Instruction Generators - Neo-Mind/WARP GitHub Wiki
Instruction Generators
Table of Contents
Introduction
Everywhere when we deal with hex string it is often intended to be a sequence of ASM instructions.
While it is perfectly fine to write them directly as hex, it often becomes tedious to remember the opcodes, mod r/m bytes, sib bytes and so forth.
To ease the process, most of the known CPU instructions have been added as 'generator' functions & strings by means of the support scripts.
The functions make use of the [Instr] class along with objects of the other scripted classes to create the equivalent hex string of each instruction.
Functions
Based on the type of Registers being dealt with there are 3 categories of generator functions.
Legend used
Imm= Immediate value (Number or Hex).Reg= Any Register object[...]= Memory Pointer which takes the generic form [scale*reg + reg + displacement], all parts of which are optional, but atleast 1 should be there.
Regular
| Instruction | Accepted argument forms |
|---|---|
PUSH |
ImmReg [...] |
POP |
Reg [...] |
CALL/JMP |
TgtAddr, SrcAddr Distance (number or hex) Reg [...] |
RETN |
2 byte Imm None |
ENTER |
Size (number), NestLevel (number or hex) |
JO/JNO/JB/JC/JNAE/JNB/JNC/JAE/JE/JZ/JNE/JNZ/JBE/JNA/JNBE/JA/JS/JNS/JP/JPE/JNP/JPO/JL/JNGE/JNL/JGE/JLE/JNG/JNLE/JG |
TgtAddr, SrcAddr Distance (number or hex) |
LEA |
Reg, [...] |
MOV |
Reg, Reg Reg, [...] Reg, Imm [...], Reg [...], Imm |
MOVSX/MOVZX |
Reg, RegReg, [...] |
CMOVO/CMOVNO/CMOVB/CMOVC/CMOVNAE/CMOVNB/CMOVNC/CMOVAE/CMOVE/CMOVZ/CMOVNE/CMOVNZ/CMOVBE/CMOVNA/CMOVNBE/CMOVA/CMOVS/CMOVNS/CMOVP/CMOVPE/CMOVNP/CMOVPO/CMOVL/CMOVNGE/CMOVNL/CMOVGE/CMOVLE/CMOVNG/<br>CMOVNLE/CMOVG |
Reg, Reg Reg, [...] |
SETO/SETNO/SETB/SETC/SETNAE/SETNB/SETNC/SETAE/SETE/SETZ/SETNE/SETNZ/SETBE/SETNA/SETNBE/SETA/SETS/SETNS/SETP/SETPE/SETNP/SETPO/SETL/SETNGE/SETNL/SETGE/SETLE/SETNG/SETNLE/SETG |
8 bit Reg [...] |
INC/DEC |
Reg [...] |
NOT/NEG |
Reg [...] |
MUL/DIV/IDIV |
Reg [...] |
IMUL |
Reg [...] Reg, Reg Reg, Reg, ImmReg, [...] Reg, [...], Imm |
ROL/ROR/RCL/RCR/SHL/SHR/SAL/SAR |
Reg Reg, Imm [...] [...], 1 Reg, Reg [...], Reg |
ADD/OR/ADC/SBB/AND/SUB/XOR/CMP |
Reg, Reg Reg, [...] Reg, Imm [...], Reg [...], Imm |
TEST |
Reg [...] Reg, RegReg, [...] [...], Reg |
There is also a NOPs function available for generating a sequence of multi-byte NOPs.
Syntax:
NOPs(count)
ST based
| Instruction | Accepted argument forms |
|---|---|
FADD/FMUL/FSUB/FSUBR/FDIV/FDIVR |
[...] Reg, Reg |
FCOM/FCOMP |
Reg [...] |
FLD/FST/FSTP/FLDENV/FLDCW/FSTENV/FSTCW |
Reg [...] |
FIADD/FIMUL/FICOM/FICOMP/FISUB/FISUBR/FIDIV/FIDIVR |
[...] |
FILD/FISTTP/FIST/FISTP |
[...] |
FCMOVB/FCMOVE/FCMOVBE/FCMOVU |
Reg, Reg |
FCMOVNB/FCMOVNE/FCMOVNBE/FCMOVNU |
Reg, Reg |
FADDP/FMULP/FSUBRP/FSUBP/FDIVRP/FDIVP |
Reg, Reg None |
FFREEP |
Reg |
FSTSW |
AX [...] |
FUCOMI/FUCOMIP |
ST0, ST Reg |
XMM based
| Instruction | Accepted argument forms |
|---|---|
MOVAPD/MOVAPS/MOVDQA/MOVDQU/MOVD/MOVQ/MOVSS/MOVUPD/MOVUPS |
Reg, [...] [...], Reg Reg, Reg |
MOVLPS/MOVHPS/MOVLPD/MOVHPD |
Reg, [...] [...], Reg |
MOVNTPD/MOVNTPS/MOVNTQ/MOVNTDQ/MOVNTSS |
[...], Reg |
MOVSLDUP/MOVSHDUP |
Reg, Reg Reg, [...] |
UNPCKLPS/UNPCKHPS/PUNPCKLQDQ/PUNPCKHQDQ |
Reg, Reg Reg, [...] |
CVTDQ2PD/CVTDQ2PS/CVTPS2DQ |
Reg, Reg Reg, [...] |
CVTPD2PI/CVTPI2PD/CVTPI2PS/CVTPD2PS/CVTPS2PD/CVTPS2PI |
Reg, Reg Reg, [...] |
CVTSI2SS/CVTSS2SI/CVTSS2SD |
Reg, Reg Reg, [...] |
CVTTPD2PI/CVTTPD2DQ/CVTTPS2DQ/CVTTPS2PI/CVTTSS2SI |
Reg, Reg Reg, [...] |
UCOMISD/COMISD/UCOMISS/COMISS |
Reg, Reg Reg, [...] |
SQRTPD/SQRTPS/SQRTSS/RSQRTPS/RSQRTSS |
Reg, Reg Reg, [...] |
ANDPD/ANDNPD/ANDPS/ANDNPS |
Reg, Reg Reg, [...] |
ORPD/ORPS/XORPD/XORPS |
Reg, Reg Reg, [...] |
ADDPD/ADDPS/ADDSS/ADDSUBPD/HADDPD |
Reg, Reg Reg, [...] |
MULPD/MULPS/MULSS/DIVPD/DIVPS/DIVSS/RCPPS/RCPSS |
Reg, Reg Reg, [...] |
SUBPD/SUBPS/SUBSS/HSUBPD |
Reg, Reg Reg, [...] |
MINPD/MINPS/MINSS/MAXPD/MAXPS/MAXSS |
Reg, Reg Reg, [...] |
PSHUFD/PSHUFW/PSHUFHW/SHUFPD/SHUFPS |
Reg, Reg Reg, [...] |
UNPCKLPD/UNPCKHPD |
Reg, [...] |
Strings
Some of the CPU instructions work standalone i.e. they do not take any arguments and as a result only have just opcodes.
For these it made better sense to just keep them as global variables containing the opcode hex.
Regular
| Name | Hex code |
|---|---|
PUSHAD |
60 |
POPAD |
61 |
NOP |
90 |
CWDE |
98 |
CDQ |
99 |
LEAVE |
C9 |
INT3 |
CC |
NOP variants
In addition to NOP, There are also multi-byte NOPs available as strings as well.
| Name | Actual instruction | Hex code |
|---|---|---|
NOP2 |
NOP with address override |
66 90 |
NOP3 |
NOP DWORD PTR [EAX] |
0F 1F 00 |
NOP4 |
NOP DWORD PTR [EAX + 0] |
0F 1F 40 00 |
NOP5 |
NOP DWORD PTR [EAX + EAX + 0] |
0F 1F 44 00 00 |
NOP6 |
NOP DWORD PTR [AX + AX + 0] |
66 0F 1F 44 00 00 |
NOP7 |
NOP DWORD PTR [EAX + 0] where 0 is 4 bytes long |
0F 1F 80 00 00 00 00 |
NOP8 |
NOP DWORD PTR [EAX + EAX + 0] where 0 is 4 bytes long |
0F 1F 84 00 00 00 00 00 |
NOP9 |
NOP DWORD PTR [AX + AX + 0] where 0 is 4 bytes long |
66 0F 1F 84 00 00 00 00 00 |
ST based
| Name | Hex code |
|---|---|
FNOP |
D9 D0 |
FCHS |
D9 E0 |
FABS |
D9 E1 |
FTST |
D9 E4 |
FXAM |
D9 E5 |
FLD1 |
D9 E8 |
FLDL2T |
D9 E9 |
FLDL2E |
D9 EA |
FLDPI |
D9 EB |
FLDLG2 |
D9 EC |
FLDLN2 |
D9 ED |
FLDZ |
D9 EE |
F2XM1 |
D9 F0 |
FYL2X |
D9 F1 |
FPTAN |
D9 F2 |
FPATAN |
D9 F3 |
FXTRACT |
D9 F4 |
FPREM1 |
D9 F5 |
FDECSTP |
D9 F6 |
FINCSTP |
D9 F7 |
FPREM |
D9 F8 |
FYL2XP1 |
D9 F9 |
FSQRT |
D9 FA |
FSINCOS |
D9 FB |
FRNDINT |
D9 FC |
FSCALE |
D9 FD |
FSIN |
D9 FE |
FCOS |
D9 FF |
FUCOMPP |
DA E9 |
FNENI |
DB E0 |
FNDISI |
DB E1 |
FNCLEX |
DB E2 |
FNINIT |
DB E3 |
FCLEX |
9B DB E2 |
FINIT |
9B DB E3 |
FNSETPM |
DB E4 |
FCOMPP |
DE D9 |