-1

I'm currently writing a virtual machine and I've realised that 0xBB is not a valid instruction when it should be.

I tried using shellstorm with the assembly instruction of:

mov EBX, 0xffffffff

which gave me bb ff ff ff ff. But after looking in 4 different x86 instruction listing manuals I could find, the 0xBB opcode seems to not exist or it's taken by a different instruction. I thought it was just shellstorm being wrong so I tried a different online assembler using defuse, but it gave me the same result. Can anybody tell me why is this the case?

EDIT:

I misunderstood the purpose of the + symbol next to some opcodes, so 0xB8+ is the actual instruction I was finding for.

BadUsernameIdea
  • 96
  • 7
  • 2
    The instruction is present in manuals such as [this one](https://c9x.me/x86/html/file_module_x86_id_176.html) where it is listed with opcode `B8 +r`. – fuz May 13 '22 at 20:00
  • 1
    http://ref.x86asm.net/coder64.html has an index by opcode byte. – Peter Cordes May 13 '22 at 20:00
  • @fuz My apologies, I didn't exactly know what B8+ meant exactly. I assumed it was just an instruction extension or some sorts. Thank you for the clarification. – BadUsernameIdea May 13 '22 at 20:05
  • 4
    @BadUsernameIdea I strongly recommend you to read the section on how the instruction encoding syntax works in the Intel Software Development Manuals. `+r` means “add the register number to the opcode.” – fuz May 13 '22 at 20:09
  • 2
    The graphic at https://www.sandpile.org/x86/opc_1.htm shows you specifically that it uses `ebx` as the register, so you don't have to work out the `+r` for yourself. Likewise https://github.com/torvalds/linux/blob/master/arch/x86/lib/x86-opcode-map.txt. – Nate Eldredge May 13 '22 at 21:26

0 Answers0