#1
|
|||
|
|||
Strange Instruction CTS BE
Hi,
I was debugging a DOS COM crackme using DOS Debug and MS Symbolic Debugger. In olly there was a line DB 0F and another senseless instruction below. In symbolic debug, it showed CTS BE. The opcode is 0F BE . What does this do? Thomas Antony |
#2
|
|||
|
|||
386 I think
As I remember 0F is a prefix for >=80286 instruction....
ex: SMSW DX (0F 01 E2) 80286 + MOV EDX, CR0 (0F 20 C2) 80386 + XADD DX, DX (0F C1 D2) 80486 + and 0F BE : 0f be c9 movsx ecx,cl 0f be c0 movsx eax,al MOVSX reg16,r/m8 ; o16 0F BE /r [386] MOVSX reg32,r/m8 ; o32 0F BE /r [386] see it IDA ! |
#3
|
|||
|
|||
From the Intel specs:
Quote:
As LaDidi pointed out, all non-prefixed, two-byte opcodes will start with the 0F "escape" byte as the primary opcode. This is how the processor copes with not having a uniform opcode width - it needs some way to tell if two bytes represent two one-byte opcodes or a single two-byte opcode. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hex-rays PPC decompiler and bctr instruction | jonwil | General Discussion | 0 | 04-10-2021 20:17 |
[idaref] IDA Pro Instruction Reference Plugin | sh3dow | Community Tools | 2 | 01-03-2015 19:03 |
Instruction Size | visu | General Discussion | 9 | 05-16-2005 18:23 |