCX] + ([RDI] * s) | [RDX] + ([RDI] * s) | [RBX] + ([RDI] * s) | [RSP] + ([RDI] * s) | ([RDI] * s) + disp32 | [RSI] + ([RDI] * s) | [RDI] + ([RDI] * s) | |
| 1 | b000 | [RAX] + ([R8] * s) | [RCX] + ([R8] * s) | [RDX] + ([R8] * s) | [RBX] + ([R8] * s) | [RSP] + ([R8] * s) | ([R8] * s) + disp32 | [RSI] + ([R8] * s) | [RDI] + ([R8] * s) | |
| 1 | b001 | [RAX] + ([R9] * s) | [RCX] + ([R9] * s) | [RDX] + ([R9] * s) | [RBX] + ([R9] * s) | [RSP] + ([R9] * s) | ([R9] * s) + disp32 | [RSI] + ([R9] * s) | [RDI] + ([R9] * s) | |
| 1 | b010 | [RAX] + ([R10] * s) | [RCX] + ([R10] * s) | [RDX] + ([R10] * s) | [RBX] + ([R10] * s) | [RSP] + ([R10] * s) | ([R10] * s) + disp32 | [RSI] + ([R10] * s) | [RDI] + ([R10] * s) | |
| 1 | b011 | [RAX] + ([R11] * s) | [RCX] + ([R11] * s) | [RDX] + ([R11] * s) | [RBX] + ([R11] * s) | [RSP] + ([R11] * s) | ([R11] * s) + disp32 | [RSI] + ([R11] * s) | [RDI] + ([R11] * s) | |
| 1 | b100 | [RAX] + ([R12] * s) | [RCX] + ([R12] * s) | [RDX] + ([R12] * s) | [RBX] + ([R12] * s) | [RSP] + ([R12] * s) | disp32 | [RSI] + ([R12] * s) | [RDI] + ([R12] * s) | |
| 1 | b101 | [RAX] + ([R13] * s) | [RCX] + ([R13] * s) | [RDX] + ([R13] * s) | [RBX] + ([R13] * s) | [RSP] + ([R13] * s) | ([R13] * s) + disp32 | [RSI] + ([R13] * s) | [RDI] + ([R13] * s) | |
| 1 | b110 | [RAX] + ([R14] * s) | [RCX] + ([R14] * s) | [RDX] + ([R14] * s) | [RBX] + ([R14] * s) | [RSP] + ([R14] * s) | ([R14] * s) + disp32 | [RSI] + ([R14] * s) | [RDI] + ([R14] * s) | |
| 1 | b111 | [RAX] + ([R15] * s) | [RCX] + ([R15] * s) | [RDX] + ([R15] * s) | [RBX] + ([R15] * s) | [RSP] + ([R15] * s) | ([R15] * s) + disp32 | [RSI] + ([R15] * s) | [RDI] + ([R15] * s) | |
| REX.B = 1 | ||||||||||
| Mod | X | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b00 | 0 | b000 | [R8] + ([RAX] * s) | [R9] + ([RAX] * s) | [R10] + ([RAX] * s) | [R11] + ([RAX] * s) | [R12] + ([RAX] * s) | ([RAX] * s) + disp32 | [R14] + ([RAX] * s) | [R15] + ([RAX] * s) |
| 0 | b001 | [R8] + ([RCX] * s) | [R9] + ([RCX] * s) | [R10] + ([RCX] * s) | [R11] + ([RCX] * s) | [R12] + ([RCX] * s) | ([RCX] * s) + disp32 | [R14] + ([RCX] * s) | [R15] + ([RCX] * s) | |
| 0 | b010 | [R8] + ([RDX] * s) | [R9] + ([RDX] * s) | [R10] + ([RDX] * s) | [R11] + ([RDX] * s) | [R12] + ([RDX] * s) | ([RDX] * s) + disp32 | [R14] + ([RDX] * s) | [R15] + ([RDX] * s) | |
| 0 | b011 | [R8] + ([RBX] * s) | [R9] + ([RBX] * s) | [R10] + ([RBX] * s) | [R11] + ([RBX] * s) | [R12] + ([RBX] * s) | ([RBX] * s) + disp32 | [R14] + ([RBX] * s) | [R15] + ([RBX] * s) | |
| 0 | b100 | [R8] | [R9] | [R10] | [R11] | [R12] | disp32 | [R14] | [R15] | |
| 0 | b101 | [R8] + ([RBP] * s) | [R9] + ([RBP] * s) | [R10] + ([RBP] * s) | [R11] + ([RBP] * s) | [R12] + ([RBP] * s) | ([RBP] * s) + disp32 | [R14] + ([RBP] * s) | [R15] + ([RBP] * s) | |
| 0 | b110 | [R8] + ([RSI] * s) | [R9] + ([RSI] * s) | [R10] + ([RSI] * s) | [R11] + ([RSI] * s) | [R12] + ([RSI] * s) | ([RSI] * s) + disp32 | [R14] + ([RSI] * s) | [R15] + ([RSI] * s) | |
| 0 | b111 | [R8] + ([RDI] * s) | [R9] + ([RDI] * s) | [R10] + ([RDI] * s) | [R11] + ([RDI] * s) | [R12] + ([RDI] * s) | ([RDI] * s) + disp32 | [R14] + ([RDI] * s) | [R15] + ([RDI] * s) | |
| 1 | b000 | [R8] + ([R8] * s) | [R9] + ([R8] * s) | [R10] + ([R8] * s) | [R11] + ([R8] * s) | [R12] + ([R8] * s) | ([R8] * s) + disp32 | [R14] + ([R8] * s) | [R15] + ([R8] * s) | |
| 1 | b001 | [R8] + ([R9] * s) | [R9] + ([R9] * s) | [R10] + ([R9] * s) | [R11] + ([R9] * s) | [R12] + ([R9] * s) | ([R9] * s) + disp32 | [R14] + ([R9] * s) | [R15] + ([R9] * s) | |
| 1 | b010 | [R8] + ([R10] * s) | [R9] + ([R10] * s) | [R10] + ([R10] * s) | [R11] + ([R10] * s) | [R12] + ([R10] * s) | ([R10] * s) + disp32 | [R14] + ([R10] * s) | [R15] + ([R10] * s) | |
| 1 | b011 | [R8] + ([R11] * s) | [R9] + ([R11] * s) | [R10] + ([R11] * s) | [R11] + ([R11] * s) | [R12] + ([R11] * s) | ([R11] * s) + disp32 | [R14] + ([R11] * s) | [R15] + ([R11] * s) | |
| 1 | b100 | [R8] + ([R12] * s) | [R9] + ([R12] * s) | [R10] + ([R12] * s) | [R11] + ([R12] * s) | [R12] + ([R12] * s) | disp32 | [R14] + ([R12] * s) | [R15] + ([R12] * s) | |
| 1 | b101 | [R8] + ([R13] * s) | [R9] + ([R13] * s) | [R10] + ([R13] * s) | [R11] + ([R13] * s) | [R12] + ([R13] * s) | ([R13] * s) + disp32 | [R14] + ([R13] * s) | [R15] + ([R13] * s) | |
| 1 | b110 | [R8] + ([R14] * s) | [R9] + ([R14] * s) | [R10] + ([R14] * s) | [R11] + ([R14] * s) | [R12] + ([R14] * s) | ([R14] * s) + disp32 | [R14] + ([R14] * s) | [R15] + ([R14] * s) | |
| 1 | b111 | [R8] + ([R15] * s) | [R9] + ([R15] * s) | [R10] + ([R15] * s) | [R11] + ([R15] * s) | [R12] + ([R15] * s) | ([R15] * s) + disp32 | [R14] + ([R15] * s) | [R15] + ([R15] * s) | |
| REX.B = 0 | ||||||||||
| Mod | X | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b01 | 0 | b000 | [RAX] + ([RAX] * s) + disp8 | [RCX] + ([RAX] * s) + disp8 | [RDX] + ([RAX] * s) + disp8 | [RBX] + ([RAX] * s) + disp8 | [RSP] + ([RAX] * s) + disp8 | [RBP] + ([RAX] * s) + disp8 | [RSI] + ([RAX] * s) + disp8 | [RDI] + ([RAX] * s) + disp8 |
| 0 | b001 | [RAX] + ([RCX] * s) + disp8 | [RCX] + ([RCX] * s) + disp8 | [RDX] + ([RCX] * s) + disp8 | [RBX] + ([RCX] * s) + disp8 | [RSP] + ([RCX] * s) + disp8 | [RBP] + ([RCX] * s) + disp8 | [RSI] + ([RCX] * s) + disp8 | [RDI] + ([RCX] * s) + disp8 | |
| 0 | b010 | [RAX] + ([RDX] * s) + disp8 | [RCX] + ([RDX] * s) + disp8 | [RDX] + ([RDX] * s) + disp8 | [RBX] + ([RDX] * s) + disp8 | [RSP] + ([RDX] * s) + disp8 | [RBP] + ([RDX] * s) + disp8 | [RSI] + ([RDX] * s) + disp8 | [RDI] + ([RDX] * s) + disp8 | |
| 0 | b011 | [RAX] + ([RBX] * s) + disp8 | [RCX] + ([RBX] * s) + disp8 | [RDX] + ([RBX] * s) + disp8 | [RBX] + ([RBX] * s) + disp8 | [RSP] + ([RBX] * s) + disp8 | [RBP] + ([RBX] * s) + disp8 | [RSI] + ([RBX] * s) + disp8 | [RDI] + ([RBX] * s) + disp8 | |
| 0 | b100 | [RAX] + disp8 | [RCX] + disp8 | [RDX] + disp8 | [RBX] + disp8 | [RSP] + disp8 | [RBP] + disp8 | [RSI] + disp8 | [RDI] + disp8 | |
| 0 | b101 | [RAX] + ([RBP] * s) + disp8 | [RCX] + ([RBP] * s) + disp8 | [RDX] + ([RBP] * s) + disp8 | [RBX] + ([RBP] * s) + disp8 | [RSP] + ([RBP] * s) + disp8 | [RBP] + ([RBP] * s) + disp8 | [RSI] + ([RBP] * s) + disp8 | [RDI] + ([RBP] * s) + disp8 | |
| 0 | b110 | [RAX] + ([RSI] * s) + disp8 | [RCX] + ([RSI] * s) + disp8 | [RDX] + ([RSI] * s) + disp8 | [RBX] + ([RSI] * s) + disp8 | [RSP] + ([RSI] * s) + disp8 | [RBP] + ([RSI] * s) + disp8 | [RSI] + ([RSI] * s) + disp8 | [RDI] + ([RSI] * s) + disp8 | |
| 0 | b111 | [RAX] + ([RDI] * s) + disp8 | [RCX] + ([RDI] * s) + disp8 | [RDX] + ([RDI] * s) + disp8 | [RBX] + ([RDI] * s) + disp8 | [RSP] + ([RDI] * s) + disp8 | [RBP] + ([RDI] * s) + disp8 | [RSI] + ([RDI] * s) + disp8 | [RDI] + ([RDI] * s) + disp8 | |
| 1 | b000 | [RAX] + ([R8] * s) + disp8 | [RCX] + ([R8] * s) + disp8 | [RDX] + ([R8] * s) + disp8 | [RBX] + ([R8] * s) + disp8 | [RSP] + ([R8] * s) + disp8 | [RBP] + ([R8] * s) + disp8 | [RSI] + ([R8] * s) + disp8 | [RDI] + ([R8] * s) + disp8 | |
| 1 | b001 | [RAX] + ([R9] * s) + disp8 | [RCX] + ([R9] * s) + disp8 | [RDX] + ([R9] * s) + disp8 | [RBX] + ([R9] * s) + disp8 | [RSP] + ([R9] * s) + disp8 | [RBP] + ([R9] * s) + disp8 | [RSI] + ([R9] * s) + disp8 | [RDI] + ([R9] * s) + disp8 | |
| 1 | b010 | [RAX] + ([R10] * s) + disp8 | [RCX] + ([R10] * s) + disp8 | [RDX] + ([R10] * s) + disp8 | [RBX] + ([R10] * s) + disp8 | [RSP] + ([R10] * s) + disp8 | [RBP] + ([R10] * s) + disp8 | [RSI] + ([R10] * s) + disp8 | [RDI] + ([R10] * s) + disp8 | |
| 1 | b011 | [RAX] + ([R11] * s) + disp8 | [RCX] + ([R11] * s) + disp8 | [RDX] + ([R11] * s) + disp8 | [RBX] + ([R11] * s) + disp8 | [RSP] + ([R11] * s) + disp8 | [RBP] + ([R11] * s) + disp8 | [RSI] + ([R11] * s) + disp8 | [RDI] + ([R11] * s) + disp8 | |
| 1 | b100 | [RAX] + ([R12] * s) + disp8 | [RCX] + ([R12] * s) + disp8 | [RDX] + ([R12] * s) + disp8 | [RBX] + ([R12] * s) + disp8 | [RSP] + ([R12] * s) + disp8 | [RBP] + ([R12] * s) + disp8 | [RSI] + ([R12] * s) + disp8 | [RDI] + ([R12] * s) + disp8 | |
| 1 | b101 | [RAX] + ([R13] * s) + disp8 | [RCX] + ([R13] * s) + disp8 | [RDX] + ([R13] * s) + disp8 | [RBX] + ([R13] * s) + disp8 | [RSP] + ([R13] * s) + disp8 | [RBP] + ([R13] * s) + disp8 | [RSI] + ([R13] * s) + disp8 | [RDI] + ([R13] * s) + disp8 | |
| 1 | b110 | [RAX] + ([R14] * s) + disp8 | [RCX] + ([R14] * s) + disp8 | [RDX] + ([R14] * s) + disp8 | [RBX] + ([R14] * s) + disp8 | [RSP] + ([R14] * s) + disp8 | [RBP] + ([R14] * s) + disp8 | [RSI] + ([R14] * s) + disp8 | [RDI] + ([R14] * s) + disp8 | |
| 1 | b111 | [RAX] + ([R15] * s) + disp8 | [RCX] + ([R15] * s) + disp8 | [RDX] + ([R15] * s) + disp8 | [RBX] + ([R15] * s) + disp8 | [RSP] + ([R15] * s) + disp8 | [RBP] + ([R15] * s) + disp8 | [RSI] + ([R15] * s) + disp8 | [RDI] + ([R15] * s) + disp8 | |
| REX.B = 1 | ||||||||||
| Mod | X | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b01 | 0 | b000 | [R8] + ([RAX] * s) + disp8 | [R9] + ([RAX] * s) + disp8 | [R10] + ([RAX] * s) + disp8 | [R11] + ([RAX] * s) + disp8 | [R12] + ([RAX] * s) + disp8 | [R13] + ([RAX] * s) + disp8 | [R14] + ([RAX] * s) + disp8 | [R15] + ([RAX] * s) + disp8 |
| 0 | b001 | [R8] + ([RCX] * s) + disp8 | [R9] + ([RCX] * s) + disp8 | [R10] + ([RCX] * s) + disp8 | [R11] + ([RCX] * s) + disp8 | [R12] + ([RCX] * s) + disp8 | [R13] + ([RCX] * s) + disp8 | [R14] + ([RCX] * s) + disp8 | [R15] + ([RCX] * s) + disp8 | |
| 0 | b010 | [R8] + ([RDX] * s) + disp8 | [R9] + ([RDX] * s) + disp8 | [R10] + ([RDX] * s) + disp8 | [R11] + ([RDX] * s) + disp8 | [R12] + ([RDX] * s) + disp8 | [R13] + ([RDX] * s) + disp8 | [R14] + ([RDX] * s) + disp8 | [R15] + ([RDX] * s) + disp8 | |
| 0 | b011 | [R8] + ([RBX] * s) + disp8 | [R9] + ([RBX] * s) + disp8 | [R10] + ([RBX] * s) + disp8 | [R11] + ([RBX] * s) + disp8 | [R12] + ([RBX] * s) + disp8 | [R13] + ([RBX] * s) + disp8 | [R14] + ([RBX] * s) + disp8 | [R15] + ([RBX] * s) + disp8 | |
| 0 | b100 | [R8] + disp8 | [R9] + disp8 | [R10] + disp8 | [R11] + disp8 | [R12] + disp8 | [R13] + disp8 | [R14] + disp8 | [R15] + disp8 | |
| 0 | b101 | [R8] + ([RBP] * s) + disp8 | [R9] + ([RBP] * s) + disp8 | [R10] + ([RBP] * s) + disp8 | [R11] + ([RBP] * s) + disp8 | [R12] + ([RBP] * s) + disp8 | [R13] + ([RBP] * s) + disp8 | [R14] + ([RBP] * s) + disp8 | [R15] + ([RBP] * s) + disp8 | |
| 0 | b110 | [R8] + ([RSI] * s) + disp8 | [R9] + ([RSI] * s) + disp8 | [R10] + ([RSI] * s) + disp8 | [R11] + ([RSI] * s) + disp8 | [R12] + ([RSI] * s) + disp8 | [R13] + ([RSI] * s) + disp8 | [R14] + ([RSI] * s) + disp8 | [R15] + ([RSI] * s) + disp8 | |
| 0 | b111 | [R8] + ([RDI] * s) + disp8 | [R9] + ([RDI] * s) + disp8 | [R10] + ([RDI] * s) + disp8 | [R11] + ([RDI] * s) + disp8 | [R12] + ([RDI] * s) + disp8 | [R13] + ([RDI] * s) + disp8 | [R14] + ([RDI] * s) + disp8 | [R15] + ([RDI] * s) + disp8 | |
| 1 | b000 | [R8] + ([R8] * s) + disp8 | [R9] + ([R8] * s) + disp8 | [R10] + ([R8] * s) + disp8 | [R11] + ([R8] * s) + disp8 | [R12] + ([R8] * s) + disp8 | [R13] + ([R8] * s) + disp8 | [R14] + ([R8] * s) + disp8 | [R15] + ([R8] * s) + disp8 | |
| 1 | b001 | [R8] + ([R9] * s) + disp8 | [R9] + ([R9] * s) + disp8 | [R10] + ([R9] * s) + disp8 | [R11] + ([R9] * s) + disp8 | [R12] + ([R9] * s) + disp8 | [R13] + ([R9] * s) + disp8 | [R14] + ([R9] * s) + disp8 | [R15] + ([R9] * s) + disp8 | |
| 1 | b010 | [R8] + ([R10] * s) + disp8 | [R9] + ([R10] * s) + disp8 | [R10] + ([R10] * s) + disp8 | [R11] + ([R10] * s) + disp8 | [R12] + ([R10] * s) + disp8 | [R13] + ([R10] * s) + disp8 | [R14] + ([R10] * s) + disp8 | [R15] + ([R10] * s) + disp8 | |
| 1 | b011 | [R8] + ([R11] * s) + disp8 | [R9] + ([R11] * s) + disp8 | [R10] + ([R11] * s) + disp8 | [R11] + ([R11] * s) + disp8 | [R12] + ([R11] * s) + disp8 | [R13] + ([R11] * s) + disp8 | [R14] + ([R11] * s) + disp8 | [R15] + ([R11] * s) + disp8 | |
| 1 | b100 | [R8] + ([R12] * s) + disp8 | [R9] + ([R12] * s) + disp8 | [R10] + ([R12] * s) + disp8 | [R11] + ([R12] * s) + disp8 | [R12] + ([R12] * s) + disp8 | [R13] + ([R12] * s) + disp8 | [R14] + ([R12] * s) + disp8 | [R15] + ([R12] * s) + disp8 | |
| 1 | b101 | [R8] + ([R13] * s) + disp8 | [R9] + ([R13] * s) + disp8 | [R10] + ([R13] * s) + disp8 | [R11] + ([R13] * s) + disp8 | [R12] + ([R13] * s) + disp8 | [R13] + ([R13] * s) + disp8 | [R14] + ([R13] * s) + disp8 | [R15] + ([R13] * s) + disp8 | |
| 1 | b110 | [R8] + ([R14] * s) + disp8 | [R9] + ([R14] * s) + disp8 | [R10] + ([R14] * s) + disp8 | [R11] + ([R14] * s) + disp8 | [R12] + ([R14] * s) + disp8 | [R13] + ([R14] * s) + disp8 | [R14] + ([R14] * s) + disp8 | [R15] + ([R14] * s) + disp8 | |
| 1 | b111 | [R8] + ([R15] * s) + disp8 | [R9] + ([R15] * s) + disp8 | [R10] + ([R15] * s) + disp8 | [R11] + ([R15] * s) + disp8 | [R12] + ([R15] * s) + disp8 | [R13] + ([R15] * s) + disp8 | [R14] + ([R15] * s) + disp8 | [R15] + ([R15] * s) + disp8 | |
| REX.B = 0 | ||||||||||
| Mod | X | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b10 | 0 | b000 | [RAX] + ([RAX] * s) + disp32 | [RCX] + ([RAX] * s) + disp32 | [RDX] + ([RAX] * s) + disp32 | [RBX] + ([RAX] * s) + disp32 | [RSP] + ([RAX] * s) + disp32 | [RBP] + ([RAX] * s) + disp32 | [RSI] + ([RAX] * s) + disp32 | [RDI] + ([RAX] * s) + disp32 |
| 0 | b001 | [RAX] + ([RCX] * s) + disp32 | [RCX] + ([RCX] * s) + disp32 | [RDX] + ([RCX] * s) + disp32 | [RBX] + ([RCX] * s) + disp32 | [RSP] + ([RCX] * s) + disp32 | [RBP] + ([RCX] * s) + disp32 | [RSI] + ([RCX] * s) + disp32 | [RDI] + ([RCX] * s) + disp32 | |
| 0 | b010 | [RAX] + ([RDX] * s) + disp32 | [RCX] + ([RDX] * s) + disp32 | [RDX] + ([RDX] * s) + disp32 | [RBX] + ([RDX] * s) + disp32 | [RSP] + ([RDX] * s) + disp32 | [RBP] + ([RDX] * s) + disp32 | [RSI] + ([RDX] * s) + disp32 | [RDI] + ([RDX] * s) + disp32 | |
| 0 | b011 | [RAX] + ([RBX] * s) + disp32 | [RCX] + ([RBX] * s) + disp32 | [RDX] + ([RBX] * s) + disp32 | [RBX] + ([RBX] * s) + disp32 | [RSP] + ([RBX] * s) + disp32 | [RBP] + ([RBX] * s) + disp32 | [RSI] + ([RBX] * s) + disp32 | [RDI] + ([RBX] * s) + disp32 | |
| 0 | b100 | [RAX] + disp32 | [RCX] + disp32 | [RDX] + disp32 | [RBX] + disp32 | [RSP] + disp32 | [RBP] + disp32 | [RSI] + disp32 | [RDI] + disp32 | |
| 0 | b101 | [RAX] + ([RBP] * s) + disp32 | [RCX] + ([RBP] * s) + disp32 | [RDX] + ([RBP] * s) + disp32 | [RBX] + ([RBP] * s) + disp32 | [RSP] + ([RBP] * s) + disp32 | [RBP] + ([RBP] * s) + disp32 | [RSI] + ([RBP] * s) + disp32 | [RDI] + ([RBP] * s) + disp32 | |
| 0 | b110 | [RAX] + ([RSI] * s) + disp32 | [RCX] + ([RSI] * s) + disp32 | [RDX] + ([RSI] * s) + disp32 | [RBX] + ([RSI] * s) + disp32 | [RSP] + ([RSI] * s) + disp32 | [RBP] + ([RSI] * s) + disp32 | [RSI] + ([RSI] * s) + disp32 | [RDI] + ([RSI] * s) + disp32 | |
| 0 | b111 | [RAX] + ([RDI] * s) + disp32 | [RCX] + ([RDI] * s) + disp32 | [RDX] + ([RDI] * s) + disp32 | [RBX] + ([RDI] * s) + disp32 | [RSP] + ([RDI] * s) + disp32 | [RBP] + ([RDI] * s) + disp32 | [RSI] + ([RDI] * s) + disp32 | [RDI] + ([RDI] * s) + disp32 | |
| 1 | b000 | [RAX] + ([R8] * s) + disp32 | [RCX] + ([R8] * s) + disp32 | [RDX] + ([R8] * s) + disp32 | [RBX] + ([R8] * s) + disp32 | [RSP] + ([R8] * s) + disp32 | [RBP] + ([R8] * s) + disp32 | [RSI] + ([R8] * s) + disp32 | [RDI] + ([R8] * s) + disp32 | |
| 1 | b001 | [RAX] + ([R9] * s) + disp32 | [RCX] + ([R9] * s) + disp32 | [RDX] + ([R9] * s) + disp32 | [RBX] + ([R9] * s) + disp32 | [RSP] + ([R9] * s) + disp32 | [RBP] + ([R9] * s) + disp32 | [RSI] + ([R9] * s) + disp32 | [RDI] + ([R9] * s) + disp32 | |
| 1 | b010 | [RAX] + ([R10] * s) + disp32 | [RCX] + ([R10] * s) + disp32 | [RDX] + ([R10] * s) + disp32 | [RBX] + ([R10] * s) + disp32 | [RSP] + ([R10] * s) + disp32 | [RBP] + ([R10] * s) + disp32 | [RSI] + ([R10] * s) + disp32 | [RDI] + ([R10] * s) + disp32 | |
| 1 | b011 | [RAX] + ([R11] * s) + disp32 | [RCX] + ([R11] * s) + disp32 | [RDX] + ([R11] * s) + disp32 | [RBX] + ([R11] * s) + disp32 | [RSP] + ([R11] * s) + disp32 | [RBP] + ([R11] * s) + disp32 | [RSI] + ([R11] * s) + disp32 | [RDI] + ([R11] * s) + disp32 | |
| 1 | b100 | [RAX] + ([R12] * s) + disp32 | [RCX] + ([R12] * s) + disp32 | [RDX] + ([R12] * s) + disp32 | [RBX] + ([R12] * s) + disp32 | [RSP] + ([R12] * s) + disp32 | [RBP] + ([R12] * s) + disp32 | [RSI] + ([R12] * s) + disp32 | [RDI] + ([R12] * s) + disp32 | |
| 1 | b101 | [RAX] + ([R13] * s) + disp32 | [RCX] + ([R13] * s) + disp32 | [RDX] + ([R13] * s) + disp32 | [RBX] + ([R13] * s) + disp32 | [RSP] + ([R13] * s) + disp32 | [RBP] + ([R13] * s) + disp32 | [RSI] + ([R13] * s) + disp32 | [RDI] + ([R13] * s) + disp32 | |
| 1 | b110 | [RAX] + ([R14] * s) + disp32 | [RCX] + ([R14] * s) + disp32 | [RDX] + ([R14] * s) + disp32 | [RBX] + ([R14] * s) + disp32 | [RSP] + ([R14] * s) + disp32 | [RBP] + ([R14] * s) + disp32 | [RSI] + ([R14] * s) + disp32 | [RDI] + ([R14] * s) + disp32 | |
| 1 | b111 | [RAX] + ([R15] * s) + disp32 | [RCX] + ([R15] * s) + disp32 | [RDX] + ([R15] * s) + disp32 | [RBX] + ([R15] * s) + disp32 | [RSP] + ([R15] * s) + disp32 | [RBP] + ([R15] * s) + disp32 | [RSI] + ([R15] * s) + disp32 | [RDI] + ([R15] * s) + disp32 | |
| REX.B = 1 | ||||||||||
| Mod | X | Index | Base=b000 | b001 | b010 | b011 | b100 | b101 | b110 | b111 |
| b10 | 0 | b000 | [R8] + ([RAX] * s) + disp32 | [R9] + ([RAX] * s) + disp32 | [R10] + ([RAX] * s) + disp32 | [R11] + ([RAX] * s) + disp32 | [R12] + ([RAX] * s) + disp32 | [R13] + ([RAX] * s) + disp32 | [R14] + ([RAX] * s) + disp32 | [R15] + ([RAX] * s) + disp32 |
| 0 | b001 | [R8] + ([RCX] * s) + disp32 | [R9] + ([RCX] * s) + disp32 | [R10] + ([RCX] * s) + disp32 | [R11] + ([RCX] * s) + disp32 | [R12] + ([RCX] * s) + disp32 | [R13] + ([RCX] * s) + disp32 | [R14] + ([RCX] * s) + disp32 | [R15] + ([RCX] * s) + disp32 | |
| 0 | b010 | [R8] + ([RDX] * s) + disp32 | [R9] + ([RDX] * s) + disp32 | [R10] + ([RDX] * s) + disp32 | [R11] + ([RDX] * s) + disp32 | [R12] + ([RDX] * s) + disp32 | [R13] + ([RDX] * s) + disp32 | [R14] + ([RDX] * s) + disp32 | [R15] + ([RDX] * s) + disp32 | |
| 0 | b011 | [R8] + ([RBX] * s) + disp32 | [R9] + ([RBX] * s) + disp32 | [R10] + ([RBX] * s) + disp32 | [R11] + ([RBX] * s) + disp32 | [R12] + ([RBX] * s) + disp32 | [R13] + ([RBX] * s) + disp32 | [R14] + ([RBX] * s) + disp32 | [R15] + ([RBX] * s) + disp32 | |
| 0 | b100 | [R8] + disp32 | [R9] + disp32 | [R10] + disp32 | [R11] + disp32 | [R12] + disp32 | [R13] + disp32 | [R14] + disp32 | [R15] + disp32 | |
| 0 | b101 | [R8] + ([RBP] * s) + disp32 | [R9] + ([RBP] * s) + disp32 | [R10] + ([RBP] * s) + disp32 | [R11] + ([RBP] * s) + disp32 | [R12] + ([RBP] * s) + disp32 | [R13] + ([RBP] * s) + disp32 | [R14] + ([RBP] * s) + disp32 | [R15] + ([RBP] * s) + disp32 | |
| 0 | b110 | [R8] + ([RSI] * s) + disp32 | [R9] + ([RSI] * s) + disp32 | [R10] + ([RSI] * s) + disp32 | [R11] + ([RSI] * s) + disp32 | [R12] + ([RSI] * s) + disp32 | [R13] + ([RSI] * s) + disp32 | [R14] + ([RSI] * s) + disp32 | [R15] + ([RSI] * s) + disp32 | |
| 0 | b111 | [R8] + ([RDI] * s) + disp32 | [R9] + ([RDI] * s) + disp32 | [R10] + ([RDI] * s) + disp32 | [R11] + ([RDI] * s) + disp32 | [R12] + ([RDI] * s) + disp32 | [R13] + ([RDI] * s) + disp32 | [R14] + ([RDI] * s) + disp32 | [R15] + ([RDI] * s) + disp32 | |
| 1 | b000 | [R8] + ([R8] * s) + disp32 | [R9] + ([R8] * s) + disp32 | [R10] + ([R8] * s) + disp32 | [R11] + ([R8] * s) + disp32 | [R12] + ([R8] * s) + disp32 | [R13] + ([R8] * s) + disp32 | [R14] + ([R8] * s) + disp32 | [R15] + ([R8] * s) + disp32 | |
| 1 | b001 | [R8] + ([R9] * s) + disp32 | [R9] + ([R9] * s) + disp32 | [R10] + ([R9] * s) + disp32 | [R11] + ([R9] * s) + disp32 | [R12] + ([R9] * s) + disp32 | [R13] + ([R9] * s) + disp32 | [R14] + ([R9] * s) + disp32 | [R15] + ([R9] * s) + disp32 | |
| 1 | b010 | [R8] + ([R10] * s) + disp32 | [R9] + ([R10] * s) + disp32 | [R10] + ([R10] * s) + disp32 | [R11] + ([R10] * s) + disp32 | [R12] + ([R10] * s) + disp32 | [R13] + ([R10] * s) + disp32 | [R14] + ([R10] * s) + disp32 | [R15] + ([R10] * s) + disp32 | |
| 1 | b011 | [R8] + ([R11] * s) + disp32 | [R9] + ([R11] * s) + disp32 | [R10] + ([R11] * s) + disp32 | [R11] + ([R11] * s) + disp32 | [R12] + ([R11] * s) + disp32 | [R13] + ([R11] * s) + disp32 | [R14] + ([R11] * s) + disp32 | [R15] + ([R11] * s) + disp32 | |
| 1 | b100 | [R8] + ([R12] * s) + disp32 | [R9] + ([R12] * s) + disp32 | [R10] + ([R12] * s) + disp32 | [R11] + ([R12] * s) + disp32 | [R12] + ([R12] * s) + disp32 | [R13] + ([R12] * s) + disp32 | [R14] + ([R12] * s) + disp32 | [R15] + ([R12] * s) + disp32 | |
| 1 | b101 | [R8] + ([R13] * s) + disp32 | [R9] + ([R13] * s) + disp32 | [R10] + ([R13] * s) + disp32 | [R11] + ([R13] * s) + disp32 | [R12] + ([R13] * s) + disp32 | [R13] + ([R13] * s) + disp32 | [R14] + ([R13] * s) + disp32 | [R15] + ([R13] * s) + disp32 | |
| 1 | b110 | [R8] + ([R14] * s) + disp32 | [R9] + ([R14] * s) + disp32 | [R10] + ([R14] * s) + disp32 | [R11] + ([R14] * s) + disp32 | [R12] + ([R14] * s) + disp32 | [R13] + ([R14] * s) + disp32 | [R14] + ([R14] * s) + disp32 | [R15] + ([R14] * s) + disp32 | |
| 1 | b111 | [R8] + ([R15] * s) + disp32 | [R9] + ([R15] * s) + disp32 | [R10] + ([R15] * s) + disp32 | [R11] + ([R15] * s) + disp32 | [R12] + ([R15] * s) + disp32 | [R13] + ([R15] * s) + disp32 | [R14] + ([R15] * s) + disp32 | [R15] + ([R15] * s) + disp32 | |
Displacement
The displacement value, if any, follows the ModR/M and SIB bytes discussed above. When the ModR/M or SIB tables state that a disp value is required, or without a ModR/M byte the use of moffset (AMD) or moffs (Intel) in the mnemonic syntax of the instruction, then the displacement bytes are required.
Immediate
Some instructions require an immediate value. The instruction (and the operand-size column in the above table) determine the length of the immediate value. The imm8 mnemonic (or 8-bit operand-size) means a one byte immediate value, imm16 (or 16-bit operand-size) means a two byte immediate value, imm32 (or 32-bit operand-size) a four byte value and imm64 (or 64-bit operand-size) an eight byte value.
See Also
External References
- AMD64 Architecture Programmer's Manual Volume 3: General-Purpose and System Instructions
- Intel 64 and IA-32 Architectures Software Developer's Manuals
