Notes for 8086 emulation core instruction decoding

General opcode format:

Instruction encoding byte ordering: 1. Prefix code(s) i.e. repetition, seg override, or lock (optional) 2. Opcode byte (required) 3. Mod-Reg-R/M addressing mode byte (optional) 4. Low disp/addr/data (optional) 5. High disp/addr/data (optional) 6. Low data (optional) 7. High data (optional) Prefix codes: Repetition: $F3 - REP/REPE/REPZ $F2 - REPNE/REPNZ Segment override: $2E - CS $3H - DS (default for non-BP indexed memory addressing) $26 - ES $36 - SS (default for BP indexed memory addressing) Other: $F0 - Lock Segment prefix opcodes can force an instruction to use the specified segment base. If no segment prefix is present, the default segment DS is implied. However, if the BP register is used, the default will be SS rather than DS. A segment prefix will override that condition as well.

Addressing mode byte: (aka Mod-Reg-R/M byte)

Mod-Reg-R/M byte is present if either of the following references are used: - General or Segment Register operand (G or S) - Memory address

Layout of the byte:

Bit # | 7 6 | 5 4 3 | 2 1 0 | | Mode | (S)Reg | R/M field |

Meaning of mode field values:

0 - Use R/M table 1 for operand WITH NO DISPLACEMENT bytes. * If R/M table value is 6, then memory address is directly supplied by the 16-bit displacement value. 1 - Use R/M table 2 plus 8-bit displacement byte for operand. 2 - Use R/M table 2 plus 16-bit displacement word for operand. 3 - Operand is a second register. Use REG table.

Meaning of register field values:

0 1 2 3 4 5 6 7 0 1 2 6 8-bit ops | 16-bit ops AL | AX CL | CX DL | DX BL | BX AH | SP CH | BP DH | SI BH | DI ES CS SS DS

Or, if an instruction implies using a segment register:

R/M table 1: (Mode = 0)

0 - SEG:[BX+SI] 2 - SEG:[BP+SI] 4 - SEG:[SI] 6 - Direct addressing* 1 - SEG:[BX+DI] 3 - SEG:[BP+DI] 5 - SEG:[DI] 7 - SEG:[BX] * - Note: Direct addressing means SEG:[disp] where disp is 16-bit unsigned

R/M table 2: (Mode = 1 or Mode = 2; add displacement value to these)

0 - SEG:[BX+SI] 1 - SEG:[BX+DI] 2 - SEG:[BP+SI] 4 - SEG:[SI] 6 - SEG:[BP] 3 - SEG:[BP+DI] 5 - SEG:[DI] 7 - SEG:[BX]

*IMPORTANT NOTE* When referencing R/M table 2, the two displacement bytes are treated as a SIGN-EXTENDED 8-bit signed value when addr. mode = 1. If addr. mode = 2, then these bytes are treated as a 16-bit UNSIGNED value.

Appendix A: 8086 hex opcode listing in numerical order, including mnemonics.

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 ADD ADD ADD ADD ADD ADD PUSH POP OR OR OR OR OR OR PUSH -ADC ADC ADC ADC ADC ADC PUSH POP SBB SBB SBB SBB SBB SBB PUSH POP AND AND AND AND AND AND ES: DAA SUB SUB SUB SUB SUB SUB CS: DAS XOR XOR XOR XOR XOR XOR SS: AAA CMP CMP CMP CMP CMP CMP DS: AAS INC INC INC Eb Ev Gb Gv AL eAX ES ES Eb Ev Gb Gv AL eAX Eb Ev Gb Gv AL eAX SS SS Eb Ev Gb Gv AL eAX DS Eb Ev Gb Gv AL eAX Eb Ev Gb Gv AL eAX Eb Ev Gb Gv AL eAX Eb Ev Gb Gv AL eAX eAX eCX eDX Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv Gb Gv Eb Ev Ib Iv

CS

DS

43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83 84 85 86 87 88 89 8A

INC INC INC INC INC DEC DEC DEC DEC DEC DEC DEC DEC PUSH PUSH PUSH PUSH PUSH PUSH PUSH PUSH POP POP POP POP POP POP POP POP ----------------JO JNO JB JNB JZ JNZ JBE JA JS JNS JPE JPO JL JGE JLE JG GRP1 GRP1 GRP1 GRP1 TEST TEST XCHG XCHG MOV MOV MOV

eAX eCX eDX eBX eSP eBP eSI eDI

eBX eSP eBP eSI eDI eAX eCX eDX eBX eSP eBP eSI eDI

eAX eCX eDX eBX eSP eBP eSI eDI

Eb Ev Eb Ev Gb Gv Gb Gv

Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Jb Ib Iv Ib Ib Eb Ev Eb Ev Eb Ev Gb

Gb Gv Eb

8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2

MOV MOV LEA MOV POP NOP XCHG XCHG XCHG XCHG XCHG XCHG XCHG CBW CWD CALL WAIT PUSHF POPF SAHF LAHF MOV MOV MOV MOV MOVSB MOVSW CMPSB CMPSW TEST TEST STOSB STOSW LODSB LODSW SCASB SCASW MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV MOV --RET RET LES LDS MOV MOV --RETF RETF INT INT INTO IRET GRP2 GRP2 GRP2

Gv Ew Gv Sw Ev eCX eDX eBX eSP eBP eSI eDI Ap eAX eAX eAX eAX eAX eAX eAX

Ev Sw M Ew

AL eAX Ob Ov

Ob Ov AL eAX

AL eAX

Ib Iv

AL CL DL BL AH CH DH BH eAX eCX eDX eBX eSP eBP eSI eDI Iw Gv Gv Eb Ev Iw 3 Ib Eb Ev Eb 1 1 CL

Ib Ib Ib Ib Ib Ib Ib Ib Iv Iv Iv Iv Iv Iv Iv Iv

Mp Mp Ib Iv

D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF

GRP2 AAM AAD -XLAT --------LOOPNZ LOOPZ LOOP JCXZ IN IN OUT OUT CALL JMP JMP JMP IN IN OUT OUT LOCK -REPNZ REPZ HLT CMC GRP3a GRP3b CLC STC CLI STI CLD STD GRP4 GRP5

Ev

CL I0 I0

Jb Jb Jb Jb

Jv

AL eAX Ib Ib Jv Ap Jb AL eAX DX DX

Ib Ib AL eAX

DX DX AL eAX

Eb Ev

Eb Ev

Appendix B: Mnemonics for "GRP" opcodes

GRP1/0 GRP1/1 GRP1/2 GRP1/3 GRP1/4 GRP1/5 GRP1/6 GRP1/7 GRP2/0 GRP2/1 GRP2/2 GRP2/3 GRP2/4 GRP2/5 GRP2/6 GRP2/7 GRP3a/0 GRP3a/1 GRP3a/2 GRP3a/3 GRP3a/4 GRP3a/5 GRP3a/6 GRP3a/7 GRP3b/0 GRP3b/1 GRP3b/2 GRP3b/3 GRP3b/4 GRP3b/5 GRP3b/6 GRP3b/7 GRP4/0 GRP4/1 GRP4/2 GRP4/3 GRP4/4 GRP4/5 GRP4/6 GRP4/7 GRP5/0 GRP5/1 GRP5/2 GRP5/3 GRP5/4 GRP5/5 GRP5/6 GRP5/7 ADD OR ADC SBB AND SUB XOR CMP ROL ROR RCL RCR SHL SHR -SAR TEST -NOT NEG MUL IMUL DIV IDIV TEST -NOT NEG MUL IMUL DIV IDIV INC DEC ------INC DEC CALL CALL JMP JMP PUSH --

Eb

Ib

Ev

Iv

Mp Mp

Appendix C: Argument Addressing Codes

A = Direct address. The instruction has no ModR/M byte; the address of the operand is encoded in the instruction. Applicable, e.g., to far JMP (opcode EA). E = A ModR/M byte follows the opcode and specifies the operand. The operand is either a generalpurpose register or a memory address. If it is a memory address, the address is computed from a segment register and any of the following values: a base register, an index register, a displacement. G = The reg field of the ModR/M byte selects a general register. I = Immediate data. The operand value is encoded in subsequent bytes of the instruction. J = The instruction contains a relative offset to be added to the address of the subsequent instruction. Applicable, e.g., to short JMP (opcode EB), or LOOP. M = The ModR/M byte may refer only to memory. Applicable, e.g., to LES and LDS. O = The instruction has no ModR/M byte; the offset of the operand is encoded as a WORD in the instruction. Applicable, e.g., to certain MOVs (opcodes A0 through A3). S = The reg field of the ModR/M byte selects a segment register.

Appendix D: Argument Operand Codes:

0 = Byte argument. Unusual in that arguments of this type are suppressed in ASM output when they have the default value of 10 (0xA). Applicable, e.g., to AAM and AAD. b = Byte argument. p = 32-bit segment:offset pointer. w = Word argument. v = Word argument. (The 'v' code has a more complex meaning in later x86 opcode maps, from which this was derived, but here it's just a synonym for the 'w' code.)