Date created: Sunday, April 21, 2019 9:27:06 AM. Last modified: Sunday, June 21, 2020 9:42:12 AM

Intel Opcode Examples

This is the matrix of source and destination register opcodes for Intel.

;0xB8 == "mov"
;0xB8 + 0xC0 == 0x178 "mov eax, eax"
;0xB8 + 0xC8 == 0x180 "mov eax, ebx"
;
; EAX ECX EDX EBX ESP EBP ESI EDI
;EAX C0 C8 D0 D8 E0 E8 F0 F8
;ECX C1 C9 D1 D9 E1 E9 F1 F9
;EDX C2 CA D2 DA E2 EA F2 FA
;EBX C3 CB D3 DB E3 EB F3 FB
;ESP C4 CC D4 DC E4 EC F4 FC
;EBP C5 CD D5 DD E5 ED F5 FD
;ESI C6 CE D6 DE E6 EE F6 FE
;EDI C7 CF D7 DF E7 EF F7 FF

The following output shows the Intel opcodes for common 32- and 64-bit instructions:

$ yasm -g dwarf2 -f elf64 opcodes.asm -l opcodes.lst
$ cat opcodes.lst
$ cat opcodes.asm

section .data

section .text
global _start
_start:

nop ; 0x90 (NOP)

mov rax, 1 ; 0x48 (REX.W prefix) + 0xC7 (MOV r/m64, imm32) + 0xC0 (r/m64 == rax) + 0x01 (imm32 == 1) == 0x48C7C001000000
mov rbx, 1 ; 0x48 (REX.W prefix) + 0xC7 (MOV r/m64, imm32) + 0xC3 (r/m64 == rbx) + 0x01 (imm32 == 1) == 0x48C7C301000000
mov rcx, 1 ; 0x48 (REX.W prefix) + 0xC7 (MOV r/m64, imm32) + 0xC1 (r/m64 == rcx) + 0x01 (imm32 == 1) == 0x48C7C101000000
mov rdx, 1 ; 0x48 (REX.W prefix) + 0xC7 (MOV r/m64, imm32) + 0xC2 (r/m64 == rdx) + 0x01 (imm32 == 1) == 0x48C7C201000000

mov eax, 1 ; ( 0xB8 (MOV r32, imm32) + 0x00 (r32 == eax) ) + 0x01 (imm32 == 1) == 0xB801000000
mov ebx, 1 ; ( 0xBB (MOV r32, imm32) + 0x03 (r32 == ebx) ) + 0x01 (imm32 == 1) == 0xBB01000000
mov ecx, 1 ; ( 0xB9 (MOV r32, imm32) + 0x01 (r32 == ecx) ) + 0x01 (imm32 == 1) == 0xB901000000
mov edx, 1 ; ( 0xBA (MOV r32, imm32) + 0x02 (r32 == edx) ) + 0x01 (imm32 == 1) == 0xBA01000000

push rax ; 0x50 (PUSH r64) + 0x00 (r64 == rax) == 0x50
push rbx ; 0x50 (PUSH r64) + 0x03 (r64 == rbx) == 0x53
push rcx ; 0x50 (PUSH r64) + 0x01 (r64 == rcx) == 0x51
push rdx ; 0x50 (PUSH r64) + 0x02 (r64 == rdx) == 0x52

pop rax ; 0x58 (POP r64) + 0x00 (r64 == rax) == 0x58
pop rbx ; 0x58 (POP r64) + 0x03 (r64 == rbx) == 0x5B
pop rcx ; 0x58 (POP r64) + 0x01 (r64 == rcx) == 0x59
pop rdx ; 0x58 (POP r64) + 0x02 (r64 == rcx) == 0x5A

; In 64-bit mode these will not work / are not supported
;push eax
;push ebx
;push ecx
;push edx

add rax, 11 ; 0x48 (REX.W prefix) + 0x83 (ADD r/m32, imm8) + 0xC0 (r/m32 == eax) + 0x0B (imm8 == 11) == 0x4883C00B
add rbx, 11 ; 0x48 (REX.W prefix) + 0x83 (ADD r/m32, imm8) + 0xC3 (r/m32 == ebx) + 0x0B (imm8 == 11) == 0x4883C30B
add rbx, 1122 ; 0x48 (REX.W prefix) + 0x81 (ADD r/m64, imm32) + 0xC3 (r/m64 == rbx) + 0x6204 (imm32 == 1122) == 0x4881C362040000
add rbx, 112233 ; 0x48 (REX.W prefix) + 0x81 (ADD r/m64, imm32) + 0xC3 (r/m64 == rbx) + 0x69B601 (imm32 == 112233) == 0x4881C369B60100
add rbx, 17223344 ; 0x48 (REX.W prefix) + 0x81 (ADD r/m64, imm32) + 0xC3 (r/m64 == rbx) + 0xB0CE0601 (imm32 == 17223344) == 0x4881C3B0CE0601

add eax, 11 ; 0x83 (ADD r/m32, imm8) + 0xC0 (r32 == eax) + 0x0B (imm8 == 11) == 0x83C00B
add ebx, 1122 ; 0x81 (ADD r/m32, imm32) + 0xC3 (r32 == ebx) + 0x6204 (imm32 == 1122) == 0x81C362040000
add ecx, 112233 ; 0x81 (ADD r/m32, imm32) + 0xC1 (r32 == ecx) + 0x69B601 (imm32 == 112233) == 0x81C169B60100
add edx, 17223344 ; 0x81 (ADD r/m32, imm32) + 0xC2 (r32 == edx) + 0xB0CE0601 (imm32 == 17223344) == 0x81C2B0CE0601

xor rax, rax ; 0x48 (REX.W prefix) + 0x31 (XOR r/m64, r64) + 0xC0 (r/m64, r64 == rax, rax) == 0x4831C0
xor rbx, rbx ; 0x48 (REX.W prefix) + 0x31 (XOR r/m64, r64) + 0xDB (r/m64, r64 == rbx, rbx) == 0x4831DB
xor rax, rbx ; 0x48 (REX.W prefix) + 0x31 (XOR r/m64, r64) + 0xD8 (r/m64, r64 == rax, rbx) == 0x4831D8
xor eax, eax ; 0x31 (XOR r/m32, r32) + 0xC0 (r/m32, r32 == eax, eax) == 0x31C0
xor ebx, ebx ; 0x31 (XOR r/m32, r32) + 0xDB (r/m32, r32 == ebx, ebx) == 0x31DB
xor eax, ebx ; 0x31 (XOR r/m32, r32) + 0xC0 (r/m32, r32 == eax, ebx) == 0x31D8

or rax, rax ; 0x48 (REX.W prefix) + 0x09 (OR r/m64, r64) + 0xC0 (r/m64, r64 == rax, rax) == 0x4809C0
or rbx, rbx ; 0x48 (REX.W prefix) + 0x09 (OR r/m64, r64) + 0xDB (r/m64, r64 == rbx, rbx) == 0x4809DB
or eax, eax ; 0x09 (OR r/m32, r32) + 0xC0 (r/m32, r32 == eax, eax) == 0x09C0
or ebx, ebx ; 0x09 (OR r/m32, r32) + 0xDB (r/m32, r32 == ebx, ebx) == 0x09DB

sbb rax, rax ; 0x48 (REX.W prefix) + 0x19 (SBB r/m64, r64) + 0xC0 (r/m64, r64 == rax, rax) == 0x4819C0
sbb rbx, rbx ; 0x48 (REX.W prefix) + 0x19 (SBB r/m64, r64) + 0xDB (r/m64, r64 == rbx, rbx) == 0x4819DB
sbb eax, eax ; 0x19 (SBB r/m32, r32) + 0xC0 (r/m32, r32 == eax, eax) == 0x19C0
sbb ebx, ebx ; 0x19 (SBB r/m32, r32) + 0xDB (r/m32, r32 == ebx, ebx) == 0x19DB

sub rax, rax ; 0x48 (REX.W prefix) + 0x29 (SUB r/m64, r64) + 0xC0 (r/m64, r64 == rax, rax) == 0x4829C0
sub rbx, rbx ; 0x48 (REX.W prefix) + 0x29 (SUB r/m64, r64) + 0xDB (r/m64, r64 == rbx, rbx) == 0x4829DB
sub eax, eax ; 0x29 (SUB r/m32, r32) + 0xC0 (r/m32, r32 == eax, eax) == 0x29C0
sub ebx, ebx ; 0x29 (SUB r/m32, r32) + 0xDB (r/m32, r32 == ebx, ebx) == 0x29DB