Intel x86 XOR opcode 0x31

Publish date: 2024-06-07

The following Intel x86 instruction is opcode 0x31: xor <r/m32>,<r32>. In the actual machine code for the instruction, the 0x31 is followed by another hexadecimal value representing the registers or memory addresses used. My questions are as follows:

  • What are the hexadecimal codes that refer to the possible registers that can be XOR'd?
  • What are the constraints on the possible machine code this instruction could create given the number of combinations of registers and memory arguments that can be used?
  • 2 Answers

    You’ll find the full description of the Intel processor opcodes in the Intel® 64 and IA-32 Architectures Software Developer Manuals. The XOR instruction is page 682 of Volume 2B: Instruction Set Reference, M-Z.

    Answering the second part.

    You don't want to modify freely the stack pointer, ESP. If you corrupt it, your code will crash or hang.

    Likewise, the addresses that the instructions are going to use should all correspond to allocated, writable memory. If you try to access a memory location that's not mapped by physical memory or is read-only but you're writing to it, your code will crash.

    So you will have to watch your base and index registers, displacements and index register multipliers. When combined together to form a memory address that you're going to read from/write to, they should point somewhere where you know there's accessible memory.

    Typically you can allocate some memory for your needs on the stack either by pushing something onto it or by decrementing ESP.

    If you need to access program's code memory, make sure those are only reads. Code memory is normally read-only.

    If you need to execute something, it either must be the existing program's code or code located in executable memory. Expect that by default all memory that's not program's code is not executable. There're special functions in Windows and Linux to change memory protection of a memory region and make it executable or writable, though.

    ncG1vNJzZmirpJawrLvVnqmfpJ%2Bse6S7zGiorp2jqbawutJoaGluZ2aGdYKOoqWtnZxixXmCjLGmq2WfpbCwsMRmZ7FrYQ%3D%3D