hngopher.com

       [HN Gopher] Undocumented 8086 Opcodes part 1
       ___________________________________________________________________
        
       Undocumented 8086 Opcodes part 1
        
       Author : rwmj
       Score  : 54 points
       Date   : 2022-12-04 16:16 UTC (6 hours ago)
        
 (HTM) web link (www.os2museum.com)
 (TXT) w3m dump (www.os2museum.com)
        
       | cesarb wrote:
       | Probably related to the post from yesterday ("How the 8086
       | processor's microcode engine works" (righto.com)
       | https://news.ycombinator.com/item?id=33845941), which explains
       | _why_ "[...] the processor ignores certain bits when decoding
       | instructions."
        
       | rwmj wrote:
       | POP CS - dismissed as "useless" here - was used by some viruses
       | to allow them to relocate their own code in memory. They stopped
       | working when it became #UD on 286 and above!
       | https://malwiki.org/index.php?title=Alameda
        
         | diydsp wrote:
         | Btw why is it "useless"? Does it pop the stack value into the
         | Code Segment reg? Would that make the next instruction exec
         | from the new CS:PC? Seems good for maybe a task scheduler?
        
           | ajenner wrote:
           | Yes, it pops the stack value into the CS register. But it
           | doesn't update the PC as well - it'll continue to point to
           | the offset (in the old CS) of the instruction after the "POP
           | CS". So whatever code is in the new CS, it has to be
           | "compatible" with the code in the old CS, in terms of the
           | instructions starting in the right place. However, it's even
           | more complicated than that because the prefetch queue is not
           | flushed, so the exact address where it switches over will be
           | unpredictable. For certain very specific scenarios it could
           | potentially be useful to speed up conditional execution by
           | eliminating those prefetch queue flushes, though.
        
       | mrlonglong wrote:
       | This was over a year ago. Where's part 2 and others ?
        
         | Sniffnoy wrote:
         | Doesn't look like the series was ever continued,
         | unfortunately...
        
       | vesinisa wrote:
       | (2017)
        
       | kvakvs wrote:
       | The used font is great for text but atrocious for programming
       | uses: 0 looks same as O, and the article is full of hexadecimal
       | codes.
        
         | lzooz wrote:
         | o is not a valid hexadecimal number.
        
         | Waterluvian wrote:
         | I think what you might be picking up on is the mix of upper and
         | lowercase that makes hex numbers feel a little off when
         | reading.
        
       ___________________________________________________________________
       (page generated 2022-12-04 23:00 UTC)