Most of the special-purpose operations that the 80386 inherited from the 8086 are largely obsolete. Although processors still support them, the implementations are not optimized, and compilers don’t generate them. <\/p>\n
Except for the block operations. Those are still important. <\/p>\n
The block operations (formally known as “string” instructions) operate on blocks of memory. They are another class of the unusual instructions that operate on two pieces of memory in a single instruction. <\/p>\n
The implied source memory is pointed to by the esi<\/var> register, and the implied destination memory is pointed to by the edi<\/var> register. You are not required to specify the implied operands in assembly language, but the Windows disassembler always shows them. I’ll show them as they are disassembled, since the focus of this series is on reading disassembly of compiler-generated code, not on writing assembly. <\/p>\n Remember this table? <\/p>\n We saw this table when we studied multiplication and division. Well, we’re going to use the Let’s also define this operation: <\/p>\n The The DF<\/var> flag is required to be up<\/var> at function call boundaries. A function is permitted to set it to dn<\/var> temporarily, but it needs to set it back to up<\/var> before allowing control to leave the function.¹ <\/p>\n In practice, the direction flag is always up<\/var>, except possibly for brief moments inside the The “move string” instruction copies the specified unit of memory from the source address to the destination address, and then post-increments or post-decrements the edi<\/var> and esi<\/var> registers. For example, <\/p>\n The “compare string” instruction sets flags according to the calculation of The “scan string” instruction compares the destination with the lo<\/var> register and then post-increments\/post-decrements the edi<\/var> register. <\/p>\n The “load string” instruction loads lo<\/var> from the source and then post-increments\/post-decrements the esi<\/var> register. <\/p>\n The “store string” instruction stores lo<\/var> to the destination and then post-increments\/post-decrements the edi<\/var> register. <\/p>\n These instructions are known as “string” operations because they can include a “repeat” prefix that indicates that the operation should be repeated for a number of times specified by the ecx<\/var> register, which is the length of the string. <\/p>\n The The The In all cases, if ecx<\/var> is zero, then the instruction is a nop. <\/p>\n The assembler accepts Although At the end of the instruction, the ecx<\/var> register has been decremented by the number of elements operated upon, and the esi<\/var> and\/or edi<\/var> registers have been incremented or decremented by the number of bytes operated upon. <\/p>\n These instructions are typically used only in the following idioms: <\/p>\n For the cases where there are multiple termination conditions, you can inspect the flags and the ecx<\/var> register to determine which condition terminated the loop and consequently how many iterations of the loop were performed. <\/p>\n AFter preparing the preconditions for the After the Otherwise, the zero byte was found and we want to calculate the length. We have two choices: We could try to infer it from ecx<\/var>, whose final value is 100 − (n<\/var> + 1), or we could try to infer it from edi<\/var>, whose final value is To infer it from ecx<\/var>, we solve for n<\/var> and get n<\/var> = 99 − ecx<\/var>. However, the 80386 does not have a way to subtract a register from a constant in a single instruction, so this would require us to use two instructions, say To infer it from edi<\/var>, we solve for n<\/var> and get n<\/var> = edi<\/var> − The second calculation is easier in this case, so we go with that. <\/p>\n These instructions are usually used with a repeat prefix, but for small numbers of iterations, they might be unrolled, to avoid the overhead of having to set up the The repeating instructions do not operate atomically. Rather, a single iteration is run, the registers are updated, and then the instruction pointer either advances to the next instruction if the loop termination condition is met, or it returns to the instruction if the loop should continue. This means that at each step, the ecx<\/var> register decrements by one, the edi<\/var> and\/or esi<\/var> registers advance by one unit, the flags are set as necessary, and then the instruction pointer either moves to the next instruction or stays put. (This design permits interrupts to be serviced during long block operations.) <\/p>\n You’ll notice this behavior if you try to single-step through a repeated block operation in the debugger. Each single-step will run one iteration, and it will look like nothing happened because the instruction pointer didn’t move. But something did happen: The ecx<\/var> register was decremented, the edi<\/var> and\/or esi<\/var> registers advanced, and flags may have been updated. <\/p>\n\n
\n Operand size<\/th>\n Hi<\/th>\n Lo<\/th>\n<\/tr>\n \n byte<\/td>\n AH<\/code><\/td>\nAL<\/code><\/td>\n<\/tr>\n\n word<\/td>\n DX<\/code><\/td>\nAX<\/code><\/td>\n<\/tr>\n\n dword<\/td>\n EDX<\/code><\/td>\nEAX<\/code><\/td>\n<\/tr>\n<\/table>\nlo<\/code> column again. <\/p>\n\nadvance reg {\n if (direction flag is clear) reg += sizeof(size)\n if (direction flag is set ) reg -= sizeof(size)\n}\n<\/pre>\nadvance<\/code> operation performs a post-increment if the direction flag is clear, aka up<\/var>, or a post-decrement if the direction flag is set, aka dn<\/var> (down). <\/p>\nmemmove<\/code> function when moving between overlapped memory blocks. <\/p>\n\n MOVS size PTR [edi], size PTR [esi] ; d = s\n ; advance edi\n ; advance esi\n\n CMPS size PTR [edi], size PTR [esi] ; set flags per d - s\n ; advance edi\n ; advance esi\n\n SCAS size PTR [edi] ; set flags per lo - d\n ; advance edi\n\n LODS size PTR [esi] ; lo = s\n ; advance esi\n\n STOS size PTR [edi] ; s = lo\n ; advance edi\n<\/pre>\n
\n MOVS DWORD PTR [edi], DWORD PTR [esi]\n ; *(int32_t*)edi = *(int32_t*)esi\n ; if up, then edi += 4, esi += 4\n ; if dn, then edi -= 4, esi -= 4\n<\/pre>\n
d - s<\/code>, the same as the CMP<\/code> instruction, and then post-increments\/post-decrements the edi<\/var> and esi<\/var> registers. <\/p>\n\n
\n Prefixed opcode<\/th>\n Meaning<\/th>\n<\/tr>\n \n REP MOVS<\/code><\/td>\nMove ecx<\/var> units<\/td>\n<\/tr>\n \n REPE CMPS<\/code><\/td>\nCompare ecx<\/var> units as long as they are equal<\/td>\n<\/tr>\n \n REPNE CMPS<\/code><\/td>\nCompare ecx<\/var> units as long as they are different<\/td>\n<\/tr>\n \n REPE SCAS<\/code><\/td>\nCompare ecx<\/var> units as long as they are equal to lo<\/var><\/td>\n<\/tr>\n \n REPNE SCAS<\/code><\/td>\nCompare ecx<\/var> units as long as they are different from lo<\/var><\/td>\n<\/tr>\n \n REP LODS<\/code><\/td>\nLoad ecx<\/var> units into lo<\/var><\/td>\n<\/tr>\n \n REP STOS<\/code><\/td>\nStore ecx<\/var> units from lo<\/var><\/td>\n<\/tr>\n<\/table>\n REP<\/code> prefix causes the operation to repeat for ecx<\/var> iterations. <\/p>\nREPE<\/code> prefix causes the operation to repeat for ecx<\/var> iterations, provided that the result of the comparison was “equal”. <\/p>\nREPNE<\/code> prefix causes the operation to repeat for ecx<\/var> iterations, provided that the result of the comparison was “not equal”. <\/p>\nREPZ<\/code> and REPNZ<\/code> as synonyms for REPE<\/code> and REPNE<\/code>, respectively. <\/p>\nREP LODS<\/code> is technically legal, it is of dubious utility because each iteration will overwrite lo<\/var>, and only the last iteration’s result will remain. <\/p>\n\n ; copy ecx units from esi to edi\n REP MOVS size PTR [edi], size PTR [esi]\n\n ; look for lo in a buffer with ecx elements starting at edi\n REPNE SCAS size PTR [edi]\n\n ; store ecx copies of lo into the buffer starting at edi\n REP STOS size PTR [edi]\n<\/pre>\n
\n mov ecx, 100 ; search up to 100 characters\n xor eax, eax ; search for 0\n mov edi, offset string ; search this string\n repne scas byte ptr [edi] ; scan bytes looking for 0 (find end of string)\n jnz toolong ; not found\n sub edi, (offset string) + 1 ; calculate length\n<\/pre>\n
REPNE SCAS<\/code> instruction, we kick off the search. At the completion of the instruction, we know the following: <\/p>\n\n
\n
\n
REPNE SCAS<\/code> instruction, we check the ZF<\/var> flag to see whether the zero byte was found. If not, then we declare the string too long. <\/p>\noffset string<\/code> + n<\/var> + 1. <\/p>\nsub ecx, 99<\/code> followed by neg ecx<\/code>. <\/p>\noffset string<\/code> − 1<\/var> = edi<\/var> − (offset string<\/code> + 1<\/var>). <\/p>\necx<\/code> register. The MOVS<\/code> instruction encodes in only one byte, so you can do four of them in fewer bytes than it takes to load a constant into a 32-bit register. <\/p>\n\n ; move 16 bytes from esi to edi\n MOVS DWORD PTR [edi], DWORD PTR [esi]\n MOVS DWORD PTR [edi], DWORD PTR [esi]\n MOVS DWORD PTR [edi], DWORD PTR [esi]\n MOVS DWORD PTR [edi], DWORD PTR [esi]\n<\/pre>\n