Sign or zero Address extension in 64-bit mode for MOV moffs32?

Question

Sign or zero Address extension in 64-bit mode for MOV moffs32?

Suppose we have a command encoded in 64-bit mode as (the effective size of the address switches to 67 prefix from the default from 64 to 32 bits). MOV EAX,[0xFFFFFFFF] 67A1FFFFFFFF

Intel Operating Instructions (doc Order Number: 325383-057US from December 2015) on page Vol. 2A 2-11 states:

2.2.1.3 Offset
Addressing in 64-bit mode uses the existing 32-bit encoding ModR / M and SIB. The sizes of ModR / M and SIB are not changed. They remain 8 bits or 32 bits and expand to 64 bits.

This suggests that the 32-bit offset should be an extended character , but I'm not sure if this concerns the special mode of addressing the moffs. On the next page, Intel says:

2.2.1.6 RIP Relative Addressing
RIP relative addressing is allowed in 64-bit mode, not in 64-bit address size. Using the address size prefix does not disable RIP relative addressing. The effect of the address size prefix is truncation and zero expansion of the calculated effective address to 32 bits.

This suggests that in relative addressing mode, disp32 is expanded to 64 bits, added to RIP, and then truncated to zero extended . Hovever I am not sure that this rule applies to absolute addressing, which applies to MOV moffs operations.

EAX, A) FFFFFFFFFFFFFFFF B) 00000000FFFFFFFF?

+4

assembly x86 x86-64 64bit memory-address

vitsoft 06 . '16 19:55

1

Peter Cordes · Accepted Answer · 2016-06-08T02:42:51+0000

67 A1 FFFFFFFF disp32, Mod/RM . moffs32 - . ( @Jester , .)

moffs32 64 . (, mov eax, [esp] mov eax, [rsp]) ).

, , mov eax, [0xFFFFFFFF] ( , NASM), , - .

NASM, ,

`mov eax, [a32 0xFFFFFFFF]`

YASM a32 , NASM .

GNU as ( .byte): addr32 mov 0xffffffff,%eax

movl    0x7FFFFFFF, %eax  # 8B mod/rm disp32
movl    0xFFFFFFFF, %eax  # A1 moffs64: movabs, no REX, because address can't be encoded in a disp32

movabs  0x7FFFFF, %eax    #     A1 moffs64: movabs, no REX or address-size prefix
movabs  0xFFFFFFFF, %rax  # REX A1 moffs64
movabs  0xFFFF, %ax       #  66 A1 moffs64: operand-size prefix

.byte 0x67, 0xa1, 0xff, 0xff, 0xff, 0xff  # disassembles to  addr32 mov 0xffffffff,%eax
                                          # and that syntax works as assembler input:
addr32 mov 0xffffffff,%eax    # 67 A1 FF FF FF FF:  moffs32

, a32 NASM, YASM, 67 A1 moffs32. mov disp32 . (, mov ecx, [a32 0x7FFFFF] 67 8b 0c 25 ff ff 7f 00 addr32 mov 0x7fffff,%ecx)

mov eax, [qword 0xffff...], moffs64, moffs32. ( , , .)

Fog objconv ( , GNU as, ). objconv, , . ( prefixes: opcode, operands)

; Note: Absolute memory address without relocation
    mov     eax, dword [abs qword 7FFFFFH]          ; 0033 _ A1, 00000000007FFFFF
 ...
; Note: Absolute memory address without relocation
    mov     eax, dword [0FFFFFFFFFFFFFFFFH]         ; 0056 _ 67: A1, FFFFFFFF

ndisasm -b64 , , :

00000073  A1FFFF7F00000000  mov eax,[qword 0x7fffff]
         -00
...
00000090  67A1FFFFFFFF      mov eax,[0xffffffff]

mov eax, [qword 0xffffffff], a32. moffs64, , , . , AMD64 ndisasm, AMD64.

Sign or zero Address extension in 64-bit mode for MOV moffs32?

mov eax, [a32 0xFFFFFFFF]

More articles:

`mov eax, [a32 0xFFFFFFFF]`