3

Encoding the x86_64 instruction mov rcx,rdx (using https://defuse.ca/online-x86-assembler.htm) outputs 48 89 D1.

Checking the op-code with this reference shows how that byte sequence encodes the instruction.

However two rows down in that table (op-code 8B) is a very similar mov instruction, but with the order of the operands flipped.
In fact I'm able to encode the same instruction using 48 8b ca (verified by decompiling).

Why do both op-codes exist? Do they differ by more than I was able to work out? When would one be picked over the other?

user1000039
  • 785
  • 1
  • 7
  • 19
  • 1
    They exist to allow for a memory operand to be either source or destination. If both are registers, you get two encodings. Which is picked depends on assembler, some even allow you to specify (e.g. the `.s` suffix for gas). – Jester Mar 27 '17 at 18:18

1 Answers1

4

A modr/m byte can only encode up to one memory operand. All instructions that support memory operands in either source or destination are thus encoded twice, once with source being possibly a memory operand and once with destination possibly being a memory operand. Of course this means that you can encode mnemonics where both operands are registers twice.

fuz
  • 88,405
  • 25
  • 200
  • 352
  • Thanks, that explains it. Is there a reason why assemblers tend to favor the first encoding over the second when assembling a simple mov instruction (no memory access)? Is it just coincidence? – user1000039 Mar 27 '17 at 18:48
  • 1
    @user1000039 depends on the assembler. IIRC Solaris `as` favours the latter. – fuz Mar 27 '17 at 19:23
  • 1
    depends on the assembler. with macros you could choose by random to get some polymorphism in your output. but I do not think that there is any reason to do so. btw. this also applies to add, or, adc, sbb, and, sub, xor, cmp, test, xchg. (the last two are a bit different) – sivizius Mar 27 '17 at 21:57
  • @sivizius I dimly recall that some assemblers chose encodings in a specific way to mark binaries as being assembled with that assembler. This allowed the author to prove that the binary was assembled e.g. with the demo version that isn't licensed for commercial use. – fuz Mar 27 '17 at 22:10