HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / INTER52D.ZIP / OPCODES.LST < prev next >

Wrap

File List | 1996-10-20 | 166KB | 7,469 lines

OPCODES LIST Release 52 Last change 20oct96 ------------------------------------------------------------ This is DOC 'bout undocument command and document command of any last processors. And 'bout some registers and Chips specific stuffs. ------------------------------------------------------------ (C) (P) Potemkin's Hackers Group 1994,1995,1996 ------------------------------------------------------------ Revision 1.94 11 May 1996 ------------------------------------------------------------ All Your messages send to -> E-mail: root@chaos.misa.ac.ru avp@iron.misa.ac.ru AirMail: 111538 RUSSIA, Moscow P.O. box 430. Potemkin's Hackers Group (PHG) ------------------------------------------------------------- I'm sorry that I never included next info into OPCODE.LST: MMX instruction set. Pentium Pro full MSR description. Am5k86 AAR description. articles of interesting architecture features. But I absolutely haven't time for it. Alex V. Potemkin ------------------------------------------------------------- AAA - ASCII adjust AX after addition CPU: 8086+ Type of Instruction: User Instruction: AAA ; (no operands) Description: IF ((( AL and 0FH ) > 9 ) or (AF==1) THEN { IF CPU<286 THEN { AL <- AL+6 } ELSE { AX <- AX+6 } AH <- AH+1 CF <- 1 AF <- 1 } ELSE { CF <- 0 AF <- 0 } AL <- AL and 0Fh Note: This istruction incorrectly documented in Intel's materials. See description field. Flags Affected: AF,CF (modified) OF,SF,ZF,PF (undefined) Faults: RM PM V86 VME None CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: COP (Code of Operation) : 37H Clocks: AAA 8086: 4 8088: 4 80186: 8 80286: 3 80386: 4 i486: 3 Pentium: 3 Cx486SLC: 4 Cx486DX: 4 IBM 486BL3X: 4 UMC U5S: 1 --------------------------------------------------- AAD - ASCII adjust AX before Division CPU: 8086+ Type of Instruction: User Instruction: AAD basen Description: AL <- (AH*basen) + AL AH <- 0 Flags Affected: SF,ZF,PF (modified) OF,AF,CF (undefined) Faults: RM PM V86 VME SMM None CPU mode: RM,PM,VM,SMM Note: AAD without operands means AAD with operand 0AH. Note: NECs understand only AAD 0AH form. +++++++++++++++++++++++ Physical Form: AAD imm8 COP (Code of Operation) : D5H imm8 Clocks: AAD 0AH 8086: 60 80186: 15 80286: 14 80386: 19 i486: 14 Pentium: 10 Cx486SLC: 4 Cx486DX: 4 IBM 486BL3X: 15 UMC U5S: 11 --------------------------------------------------- AAM - ASCII adjust AX after Multiply CPU: 8086+ Type of Instruction: User Instruction: AAM basen Description: AH <- AL / basen AL <- AL MOD basen Flags Affected: SF,ZF,PF (modified) OF,AF,CF (undefined) Faults: RM PM V86 VME SMM None CPU mode: RM,PM,VM,SMM Note: AAM without operands means AAM with operand 0AH. WARNING: NECs understand only AAM 0Ah form. +++++++++++++++++++++++ Physical Form: AAM imm8 COP (Code of Operation) : D4H imm8 Clocks: AAM 0AH 8086: 83 80186: 19 80286: 16 80386: 17 i486: 15 Pentium: 18 Cx486SLC: 16 Cx486DX: 16 IBM 486BL3X: 17 UMC U5S: 12 --------------------------------------------------- ADD4S - Addition for packed BCD strings CPU: all NECs V-series Type of Instruction: User Instruction: ADD4S Description: BCD STRING (ADDRESS=ES:DI,LENGTH=CL) <- BCD STRING (ADDRESS=DS:SI,LENGTH=CL) + BCD STRING (ADDRESS=ES:DI,LENGTH=CL); Note: si,di, other registers not changed Flags Affected: OF,CF,ZF ;; ZF set if both strings are zeros. ;; CF,OF set as result of operation with most ;; signification BCDs. CPU mode: RM +++++++++++++++++++++++ Physical Form: ADD4S COP (Code of Operation) : 0FH 20H Clocks: ADD4S NEC V20: ~19*(CL/2)+7 --------------------------------------------------- BOUND - Chack Array Index Against Bounds CPU: 80186+,NECs Type of Instruction: User - HLL support Instruction: BOUND index,bound_array Description: IF (index < (opsize ptr [bound_array])) OR (index > (opsize ptr [bound_array+opsize])) THEN INT 5; Flags Affected: No Flags Affected CPU mode: RM,PM,VM,SMM Faults: RM PM V86 VME SMM #GP(0) if result is nonwritable seg. #GP(0) illegal memory operand in CS..GS (exc. SS) #SS(0) illegal memory operand in SS #PF #PF #UD #UD #UD if 2nd operand is register #13 if any part of operand lie outside of 0..FFFFh #AC #AC if CPL=3 and enable AC. Note: (186s&NECs) saved CS:IP BOUND interrupt as pointer to following instruction that self. (286+) saved as pointer to BOUND instruction. +++++++++++++++++++++++ Physical Form: BOUND reg16,mem32 BOUND reg32,mem64 COP (Code of Operation) : 62H Postbyte Note: for 32bit op. add Pfix 66h if in 16bit mode Clocks: BOUND reg16,mem16 In Range Out Range 80186: 33-35 80286: 13 int+13 80386: 10 i486: 7 Pentium: 8 int+32 Cx486SLC: 11 int+11 Cx486DX: 11 int+11 --------------------------------------------------- BRKCS - Break with Contex Switch CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: BRKCS bank Description: Perform a High-Speed Software Interrupt with contex-switch to register bank indicated by the lower 3-bits of 'bank'. Info: NEC V25/V35/V25 Plus/V35 Plus Bank System This Chips have 8 32bytes register banks, which placed in Internal chip RAM by addresses: xxE00h..xxE1Fh Bank 0 xxE20h..xxE3Fh Bank 1 ......... xxEC0h..xxEDFh Bank 6 xxEE0h..xxEFFh Bank 7 xxF00h..xxFFFh Special Functions Register Where xx is Value of IDB register. IBD is Byte Register contained Internal data area base IBD addresses is FFFFFh and xxFFFh where xx is data in IBD. Format of Bank: +0 Reserved +2 Vector PC +4 Save PSW +6 Save PC +8 DS0 ;DS +A SS ;SS +C PS ;CS +E DS1 ;ES +10 IY ;DI +11 IX ;SI +14 BP ;BP +16 SP ;SP +18 BW ;BX +1A DW ;DX +1C CW ;CX +1E AW ;AX Format of V25 etc. PSW (FLAGS): Bit Description 15 1 14 RB2 \ 13 RB1 > Current Bank Number 12 RB0 / 11 V ;OF 10 DIR ;DF 9 IE ;IF 8 BRK ;TF 7 S ;SF 6 Z ;ZF 5 F1 General Purpose user flag #1 (accessed by Flag Special Function Register) 4 AC ;AF 3 F0 General purpose user flag #0 (accessed by Flag Special Function Register) 2 P ;PF 1 BRKI I/O Trap Enable Flag 0 CY ;CF Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKCS reg16 COP (Code of Operation) : 0Fh 2Dh <1111 1RRR> Clocks: 15 --------------------------------------------------- BRKEM - Break for Emulation CPU: NEC/Sony V20/V30/V40/V50 Type of Instruction: System Instruction: BRKEM intnum Description: PUSH FLAGS PUSH CS PUSH IP MOV CS,0:[intnum*4+2] MOV IP,0:[intnum*4] MD <- 0; // Enable 8080 emulation Note: BRKEM instruction do software interrupt and then New CS,IP loaded it switch to 8080 mode i.e. CPU will execute 8080 code. Mapping Table of Registers in 8080 Mode 8080 Md. A B C D E H L SP PC F native. AL CH CL DH DL BH BL BP IP FLAGS(low) For Return of 8080 mode use CALLN instruction. Note: I.e. 8080 addressing only 64KB then "Real Address" is CS*16+PC Flags Affected: MD CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKEM imm8 COP (Code of Operation) : 0FH FFH imm8 Clocks: BRKEM imm8 NEC V20: 38 --------------------------------------------------- BRKN - Break to Native Mode CPU: NEC (V25/V35) Software Guard only Type of Instruction: System Instruction: BRKN int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 1 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Note: The BRKN instruction switches operations in Native Mode from Security Mode via Interrupt call. In Normal Mode Instruction executed as mPD70320/70322 (V25) operation mode. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKN imm8 COP (Code of Operation) : 63h imm8 Clocks: 56+10T [44+10T] --------------------------------------------------- BRKS - Break to Security Mode CPU: NEC (V25/V35) Software Guard only Type of Instruction: System Instruction: BRKS int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 0 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Note: The BRKS instruction switches operations in Security Mode via Interrupt call. In Security Mode the fetched operation code is executed after conversion in accordance with build-in translation table Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKS imm8 COP (Code of Operation) : F1h imm8 Clocks: 56+10T [44+10T] --------------------------------------------------- BRKXA - Break to Expansion Address CPU: NEC V33/V53 only Type of Instruction: System Instruction: BRKXA int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 0 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Enter Expansion Address Mode. Note: In NEC V53 Memory Space dividing into 1024 16K pages. The programming model is Same as in Normal mode. Mechanism is: 20 bit Logical Address: 19..14 Page Num 13..0 Offset page Num convertin by internal table to 23..14 Page Base tHE pHYSICAL ADDRESS is both Base and Offset. Address Expansion Registers: logical Address A19..A14 I/O Address 0 FF00h 1 FF02h ... ... 63 FF7Eh Register XAM aliased with port # FF80h indicated current mode of operation. Format of XAM register (READ ONLY): 15..1 reserved 0 XA Flag, if=1 then in XA mode. Format of V53 PSW: 15..12 1 11 V 10 DIR 9 IE 8 BRK 7 S 6 Z 5 0 4 AC 3 0 2 P 1 1 0 CY Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BRKXA imm8 COP (Code of Operation) : 0Fh E0h imm8 Clocks: 12 --------------------------------------------------- BTCLR - Bit Test, If it True Clear and Branch CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: User Instruction: BTCLR var,bitnumber,Short_Label Description: IF BIT(bitnumber OF var) =1 THEN { PC <- PC + ext - disp8; BIT(bitnumber OF var) <-0 } Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: BTCLR reg/mem8,imm3, short_label COP (Code of Operation) : 0Fh 9Ch PostByte imm3 Short_Label (Total=5 bytes) Clocks: 29 --------------------------------------------------- BSWAP - Bytes Swap CPU: I486 + Type of Instruction: User Instruction: BSWAP dwordr Description: XCHG BYTE dwordr[31:24],dwordr[7:0] XCHG BYTE dwordr[23:16],dwordr[15:8] ; Need Good Picture to Show It Notes: This instruction used for converting big-endian (Intel) format to little-endian (Motorolla etc.) format. Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: BSWAP r32 COP (Code of Operation): 0FH 11001rrr (For 32bit segment) Clocks: Cyrix Cx486SLC : 4 i486 : 1 Pentium : 1 Cyrix Cx486DX : 4 UMC U5S : 2 IBM 486BL3X : 9 --------------------------------------------------- CALLN - Call Native Mode Routine CPU: NEC/Sony V20/V30 etc Type of Instruction: System Instruction: CALLN intnum Description: CALLN instruction call (interrupt service in Native Mode) from 8080 emulation mode: PUSH FLAGS PUSH CS PUSH IP IF <- 0 TF <- 0 MD <- 1 MOV CS,0:[intnum*4+2] MOV IP,0:[intnum*4] Flags Affected: IF,TF,MD CPU mode: 8080 Emulation +++++++++++++++++++++++ Physical Form: CALLN imm8 COP (Code of Operation) : EDH EDH imm8 Clocks: NEC V20/V30: 38-58 --------------------------------------------------- CLEAR1 - Clear one bit CPU: NEC/Sony all V-series. Type of Instruction: User Instruction: CLEAR1 dest,bitnumb Description: BIT bitnumb OF dest <- 0; Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: CLEAR1 reg/mem8,CL COP (Code of Operation) : 0FH 12H Postbyte Physical Form: CLEAR1 reg/mem8,imm8 COP (Code of Operation) : 0FH 1AH Postbyte imm8 Physical Form: CLEAR1 reg/mem16,CL COP (Code of Operation) : 0FH 13H Postbyte Physical Form: CLEAR1 reg/mem16,imm8 COP (Code of Operation) : 0FH 1BH Postbyte imm8 Clocks: CLEAR1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 5/14 6/15 5/14 6/15 --------------------------------------------------- CMOVcc - Conditional Move CPU: P6 Type of Instruction: User Instruction: CMOVcc dest,sorc Description: IF condition(cc) is true THEN dest <- sorc; Flags Affected: None CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form & COPs: CMOVO reg,reg/mem 0FH 40H Postbyte CMOVNO reg,reg/mem 0FH 41H Postbyte CMOVC reg,reg/mem 0FH 42H Postbyte CMOVNC reg,reg/mem 0FH 43H Postbyte CMOVZ reg,reg/mem 0FH 44H Postbyte CMOVNZ reg,reg/mem 0FH 45H Postbyte CMOVNA reg,reg/mem 0FH 46H Postbyte CMOVA reg,reg/mem 0FH 47H Postbyte CMOVS reg,reg/mem 0FH 48H Postbyte CMOVNS reg,reg/mem 0FH 49H Postbyte CMOVP reg,reg/mem 0FH 4AH Postbyte CMOVNP reg,reg/mem 0FH 4BH Postbyte CMOVL reg,reg/mem 0FH 4CH Postbyte CMOVNL reg,reg/mem 0FH 4DH Postbyte CMOVNG reg,reg/mem 0FH 4EH Postbyte CMOVG reg,reg/mem 0FH 4FH Postbyte Clocks: ~1 (~pairing with other instructions) --------------------------------------------------- CMP4S - Compare for packed BCD strings CPU: NEC/Sony all V-series Type of Instruction: User Instruction: CMP4S Description: SetFlaGS( BCD STRING (ADDRESS=ES:DI,LENGTH=CL) - BCD STRING (ADDRESS=DS:SI,LENGTH=CL) ); Note: si,di, other registers not changed Flags Affected: OF,CF,ZF ;; ZF set if RESULT of subtraction is zero. ;; CF,OF set as result of operation with most ;; signification BCDs. CPU mode: RM +++++++++++++++++++++++ Physical Form: CMP4S COP (Code of Operation) : 0FH 26H Clocks: CMP4S NEC V20: ~7+19*CL --------------------------------------------------- CMPXCHG8B - Compare and exchange 8 bytes CPU: Pentium (tm) Type of Instruction: Operation Instruction: CMPXCHG8B dest Note: dest is memory operand: QWORD PTR [memory] Description: IF ( QWORD(EDX:EAX) = dest) THEN { ZF <- 1; dest <- QWORD(ECX:EBX); } ELSE { ZF <- 0; EDX:EAX <- dest } END Flags Affected: ZF CPU mode: RM,PM,VM,SMM Physical Form: CMPXCHG8B mem64 COP (Code of Operation) : 0FH C7H Postbyte Clocks: Pentium : 10 Note: Postbyte MMRRRMMM: MM<>11 if (==) then INT 6 --------------------------------------------------- CMPXCHG - Compare and exchange CPU: i486+ Type of Instruction: User Instruction: CMPXCHG dest,sorc Description: Acc = if OperationSize(8) -> AL OperationSize(16) -> AX OperationSize(32) -> EAX IF ( Acc = dest) THEN { ZF <- 1; dest <- sorc; } ELSE { ZF <- 0; Acc <- dest; } END Note: This instruction used to support semaphores Flags Affected: ZF ( see description) OF,SF,AF,PF,CF ( like CMP instruction ) ( see description) CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: CMPXCHG r/m8,r8 COP (Code of Operation) : 0FH A6H Postbyte ; i486 (A-B0 step) : 0FH B0H Postbyte ; i486 (B1+ step clones ; and upgrades) Clocks: Intel i486 : 6/7 if compare OK : 6/10 if compare FAIL Cyrix Cx486SLC : 5/7 Pentium (tm) : 6 Penalty if cache miss : Intel i486 : 2 Cyrix Cx486SLC : 1 +++++++++++++++++++++ Physical Form: CMPXCHG r/m16,r16 CMPXCHG r/m32,r32 COP (Code of Operation) : 0FH A7H Postbyte ; i486 (A-B0 step) : 0FH B1H Postbyte ; i486 (B1+ step clones ; and upgrades) Clocks: Intel i486 : 6/7 if compare OK : 6/10 if compare FAIL Cyrix Cx486SLC : 5/7 Pentium (tm) : 6 Penalty if cache miss : Intel i486 : 2 Cyrix Cx486SLC : 1 --------------------------------------------------- CPUID - CPU Identification CPU: Intel 486DX/SX/DX2 SL Enhanced and all later Intel processors include ( IntelDX4, IntelSX2, Pentium etc.), UMC microprocessors: U5S,U5SD,U5S-VL. Cyrix M1, AMD K5, Intel P6, and AMD Ehnanced Am486 CPU, such as A80486DX4-100SV8B. Note: i.e. 1993+ years processors produced by Intel Note: To know if your CPU support CPUID instruction try to set ID flag ( bit 21 of EFLAGS ) to 1, and if it sets this mean that CPUID support.(Soft). Or If Your CPU is Intel Look for '&E' signature on Top side of Chip.(Hard) Type of Instruction: Operation Instruction: CPUID Description: IF (EAX=0) THEN { EAX <- Maximum value of EAX to CALL CPUID instruction 1 for all processors (date 1 September 1994) may be >1 in future microprocessors ;; EBX,EDX and ECX contain a OEM name string ;; for Intel this string is 'GenuineIntel' EBX <- 756E6547H i.e. 'Genu' EDX <- 49656E69H i.e. 'ineI' ECX <- 6C65746EH i.e. 'ntel' ;; for UMC this string is 'UMC UMC UMC ' EBX <- 32434D55H i.e. 'UMC ' EDX <- 32434D55H i.e. 'UMC ' ECX <- 32434D55H i.e. 'UMC ' ;; for Cyrix this string is 'CyrixInstead' (M1,M1sc) ;; for AMD this string is 'AuthenticAMD' (K5,486 Enhanced CPUs) } ELSEIF (EAX=1) THEN { EAX[3:0] <- Stepping ID EAX[7:4] <- Model EAX[11:8] <- Family ; 3 - 386 family ; 4 - i486 family ; 5 - Pentium family ; 6 - P6 family EAX[15:12] <- Reserved ; 0 - Original OEM processor ; 1 - OverDrive ; 2 - Dual Processor Note: Pentium P54C have pin CPUTYPE which define is this CPU First or Second e.t.c in System. So, if this chip set in "First" socket it return for example 0425h, but THIS chip return 2425h if we insert it in "Second" socket. Note: Refer to Appendix B for more information. EAX[31:16] <- Reserved and set to 0s now EDX <- Compability flags ;; below all info if bit flag =1 EDX[0] <- FPU: FPU on Chip EDX[1] <- VME: Virtual Mode Extention present EDX[2] <- DE: Debbuging Extentions EDX[3] <- PSE: CPU support 4MB size pages EDX[4] <- TSC: TSC present (See RDTSC command) EDX[5] <- MSR: CPU have Pentium Compatible MSRs EDX[6] <- PAE: Physical Address Extension EDX[7] <- MCE: Machine Check exception EDX[8] <- CX8: Support CMPXCHG8B instruction EDX[9] <- APIC: Local APIC on Chip EDX[10]<- reserved EDX[11]<- reserved EDX[12]<- MTRR: CPU support Memory Type Range Register (MTRR) EDX[13]<- PGE: Page Global Feature support EDX[14]<- MCA: Machine Check Architecture EDX[15]<- CMOV: CPU support CMOV instruction EDX[22..16] <- Reserved EDX[23] <- CPU support IA MMX EDX[31:24] <- Reserved and set to 0s now } ELSEIF (EAX=2) { AL = 1 (Pentium Pro) remainder of EAX and EBX,ECX,EDX contain bytes which described cache architecture on this chip. Description of this bytes is: Value Description 00h None 01h Instruction TLB, 4K page, 4way, 64 entry 02h Instruction TLB, 4M page, 4way, 4 entry 03h Data TLB, 4K page, 4way, 64 entry 04h Data TLB, 4M page, 4way, 8 entry 06h Instruction Cache, 8K, 4 way, 32 byte per line 0Ah Data cache, 8K, 2 way, 32 byte per line 41h Unifed cache, 32 byte per line, 4 way, 128KB 42h Unifed cache, 32 byte per line, 4 way, 256KB 43h Unifed cache, 32 byte per line, 4 way, 512KB } ELSEIF ( EAX > 1 ) THEN { EAX,EBX,ECX,EDX <- Undefined } END. Global Note: This file contain open i.e nonconfiderential information about CPUID information. If you want MORE try to contact Intel, may be (but I'm sure that not) Intelers give you "Yellow Pages" (i.e Supplement to Pentium(tm) Processor User's Manual) to read inside office. Refer to: Appendix B for more informations about CPU codes. Here is 3 examples of Information we can may get from CPUID instruction: 1) UMC U5S Note: All UMC Chips: U5S,U5SD, 3V chips never have FPU on-chip, and never support VME CPUID return CPUID information Maximum Available of CPUID info entrys:1 Vendor string is : "UMC UMC UMC " Model Info : Stepping ID is : 3 Model : 2 Family : 4 M field : 0 Compability Flags: FPU on Chip :- Virtual Mode Extensions present :- CPU support I/O breakpoints :- CPU support 4MB pages :- Time Stamp Counter Presents :- CPU have Pentium compatible MSRs :- Machine Check Exception Presents :- CMPXCHG8B instruction support :- APIC on Chip :- 2) Intel 486 Note: All SL Enhanced 486: { i486SX,i486DX,i486DX2 marked '&E' on chip surface }, IntelSX2,IntelDX4 support VME !!!! But: Sxs never have FPU on chip. CPUID return CPUID information Maximum Available of CPUID info entrys:1 Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 0 Model : 8 Family : 4 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :- CPU support 4MB pages :- Time Stamp Counter Presents :- CPU have Pentium compatible MSRs :- Machine Check Exception Presents :- CMPXCHG8B instruction support :- APIC on Chip :- 3) Pentium Note: P54C may say that build-in APIC not present if it not supported by external hardware !!!!! (This data from P54C in single processor configuration) CPUID return CPUID information Maximum Available of CPUID info entrys:1 Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 1 Model : 2 Family : 5 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :+ CPU support 4MB pages :+ Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ Machine Check Exception Presents :+ CMPXCHG8B instruction support :+ APIC on Chip :- 4) Pentium OverDrive Note: P24T never have Machine Check Exception CPUID return CPUID information Maximum Available of CPUID info entrys:1 Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 1 Model : 3 Family : 5 M field : 1 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :+ CPU support 4MB pages :+ Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ Machine Check Exception Presents :- CMPXCHG8B instruction support :+ APIC on Chip :- 5) AMD Am5x86 (also AMD Enhanced 486). CPUID return CPUID information Maximum Available of CPUID info entrys:1 Vendor string is : "AuthenticAMD" Model Info : Stepping ID is : 4 Model : 15 Family : 4 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :- CPU support I/O breakpoints :- CPU support 4MB pages :- Time Stamp Counter Presents :- CPU have Pentium compatible MSRs :- P6 Flag: n/a :- Machine Check Exception Presents :- CMPXCHG8B instruction support :- 6) Pentium Pro (P6) GenuineIntelCPUID return CPUID information Maximum Available of CPUID info entrys:2 <<-------------- !!!! Vendor string is : "GenuineIntel" Model Info : Stepping ID is : 1 Model : 1 Family : 6 M field : 0 Compability Flags: FPU on Chip :+ Virtual Mode Extensions present :+ CPU support I/O breakpoints :+ CPU support 4MB pages :+ Time Stamp Counter Presents :+ CPU have Pentium compatible MSRs :+ P6 Flag: n/a :+ Machine Check Exception Presents :+ CMPXCHG8B instruction support :+ APIC on Chip :- P6 Flag: n/a :- P6 Flag: n/a :+ <------ !!! P6 Flag: n/a :+ <------ !!! P6 Flag: n/a :+ <------ !!! P6 Flag: n/a :+ <------ !!! P6 Flag: n/a :+ <------ !!! Hate to any other Info -> END of Examples Note: NexGen Nx586, Cyrix 486 and 5x86 never support CPUID. Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: CPUID COP (Code of Operation): 0FH A2H Clocks: 486s & Pentium (EAX=1) : 14 486s & Pentium (EAX=0 or EAX>1) : 9 --------------------------------------------------- EMMS - Empty MMX state CPU: all which supported IA MMX: Pentium (P55C only), Pentium (tm) Pro (P6) Type of Instruction: User Instruction: EMMS Description: TW <- 0xFFFFh Note: Instruction EMMS MUST be executed after MMX sequence, this instruction fill FPU Tag Word (TW) with 11s (i.e. all elements of stack are empty. Flags affected: None Exceptions: ++++++++++++++++++++++++++++++++++++++ COP & Times: EMMS 0FH 77H P55C: n/a P6: n/a --------------------------------------------------- ESC - Escape Extrnal Cooprocessors CPU: 8086...80386, any Hybrid 486. Type of Instruction: User Instruction: ESC Number,R/M Description: This Instruction uses for Link with External Coprocessors Such as NPX. External Coprocessors look at command sequence at get ESC. CPU give Memory Operand sending to A-bus EA doing pseudo-read operation. { If 2nd Operand is Register then Do Nothing, If 2nd Operand is Memory then set EA (Effective Address) in Address Bus } First operand is Part of Command that Ext. coprocessors get. Flags Affected: None Example: ESC 0Fh,DX means FSQRT Note: ESC mnemonic was used for 8086 CPU, later all were used alternative mnemonic for cooprocessor instructions, such as FSQRT. CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form: COP (Code of Operation) : <1101 1xxx> Postbyte Clocks: ESC n,Reg ESC n,Mem8/Mem16 8088: 2 8/12+EA 286: 9-20 9-20 386: N/A N/A 486: N/A N/A --------------------------------------------------- EXT - Extract Bit Field CPU: NEC/Sony all V-series Type of Instruction: User Instruction: EXT start,len Description: AX <- BitField [ BASE = DS:SI START BIT OFFSET = start LENGTH = len ]; Note: si and start automatically UPDATE Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : EXT reg8,reg8 COP (Code of Operation) : 0FH 33H PostByte Clocks: EXT reg8,reg8 NEC V20: 26-55 --------------------------------------------------- F4X4 - FPU: Multiplicate vector on Matrix 4x4 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: F4X4 Description: ; This Instruction Multiplicate vector on ; Matrix 4X4 _ _ _ _ _ _ | | | | | | | Xn | | A00 A01 A02 A03 | | X0 | | Yn | = | A10 A11 A12 A13 | X | Y0 | | Zn | | A20 A21 A22 A23 | | Z0 | | Wn | | A30 A31 A31 A33 | | W0 | |_ _| |_ _| |_ _| ; Data fetches/stores from/to FPU registers: # of F E T C H E S STORE Register Bank0 Bank1 Bank2 Bank0 ST X0 A33 A31 Xn ST(1) Y0 A23 A21 Yn ST(2) Z0 A13 A11 Zn ST(3) W0 A03 A01 Wn ST(4) A32 A30 ST(5) A22 A20 ST(6) A12 A10 ST(7) A02 A00 Note: See FSBP0,FSBP1,FSBP2 for more information FPU Flags Affected: S FPU mode: Any Physical Form: F4X4 COP (Code of Operation): DBH F1H Clocks: IIT 2c87 : 242 IIT 3c87 : 242 IIT 3c87SX : 242 --------------------------------------------------- FCMOVcc - Floating Point Conditional Move CPU: P6 Type of Instruction: User Instruction: FCMOVcc dest,sorc Description: IF condition(cc) is true THEN dest <- sorc; Flags Affected: Int: None Fp : None Note: Testing Integer flags: cc Meaning Test Flags Description B Below CF=1 < NB Not Below CF=0 >= E Equal ZF=1 = NE Not Equal ZF=0 != BE Below Equal (CF=1 .OR. ZF=1) <= NBE Not BelowEqual (CF=0 .AND. ZF=0) > U Unordered PF=1 NU Not Unordered PF!=1 CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form & COPs: FCMOVB ST,STi DA C0+i FCMOVE ST,STi DA C8+i FCMOVBE ST,STi DA D0+i FCMOVU ST,STi DA D8+i FCMOVNB ST,STi DB C0+i FCMOVNE ST,STi DB C8+i FCMOVNBE ST,STi DB D0+i FCMOVNU ST,STi DB D8+i Clocks: N/A --------------------------------------------------- FCOMI - Floating Point Compare setting Integer Flags CPU: P6 Type of Instruction: User Instruction: FuCOMIp ST0,STi Description: CASE ( result (compare(ST0,STi) ) OF { ; ZF PF CF Not Comparable: 1 1 1 ST0 > STi : 0 0 0 ST0 < STi : 0 0 1 ST0 = STi : 1 0 0 } CASE ( FP_stack_status ) OF { ; SF Overflow : 1 Underflow : 0 Otherwize : 0 } CASE ( instruction ) OF { FCOMI,FUCOMI : No FP stack adjustment; FCOMIP,FUCOMIP : POP ST; } Flags Affected: Int: CF,ZF,PF,SF Fp : None Note: In any case Sign of zero Ignored , so +0.0 = -0.0 CPU mode: RM,PM,VM,SMM +++++++++++++++++++++++ Physical Form & COPs: FCOMI ST0,STi DB F0+i FCOMIP ST0,STi DF F0+i FUCOMI ST0,STi DB E8+i FUCOMIP ST0,STi DF E8+i Clocks: N/A --------------------------------------------------- FNSTDW - FPU Not wait Store Device Word register FPU: i387SL Mobile Type of Instruction: FPU instruction Instruction: FNSTDW dest Description: dest <- Device Word Format of Device word: bit(s) Description 0-7 Reserved 8 S - Status bit: if S=1 then FP device is a static design and OS or APM Bios may set CLK slow to 0 Mhz without lost any data. 9-15 Reserved Note: Device word register valid only after FNINIT FPU Flags Affected: None CPU mode: Any Physical Form: FNSTDW AX COP (Code of Operation): DFH E1H Clocks: i387SL Mobile: 13 --------------------------------------------------- FNSTSG - FPU Not wait Store Signature Word register FPU: i387SL Mobile Type of Instruction: FPU instruction Instruction: FNSTSG dest Description: dest <- Signature Word Format of Signature word: bit(s) Description 3-0 Revision 7-4 Steppin 11-8 Family 15-12 Version Note: For i387(tm) SL Mobile Signature is: Version = 2 Family = 3 ; 387 Stepping = 1 ; Ax step Revision = 0 ; x0 step i.e i387(tm) SL is A0 step Note: This FPU is out of life Note: Signature word register valid only after FNINIT FPU Flags Affected: None CPU mode: Any Physical Form: FNSTSG AX COP (Code of Operation): DFH E2H Clocks: i387SL Mobile: 13 --------------------------------------------------- FPO2 - Floating Point Operations 2nd Way CPU: NEC/Sony all V-series Type of Instruction: User Instruction: FPO2 fp_op,mem Description: This instruction was building for sending FP commands to NEC NPX which never be realized Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : FPO2 imm4,reg/mem COP (Code of Operation) : If imm4 in range 0-7 then 66H mmFFFMMM there FFF is imm4. If imm4 in range 7-F then 67H mmFFFMMM there FFF is imm4. Clocks: FPO2 imm4,reg/mem NEC V20: 2/11 --------------------------------------------------- FRICHOP - FPU: Round to Integer chop method FPU: Cyrix FPUs and 486s with FPU on chip Type of Instruction: FPU instruction Instruction: FRICHOP Description: ST <- ROUND ( ST,CHOP ) Note: This instruction calculate rounding ST toward zero i.e. ignoring part righter that decimal . Examples: 1.2 -> 1.0 -1.2 -> -1.0 3.0 -> 3.0 0.0 -> 0.0 1.5 -> 1.0 -2.0 -> -2.0 FPU Flags Affected: S,P,D,I,C1 FPU mode: Any Physical Form: FRICHOP COP (Code of Operation): DDH FCH Clocks: Cx83D87 : 15 Cx83S87 : 15 CxEMC87 : 15 Cx487DLC : --------------------------------------------------- FRINEAR - FPU: Round to Integer Nearest method FPU: Cyrix FPUs and 486s with FPU on chip Type of Instruction: FPU instruction Instruction: FRINEAR Description: ST <- ROUND ( ST,NEAREST ) Note: This instruction calculate rounding ST toward nearest Examples: 1.2 -> 1.0 -1.2 -> -1.0 3.0 -> 3.0 0.0 -> 0.0 1.5 -> 1.0 1.8 -> 2.0 -2.0 -> -2.0 FPU Flags Affected: S,P,D,I,C1 FPU mode: Any Physical Form: FRINEAR COP (Code of Operation): DFH FCH Clocks: Cx83D87 : 15 Cx83S87 : 15 CxEMC87 : 15 Cx487DLC : --------------------------------------------------- FRINT2 - FPU: Round to Integer FPU: Cyrix FPUs and 486s with FPU on chip Type of Instruction: FPU instruction Instruction: FRINT2 Description: IF ( exact half ) THEN { ST <- SIGN(ST) * ROUND(ABS(ST)+0.5,NEAREST) } ELSE { ST <- ROUND ( ST,NEAREST ) } END Note: This instruction calculate rounding ST toward nearest, but if number is exact half then this instruction round it toward signed infinity. Sign of this infinity is same with sign of number. Examples: 1.2 -> 1.0 -1.2 -> -1.0 3.0 -> 3.0 0.0 -> 0.0 1.5 -> 2.0 1.8 -> 2.0 -2.0 -> -2.0 -1.5 -> -2.0 FPU Flags Affected: S,P,D,I,C1 FPU mode: Any Physical Form: FRINT2 COP (Code of Operation): DBH FCH Clocks: Cx83D87 : 15 Cx83S87 : 15 CxEMC87 : 15 Cx487DLC : --------------------------------------------------- FRSTPM - FPU Reset Protected Mode FPU: i287XL i287XLT Type of Instruction: FPU instruction Instruction: FRSTPM Description: Reset Cooprocessor from Protected Mode to Real Address mode. FPU Flags Affected: None CPU mode:Any ??? Physical Form: FRSTPM COP (Code of Operation): DBH E5H Clocks: i287XL : 12 i287XLT : 12 --------------------------------------------------- FSBP0 - FPU: Set Bank pointer to Bank # 0 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: FSBP0 Description: ; This Instruction set current bank pointer to ; Bank # 0. ; Each bank contain eight 80bit registers ; There are 3 banks (0,1,2) in Chip ; After initialization FPU select bank # 0. FPU Flags Affected: None FPU mode: Any Physical Form: FSBP0 COP (Code of Operation): DBH E8H Clocks: IIT 2c87 : 6 IIT 3c87 : 6 IIT 3c87SX : 6 --------------------------------------------------- FSBP1 - FPU: Set Bank pointer to Bank # 1 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: FSBP1 Description: ; This Instruction set current bank pointer to ; Bank # 1. ; Each bank contain eight 80bit registers ; There are 3 banks (0,1,2) in Chip ; After initialization FPU select bank # 0. FPU Flags Affected: None FPU mode: Any Physical Form: FSBP1 COP (Code of Operation): DBH EBH Clocks: IIT 2c87 : 6 IIT 3c87 : 6 IIT 3c87SX : 6 --------------------------------------------------- FSBP2 - FPU: Set Bank pointer to Bank # 2 FPU: IIT FPUs. Type of Instruction: FPU instruction Instruction: FSBP2 Description: ; This Instruction set current bank pointer to ; Bank # 2. ; Each bank contain eight 80bit registers ; There are 3 banks (0,1,2) in Chip ; After initialization FPU select bank # 0. FPU Flags Affected: None FPU mode: Any Physical Form: FSBP2 COP (Code of Operation): DBH EAH Clocks: IIT 2c87 : 6 IIT 3c87 : 6 IIT 3c87SX : 6 --------------------------------------------------- IBTS - Insert Bits String CPU: 80386 step A0-B0 only Type of Instruction: User Instruction: IBTS base,bitoffset,len,sorc Description: Write bit string length <len> bits from <sorc> [bits <len> .. 0 ] (lowest bits) to bitfield, defined by <base> and bitsoffset <bitoffset> from this base to start of the field to write. String write from this start field bit to higher memory addresses or register bits. Flags Affected: None CPU mode: RM,PM,VM +++++++++++++++++++++++ Physical Form: IBTS r/m16,AX,CL,r16 IBTS r/m32,EAX,CL,r32 COP (Code of Operation) : 0FH A7H Postbyte Clocks: IBTS 80386: 12/19 --------------------------------------------------- ICEBP - PWI Mode BreakPoint, ICE address space CPU: IBM 486SLC2 Type of Instruction: System Instruction: ICEBP Description: IF (condition) THEN ; see condition below { SAVE STATUS OF EXECUTION TO ICE space; ENTER SMM; } ELSE { INT 1; } END Note: This condition can be set before execution this instruction: CPL=0 MSR1000H.EPCEA=1 MSR1000H.EPWI=1 Flags Affected: None CPU mode: RM,PM0 Physical Form: ICEBP COP (Code of Operation): F1H Clocks: IBM 486SLC2 : 460 --------------------------------------------------- ICEBP - In-Circuit Emulator Breakpoint CPU: some models of i486, i386 Type of Instruction: System Instruction: ICEBP Description: IF (condition) THEN ; see condition below { CHANGED TO THE ICE instruction mode; } ELSE { INT 1; } END Note: Condition is DR7.bit12=1 Note: This instruction very usefull to debbuging as Single-Byte Interrupt but it generate never int 3, but int 1. Note: Frank van Gilluwe in his book "The PC Undocument", 1994 year say that this instruction is VERY UNDOCUMENT. Flags Affected: None CPU mode: RM,PM0 Physical Form: ICEBP COP (Code of Operation): F1H Clocks: : N/A --------------------------------------------------- ICERET - Return from PWI mode, ICE space CPU: IBM 486SLC2 Type of Instruction: System Operation (Work only then CPL=0) Instruction: ICERET Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI, and return from PWI mode. Format of ICERET Table: Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 Reserved 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 REP OUTS overrun flag 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit Unknown Unusable area ;; Temporary registers: 100H 4 TST 104H 4 IDX 108H 4 TMPH 10CH 4 TMPG 110H 4 TMPF 114H 4 TMPE 118H 4 TMPD 11CH 4 TMPC 120H 4 TMPB 124H 4 TMPA 128H 4 CR2 12CH 4 CR3 130H 4 MSR1001H (31-0) 134H 4 MSR1001H (63-32) 138H 4 MSR1000H (15-0) 13CH 4 DR0 140H 4 DR1 144H 4 DR2 148H 4 DR3 14CH 4 PEIP Length of table is 150H bytes. Note: For descriptor format refer to LOADALL and RES3 instructions. Flags Affected: All (FLAGS Register Reload) CPU mode: SMM Physical Form: ICERET COP (Code of Operation): 0FH 07H Note: Code is same with Intel's LOADALL Clocks: IBM 486SLC2 : 440 --------------------------------------------------- INS - Insert Bit String CPU: NEC/Sony all V-series Type of Instruction: User Instruction: INS start,len Description: BitField [ BASE = ES:DI START BIT OFFSET = start LENGTH = len ] <- AX [ bits= (len-1)..0] Note: di and start automatically UPDATE Note: Alternative Name of this instruction is NECINS Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : INS reg8,reg8 COP (Code of Operation) : 0FH 31H PostByte Clocks: INS reg8,reg8 NEC V20: 31-117 --------------------------------------------------- INVD - Invalidate Cache Buffer CPU: I486 + Type of Instruction: System Instruction: INVD Description: FLUSH INTERNAL CACHE ( It means that all lines of internal caches sets as invalid ) SIGNAL EXTERNAL CACHE TO FLUSH Notes: This instruction not work in Real Mode and in Protected mode work only in ring 0 ; Flags Affected: None CPU mode: PM0,SMM? Physical Form: INVD COP (Code of Operation): 0FH 08H Clocks: Cyrix Cx486SLC : 4 i486 : 4 Pentium : 15 --------------------------------------------------- INVLPG - Invalidate Page Entry In TLB CPU: I486 + Type of Instruction: System Instruction: INVLPG mem Description: IF found in data or code (if both) (or common if single) TLB entry with linear address (page part) same as memory operand <mem> then mark this entry as Invalid; Notes: This instruction not work in Real Mode and in Protected mode work only in ring 0 ; Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: INVLPG mem COP (Code of Operation): 0FH 01H mm111mmm Clocks: Cyrix Cx486SLC : 4 i486 : 12 if hit : 11 if not hit Pentium : 25 --------------------------------------------------- LOADALL - Load All Registers CPU: Intel 386+ +all clones Type of Instruction: System (Work only then CPL=0) Instruction: LOADALL Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI Format of LOADALL Table: Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 0s 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 0s 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit CCH 4 Length of table D0H 30h Unused,not loaded 100H 4 Temporary Register IST 104H 4 Temporary Register I 108H 4 Temporary Register H 10CH 4 Temporary Register G 110H 4 Temporary Register F 114H 4 Temporary Register E 118H 4 Temporary Register D 11CH 4 Temporary Register C 120H 4 Temporary Register B 124H 4 Temporary Register A Format of Attrib field: Byte Description 0 0s 1 AR (Access Right) byte in the Descriptor format Note: P bit is a valid bit if valid bit=0 then Shadow Register is invalid and INT 0DH - General Protection Fault call DPL of SS,CS det. CPL 2-3 0s Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0 Physical Form: LOADALL COP (Code of Operation): 0FH 07H Clocks: i386XX : n/a i486XX : n/a Note: This operation used 102 data transfer cycles on 32bit bus Typical clocks: i386SX: ~350 i386DX: ~290 i486XX: ~220 --------------------------------------------------- LOADALL - Load All Registers From Table CPU: Intel 80286 and all its clones Type of Instruction: System (Work only then CPL=0) Instruction: LOADALL Description: Load All Registers (Include Shadow Registers) from Table Which Begin on 000800H Address, Len of this table is 66H Format of LOADALL Table: Address Len Description 800H 6 None 806H 2 MSW 808H 14 None 816H 2 TR 818H 2 FLAGS 81AH 2 IP 81CH 2 LDTR 81EH 2 DS 820H 2 SS 822H 2 CS 824H 2 ES 826H 2 DI 828H 2 SI 82AH 2 BP 82CH 2 SP 82EH 2 BX 830H 2 DX 832H 2 CX 834H 2 AX 836H 6 ES Shadow Descriptor 83CH 6 CS Shadow Descriptor 842H 6 SS Shadow Descriptor 848H 6 DS Shadow Descriptor 84EH 6 GDTR 854H 6 LDT Shadow Descriptor 85AH 6 IDTR 860H 6 TSS Shadow Descriptor Format of Shadow Descriptor: Byte Description 0-2 24bit Phisical Address 3 AR (Access Right) byte 4-5 16bit Segment Limit Format of GDTR and IDTR: Byte Description 0-2 24bit Phisical Address 3 0s 4-5 16bit Segment Limit Note: Using this instruction we may turn on "Big Real Mode" i.e. mode then PG=1,PE=0,cpl=0. This mode very usefull,But Pentium never support this instruction. Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0 Physical Form: LOADALL COP (Code of Operation): 0FH 05H Clocks: 80286 : 195 --------------------------------------------------- MOVSPA - Move Stack Pointer After Bank Switched CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: MOVSPA Description: This instruction transfer both SS and SP of the old register bank to new register bank after the bank has been switched by interrupt or BRKCS instruction. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: MOVSPA COP (Code of Operation) : 0Fh 25h Clocks: 16 --------------------------------------------------- MOVSPB - Move Stack Pointer Before Bamk Switching CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: MOVSPB Number_of_bank Description: The MOVSPB instruction transfers the current SP and SS before the bank switching to new register bank. Note: New Register Bank Number indicated by lower 3bit of Number_of_ _bank. Note: See BRKCS instruction for more info about banks. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: MOVSPB reg16 COP (Code of Operation) : 0Fh 95h <1111 1RRR> Clocks: 11 --------------------------------------------------- NOT1 - Invert a Specified bit CPU: NEC/Sony all V-series Type of Instruction: User Instruction: NOT1 dest,bitnumb Description: (BIT bitnumb OF dest) <- NOT (BIT bitnumb OF dest); Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: NOT1 reg/mem8,CL COP (Code of Operation) : 0FH 16H Postbyte Physical Form: NOT1 reg/mem8,imm8 COP (Code of Operation) : 0FH 1EH Postbyte imm8 Physical Form: NOT1 reg/mem16,CL COP (Code of Operation) : 0FH 17H Postbyte Physical Form: NOT1 reg/mem16,imm8 COP (Code of Operation) : 0FH 1FH Postbyte imm8 Clocks: NOT1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 4/18 5/19 4/18 5/19 --------------------------------------------------- RDMSR - Read From Model Specified Register CPU: Pentium (tm), IBM 386SLC,486SLC,486SLC2 Type of Instruction: System Instruction: RDMSR Description: IF (ECX is valid number of MSR) and (CPL=0) THEN { EDX:EAX <- MSR [ECX]; } ELSE { General Protection Fault INT 0DH (0) } END Valid number Of MSR is: Pentium: 0-2,4-0Eh,10h-13h IBM 486SLC2: 1000H-1002H IBM 386SLC: 1000H-1001H IBM 486SLC: 1000H-1001H Flags Affected: None CPU mode: RM,PM0,SMM Physical Form: RDMSR COP (Code of Operation): 0FH 32H Clocks: Pentium : 20-24 Note: The MSR # 3,0fh and >13h are reserved on Pentium. Do not execute RDMSR/WRMSR with this values. Register Description MSR 0 is Machine check Exception Address register (Read only) (Pentium,Am5k86,Pentium Pro) bits Description 63..32 Reserved 31..0 Machine Check Phisical Address MSR 1 is Machine Check Type register (Read Only) (Pentium,Am5k86,Pentium Pro) bits Description 63..5 Reserved 5 FERI (Fun Error Indicator) (Pentium OverDrive Only) initialazed after RESET as 0. If temperature of CHIP > ~75'C then set this bit to 1 and this bit still will 1 before Next RESET. This bit used FANMONIT.EXE utility shipped with PODP5V. 4 LOCK =1 if bus cycle called Machine Check was Locked =0 if --//-- not locked (normal) 3 M/IO# \ 2 D/C# State of output pins in bus cycle called 1 W/R# / Machine check 0 CHK (Check) =1 after last read MSR 1 was Machine Check Note: This bit Clearing on reading Note: Pentium OverDrive difference 5 FERI (Fun Error Indicator) initialazed after RESET as 0. If temperature of CHIP > ~75'C then set this bit to 1 and this bit still will 1 before Next RESET. This bit used FANMONIT.EXE utility shipped with PODP5V. MSR 2h is Test Register 1 (Read/Write) (Pentium) Parity Reversal Register (PRR) bits Description 63..14 Reserved (should be zero) 13 MC (Microcode Parity Error) 12 DTD (data TLB data error) 11 DTT (data TLB tag error) 10 DD (data cache data) 9 DT (data cache tag) 8 ITD (instruction TLB data error) 7 ITT (instruction TLB tag error) 6 ID3 (data cache odd bits (255, ..., 129) error) 5 ID2 (data cache even bits (254,..., 128) error) 4 ID1 (data cache odd bits (127, ..., 1) error) 3 ID0 (data cache even bits (126, ..., 0) error) 2 IT (instruction cache TAG) 1 NS (No shutdown) If = 0 On parity errors set PRR.PES, assert IERR# and shutdown. If =1 On parity error set PRR.PES and assert IERR# 0 PES (Parity Error Summary) If =1 Parity Error If =0 Never Parity error Note: bits 13..2, if bit=1 it means that error joined with this bit present. MSR 3h is Reserved (Do not Accessed it) MSR 4h is Test Register 2 (TR 2) (Read/Write) (Pentium) (Instruction Cache End bits TR) bits Description 63..4 Reserved (should be zero) 3..0 End Bits Note: each bit of End bit correspond to one byte of instruction in TR3 during code testability access. I.c. line size = 32 bytes, 8 accesses are needed for read/write the end bits of cache line. Each of this bits indicated an instruction boundarues If given byte is last byte of instruction then bit joined with this byte =1. Then new line writting into cache all ends bits =1, when line decoding setting bits to 0, except last byte of instruction. MSR 5h is Test Register 3 (TR 3) (Read/Write) (Pentium) (Cache test Data) bits Description 63..32 Reserved (should be zero) 31..0 Data Reading/Writing from/to {code/data} cache MSR 6h is Test Register 4 (TR 4) (Read/Write) (Pentium) (Cache Test Tag) bits Description 63..32 Reserved (should be zero) 31..8 Cache Tag [35:12] 7..3 Reserved (should be zero) 2 LRU (Last Resently Used) Contain way joined with readed/writed cache line 1..0 VALID Contain Valid Status Information [Code Cache (TR5.CD=0)]: VALID[1] VALID[0] Description x 0 Code cache line is invalid x 1 Code cache line is valid [Data Cache (TR5.CD=1)]: VALID[1] VALID[0] Description 0 0 Data cache line is invalid 0 1 Data cache line is shared 1 0 Data cache line is exclusive 1 1 Data cache line is modified MSR 7h is Test Register 5 (TR 5) (Read/Write) (Pentium) (Cache Test Control) bits Description 63..15 Reserved (should be zero) 14 WB (Write-back) If = 0 Write-throught If = 1 Write-back see also TR5.CNTRL 13 CD (Code/Data) Select Code/Data cache for test operation If = 0 Code cache select If = 1 Data cache select 12 ENTRY Specify cache Way 11..5 SET Cache Set Number (for Write/then read) 4..2 BUFFER SELECT Select one of 8 (4byte) part of cache line 1..0 CNTRL (Control) CNTRL[1] CNTRL[0] Description 0 0 Normal Operation Mode 0 1 Testability Write 1 0 Testability Read 1 1 Flush Note: Flush actions depends on TR7.WB: TR7.CD TR7.WB Description 0 x Invalidate code cache line 1 0 Invalidate data cache line, no WB, if modified 1 1 Invalidate data cache line, WB, if modified MSR 8h is Test Register 6 (TR 6) (Read/Write) (Pentium) (TLB Command Test Register) bits Description 63..32 Reserved (should be zero) 31..12 LINEAR ADDRESS 11 V (Valid) If = 1 valid TLB entry If = 0 invalid TLB entry 10 D (Dirty) If = 1 page was write-accessed If = 0 page never was write-accessed 9 U (User Mode) If = 0 page may accessed at PL=0,1,2,3 If = 1 PL=0 access allowed 8 W (Writable) If = 0 Read only page If = 1 Read/Write page 7..3 Reserved (should be zero) 2 PS (Page Size) If = 0 4KB page If = 1 4MB page 1 CD (Code/Data TLB) If = 0 Code TLB If = 1 Data TLB 0 OP (Operation) If = 0 TLB Write If = 1 TLB Read MSR 9h is Test Register 7 (TR 7) (Read/Write) (Pentium) (TLB Test Physical Address) bits Description 63..32 Reserved (should be zero) 31..12 PHYSICAL ADDRESS 11 PCD (Page Cache Disable) 10 PWT (Page Write-Throught) 9..7 LRU (TLB LRU) 6..5 Reserved (should be zero) 4 H (Hit Indicator) If we want write into TLB, set this bit to 1. If read, then if linear address found in TLB this bit set to 1, otherwize to 0. 3..2 ENTRY One of 4 TLB ways where to write, or where found linear address if read. 1..0 Reserved (should be zero) MSR Ah is Reserved (Do not Accessed it) MSR Bh is Test Register 9 (TR 9) (Read/Write) (Pentium) (BTB Test Tag Register) bits Description 63..32 Reserved (should be zero) 31..8 TAG ADDRESS 7..2 Reserved (should be zero) 1..0 HISTORY History is state of current branch MSR Ch is Test Register 10 (TR 10) (Read/Write) (Pentium) (BTB Test Target Register) bits Description 63..32 Reserved (should be zero) 31..0 TARGET ADDRESS MSR Dh is Test Register 11 (TR 11) (Read/Write) (Pentium) bits Description 63..12 Reserved (should be zero) 11..8 BTB SET Select one of 64 set to access 7..4 Reserved (should be zero) 3..2 ENTRY select BTB way 1..0 CNTL Command to Test BTB CNTL[1] CNTL[0] Description 0 0 Normal Operating Mode 0 1 Testability Write 1 0 Testability Read 1 1 Flush MSR Eh is Test Register 12 (TR 12) (Read/Write) (Pentium) (New Feature Control) bits Description 63..3 Reserved (should be zero) 3 CI (Cache Inhibit) if =0 chip operated normally =1 then all cache line fill are inhibited, and bus cycles due to cache misses are run as single-transfer cycles 2 SE (Single-Pipe Execution) If =0 instruction executed in U and V pipes. =1 instruction executed only in U pipe 1 TR (Tracing Control) After reset clear to zero. This bit enable/disable special branch trace message cycle which generating when BTB hit. =0 disable =1 enable 0 NBP (No Branch prediction) If = 1 Disable Allocated entryes in BTB If = 0 Enable MSR Fh is Reserved (Not use it) Global Note: Unfortuantly, More Information about MSR Features is Intel Secret. If You want get more Info, request Your Local Intel Office. Document you need named: Supplement to the Pentium(tm) Processor User's Manual. MSR 10h is Time Stamp Counter (TSC) (Read/Write) (Pentium,Am5k86,Pentium Pro) Time Stamp Counter (as all other MSRs) is clearing to 0 when RESET pin shutdown and unchanged when INIT pin shutdown. TSC is incremented every CPU core clock cycle. MSR 11h is Control/Event Select Register (CESR) (Read/Write) (Pentium) Init value after reset = 00000000000000000h bits Description 63..26 Reserved 25 PC1 (Pin Control, counter #1) If =0 counter # 1 has incremented If =1 counter # 1 has overflowed 24..22 CC1 (Counter #1 Control) CC[2] CC[1] CC[0] Description 0 0 0 Counting nothing 0 0 1 Counting events while in PL=0,1,2 0 1 0 Counting events while in PL =3 0 1 1 Counting events in any PL 1 0 0 Counting nothing 1 0 1 Counting clocks (like TSC) in PL=0..2 1 1 0 Counting clocks in PL=3 1 1 1 Counting clocks at any PL 21..16 ES1 (Event Select, counter # 1) (see below) 15..10 Reserved 9 PC0 (see PC1 for description) 8..6 CC0 (see CC1 for description 5..0 ES0 (Event select, counter # 0) Event Type for ES Value Event Type 00h Data Read 01h Data Write 02h Data TLB miss 03h Data Read Miss 04h Data Write miss 05h Write hit to Modified or Exclusive Cacheline 06h Data cache lines written back 07h Data cache snoops 08h Data cache snoops hit 09h Memory access in both pipes 0Ah Data bank access conflict 0Bh Misaligned data memory references 0Ch Code read 0Dh Code TLB miss 0Eh Code cache miss 0Fh Any segment register load 10h Segment descriptor cache accessed 11h Segment descriptor cache hit 12h Branches 13h BTB hit 14h Taken branch or BTB hit 15h Pipeline flushes 16h Instructions executed 17h Instruction executed in V pipes 18h Bus utilization 19h Pipeline stalled by write backups 1Ah Pipeline stalled by data memory read 1Bh Pipeline stalled by write to M or E line 1Ch Locked bus cycle 1Dh I/O cycle 1Eh Noncachable memory references 1Fh Pipeline stalled by AGI 20h-21h Reserved 22h FP operations 23h Breakpoint 0 match 24h Breakpoint 1 match 25h Breakpoint 2 match 26h Breakpoint 3 match 27h Hardware interrupt 28h Data read or data write 29h Data read/write miss 2Ah-3Fh Reserved MSR 12h is Counter #0 (Read/Write) (Pentium) bits Description 63..40 Reserved 39..0 Current counter value MSR 13h is Counter #1 (Read/Write) (Pentium) bits Description 63..40 Reserved 39..0 Current counter value MSR 1Bh is APIC Base (Pentium Pro) MSR 2Ah is EBL_CR_POWERON (Pentium Pro) MSR 79h is BIOS_UPDT_TRIG (Pentium Pro) MSR 82h is Array Access Register (AAR) (Am5k86) 63..32 Array pointer Pointer Description E0h Data cache: data E1h Data cache: Linear Tag E4h Code cache: Instruction E5h Code Cache: Linear Tag E6h Code Cache: Valid Bits E7h Code cache: Branch-prediction bits E8h 4K TLB: Page E9h 4K TLB: Linear Tag EAh 4M TLB: Page EBh 4M TLB: Linear Tag ECh Data cache: Physical tag EDh Code cache: Physical Tag 31..0 Array Data Note: READ DATA: mov ecx,82h mov edx,Array Pointer rdmsr ; in EAX - 32bit data WRITE DATA: mov ecx,82h mov edx,Array Pointer mov eax,data wrmsr Note: Detailed format of array data will be placed into one of next versions MSR 83h is Hardware Configuration register (HWCR) (Am5k86) bits Description 63..8 Reserved 7 DDC (Disable Data Cache) 6 DIC (Disable Instruction Cache) 5 DBP (Disable Branch Prediction) 4 Reserved 3..1 Debug Control 000 Off 001 Enable branch trace 100 Enable Probe mode on debug trap 0 DSPC (Disable Stopping Processor Clock) MSR 8Bh is BIOS_SIGN (Pentium Pro) MSR C1h is PERFCTR0 (Pentium Pro) MSR C2h is PERFCTR1 (Pentium Pro) MSR FEh is MTRRcap (Pentium Pro) MSR 179h is MCG_CAP (Pentium Pro) MSR 17Ah is MCG_STATUS (Pentium Pro) MSR 17Bh is MCG_CTL (Pentium Pro) MSR 186h is EVNTSEL0 (Pentium Pro) MSR 187h is EVNTSEL1 (Pentium Pro) MSR 1D9h is DEBUGCTLMSR (Pentium Pro) etc. vary many other Pentium Pro MSRs Note: Updating of this section in progress now. So full info will be in next version. Here ended Pentium MSRs and Starting IBM MSRs. MSR 1000H is Processor Operation Register (IBM only) (486SLC/486SLC2/386SLC) bits Description 63..19 Reserved 18 LWPLA (Low Power PLA) (reserved on IBM 386SLC) 17 BUSRD (Bus Read) (reserved on IBM 386SLC) 16 CPGE (Cache Parity Generate Error) (reserved on IBM 386SLC) 15 ECNPX (Enable cachebility of NPX operands) 14 EPWIA (Enable PWI ADS) 13 ELPWH (Enable Low Power Halt Mode) 12 XTOUT (Extend Out Instruction) 11 CRLD (Cache reload bit) 10 EIKEN (Enable internal KEN#) 9 DSCL (Disable cache Lock Mode) 8 Reserved 7 CE (Cache enable) 6 EDBS (Enable DBCS) 5 EPWI (Enable Power Interrupt) 4 EFSP (Enable Flush Snooping) 3 ENSP (Enable Snoop Input) 2 A20M (Address line 20 Mask) 1 CPCE (Cache Parity Checking Enable) 0 CPE (Cache Parity Error) MSR 1001H is Cache Region Control Register (IBM only) ( IBM 386SLC/486SLC/486SLC2) bits description 63..40 Reserved 39..32 Cache Memory Limit (CMLR) 31..16 1st MB Read Only (LMROR) 15..0 1st MB Cachable (LMCR) MSR 1002H is processor operation register (IBM only) (IBM 486SLC2 only) bits description 63..30 Reserved 29 EEDFS (Enable External Dynamic Frequency Shift) 28 DFSRY (Dynamic Frequency Shift Ready) 27 DFSMD (Dynamic Frequency Shift Mode) 26..24 CLKMD (Clock Mode) =000 x2 =011 x1 23..0 Reserved Note: IBM MSRs documented in "486SLC2 (tm) Microprocessor Data Sheet" (IBM Corp. 1993,Order number: VT05452) --------------------------------------------------- RDPMC - Read Perfomance Monitoring Counters CPU: Pentium (tm) Pro (P6) Type of Instruction: User Instruction: RDPMC Description: IF ((CPL<>0) AND (CR4.PCE==0)) THEN { INT D (0) ; GENERAL PROTECTION FAULT } ELSE { EDX:EAX <- PERFOMANCE_MONITORING_REGISTER[ECX] } Note: Valid ECX values is 0,1. Invalid ECX values call INT D(0) Note: CR4.PSE = bit 8 of CR4 Note: Perfomance Monitoring Registers (PMR) are aliases to some Perfomance Monitoring MSRs: MSR 12h is Counter #0 (Read/Write) (Perfomance Monitoring Counter # 0) bits Description 63..40 Reserved 39..0 Current counter value MSR 13h is Counter #1 (Read/Write) (Perfomance Monitoring Counter # 1) bits Description 63..40 Reserved 39..0 Current counter value ++++++++++++++++++++++++++++++++++++++ COP & Times: RDPMC 0FH 33H P6: n/a --------------------------------------------------- RDTSC - Read From Time Stamp Counter CPU: Pentium (tm) Type of Instruction: System/User Instruction: RDTSC Description: IF (CR4.TSD=0) or ((CR4.TSD=1) and (CPL=0)) THEN { EDX:EAX <- TSC; } ELSE { General Protection Fault INT 0DH (0) } END Note: TSC is one of MSR and after global hardware reset (not SRESET , but RESET ) it clear to 0000000000000000H. TSC is MSR index 10h. TSC may set using WRMSR instruction. TSC incremented every CPU core clock cycle. Flags Affected: None CPU mode: RM,PM0,SMM ; PM,VM if enable Physical Form: RDTSC COP (Code of Operation): 0FH 31H Clocks: Pentium : n/a [20-24] --------------------------------------------------- REPC - Repeat While Carry Flag CPU: NEC/Sony all V-series Type of Instruction: Prefix Instruction: REPC Description: DO CX=CX-1; SERVICE_PENDING_INTERRUPT; STRING_INSTRUCTION; LOOPWHILE ((CX<>0) AND (CF==1)); Flags Affected: None CPU Mode: RM 8086 Physical Form: REPC COP (Code of Operation): 65H Clocks: NEC V20 : 2 NEC V30 : 2 --------------------------------------------------- REPNC - Repeat While Not Carry Flag CPU: NEC/Sony all V-series Type of Instruction: Prefix Instruction: REPNC Description: DO CX=CX-1; SERVICE_PENDING_INTERRUPT; STRING_INSTRUCTION; LOOPWHILE ((CX<>0) AND (CF<>1)); Flags Affected: None CPU mode: RM 8086 Physical Form: REPNC COP (Code of Operation): 64H Clocks: NEC V20 : 2 NEC V30 : 2 --------------------------------------------------- RES3 - Restore All CPU Registers CPU: AMD Am386SXLV, Am386DXLV Type of Instruction: System Operation (Work only then CPL=0) Instruction: RES3 Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI Note: This instruction is AMD analog Intel's LOADALL instruction but it's more i.c. return from SMM used this instruction. Then in SMM table is in SMRAM, then non SMM then table is in main memory. Format of RES3 Table: Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 Reserved 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 REP OUTS overrun flag 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit Unknown Unusable area 100H 4 Temporary register 104H 4 ------------- 108H 4 ------------- 10CH 4 ------------- 110H 4 ------------- 114H 4 ------------- 118H 4 ------------- 11CH 4 ------------- 120H 4 ------------- 124H 4 Last EIP (Last instruction EIP for Restart) Format of Attrib field: Byte Description 0 0s 1 AR (Access Right) byte in the Descriptor format Note: P bit is a valid bit if valid bit=0 then Shadow Register is invalid and INT 0DH - General Protection Fault call DPL of SS,CS det. CPL 2-3 0s Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0,SMM Physical Form: RES3 COP (Code of Operation): 0FH 07H Note: Code is same with Intel's LOADALL Clocks: Am386SXLV : 366 Am386DXLV : 291 --------------------------------------------------- RES4 - Restore All CPU Registers CPU: AMD Am486SXLV, Am486DXLV Type of Instruction: System Operation (Work only then CPL=0) Instruction: RES3 Description: Load All Registers (Include Shadow Registers) from Table Which Begin on place pointed ES:EDI Note: This instruction is AMD analog Intel's LOADALL instruction but it's more i.c. return from SMM used this instruction. Then in SMM table is in SMRAM, then non SMM then table is in main memory. Format of RES3 Table: Offset Len Description 0H 4 CR0 4H 4 EFLAGS 8H 4 EIP CH 4 EDI 10H 4 ESI 14H 4 EBP 18H 4 ESP 1CH 4 EBX 20H 4 EDX 24H 4 ESX 28H 4 EAX 2CH 4 DR6 30H 4 DR7 34H 4 TR (16 bit, zero filled up) 38H 4 LDT --------- 3CH 4 GS --------- 40H 4 FS --------- 44H 4 DS --------- 48H 4 SS --------- 4CH 4 CS --------- 50H 4 ES --------- 54H 4 TSS.attrib 58H 4 TSS.base 5CH 4 TSS.limit 60H 4 Reserved 64H 4 IDT.base 68H 4 IDT.limit 6CH 4 REP OUTS overrun flag 70H 4 GDT.base 74H 4 GDT.limit 78H 4 LDT.attrib 7CH 4 LDT.base 80H 4 LDT.limit 84H 4 GS.attrib 88H 4 GS.base 8CH 4 GS.limit 90H 4 FS.attrib 94H 4 FS.base 98H 4 FS.limit 9CH 4 DS.attrib A0H 4 DS.base A4H 4 DS.limit A8H 4 SS.attrib ACH 4 SS.base B0H 4 SS.limit B4H 4 CS.attrib B8H 4 CS.base BCH 4 CS.limit C0H 4 ES.attrib C4H 4 ES.base C8H 4 ES.limit Unknown Unusable area 100H 4 Temporary register 104H 4 ------------- 108H 4 ------------- 10CH 4 ------------- 110H 4 ------------- 114H 4 ------------- 118H 4 ------------- 11CH 4 ------------- 120H 4 ------------- 124H 4 Last EIP (Last instruction EIP for Restart) 128H 4 PEIP - Previous SRAM space instruction pointer 12EH 36 Unused 150H 22 Floating Pointer Internal Registers (Am486DXLV) Format of Attrib field: Byte Description 0 0s 1 AR (Access Right) byte in the Descriptor format Note: P bit is a valid bit if valid bit=0 then Shadow Register is invalid and INT 0DH - General Protection Fault call DPL of SS,CS det. CPL 2-3 0s Flags Affected: All (FLAGS Register Reload) CPU mode: RM,PM0,SMM Physical Form: RES4 COP (Code of Operation): 0FH 07H Note: Code is same with Intel's LOADALL Clocks: Am486SXLV : N/A --------------------------------------------------- RETRBI - Return from Register Bank Context Switch Interrupt. CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: RETRBI Description: PC <- Save PC; PSW <- Save PSW; Flags Affected: All CPU mode: RM +++++++++++++++++++++++ Physical Form: RETRBI COP (Code of Operation) : 0Fh 91h Clocks: 12 --------------------------------------------------- RETXA - Return from Expansion Address CPU: NEC V33/V53 only Type of Instruction: System Instruction: RETXA int_vector Description: [sp-1,sp-2] <- PSW ; PSW EQU FLAGS [sp-3,sp-4] <- PS ; PS EQU CS [sp-5,sp-6] <- PC ; PC EQU IP SP <- SP -6 IE <- 0 BRK <- 0 MD <- 0 PC <- [int_vector*4 +0,+1] PS <- [int_vector*4 +2,+3] Disable EA mode. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: RETXA imm8 COP (Code of Operation) : 0Fh F0h imm8 Clocks: 12 --------------------------------------------------- ROL4 - Rotate left 4 bits CPU: NEC/Sony all V-series Type of Instruction: User Instruction: ROL4 dest Description: AL dest bits 7 4 3 0 7 4 3 0 ------------- ------------- | | o <--------| <-|-o |<--\ ---------|---- ------------- | | | \---------------------------/ Note: This instruction Rotates (4bits) left out of dest through low 4bits of AL Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : ROL4 reg/mem8 COP (Code of Operation) : 0FH 28H PostByte Clocks: ROL4 reg/mem8 NEC V20: 25/28 --------------------------------------------------- ROR4 - Rotate right 4 bits CPU: NEC/Sony all V-series Type of Instruction: User Instruction: ROL4 dest Description: AL dest bits 7 4 3 0 7 4 3 0 ------------- ------------- | | o--|------>| o-|-> o-|--\ ---------^---- ------------- | | | \---------------------------/ Note: This instruction Rotates (4bits) right out of dest through low 4bits of AL Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form : ROR4 reg/mem8 COP (Code of Operation) : 0FH 2AH PostByte Clocks: ROR4 reg/mem8 NEC V20: 29/33 --------------------------------------------------- RSDC - Restore Register and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: RSDC sreg,sorc Description: sreg [selector,shadow_descriptor] <- sorc ; sorc is register and descriptor structure (see below) ; Note: This instruction load segment register ; include shadow descriptor Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: RSDC sgeg,mem80 COP (Code of Operation) : 0FH 79H [mm sreg3 mmm] Clocks IBM BL486DX: 10 TI 486SXL : 14 Note: sreg3 is: 000 ES 001 CS 010 SS 011 DS 100 FS 101 GS --------------------------------------------------- RSLDT - Restore LDTR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: RSLDT sorc Description: LDTR [selector,shadow_descriptor] <- sorc ; sorc is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: RSLDT mem80 COP (Code of Operation) : 0FH 7BH [mm 000 mmm] Clocks IBM BL486DX: 10 TI 486SXL : 14 --------------------------------------------------- RSM - Resume from System Managment Mode CPU: I486 SL Enhanced+,i486SL,i386CX,i386EX Type of Instruction: System Instruction: RSM Description: Restore execution state from SMRAM and return to previous CPU mode CPU mode: SMM only ( INT 6 - Undefined Opcode in all other mode ) Flags Affected: All Note: CPU state restored from dump created entrance to SMM. The CPU leave SMM and return to previous mode. If CPU detect any invalid state it enters shutdown. This invalid states is: * The value stored in State Dump Base field is not 32K aligned address * Any Reserved bit of CR4 is set to 1 (Pentium only) * Any illegal Combination of CR0: ** (PG=1 and PE=0) ** (NW=1 and CD=0) Format of Execution State in SMRAM: Offset Register 7FFCh CR0 7FF8h CR3 7FF4h EFLAGS 7FF0h EIP 7FECh EDI 7FE8h ESI 7FE4h EBP 7FE0h ESP 7FDCh EBX 7FD8h EDX 7FD4h ECX 7FD0h EAX 7FCCh DR7 7FC4h TR, upper 2 bytes reserved 7FC0h LDTR, upper 2 bytes reserved 7FBCh GS, upper 2 bytes reserved 7FB8h FS, upper 2 bytes reserved 7FB4h DS, upper 2 bytes reserved 7FB0h SS, upper 2 bytes reserved 7FACh CS, upper 2 bytes reserved 7FA8h ES, upper 2 bytes reserved 7F98h Reserved 7F94h IDT base (4 bytes) 7F8Ch Reserved 7F88h GDT base (4 bytes) 7F04h Reserved 7F02h Auto HALT Restart Slot (2 bytes) Bits 15..2 are reserved Bit 1 Bit 0 Description 0 0 Resume to next instruction in interrupted program 0 1 Unpredictable 1 0 Return to next instruction after HALT 1 1 Return to HALT state 7F00h I/O Restart Slot (2 bytes) When RSM execution if I/O restart slot = 0FFh then EIP modified to instruction immediate preceding the SMI# request i.e. CPU automatically reexecute I/O instruction which be trapped by SMI. 7EFCh SMM Revision Identificator (4 bytes) Bits Description 31..18 Reserved 17 If=1 Processor support SMBASE relocation else not support 16 If =1 Processor support I/O Instruction Restart 15..0 SMM Revision Identificator P5,486s = 0000h P54C when I/O Restarts enable = 0002h 7EF8h SMBASE Slot (4 bytes) SMBASE is 32KB aligned 32bit dword which contained a base address for SMRAM. Default value is 30000h Starting Address for for jump in SMM is: SMBASE+8000h Starting address for State Save area is SMBASE+[8000h+7FFFh] 7E00h Reserved Note: In fields marked Reserved saved and restores next registers: CR1,CR2,CR3, hidden descriptors for CS,DS,ES,FS,SS,GS. Never saved registers: DR5-DR0,TR7-TR3,all FPU registers. More Information Not available Yet. Physical Form: RSM COP (Code of Operation) : 0FH AAH Clocks: i386CX : 338 i486 SL Enhanced : ??? IntelDX4 : 452 ; SMBASE relocation : 456 ; AutoHALT restart : 465 ; I/O Trap restart Pentium : 83 --------------------------------------------------- RSM - Resume from SMM CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: RSM Description: RESTORE CPU STATE FROM SMM HEADER AT THE TOP OF SMM SPACE (defined by SMAR register); EXIT SMM; Format of SMM Header: Offset Length Description -00h - Nothing (Top of SMM space) (Not accessable) -04h 32 DR7 -08h 32 EFLAGS -0Ch 32 CR0 -10h 32 Current EIP -14h 32 Next instruction EIP -16h 16 Reserved -18h 16 CS selector -1Ch 32 CS descriptor(63-32) -20h 32 CS descriptor(31-0) -24h 32 SMM Flags [ ALL BITS are Not available in Cx486S/S2/D/D2] Bit Description 1 I (IN/INSx/OUT/OUTx Indicator) If =0 current instruction performed I/O read =1 I/O write 2 P (REP INSx/OUTx Prefix) If =1 current instruction has REP pfix. =0 not has REP pfix 3 S (Software SMI) If =1 current SMM is result of execution SMINT instruction =0 current SMM is result of hardware SMI Note: TI 486SXL/SXL2 support only bits 1,2. -26h 16 I/O Write Data size [ Not available in Cx486S/S2/D/D2] [ Not available in TI486SXL/SXL2] [ Not available in TI486SLC/DLC/e] 1h = byte 3h = word fh = dword -28h 16 I/O Write Address [ Not avaliable in Cx486S/S2/D/D2] [ Not available in TI486SXL/SXL2] [ Not available in TI486SLC/DLC/e] -2Ch 32 I/O Write Data [ Not avaliable in Cx486S/S2/D/D2] [ Not available in TI486SXL/SXL2] [ Not available in TI486SLC/DLC/e] -30h 32 ESI or EDI This field saved value of source/destination for restart INSx/OUTSx instruction [ Not avaliable in Cx486S/S2/D/D2] Flags Affected: All CPU mode: SMM ++++++++++++++++ Physical Form: RSM COP (Code of Operation) : 0FH AAH Clocks IBM BL486DX: 76 TI 486SXL : 58 --------------------------------------------------- RSTS - Restore TR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC IBM BL486DX/DX2 Type of Instruction: System Instruction: RSTS sorc Description: TR [selector,shadow_descriptor] <- sorc ; sorc is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: RSTS mem80 COP (Code of Operation) : 0FH 7DH [mm 000 mmm] Clocks IBM BL486DX: 10 TI 486SXL : 14 --------------------------------------------------- SET1 - Set a Specified Bit CPU: NEC/Sony V-series Type of Instruction: User Instruction: SET1 dest,bitnumb Description: BIT bitnumb OF dest <- 1; Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: SET1 reg/mem8,CL COP (Code of Operation) : 0FH 14H Postbyte Physical Form: SET1 reg/mem8,imm8 COP (Code of Operation) : 0FH 1CH Postbyte imm8 Physical Form: SET1 reg/mem16,CL COP (Code of Operation) : 0FH 15H Postbyte Physical Form: SET1 reg/mem16,imm8 COP (Code of Operation) : 0FH 1DH Postbyte imm8 Clocks: SET1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 4/13 5/14 4/13 5/14 --------------------------------------------------- SETALC - Set AL to Carry Flag CPU: Intel 8086 and all its clones and upward compatibility chips. Type of Instruction: User Instruction: SETALC Description: IF (CF=0) THEN AL:=0 ELSE AL:=FFH; Flags Affected: None CPU mode: RM,PM,VM,SMM Physical Form: SETALC COP (Code of Operation): D6H Clocks: 80286 : n/a [3] 80386 : n/a [3] Cx486SLC : n/a [2] i486 : n/a [3] Pentium : n/a [3] Note: n/a is Time that Intel etc not say. [3] is real time it executed. --------------------------------------------------- SMI - System Managment Interrupt CPU: AMD Am386SXLV,Am386DXLV AMD 486s Type of Instruction: System Instruction: SMI Description: IF (SMIE=1) THEN { SAVE STATUS OF EXECUTION TO SMRAM; ENTER SMM; SMMS <- 1; } ELSE { INT 1; } END Notes: SMIE is <Soft SMI Enable> (DR7.bit12) =1 Enable soft SMI =0 Disable soft SMI SMMS is <SMM status bit> (DR6.bit12) =1 SMM was entered =0 SMM status cleared Flags Affected: None CPU mode: RM?,PM0 Physical Form: SMI COP (Code of Operation): F1H Clocks: Am386SXLV : 357 Am386DXLV : 325 Am486xxxx : Don't know, do you? --------------------------------------------------- SMINT - Software SMM Interrupt CPU: Cyrix Cx486DX/DX2/DX4 IBM BL486DX/DX2 Note: Never in Cx486S/S2/D/D2 Never in any TI's chips. Type of Instruction: System Instruction: SMINT Description: SAVE CPU STATE TO SMM HEADER AT THE TOP OF SMM SPACE (defined by SMAR register); ENTER SMM MODE; Format of SMM Header: Refer to Cyrix/IBM SMI Instruction Flags Affected: None CPU mode: CPL=0, CCR1.bit1=1, SMAR size >= 30h. ++++++++++++++++ Physical Form: SMINT COP (Code of Operation) : 0FH 7EH Clocks IBM BL486DX: 24 --------------------------------------------------- STOP - Stop CPU CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: STOP Description: PowerDown instruction, Stop Oscillator, Halt CPU. Flags Affected: None CPU mode: RM +++++++++++++++++++++++ Physical Form: STOP COP (Code of Operation) : 0Fh BEh Clocks: N/A --------------------------------------------------- SUB4S - Subtraction of packed BCD strings CPU: NEC/Sony all V-series Type of Instruction: User Instruction: SUB4S Description: BCD STRING (ADDRESS=ES:DI,LENGTH=CL) <- BCD STRING (ADDRESS=DS:SI,LENGTH=CL) - BCD STRING (ADDRESS=ES:DI,LENGTH=CL); Length of BCD string in CL; Note: si,di,cl and other registers not changed Flags Affected: OF,CF,ZF ;; ZF set if result is zero. ;; CF,OF set as result of operation with most ;; signification BCDs. CPU mode: RM +++++++++++++++++++++++ Physical Form: SUB4S COP (Code of Operation) : 0FH 22H Clocks: SUB4S NEC V20: ~7+19*CL --------------------------------------------------- SVDC - Save Register and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: SVDC dest,sreg Description: dest <- sreg [selector,shadow_descriptor] ; dest is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: SVDC mem80,sreg COP (Code of Operation) : 0FH 78H [mm sreg3 mmm] Clocks IBM BL486DX: 18 TI 486SXL : 22 Note: sreg3 is: 000 ES 001 CS 010 SS 011 DS 100 FS 101 GS --------------------------------------------------- SVLDT - Save LDTR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: SVLDT dest Description: dest <- LDTR [selector,shadow_descriptor] ; dest is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: SVLDT mem80 COP (Code of Operation) : 0FH 7AH [mm 000 mmm] Clocks IBM BL486DX: 18 TI 486SXL : 22 --------------------------------------------------- SVTS - Save TR and Descriptor CPU: Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 TI 486SLC/DLC/e TI 486SXL/SXL2/SXLC TI Potomac Type of Instruction: System Instruction: SVTS dest Description: dest <- TR [selector,shadow_descriptor] ; dest is register and descriptor structure (see below) Format or Register and Descriptor Structure: +00 Limit (15-0) +02 Base (15-0) +04 Base (23-16) +05 AR byte +06 AR2/Limit (19-16) +07 Base (31-24) +08 Selector Length of structure is 10h Flags Affected: None CPU mode: (1) and (2) and (3) and [(4A) or (4B)] 1) CPL=0 2) CCR1.bit1=1 ; SMI enable 3) SMAR size > 0 4A) in SMM 4B) CCR1.bit2=1 ; SMAC is on ++++++++++++++++ Physical Form: SVTS mem80 COP (Code of Operation) : 0FH 7CH [mm 000 mmm] Clocks IBM BL486DX: 18 TI 486SXL : 22 --------------------------------------------------- TEST1 - Test a Specified bit CPU: NEC/Sony all V-series Type of Instruction: User Instruction: NOT1 dest,bitnumb Description: IF dest IS 8BIT THEN bitn <- bitnumb AND 7; IF dest IS 16BIT THEN bitn <- bitnumb AND Fh; IF (BIT bitn OF dest) = 0 THEN { ZF <- 1; } ELSE { ZF <- 0; } ENDIF Flags Affected: ZF CPU mode: RM +++++++++++++++++++++++ Physical Form: TEST1 reg/mem8,CL COP (Code of Operation) : 0FH 10H Postbyte Physical Form: TEST1 reg/mem8,imm8 COP (Code of Operation) : 0FH 18H Postbyte imm8 Physical Form: TEST1 reg/mem16,CL COP (Code of Operation) : 0FH 11H Postbyte Physical Form: TEST1 reg/mem16,imm8 COP (Code of Operation) : 0FH 19H Postbyte imm8 Clocks: TEST1 r/m8,CL r/m8,i8 r/m16,CL r/m16,i8 NEC V20: 3/12 4/13 3/12 4/13 --------------------------------------------------- TSKSW - Task Switch CPU: NEC V25,V35,V25 Plus,V35 Plus,V25 Software Guard Type of Instruction: System Instruction: TSKSW reg16 Description: Perform a High-Speed task switch to the register bank indicated by lower 3 bits of reg16. The PC and PSW are saved in the old banks. PC and PSW save Registers and the new PC and PSW values are retrived from the new register bank's save area. Note: See BRKCS instruction for more Info about banks. Flags Affected: All CPU mode: RM +++++++++++++++++++++++ Physical Form: TSCSW reg16 COP (Code of Operation) : 0Fh 94h <1111 1RRR> Clocks: 11 -------------------------------------------------- UD2 - Undefined Instruction CPU: Pentium Pro+ and all other Logical Form: UD2 Description: Caused #UD exception Flags Affected: No Flags Affected CPU Mode : RM,PM,VM,VME,SMM Exceptions : RM PM V86 VME SMM #UD #UD #UD #UD #UD Undefined Instruction No more Exceptions Note : This instruction caused #UD. Intel guranteed that in future Intel's CPUs this instruction will caused #UD. Of course all previous CPUs (186+) caused #UD on this opcode. This instruction used by software writers for testing #UD exception servise routine. ++++++++++++++++++++++++++++++ Physical Form : UD2 COP (Code of Operation) : 0Fh 0Bh Clocks : UD2 8088: Not supported NEC V20: Not supported 80186: ~int 80286: ~int 80386: ~int Cx486SLC: ~int i486: ~int Cx486DX: ~int Cx5x86: ~int Pentium: ~int Nx5x86: ~int Cx6x86: ~int Am5k86: ~int Pentium Pro: ~int ++++++++++++++++++++++++++++++ --------------------------------------------------- UMOV - Mov Data to Main (User) Memory CPU: AMD Am386SXLV,Am386DXLV AMD 486s IBM 486SLC2 Type of Instruction: Special System Instruction: UMOV dest,sorc Description: dest <- sorc; Note!!!!!: But all memory operands placed in Main memory only ! ( i.e. not in SMRAM then in SMM ) WARNING: UMC's CPUs hang on execution this instruction !!!!!! check that CPU is none UMC's before Note: On Cyrix's CPUs UMOV opcodes do nothing. This way used to determination of Cyrix Microprocessors. Note: Pentium P54C never support this instruction Flags Affected: None CPU mode: RM?,PM?,VM?,SMM +++++++++++++++++++++++ Physical Form: UMOV r/m8,r8 COP (Code of Operation) : 0FH 10H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/2 IBM 486SLC2 : 4 +++++++++++++++++++++ Physical Form: UMOV r/m16,r16 UMOV r/m32,r32 COP (Code of Operation) : 0FH 11H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/2 IBM 486SLC2 : 4 +++++++++++++++++++++++ Physical Form: UMOV r8,r/m8 COP (Code of Operation) : 0FH 12H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/4 IBM 486SLC2 : 4 +++++++++++++++++++++ Physical Form: UMOV r16,r/m16 UMOV r32,r/m32 COP (Code of Operation) : 0FH 13H Postbyte Clocks: Am386SXLV or AM386DXLV: 2/4 IBM 486SLC2 : 4 --------------------------------------------------- WBINVD - Write Back and Invalidate Cache CPU: I486 + Type of Instruction: System Instruction: WBINVD Description: IF (internal cache is WB and in WB mode) THEN { Write Back Internal Cache; } Flush internal cache; Signal external cache to Write Back; Signal external cache to Flush; Notes: This instruction not work in Real Mode and in Protected mode work only in ring 0 ; Flags Affected: None CPU mode: PM0,SMM Physical Form: INVD COP (Code of Operation): 0FH 09H Clocks: Cyrix Cx486SLC : 4 i486 : 5 Pentium : 2000+ ----------------------------------------------------- APPENDIX A0 Cyrix Cx486SLC/DLC configuration Registers for Cx486DLC: Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 NCR1 Non-cacheble Region #0 C4H-C6H 24 NCR2 Non-cachable Region #1 C7H-C9H 24 NCR3 Non-cacheble Region #2 CAH-CCH 24 NCR4 Non-cacheble Region #4 CDH-CFH 24 for Cx486SLC: Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 NCR1 Non-cacheble Region #0 C5H-C6H 16 NCR2 Non-cachable Region #1 C8H-C9H 16 NCR3 Non-cacheble Region #2 CBH-CCH 16 NCR4 Non-cacheble Region #4 CEH-CFH 16 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR0 00H CCR1 xxxx xxx0B NCR1 000Fh NCR2 0 NCR3 0 NCR4 0 format of registers: CCR0: Bit Name Description 7 SUSPEND If =1 then enable SUSP# and SUSPA# pins, which used for put CPU in PowerSave mode. If =0 disable 6 CO (Cache Organisation) If =0 2ways set associative If =1 Dirrect Mapped 5 BARB If =1 then enable flushing internal cache when begining HOLD state. IF =0 disable. 4 FLUSH If =1 enable input pin FLUSH# if =0 disable 3 KEN If =1 enable input pin KEN# if =0 disable 2 A20M If =1 enable input pin A20M# if =0 disable 1 NC1 If=1 then 640KB-1MB area never caching If=0 caching (but see NCRi) 0 NC0 If=1 then first 64K of each 1MB bounds not caching, when in Real or Virtual8086 mode If =0 caching CCR1: Bit Name Description 7-1 Reserved 0 RPL If =1 then enable RPLSET,RPLVAL# pins If =0 this pins are disable and float. NCRi: Byte Bits Description 0 7-0 Address bits A31-A24 of non-cacheble region start (Reserved for Cx486SLC) 1 7-0 Address bits A23-A16 of non-cachable region start 2 7-4 Address bits A15-A12 of non-cacheble region start 2 3-0 Size of non-cacheble block: 0000 Disable NCRi 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4G NCRi bytes: Byte NCRi 0 1 2 NCR1 C4H C5H C6H NCR2 C7H C8H C9H NCR3 CAH CBH CCH NCR4 CDH CDH CEH --------------------------------------------------- APPENDIX A1 Cyrix Cx486S/S2/D/D2/DX/DX2/DX4 IBM BL486DX/DX2 configuration Registers Register Full Register Name Index size(bits) CCR1 Configuration Control Register #1 C1H 8 CCR2 Configuration Control Register #2 C2H 8 CCR3 Configuration Control Register #3 C3H 8 SMAR SMM Address Region CDH-CFH 24 DIR0 Device Identification register #0 FEH 8 DIR1 Device Identification register #1 FFH 8 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: CCR1: Bit Name Description 7..5 Reserved 4 NO_LOCK (Negate LOCK#) 3 MMAC (Main Memory Access) If =1 then all data access which occur within SMI routine (when SMAC=1) accessing main memory instead SMM space =0 No affects on access 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 RPL (Enable RPL pins) If=1 then enable output pins RPLSET(1-0) and RPLVAL# =0 Float it CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6 BWRT (Enable Burst Write Cycle) If =1 enable use of 16byte burst WB cycle =0 disable 5 BARB (Enable cache coherency on Bus Arbitration) If =1 enable write back of all dirty cache data when HOLD is requered and prior to asserting HLDA. =0 isable 4 WT1 (Write-Through Region 1) If =1 Forces all writes to the 640KB-1MB region that hit in cache issued on the external bus 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1 WBAK (Enable WB Cache Interface pins) If =1 then enable INVAL,WM_RST and HITM# pins =0 float it 0 Reserved CCR3: Note: Cyrix Cx486S/D never have CCR3 register. Bit Name Description 7..2 Reserved 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. SMAR: (Index CDh) Bit Description 7..0 A31..A24 bits of starting adress of SMM region (Index CEh) Bit Description 7..0 A23..A16 bits of starting adress of SMM region (Index CFh) Bit Description 7..4 A15..A12 bits of starting adress of SMM region 3..0 Size of SMM region: 0000 SMM region disabled 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4K DIR0: Note: Cyrix Cx486S/D never have DIR0 register. Bit Description 7..0 (Device Identification) for Cx486SLC/e = 00h for Cx486DLC = 01h for Cx486SLC2 = 02h for Cx486DLC2 = 03h for Cx486SRx = 04h for Cx486DRx = 05h for Cx486SRx2 = 06h for Cx486DRx2 = 07h for Cx486SRu = 08h ?? for Cx486DRu = 09h ?? for Cx486SRu2 = 0Ah ?? for Cx486DRu2 = 0Bh ?? for Cx486S (B step) = 10h for Cx486S2 = 11h for Cx486S/e = 12h for Cx486S2/e = 13h for Cx486DX/BL486DX = 1Ah for Cx486DX2/BL486DX2 = 1Bh for ST486DX2 = 1Bh for TI486DX2 = 1Bh for Cx486DX4 = 1Fh for Cx5x86 (M1sc) = 2Dh for Cyrix M1 = 30h for TI486DX4 = 81h for Cyrix OverDrive = FDh for TI Potomac's = FFh ;; None connections !! See Appendix A3 for More Information Important Note: The original Cx486SLC never have DIRi registers. DIR1: Note: Cyrix Cx486S/D never have DIR1 register. Bit Name Description 7..4 SID Stepping Identificator 3..0 RID Revision Identification !! See Appendix A3 for more information CPU DIR0 DIR1 NOTE Cx486DX-40 1Ah 05h Cx486DX-50 1Ah 05h Cx486DX2-50 1Bh 08h Cx486DX2-50 1Bh 08h Marked 001 on pin side of chip ST486DX2-66 1Bh 0Bh ST486DX2-66 1Bh 0Bh Cx486DX2-v80 1Bh 31h 3 VOLT Cx486DX4-v100 1Fh 36h 3 VOLT Cx5x86-100 2Dh 13h 3 VOLT TI486DX2-66,80 1Bh 32h stepping eA0 TI486DX2-66,80 1Bh B2h stepping eB0 TI486DX4-100 81h 91h ----------------------------------------------------- APPENDIX A2 TI486SXLC/SXL configuration Registers for TI486SXL -------------- Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 ARR1 Address Region #1 C4H-C6H 24 ARR2 Address Region #2 C7H-C9H 24 ARR3 Address Region #3 CAH-CCH 24 ARR4 Address Region #4 CDH-CFH 24 for TI486SXLC -------------- Register Full Register Name Index size(bits) CCR0 Configuration Control Register #0 C0H 8 CCR1 Configuration Control Register #1 C1H 8 ARR1 Address Region #1 C5H-C6H 16 ARR2 Address Region #2 C8H-C9H 16 ARR3 Address Region #3 CBH-CCH 16 ARR4 Address Region #4 CEH-CFH 16 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR0 00H CCR1 xxxx xxx0B ARR1 000Fh ; 4Gbyte Non-Caching Region ARR2 0 ARR3 0 ARR4 0 format of registers: CCR0: Bit Name Description 7 SUS If =1 then enable SUSP# and SUSPA# pins, which used for put CPU in PowerSave mode. If =0 disable 6 CKD (Clock Double) If =0 Disable Clock-double mode If =1 Enable Clock-Double mode 5 BARB If =1 then enable flushing internal cache when begining HOLD state. IF =0 disable. 4 FLUSH If =1 enable input pin FLUSH# if =0 disable 3 KEN If =1 enable input pin KEN# if =0 disable 2 A20M If =1 enable input pin A20M# if =0 disable 1 NC1 If=1 then 640KB-1MB area never caching If=0 caching (but see NCRi) 0 NC0 If=1 then first 64K of each 1MB bounds not caching, when in Real or Virtual8086 mode If =0 caching CCR1: Bit Name Description 7 SM4 Access Region 4 Control If=1 then Region 4 is non-cachable SMM Memory Space If=0 Region 4 is non-cachable. SMI# input ignored. 6 WP3 Access Region 3 Control If=1 then Region 3 is write-protected and cachable If=0 Region 3 is non-cachable. 5 WP2 Access Region 2 Control If=1 then Region 2 is write-protected and cachable If=0 Region 2 is non-cachable. 4 WP1 Access Region 1 Control If=1 then Region 1 is write-protected and cachable If=0 Region 1 is non-cachable. 3 NMAC Main Memory Access If=1 All data accesses which occur within SMI service routine (or then SMAC=1) will access main memory instead of SMM Memory space If=0 No changes in access 2 SMAC System Managment memory access If=1 Any access to addresses within SMM memory space cause external bus cycles to be issued with SMADS# output active. SMI# input is ignored. 1 SMI Enable SMM Pins If=1 SMI# input/output pin and SMADS# output pin are enabled If=0 Disabled 0 Reserved ARRi: Byte Bits Description 0 7-0 Address bits A31-A24 of non-cacheble region start (Reserved for TI486SXLC) 1 7-0 Address bits A23-A16 of non-cachable region start 2 7-4 Address bits A15-A12 of non-cacheble region start 2 3-0 Size of non-cacheble block: 0000 Disable NCRi 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4G ARRi bytes: Byte ARRi 0 1 2 ARR1 C4H C5H C6H ARR2 C7H C8H C9H ARR3 CAH CBH CCH ARR4 CDH CDH CEH --------------------------------------------------- APPENDIX A3 Texas Instruments TI486DX2,TI486DX4 configuration Registers Register Full Register Name Index size(bits) CCR1 Configuration Control Register #1 C1H 8 CCR2 Configuration Control Register #2 C2H 8 CCR3 Configuration Control Register #3 C3H 8 SMAR SMM Address Region CDH-CFH 24 DIR0 Device Identification register #0 FEH 8 DIR1 Device Identification register #1 FFH 8 For access to this register You need to do: A) write INDEX_OF_REGISTER to I/O port #22H B) wait 5-6 clocks D) read/write DATA from/to register via I/O port #23 Note: If Index of register not in range C0H..CFH,FEH,FFH then Cyrix CPU generated external bus cycle. If You try to read I/O port #22H CPU will generated external bus cycle too. Then index is out of range all operations with port #23H will generate external bus cycle. State After Reset: CCR1 00H CCR2 00H CCR3 00H SMAR 0 DIR0 see DIR0 description DIR1 see DIR1 description format of registers: CCR1: Bit Name Description 7..5 Reserved 4 NO_LOCK (Negate LOCK#) If =0 Usuall scheme If =1 previously noncachable locked cycles will be executed as unlocked, result is higher perfomanse. 3 MMAC (Main Memory Access) If =1 then all data access which occur within SMI routine (when SMAC=1) accessing main memory instead SMM space =0 No affects on access 2 SMAC (System Managment Memory Access) If =1 Any access within SMM memory space issued with SMAADS# output active, SMI# ignored =0 No affects on access 1 SMI (Enable SMM pins) If =1 then enable SMI# i/o pin and SMADS# output pin =0 Float it 0 RPL (Enable RPL pins) If=1 then enable output pins RPLSET(1-0) and RPLVAL# =0 Float it CCR2: Bit Name Description 7 SUSP (Enable Suspend pins) If =1 SUSP# input and SUSPA# output pins enabled =0 Float 6 BWRT (Enable Burst Write Cycle) If =1 enable use of 16byte burst WB cycle =0 disable 5 BARB (Enable cache coherency on Bus Arbitration) If =1 enable write back of all dirty cache data when HOLD is requered and prior to asserting HLDA. =0 isable 4 WT1 (Write-Through Region 1) If =1 Forces all writes to the 640KB-1MB region that hit in cache issued on the external bus 3 HALT (Suspend on HALT) If =1 CPU enters suspend mode following execution HLT instruction. 2 LOCK_NW (Lock NW bit) If =1 Prohibits changing the state of NW bit in CR0 1 WBAK (Enable WB Cache Interface pins) If =1 then enable INVAL,WM_RST and HITM# pins =0 float it 0 Reserved CCR3: Note: Cyrix Cx486S/D never have CCR3 register. Bit Name Description 7..4 Reserved 3 SM_MODE (SMM Mode Select) If =0 then Normal SMM mode (Cyrix style) If =1 then SL-compatible mode (but SMI_LOCK MUST BE 0) Note: For more info refer to "TI486DX2 Microprocessor SM Mode Programming Guide" // Texas Instruments 1995 (literature number SRZU019) 2 Reserved 1 NMIEN (NMI Enable) If =1 then NMI enable during SMM If =0 NMI don't recognizing during SMM 0 SMI_LOCK (SMM Register Lock) If =1 the following SMM control bits can not be modified: CCR1: bits 1,2,3 CCR3: bit 1 Any SMAR bits But this bit may be changed in SMM. This bit (SMI_LOCK) clearing RESET only. SMAR: (Index CDh) Bit Description 7..0 A31..A24 bits of starting adress of SMM region (Index CEh) Bit Description 7..0 A23..A16 bits of starting adress of SMM region (Index CFh) Bit Description 7..4 A15..A12 bits of starting adress of SMM region 3..0 Size of SMM region: 0000 SMM region disabled 0001 4K 0010 8K 0011 16K 0100 32K 0101 64K 0110 128K 0111 256K 1000 512K 1001 1M 1010 2M 1011 4M 1100 8M 1101 16M 1110 32M 1111 4K DIR0: Bit Description 7..0 (Device Identification) for TI486DX2 = 1Bh (compare with Cyrix's DIR0) for TI486DX4 = 81h DIR1: Bit Name Description 7 MID Manafacturer ID 0 = Cyrix 1 = Texas Instruments (support starting TI486DX2 eB0 steping) 6..4 SID Stepping Identificator 3..0 RID Revision Identification ---------------------------------------------- APPENDIX B Codes which returned after Reset in EDX DH DL Type of CPU Steppin Model ID Revision i386DX A (00h) ??? B0-B10 03h 03h D0 05h D1-D2 08h E0,F0 08h Am386DX/DXL A 03h 05h B 08h i386SX A0 23h 04h B 05h C,D,E 08h Am386SX/SXL A1 23h 05h B 08h Intel386CXSA A 23h 09h Intel386CXSB A 23h 09h i386EX A 23h 09h Intel386SXSA ? 23h 09h i376 A0 33h 05h B 08h i386SL A0-A3 43h 0xh (05H) B0-B1 1xh RapidCAD (tm) A 03h 40h B 41h IBM 386SLC A A3h xxh Cx486SLC A 04h 10h TI486SLC/DLC/e A 04h 10h B 11h TI486SXL/SXLC A 04h 10h B 11h i486DX A0/A1 04h 00h B2-B6 01h C0 02h C1 03h D0 04h cA2,cA3 10h cB0,cB1 11h cC0 13h aA0,aA1 14h ; SL Enhanced aB0 15h ; SL Enhanced Am486DX any 04h 12h UMC U5SD any 04h 1xh i486SX A0 04h 20h B0 22h ?? 23h ; SL Enhanced 1994 ??? gAx 24h cA0 27h cB0 28h aA0,aA1 2Ah ; SL Enhanced aB0,aC0 2Bh ; SL Enhanced i487SX A0 04h 20h B0 21h UMC U5S any 04h 23h UMC U5SX 486-A any 04h 23h UMC U5SD any 04h 23h Cx5x86 0,rev 1- 04h 29h ; core/bus clk=2/1 +clones Cx5x86 0,rev 1- 04h 2Bh ; core/bus clk=2/1 +clones Cx5x86 0,rev 1- 04h 2Dh ; core/bus clk=3/1 +clones Cx5x86 0,rev 1- 04h 2Fh ; core/bus clk=3/1 +clones i486DX2 & A0-A2 04h 32h OverDrive (tm) B1 33h aA0,aA1 34h ; SL Enhanced aB0,aC0 35h ; SL Enhanced Am486DX2 any 04h 32h ; Include 80MHz Am486DXL2 any 04h 32h Am486DX4 any 04h 32h ; Non Ehnanced any 04h 84h ; Enhanced in WT mode 04h 94h ; Enhanced in WB mode UMC U486DX2 any 04h 3xh UMC U486SX2 any 04h 5xh i486SL A 04h 40h ?? 41h i486SX2 aC0 04h 5Bh ; SL Enhanced IntelSX2 (tm) A 04h 5xh OverDrive (tm) WB Enh IntelDX2 A 04h 70h ; in WB mode (P24D) 36h ; in WT mode IBM BL486DX2 A 04h 80h ; PRELIMINARY IntelDX4 (tm) A 04h 80h TI TI486DX2 any 04h 80h TI TI486DX4 any 04h 81h IntelDX4 (tm) A 14h 80h ; DX4ODPR (5V IntelDX4) OverDrive (tm) Cx5x86 0,rev 2+ 04h 90h Write-Back Enh. A 04h 83h ; WT Mode IntelDX4 (tm) 90h ; WB mode AMD Am5x86 A 04h 84h ; x3, WT mode 94h ; x3, WB mode E4h ; x4, WT mode F4h ; x4, WB mode IBM 486SLC A A4h 0xh IBM 486SLC2 Ax A4h 1xh Bx 2xh ?? 3xh IBM 486BLX3 A 84h xxh Cyrix M5 all 00h 05h (Cx486S/D) Cyrix M6 all 00h 06h (Cx486DX) Cyrix M7 all 00h 07h (Cx486DX2) Cyrix M8 all 00h 08h (Cx486DX4) Am5k86 all 05h 0xh ; AMD SSA/5 A 05h 00h all 05h 1xh ; AMD K5 Pentium (P5) Ax 05h 0xh B1 05h 13h ; Have FPU bug! C1 05h 15h ; Have FPU bug! D1 05h 17h ; Never have FPU bug!! Pentium (P54LM) Ax 05h 25h ; 2.9V for Notebooks. Pentium (P54C) any 05h 2xh B1 05h 21h ; Have FPU bug! B3 05h 22h ; Have FPU bug! B5 05h 24h ; Have FPU bug! C1 05h 25h ; No FPU bug!! C2 25h mA1 25h cB1 2Bh ; 120,133 MHz mcB1 2Bh ??h ; 150,166 MHz #PHG cC0 2Ch ; 150,166 MHz E0 26h ; 75,90,100 MHz mA4 70h ; 75,90,100 MHz VRT mcC0 2Ch ; 120,133 MHz #end Pentium (P54CQS) C2 05h 25h Pentium Overdrive B1 15h 31h ; PODP5V (Vcc=5V)(P24T) B2 15h 31h C0 15h 32h Cx6x86 05h 30h ; core/bus = 1/1 05h 32h ; core/bus = 1/1 05h 31h ; core/bus = 2/1 05h 33h ; core/bus = 2/1 05h 34h ; core/bus = 3/1 05h 36h ; core/bus = 3/1 05h 35h ; core/bus = 4/1 05h 37h ; core/bus = 4/1 ;Pentium Overdrive 15h 2xh ;(Vcc=3.3V) (P24CT) Pentium OverDrive (P54T) 15h 4xh Intel Pentium OverDrive 25h 2xh (P54M) Pentium Pro (P6) ? 06h 0xh ; Engineering Sample 133MHz 0.6mkm 06h 11h ; Engineering Sample 150MHz B0 06h 11h ; 133,150 MHz C0 06h 12h ; 150 MHz sA0 06h 16h ; 166,180,200 MHz OverDrive for Socket 8 (P6T) 16h 3xh ; Note: For detection Cyrix's chips refer to APPENDIX A1. -------------------------------------------- APPENDIX C0 iCOMP index for Intel's Microprocessors i386SX-20 32 i386SX-25 39 i386SL-25 41 i386DX-25 49 i386DX-33 68 i486SX-20 78 i486SX-25 100 ; Base model for test iCOMP=100 by define i486DX-25 122 i486SX-33 136 i486DX-33 166 i486DX2-20/40 166 IntelSX2-25/50 180 i486DX2-25/50 231 i486DX-50 249 IntelDX4-20/60 258 i486DX2-33/66 297 Pentium OverDrive-20/50 314 ; P24T IntelDX4-25/75 319 ; P24C IntelDX4-33/100 435 ; P24C Pentium OverDrive-25/63 443 ; P24T Pentium-(510\60) 510 ; P5 Pentium-(567\66) 567 ; P5 Pentium OverDrive-33/83 581 ; P24T Pentium-(610\75) 610 ; P54C,P54LM Pentium-(735\90) 735 ; P54C,P54LM Pentium-(815\100) 815 ; P54C Pentium-(1000\120) 1000 ; P54CSQ Pentium-(133) 1110 ; P54CSQ ---------------------------------------------- APPENDIX C1 Cyrix Microprocessors Relative Perfomance Cyrix Inc. Used for declaration of perfomance of theys microprocessors tests based on PC Bench 8.0 and normalization. CPU Perfomance Scores Cx486SLC-25 36 Cx486SLC-33 39 Cx486SLC2-50 40 Cx486DLC-33 69 Cx486DLC-40 83 Cx486DX-33 100 ; <--- Base Point Cx486DX-40 118 Cx486DX2-50 139 Cx486DX-50 148 Cx486DX2-66 179 Cx486DX2-V80 209 ------------------------------------------------ APPENDIX D0 Pentium P54C+ Build-in APIC (Advanced programmable Interrupt Controller) Base Address of Build-in APIC in memory location is 0FEE00000H. Map of APIC REgisters: Offset (hex) Description Read/Write state 0 Reserved 10 Reserved 20 Local APIC ID R/W 30 Local APIC Version R 40-70 Reserved 80 Task Priority Register R/W 90 Arbitration Priority Register R A0 Processor Priority Register R B0 EOI Register W C0 Remote read R D0 Logical Destination R/W E0 Destination Format Register 0..27 R 28..31 R/W F0 Spurious Interrupt Vector Reg. 0..3 R 4..9 R/W 100-170 ISR 0-255 R 180-1F0 TMR 0-255 R 200-270 IRR 0-255 R 280 Error Status Register R 290-2F0 Reserved 300 Interrupt Command Reg. (0-31) R/W 310 Interrupt Command Reg. (32-63) R/W 320 Local Vector Table (Timer) R/W 330-340 Reserved 350 Local Vector Table (LINT0) R/W 360 Local Vector Table (LINT1) R/W 370 Local Vector Table (ERROR) R/W 380 Initial Count Reg. for Timer R/W 390 Current Count of Timer R 3A0-3D0 Reserved 3E0 Timer Divide Configuration Reg. R/W 3F0 Reserved Note: Pentium-120MHz (Step C2) Never have APIC --------------------------------------------------- APPENDIX D1 INTEL 386/486SL REGISTERS Note: Intel Chipset for SL microprocessors (i386SL,i486SL) contain self CPU and 82360SL chip. [i386SL] Note: address of register in Normal I/O space Name of Register Address Default Value Where placed Size CPUPWRMODE 22h 0 CPU 16 CFGSTAT 23h 0 82360SL 8 CFGINDEX 24h 0 82360SL 16 CFGDATA 25h xxh 82360SL 16 EMSCNTLREG 28h 0 CPU 8 EMSINDEXREG 2Ah 0 CPU 16 EMSDPREG 2Ch xxh CPU 16 PORT92 92h 0 CPU 8 PORT102 102h 0 CPU 8 FAIL SAFE NMI CTRL 461h 0 CPU 8 The followed ports visible only when they enabled, Any writes to this ports caused the action it named. FAST CPU RESET EFh N/A 82360SL 8 FAST A20 GATE EEh N/A 82360SL 8 SLOW CPU F4h N/A CPU 8 FAST CPU F5h N/A CPU 8 SFS DISABLE F9h N/A CPU 8 SFS ENABLE FBh N/A CPU 8 Format of CPUPWRMODE register (i386SL): Bits Name Description 15 DT If Unlock Status { // See bit 0 of this register if bit=0 then access to 82360SL if bit=1 then access to CPUPWRMODE register } If Lock Staus { // i.e.SB=1 (De-Turbo Select Bit) Selected clock speed If bit=0 then EFI/2 If bit=1 then EFI/4 } 14 0 Reserved 13..11 IMCPC (Idle MCP Clock) 13.12.11 Description 000 EFI 001 EFI/2 010 EFI/4 011 EFI/8 100 EFI/16 101 Reserved 110 Reserved 111 Stop Clock 10,9 SLC (Slow CPU clock) 10.9 Description 00 EFI 01 EFI/2 10 EFI/4 11 EFI?8 8 CPUCNFG If =1 CPU Lock. (Write Protect to CPUPMODE register) 7 FD (Flash Disk Enable) If bit=1 then phisical addresses D0000H - DFFFFh automatically never caching. 6 0 Reserved 5,4 FCC (Fast CPU clock) 5.4 Description 00 EFI 01 EFI/2 10 EFI/4 11 EFI/8 3,2 US (Unit Select) Select Unit of 82360SL which will be accessable through 23h-25h I/O Ports 3.2 Description 00 On-Board Memory Controller 01 Cache Unit 10 Internal Bus Unit 11 External Bus Unit 1 UE (Unit Enable) If =1 Enable to Access Units else enable to access System bus. 0 SB (Status Bit) If =0 Enable access to CPUPWRMODE register If =1 Disable Format of EMSCNTLREG: Bits Description 7 (Global Enable) If =1 EMS enable 6 Valid bit 5 EMSDP Status Bit (Read Only) 4..2 Reserved 1..0 Active EMS Set (0-3) Format of EMSINDEXREG: Bits Description 15..10 Reserved 9..8 EMS set (0-3) 7..6 Reserved 5..0 EMS Page Register Index (0-64) Format of EMSDPREG: Bits Description 15 This EMS Page Enable (i.e. page indexed by EMSINDEXREG) 14 EMS Valid bit 13..11 reserved 10..0 Address lines A24..A14 for page selected by EMSINDEXREG Important Note: i386SL have SIGNATURE register have index 30Eh in On-Board Memory Controller Configuration Space. This Register contain Stepping Info of i386SL. Stepping Signature Register DX register after reset A0 4300h 4310h A1 4300h 4310h A2 4301h 4310h A3 4302h 4310h B0 4310h 4311h B1 4311h 4311h [i486SL] Note: address of register in Normal I/O space Name of Register Address Default Value Where placed Size CPUPWRMODE 22h 100H CPU 16 CFGSTAT 23h 0 82360SL 8 CFGINDEX 24h 0 82360SL 16 CFGDATA 25h xxh 82360SL 16 PORT92 92h 0 CPU 8 PORT102 102h 0 CPU 8 FAIL SAFE NMI CTRL 461h 0 CPU 8 The followed ports visible only when they enabled FAST CPU RESET EFh N/A 82360SL 8 FAST A20 GATE EEh N/A 82360SL 8 SLOW CPU F4h N/A CPU 8 FAST CPU F5h N/A CPU 8 SFS DISABLE F9h N/A CPU 8 SFS ENABLE FBh N/A CPU 8 Format of CPUPWRMODE register (i486SL): Bits Name Description 15 DT If Unlock Status { // See bit 0 of this register if bit=0 then access to 82360SL if bit=1 then access to CPUPWRMODE register } If Lock Staus { // i.e.SB=1 (De-Turbo Select Bit) Selected clock speed If bit=0 then EFI/2 If bit=1 then EFI/4 } 14..13 0 Reserved 12 FPUERROR This bit controlled access to I/O port 0F0h, if =0 then access to internal F0h port, If =1 then access ISA bus. 11..9 0 Reserved 8 CPUCNFG If =1 CPU Lock. (Write Protect to CPUPMODE register) 7 0 RESERVED 6,5 FCC (Fast CPU clock) 5.4 Description 00 CPUCLK=definition=EFI/2 01 CPUCLK/2 10 CPUCLK/4 11 CPUCLK/8 4 0 Reserved 3,2 US (Unit Select) Select Unit of 82360SL which will be accessable through 23h-25h I/O Ports 3.2 Description 00 On-Board Memory Controller 01 Reserved 10 Internal Bus Unit 11 External Bus Unit 1 UE (Unit Enable) If =1 Enable to Access Units else enable to access System bus. 0 SB (Status Bit) If =0 Enable access to CPUPWRMODE register If =1 Disable Important Note: i486SL have SIGNATURE register have index 70Ah in On-Board Memory Controller Configuration Space. This Register contain Stepping Info of i486SL. Format Of this register provided below: Bits Description 15..12 Member of Family (4h - SL) 11..8 Family (4h - 486 family) 7..0 Revision Name (Not Same as in DX after reset) --------------------------------------------- APPENDIX E Pentium (tm) Processor Pairing Instruction Pentium (tm) is superscalar microprocessor i.e. it may execute >1 instruction per CLK cycle. It may execute maximum 2 instruction per cycle.It have two integer pipes to execute instruction. This pipes not same, and some instruction may pairing (i.e. execute together) (only if not link with this 2 instruction) only in U pipe, some other only in V pipe, other in any pipe,other absolutely not pairing and they executed on U pipe only. ------ Integer Part Note: PU - is pairable if issued to U pipe PV - is pairable if issued to V pipe UV - pairable in either pipe ADC Reg,Reg PU Reg,Mem PU Reg,Imm PU Mem,Reg PU Mem,Imm PU ADD Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV AND Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV CALL direct PV CMP Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV DEC Reg UV Mem UV INC Reg UV Mem UV Jcc any PV JMP Short PV Direct PV LEA Reg,Mem UV MOV Reg,Reg/Mem/Imm UV Mem,Reg UV NOP UV OR Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV POP Reg UV PUSH Reg UV Imm UV Rotates/Shifts: Reg,1 PU Mem,1 PU Reg,Imm PU Mem,Imm PU SUB Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV TEST Reg,Reg UV Mem,Reg UV Acc,Imm UV XOR Reg,Reg UV Reg,Mem UV Reg,Imm UV Mem,Reg UV Mem,Imm UV _____ Floating Part Note: FX - Pairing with FXCH (All other never pairing) FABS FX FADD FX FADDP FX FCHS FX FCOM FX FCOMP FX FDIV/R/P/RP FX FLD m32,m64,ST(i) FX Note: FLD m80 not pairing FMUL/P FX FSUB/P/R/RP FX FTST FX FUCOM/P/PP FX For more information refer to: 1) Optimization for Intel's 32-Bit Processors (Application Note AP-500) Gary CArleton) // Intel Corp. 1993 // Order Number 241799 2) Supplement to the Pentium (tm) Processor User's Manual // Intel Corp. 1993. ------------------------------------------------------------ APPENDIX F0 NON FP OPCODES Base Format of opcodes: <Basecode> <Postbyte> <offset> <immediate_operands> Format of Postbyte: MM RRR MMM MM - Memory addresing mode RRR - Register operand address MMM - Memory operand address RRR Register Names Fields 8bit 16bit 32bit 000 AL AX EAX 001 CL CX ECX 010 DL DX EDX 011 BL BX EBX 100 AH SP ESP 101 CH BP EBP 110 DH SI ESI 111 BH DI EDI 16bit memory (No 32 bit memory address prefix): MMM Default MM Field Field Sreg 00 01 10 11=MMM is reg 000 DS [BX+SI] [BX+SI+O8] [BX+SI+O16] 001 DS [BX+DI] [BX+DI+O8] [BX+SI+O16] 010 SS [BP+SI] [BP+SI+O8] [BP+SI+O16] 011 SS [BP+DI] [BP+DI+O8] [BP+DI+O16] 100 DS [SI] [SI+O8] [SI+O16] 101 DS [DI] [DI+O8] [DI+O16] 110 SS [O16] [BP+O8] [BP+O16] 111 DS [BX] [BX+O8] [BX+O16] Note: MMM=110,MM=00 Default Sreg is DS !!!! 32bit memory (Has 67h 32 bit memory address prefix): MMM Default MM Field Field Sreg 00 01 10 11=MMM is reg 000 DS [EAX] [EAX+O8] [EAX+O32] 001 DS [ECX] [ECX+O8] [ECX+O32] 010 DS [EDX] [EDX+O8] [EDX+O32] 011 DS [EBX] [EBX+O8] [EBX+O32] 100 see SIB [SIB] [SIB+O8] [SIB+O32] 101 SS [O32] [EBP+O8] [EBP+O32] 110 DS [ESI] [ESI+O8] [ESI+O32] 111 DS [EDI] [EDI+O8] [EDI+O32] Note: MMM=110,MM=00 Default Sreg is DS !!!! SIB is (Scale/Base/Index): SS BBB III Note: SIB address calculated as : <SIB address>=<Base>+<Index>*(2^(Scale)) Field Default Base BBB Sreg Register Note 000 DS EAX 001 DS ECX 010 DS EDX 011 DS EBX 100 SS ESP 101 DS O32 If MM=00 (Postbyte) SS EBP If MM<>00 (Postbyte) 110 DS ESI 111 DS EDI Field Index III register Note 000 EAX 001 ECX 010 EDX 011 EBX 100 Never Index SS can be 00 101 EBP 110 ESI 111 EDI Field Scale coefficient SS =2^(SS) 00 1 01 2 10 4 11 8 Note: <No comments> this code are for 8086 and all other processors NECs : for NEC/Sony V20/V30/V40/V50 and all clones and upgrades 186+ : for 186/188 and higher 286+ : for 80286 and higher 386+ : for 80386 and higher 486+ : for i486 and higher Pentium : for Pentiym <specified> : specified Main Table [TABLE00]: 00 ADD mem8,reg8 01 ADD mem,reg 02 ADD reg8,mem8 03 ADD reg,mem 04 ADD AL,imm8 05 ADD AX,imm 06 PUSH ES 07 POP ES 08 OR mem8,reg8 09 OR mem,reg 0A OR reg8,mem8 0B OR reg,mem 0C OR AL,imm8 0D OR AX,imm 0E PUSH CS 0F POP CS ; 8088 non CMOS versions >>> TABLE 01 ; NECs & 286+ Invalid Opcode ; 186/188 10 ADC mem8,reg8 11 ADC mem,reg 12 ADC reg8,mem8 13 ADC reg,mem 14 ADC AL,imm8 15 ADC AX,imm 16 PUSH SS 17 POP SS 18 SBB mem8,reg8 19 SBB mem,reg 1A SBB reg8,mem8 1B SBB reg,mem 1C SBB AL,imm8 1D SBB AX,imm 1E PUSH DS 1F POP DS 20 AND mem8,reg8 21 AND mem,reg 22 AND reg8,mem8 23 AND reg,mem 24 AND AL,imm8 25 AND AX,imm 26 ES: segment prefix 27 DAA 28 SUB mem8,reg8 29 SUB mem,reg 2A SUB reg8,mem8 2B SUB reg,mem 2C SUB AL,imm8 2D SUB AX,imm 2E CS: segment prefix 2F DAS 30 XOR mem8,reg8 31 XOR mem,reg 32 XOR reg8,mem8 33 XOR reg,mem 34 XOR AL,imm8 35 XOR AX,imm 36 SS: segment prefix 37 AAA 38 CMP mem8,reg8 39 CMP mem,reg 3A CMP reg8,mem8 3B CMP reg,mem 3C CMP AL,imm8 3D CMP AX,imm 3E DS: segment prefix 3F AAS 40 INC AX 41 INC CX 42 INC DX 43 INC BX 44 INC SP 45 INC BP 46 INC SI 47 INC DI 48 DEC AX 49 DEC CX 4A DEC DX 4B DEC BX 4C DEC SP 4D DEC BP 4E DEC SI 4F DEC DI 50 PUSH AX 51 PUSH CX 52 PUSH DX 53 PUSH BX 54 PUSH SP 55 PUSH BP 56 PUSH SI 57 PUSH DI 58 POP AX 59 POP CX 5A POP DX 5B POP BX 5C POP SP 5D POP BP 5E POP SI 5F POP DI 60 PUSHA ;NECs & 186+ 61 POPA ;NECs & 186+ 62 BOUND reg,mem ;NECs & 186+ 63 ARPL reg,mem ;286+ PM 64 FS: segment prefix ;386+ 65 GS: segment prefix ;386+ 66 Memory access size prefix ;386+ 67 Operands size prefix ;386+ 68 PUSH imm ;NECs & 186+ 69 IMUL reg,imm,mem ;NECs & 186+ 6A PUSH imm8 ;NECs & 186+ 6B IMUL reg,imm8,mem ;NECs & 186+ 6C INSB ;186+ 6D INS ;186+ 6E OUTSB ;186+ 6F OUTS ;186+ 70 JO rel8 71 JNO rel8 72 JC rel8 73 JNC rel8 74 JZ rel8 75 JNZ rel8 76 JNA rel8 77 JA rel8 78 JS rel8 79 JNS rel8 7A JP rel8 7B JNP rel8 7C JL rel8 7D JNL rel8 7E JNG rel8 7F JG rel8 80 code extention [1] 81 code extention [2] 82 code extention [3] 83 code extention [4] 84 TEST mem8,reg8 85 TEST mem,reg 86 XCHG mem8,reg8 87 XCHG mem,reg 88 MOV mem8,reg8 89 MOV mem,reg 8A MOV reg8,mem8 8B MOV reg,mem 8C code extention [5] 8D LEA reg,mem 8E code extention [6] 8F code extention [7] 90 NOP 91 XCHG AX,CX 92 XCHG AX,DX 93 XCHG AX,BX 94 XCHG AX,SP 95 XCHG AX,BP 96 XCHG AX,SI 97 XCHG AX,DI 98 CBW 66 98 CWDE ;386+ 99 CWD 66 99 CDQ ;386+ 9A CALL FAR seg:offs 9B WAIT 9C PUSHF 66 9C PUSHFD ; 386+ 9D POPF 66 9D POPFD ; 386+ 9E SAHF 9F LAHF A0 MOV AL,[imm] A1 MOV AX,[imm] A2 MOV [imm],AL A3 MOV [imm],ax A4 MOVSB A5 MOVS A6 CMPSB A7 CMPS A8 TEST AL,imm8 A9 TEST AX,imm AA STOSB AB STOS AC LODSB AD LODS AE SCASB AF SCAS B0 MOV AL,imm8 B1 MOV CL,imm8 B2 MOV DL,imm8 B3 MOV BL,imm8 B4 MOV AH,imm8 B5 MOV CH,imm8 B6 MOV DH,imm8 B7 MOV BH,imm8 B8 MOV AX,imm B9 MOV CX,imm BA MOV DX,imm BB MOV BX,imm BC MOV SP,imm BD MOV BP,imm BE MOV SI,imm BF MOV DI,imm C0 code extention [8] C1 code extention [9] C2 RET NEAR imm C3 RET NEAR C4 LES reg,mem C5 LDS reg,mem C6 code extention [10] C7 code extention [11] C8 ENTER imm,imm8 ;NECs & 186+ C9 LEAVE ;NECs & 186+ CA RET FAR imm CB RET FAR CC INT 3 CD INT imm8 CE INTO CF IRET D0 code extention [12] D1 code extention [13] D2 code extention [14] D3 code extention [15] D4 AAM imm8 ; Note: NECs w/o imm8 but D4 0A only D5 AAD imm8 ; Note: NECs w/o imm8 but D4 0A only D6 SETALC ;286+ D7 XLAT D8-DF ESC imm6,mem ; Note: Refer to future part ; Cooprocessor commands. E0 LOOPNZ rel8 E1 LOOPZ rel8 E2 LOOP rel8 E3 JCXZ rel8 66 E3 JECXZ rel8 ; 386+ E4 IN AL,imm8 E5 IN AX,imm8 E6 OUT imm8,AL E7 OUT imm8,AX E8 CALL NEAR rel16 E9 JMP NEAR rel16 EA JMP FAR seg:offs EB JMP SHORT rel8 EC IN AL,DX ED IN AX,DX EE OUT DX,AL EF OUT DX,AX F0 LOCK prefix F1 SMI ; AMD Am386/486DXLV F2 REPNZ F3 REP/REPZ F4 HLT F5 CMC F6 code extention [16] F7 code extention [17] F8 CLC F9 STC FA CLI FB STI FC CLD FD STD FE code extention [18] FF code extention [19] [TABLE 01]: Note: First Byte of Operation is 0Fh 00 Extended Opcode 20 ; 286+ 01 Extended Opcode 21 ; 286+ 02 LAR reg,mem ; 286+ 03 LSL reg,mem ; 286+ 04 LOADALL ; Alternative 286 ; 286 only 05 LOADALL ; 286 ; 286 only 06 CLTS ; 286+ 07 LOADALL ; i386,486 ; 386-486, Never Pentium RES3 ; AMD Am386zXLV RES4 ; AMD Am486DXLV ICERET ; IBM 386SLC,486SLC,486SLC2 08 INVD ; 486+ 09 WBINVD ; 486+ 0A Reserved, INT 6 0B UD2 ; all, but documented on Pentium Pro only 0C-0F Reserved, INT 6 10 UMOV mem8,reg8 ; Really different op. space ; 386-486,Never Pentium ; on AMD Amz86zXLV, never P6, Cx5x86+ TEST1 mem8,CL ; NEC V20+ 11 UMOV mem,reg ; see 0Fh,10h TEST1 mem,CL ; NEC V20+ 12 UMOV reg8,mem8 ; see 0Fh,10h CLEAR1 mem8,CL ; NEC V20+ 13 UMOV reg,mem ; see 0Fh,10h CLEAR1 mem,CL ; NEC V20+ 14 SET1 mem8,CL ; NEC V20+ 15 SET1 mem,CL ; NEC V20+ 16 NOT1 mem8,CL ; NEC V20+ 17 NOT1 mem,CL ; NEC V20+ 18 TEST1 mem8,imm8 ; NEC V20+ 19 TEST1 mem,imm8 ; NEC V20+ 1A CLEAR1 mem8,imm8 ; NEC V20+ 1B CLEAR1 mem,imm8 ; NEC V20+ 1C SET1 mem8,imm8 ; NEC V20+ 1D SET1 mem,imm8 ; NEC V20+ 1E NOT1 mem8,imm8 ; NEC V20+ 1F NOT1 mem,imm8 ; NEC V20+ 20 MOV reg32,CRn ; 386+ ADD4S ; NEC V20+ 21 MOV reg32,DRn ; 386+ 22 MOV CRn,reg32 ; 386+ SUB4S ; NEC V20+ 23 MOV DRn,reg32 ; 386+ 24 MOV reg32,TRn ; 386-486 only (Pentium never have TRs) 25 26 MOV TRn,reg32 ; 386-486 only CMPS4S ; NEC V20+ 27 reserved opcode 28 ROL4 mem8 ; NEC V20+ 29 reserved opcode 2A ROL4 mem8 ; NEC V20+ 2B-2F reserved opcodes 30 WRMSR ; Pentium, IBM 386SLC,486SLC/SLC2 31 RDTSC ; Pentium INS reg8,reg8 ; NEC V20+ ; Note: NECINS 32 RDMSR ; Pentium, IBM 386SLC,486SLC/SLC2 33 EXT reg8,reg8 ; NEC V20+ RDMPC ; P6 40 CMOVO reg,mem ; P6 41 CMOVNO reg,mem ; P6 42 CMOVC reg,mem ; P6 43 CMOVNC reg,mem ; P6 44 CMOVZ reg,mem ; P6 45 CMOVNZ reg,mem ; P6 46 CMOVA reg,mem ; P6 47 CMOVNA reg,mem ; P6 48 CMOVS reg,mem ; P6 49 CMOVNS reg,mem ; P6 4A CMOVP reg,mem ; P6 4B CMOVNP reg,mem ; P6 4C CMOVL reg,mem ; P6 4D CMOVNL reg,mem ; P6 4E CMOVNG reg,mem ; P6 4F CMOVG reg,mem ; P6 60 PUNPCKLBW mm,mm/m64 ; MMX 61 PUNPCKLWD mm,mm/m64 ; MMX 62 PUNPCKLDQ mm,mm/m64 ; MMX 63 PACKSSWB mm,mm/m64 ; MMX 64 PCMPGTB mm,mm/m64 ; MMX 65 PCMPGTW mm,mm/m64 ; MMX 66 PCMPGTD mm,mm/m64 ; MMX 67 PACKUSWB mm,mm/m64 ; MMX 68 PUNPCKHBW mm,mm/m64 ; MMX 69 PUNPCKHWD mm,mm/m64 ; MMX 6A PUNPCKHDQ mm,mm/m64 ; MMX 6B PACKSSDW mm,mm/m64 ; MMX 6C 6D 6E MOVD mm,r/m32 ; MMX 6F MOVD mm,mm/m64 ; MMX 70 71 code extention [24] ; MMX 72 code extention [25] ; MMX 73 code extention [26] ; MMX 74 PCMPEQB mm,mm/m64 ; MMX 75 PCMPEQW mm,mm/m64 ; MMX 76 PCMPEQD mm,mm/m64 ; MMX 77 EMMS ; MMX 78 SVDC mem,sreg ; Cyrix M5+ 79 RSDC sreg,mem ; Cyrix M5+ 7A SVLDT mem ; Cyrix M5+ 7B RSLDT mem ; Cyrix M5+ 7C SVTS mem ; Cyrix M5+ 7D RSTS mem ; Cyrix M5+ 7E SMINT ; Cyrix M6+ 7E MOVD r/m32,mm ; MMX 7F MOVD mm/m64,mm ; MMX 80 JO rel16 ; 386+ 81 JNO rel16 ; 386+ 82 JC rel16 ; 386+ 83 JNC rel16 ; 386+ 84 JZ rel16 ; 386+ 85 JNZ rel16 ; 386+ 86 JNA rel16 ; 386+ 87 JA rel16 ; 386+ 88 JS rel16 ; 386+ 89 JNS rel16 ; 386+ 8A JP rel16 ; 386+ 8B JNP rel16 ; 386+ 8C JL rel16 ; 386+ 8D JNL rel16 ; 386+ 8E JNG rel16 ; 386+ 8F JG rel16 ; 386+ 90 SETO mem8 ; 386+ 91 SETNO mem8 ; 386+ 92 SETC mem8 ; 386+ 93 SETNC mem8 ; 386+ 94 SETZ mem8 ; 386+ 95 SETNZ mem8 ; 386+ 96 SETNA mem8 ; 386+ 97 SETA mem8 ; 386+ 98 SETS mem8 ; 386+ 99 SETNS mem8 ; 386+ 9A SETP mem8 ; 386+ 9B SETNP mem8 ; 386+ 9C SETL mem8 ; 386+ 9D SETNL mem8 ; 386+ 9E SETNG mem8 ; 386+ 9F SETG mem8 ; 386+ A0 PUSH FS ; 386+ A1 POP FS ; 386+ A2 CPUID ; 486 SL enhanced,Pentium,UMC,i386CX,P6,M1,K5 A3 BT mem,reg ; 386+ A4 SHLD mem,reg,imm ;386+ A5 SHLD mem,reg,CL ;386+ A6 XBTS reg,mem,AX,CL ; Intel (!!!) 80386 steps A0-B0 CMPXCHG mem8,reg8 ; Intel (!!!) 80486 steps A0-B0 A7 IBTS mem,AX,CL,reg ; Intel (!!!) 80386 steps A0-B0 CMPXCHG mem,reg ; Intel (!!!) 80486 steps A0-B0 A8 PUSH GS ; 386+ A9 POP GS ; 386+ AA RSM ; i486 SL Enhanced, i386CX, Pentium etc AB BTS mem,reg ; 386+ AC SHRD mem,reg,imm ;386+ AD SHRD mem,reg,CL ;386+ AE AF IMUL reg,mem ; 386+ B0 CMPXCHG mem8,reg8 ; 486+ (Intel B1+ step only) B0 CMPXCHG mem,reg ; 486+ (Intel B1+ step only) B2 LSS reg,mem ; 386+ B3 BTR mem,reg ; 386+ B4 LFS reg,mem ; 386+ B5 LGS reg,mem ; 386+ B6 MOVZX reg,mem8 ; 386+ B7 MOVZX reg32,mem ; 386+ B8 B9 BA code extention [22] BB BTC mem,reg ; 386+ BC BSF reg,mem ; 386+ BD BSR reg,mem ; 386+ BE MOVSX reg,mem8 ; 386+ BF MOVSX reg32,mem ; 386+ C0 XADD mem8,reg8 ; 486+ C1 XADD mem,reg ; 486+ C2-C6 reserved opcodes C7 code extention [23] C8 BSWAP EAX ; 486+ C9 BSWAP ECX ; 486+ CA BSWAP EDX ; 486+ CB BSWAP EBX ; 486+ CC BSWAP ESP ; 486+ CD BSWAP EBP ; 486+ CE BSWAP ESI ; 486+ CF BSWAP EDI ; 486+ D1 PSRLW mm,mm/m64 ; MMX D2 PSRLD mm,mm/m64 ; MMX D3 PSRLQ mm,mm/m64 ; MMX D4 D5 PMULLW mm,mm/m64 ; MMX ...... E1 PSRAW mm,mm/m64 ; MMX E2 PSRAD mm,mm/m64 ; MMX E5 PMULHW mm,mm/m64 ; MMX ..... F1 PSLLW mm,mm/m64 ; MMX F2 PSLLD mm,mm/m64 ; MMX F3 PSLLQ mm,mm/m64 ; MMX F5 PMULADDWD mm,mm/m64 ; MMX ..... D0-FF reserved opcodes FF BRKEM imm8 ; NEC V20+ ************************************************** CODE EXTENTIONS: First byte(s) look at TABLES#00,01 Next byte have format MMOOOMMM : MM is memory mode (see postbyte) OOO select operation in this extention code field MMM is memory field (see Postbyte) Code Extention # 1 (First byte(s) = 80h) Field OOO Operation 000 ADD mem8,imm8 001 OR mem8,imm8 010 ADC mem8,imm8 011 SBB mem8,imm8 100 AND mem8,imm8 101 SUB mem8,imm8 110 XOR mem8,imm8 111 CMP mem8,imm8 Code Extention # 2 (First byte(s) = 81h) Field OOO Operation 000 ADD mem,imm 001 OR mem,imm 010 ADC mem,imm 011 SBB mem,imm 100 AND mem,imm 101 SUB mem,imm 110 XOR mem,imm 111 CMP mem,imm Code Extention # 3 (First byte(s) = 82h) Note: i486 Reserved opcode, Never INT6 but do nothing Field OOO Operation 000 ADD mem8,simm8 001 010 ADC mem8,simm8 011 SBB mem8,simm8 100 101 SUB mem8,simm8 110 111 CMP mem8,simm8 Code Extention # 4 (First byte(s) = 83h) Field OOO Operation 000 ADD mem,simm8 001 010 ADC mem,simm8 011 SBB mem,simm8 100 101 SUB mem,simm8 110 111 CMP mem,simm8 Code Extention # 5 (First byte(s) = 8Ch) Field OOO Operation 000 MOV mem,ES 001 MOV mem,CS 010 MOV mem,SS 011 MOV mem,DS 100 MOV mem,FS ; 386+ 101 MOV mem,GS ; 386+ 110 111 Code Extention # 6 (First byte(s) = 8Eh) Field OOO Operation 000 MOV ES,mem 001 MOV CS,mem ; Non CMOS version of 8086/8088 only 010 MOV SS,mem 011 MOV DS,mem 100 MOV FS,mem ; 386+ 101 MOV GS,mem ; 386+ 110 111 Code Extention # 7 (First byte(s) = 8Fh) Note: i486 can eat any OOO. Field OOO Operation 000 POP mem 001 010 011 100 101 110 111 Code Extention # 8 (First byte(s) = C0h) Field OOO Operation 000 ROL mem8,imm8 ; 186+ 001 ROR mem8,imm8 ; 186+ 010 RCL mem8,imm8 ; 186+ 011 RCR mem8,imm8 ; 186+ 100 SHL mem8,imm8 ; 186+ 101 SHR mem8,imm8 ; 186+ 110 SAL mem8,imm8 ; 186+ 111 SAR mem8,imm8 ; 186+ Code Extention # 9 (First byte(s) = C1h) Field OOO Operation 000 ROL mem,imm8 ; 186+ 001 ROR mem,imm8 ; 186+ 010 RCL mem,imm8 ; 186+ 011 RCR mem,imm8 ; 186+ 100 SHL mem,imm8 ; 186+ 101 SHR mem,imm8 ; 186+ 110 SAL mem,imm8 ; 186+ 111 SAR mem,imm8 ; 186+ Code Extention # 10 (First byte(s) = C6h) Note: i486 can eat any OOO field. Field OOO Operation 000 MOV mem8,imm8 001 010 011 100 101 110 111 Code Extention # 11 (First byte(s) = C7h) Note: i486 can eat any OOO field Field OOO Operation 000 MOV mem,imm16 001 010 011 100 101 110 111 Code Extention # 12 (First byte(s) = D0h) Field OOO Operation 000 ROL mem8,1 001 ROR mem8,1 010 RCL mem8,1 011 RCR mem8,1 100 SHL mem8,1 101 SHR mem8,1 110 SAL mem8,1 111 SAR mem8,1 Code Extention # 13 (First byte(s) = D1h) Field OOO Operation 000 ROL mem,1 001 ROR mem,1 010 RCL mem,1 011 RCR mem,1 100 SHL mem,1 101 SHR mem,1 110 SAL mem,1 111 SAR mem,1 Code Extention # 14 (First byte(s) = D2h) Field OOO Operation 000 ROL mem8,CL 001 ROR mem8,CL 010 RCL mem8,CL 011 RCR mem8,CL 100 SHL mem8,CL 101 SHR mem8,CL 110 SAL mem8,CL 111 SAR mem8,CL Code Extention # 15 (First byte(s) = D3h) Field OOO Operation 000 ROL mem,CL 001 ROR mem,CL 010 RCL mem,CL 011 RCR mem,CL 100 SHL mem,CL 101 SHR mem,CL 110 SAL mem,CL 111 SAR mem,CL Code Extention # 16 (First byte(s) = F6h) Field OOO Operation 000 TEST mem8,imm8 001 010 NOT mem8 011 NEG mem8 100 MUL mem8 101 IMUL mem8 110 DIV mem8 111 IDIV mem8 Code Extention # 17 (First byte(s) = F7h) Field OOO Operation 000 TEST mem,imm16 001 010 NOT mem 011 NEG mem 100 MUL mem 101 IMUL mem 110 DIV mem 111 IDIV mem Code Extention # 18 (First byte(s) = FEh) Field OOO Operation 000 INC mem8 001 DEC mem8 010 011 100 101 110 111 Code Extention # 19 (First byte(s) = FFh) Field OOO Operation 000 INC mem 001 DEC mem 010 CALL NEAR mem 011 CALL FAR mem 100 JMP NEAR mem 101 JMP FAR mem 110 PUSH mem 111 Code Extention # 20 (First byte(s) = 0FH,00H) Field OOO Operation 000 SLDT mem ; 286+ 001 STR mem ; 286+ 010 LLDT mem ; 286+ 011 LTR mem ; 286+ 100 VERR mem ; 286+ 101 VERW mem ; 286+ 110 111 Code Extention # 21 (First byte(s) = 0Fh,01h) Field OOO Operation 000 SGDT mem ; 286+ 001 SIDT mem ; 286+ 010 LGDT mem ; 286+ 011 LIDT mem ; 286+ 100 SMSW mem ; 286+ 101 110 LMSW mem ; 286+ 111 INVLPG mem ; 486+ Code Extention # 22 (First byte(s) = 0Fh,BAh) Field OOO Operation 000 001 010 011 100 BT mem,imm8 ; 386+ 101 BTS mem,imm8 ; 386+ 110 BTR mem,imm8 ; 386+ 111 BTC mem,imm8 ; 386+ Code Extention # 23 (First byte(s) = 0Fh,C7h) Field OOO Operation 000 001 CMPXCHG8B mem ; Pentium 010 011 100 101 110 111 ------------------------------------------------ APPENDIX F1 FLOATING POINT OPCODES ESC 0 (First byte = D8h) ========================== ESCAPE 000 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FADD mem32r FADD ST,ST(i) 001 FMUL mem32r FMUL ST,ST(i) 010 FCOM mem32r FCOM ST(i) 011 FCOMP mem32r FCOMP ST(i) 100 FSUB mem32r FSUB ST,ST(i) 101 FSUBR mem32r FSUBR ST,ST(i) 110 FDIV mem32r FDIV ST,ST(i) 111 FDIVR mem32r FDIVR ST,ST(i) ESC 1 (First byte = D9h) ========================== ESCAPE 001 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FLD mem32r FLD ST(i) 001 empty FXCH ST(i) 010 FST mem32r See Table marked ESC1-Extended codes 011 FSTP mem32r FSTP ST(i) 100 FLDENV mem See Table marked ESC1-Extended codes 101 FLDCW mem See Table marked ESC1-Extended codes 110 FSTENV mem See Table marked ESC1-Extended codes 111 FSTCW mem See Table marked ESC1-Extended codes ESC1-Extended codes: \ RRR MMM \ 010 100 101 110 111 000 FNOP FCHS FLD1 F2XM1 FPREM 001 FABS FLDL2T FYL2X FYL2XP1 010 FLDL2E FPTAN FSQRT 011 FLDPI FPATAN FSINCOS' 100 FTST FLDLG2 FXTRACT FRNDINT 101 FXAM FLDLN2 FPREM1 FSCALE 110 FLDZ FDECSTP FSIN' 111 FINCSTP FCOS' ' means 387+ (include 287XL/XLT, 187!!!) ESC 2 (First byte = DAh) ========================== ESCAPE 010 MMRRRMMM ========================== Operation RRR If MM<>11 000 FIADD mem32i 001 FIMUL mem32i 010 FICOM mem32i 011 FICOMP mem32i 100 FISUB mem32i 101 FISUBR mem32i 110 FIDIV mem32i 111 FIDIVR mem32i Note: P6 DA C0+i FCMOVB ST0,STi DA C8+i FCMOVE ST0,STi DA D0+i FCMOVBE ST0,STi DA D8+i FCMOVU ST0,STi ESC 3 (First byte = DBh) ========================== ESCAPE 011 MMRRRMMM ========================== Operation RRR If MM<>11 000 FILD mem32i 001 010 FIST mem32i 011 FISTP mem32i 100 101 FLD mem80r 110 111 FSTP mem80r So,If MM=11 we have next command (first byte = DBh) Mnemonic Second byte of code FNENI E0H (8087 only, others do nothing) FNDISI E1H (8087 only, others do nothing) FNCLEX E2H FNINIT E3H FSETPM E4H (287s only) FRSTPM E5H (287XL/XLT only) FSTB0 E8H (IIT) FSTB2 EAH (IIT) FSTB1 EBH (IIT) F4X4 F1H (IIT) FRINT2 FCH (Cyrix) FUCOMI ST0,STi E8H+i (P6) FCMOVNB ST0,STi C0H+i (P6) FCMOVNE ST0,STi C8H+i (P6) FCMOVNBE ST0,STi D0H+i (P6) FCMOVNU ST0,STi D8H+i (P6) FCOMPI ST0,STi F0H+i (P6) ESC 4 (First byte = DCh) ========================== ESCAPE 100 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FADD mem64r FADD ST,ST(i) 001 FMUL mem64r FMUL ST,ST(i) 010 FCOM mem64r FCOM ST(i) 011 FCOMP mem64r FCOMP ST(i) 100 FSUB mem64r FSUB ST,ST(i) 101 FSUBR mem64r FSUBR ST,ST(i) 110 FDIV mem64r FDIV ST,ST(i) 111 FDIVR mem64r FDIVR ST,ST(i) ESC 5 (First byte = DDh) ========================== ESCAPE 101 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FLD mem64r FFREE ST(i) 001 FXCH ST(i) 010 FST mem64r FST ST(i) 011 FSTP mem64r FSTP ST(i) 100 FNRSTOR mem 101 110 FNSAVE mem FUCOM ST(i) 111 FSTSW mem FUCOMP ST(i) Note: FRICHOP have opcode (DDh FCh) (Cyrix) ESC 6 (First byte = DEh) ========================== ESCAPE 110 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FIADD mem16i FADDP ST(i),ST 001 FIMUL mem16i FMULP ST(i),ST 010 FICOM mem16i FCOMP ST(i),ST 011 FICOMP mem16i 100 FISUB mem16i FSUBP ST(i),ST 101 FISUBR mem16i FSUBRP ST(i),ST 110 FIDIV mem16i FDIVP ST(i),ST 111 FIDIVR mem16i FDIVRP ST(i),ST Note: FCOMPP have opcode (DEh D9h) (Intel and all) ESC 7 (First byte = DFh) ========================== ESCAPE 111 MMRRRMMM ========================== Operation RRR If MM<>11 If MM=11 000 FILD mem16i FFREE ST(i) 001 FXCH ST(i) 010 FIST mem16i FST ST(i) 011 FISTP mem16i FSTP ST(i) 100 FBLD mem80b 101 FILD mem64i 110 FBSTP mem80b 111 FISTP mem64i Note: Next Instruction have opcodes: Mnemonic Opcode FNSTSW AX DFh E0h (287+) FNSTDW AX DFh E1h (387SL Mobile) FSTSG AX DFh E2h (387SL Mobile) FRINEAR DFh FCh (Cyrix) FUCOMIP ST0,STi DFH E8H+i (P6) FCOMIP ST0,STi DFH F0H+i (P6) ------------------------------------------ APPENDIX G BUGS & CPU IDENTIFICATION INFO 1) How to separate i386SX and i386DX (Cx486SLC and Cx486DLC) Note: With 386DX type CPU possible to used 287 class NPX, and bit 4 in CR0 ET - Extention Type on DX we may to clear to 0, but for SX and REAL 486 this bit always 1. Routine: mov eax,cr0 push eax and al,0efh mov cr0,eax mov eax,cr0 test al,10h pop eax mov cr0,eax jne SX/SLC jmp DX/DLC 2) How to separate i486SX and i487SX/i486DX/DX2 etc Routine: memory_location DW ? mov memory_location,0 fninit fstcw memory_location cmp memory_location,037Fh jz i486SX jmp i486DX/DX2etc/i487SX 3) How to separate Cyrix's CPUs and other Be sure that Your CPU no Pentium before UMOV executed on Intel and other in Non SM modes as MOV. But Cyrix executed this instruction as Double NOP, and never generate INT 6. So. Mem_Loc DW 1 xor ax,ax umov ax,Mem_Loc or ax,ax jz Cyrix jmp No_Cyrix 4) Standart Way: Part 1 (Intel recomended this way) pushf pop ax and ax,0fffh ; Clear bits 15..12 push ax popf and ax,0f000h ; Is bits 15..12=0 ? jz 286_CPU and ax,8000h ; Is bit 15=0 jz 386_and_Higher jmp 86_88and186_186etc 5) How separate 86/88, 186/188 and NECs mov ax,1 mov cl,33 shl ax,cl jnz 186_188 pusha ; Executed on 8086/8088 as JMP $+2 stc jc NECs jmp 86_88 6) Non CMOS 8086/88 execute command MOV CS,xxxx (Opcode 8Eh ...) CMOS 80C86/88 ignore it. 7) Then Invalid Opcode NEC/Sony V40/V50 do INT 6 NEC/Sony V20/V30 don't. 8) Remember POP CS on 8086/8088. 9) PUSH SP 286 placed in stack new value of SP 86/88 old. 10) Best way to Reset 286+ in Real Mode: xor sp,sp push smth 11) Maximal Length of Instructian 86: N/R 286: 10 byte 386+: 15 byte ------------------------------------------------ APPENDIX H Internal Names Of Processors (Intel) P9 i386SX P4 i486DX P4S i486SX P23S i487SX P23T OverDrive for PGA(169) P4T OverDrive for PGA(168) P24S i486DX2 P24T Pentium OverDrive for i486DX2 socket 3 (Vcc=5V,core=3V). P24CT Pentium OverDrive for Socket 3 (Vcc=3V) P5 Pentium-60,66 P5T Overdrive for P5 socket P54C Pentium-90,100,75 x1.5 usually with APIC and Multiprocessing features P54CS Pentium-120,133 x2 with reduced APIC and multipr. features P55C Bugfix P54C with clock 150,166, 180 (CLK x3) 2.5V P54LM Pentium P54C with 2.9V (for Notebooks) P24C IntelDX4 P24D i486DX2 with WB cache (IntelDX2 (tm) WriteBack Enhanced) P54M Overdrive ( include to P54C but P54C work too) P6 Pentium Pro (no comments) P6T Pentium Pro OverDrive (for extended Pentium Sockets) P7 ?????? (no comments) P54CSQ 2x Pentiums P120 etc. (Cyrix) M5 Cx486S/S2 M6 Cx486D/D2 C6 Cx487D M7 Cx486DX/Cx486DX2 M8 Cx486DX4 M1 Cx6x86 M1 SC Cx5x86 M1r Feature M1 with reduced due size. (AMD) K5 All listed about it K6 NexGen Nx6x86 ------------------------------------------------- APPENDIX I FORMAT OF DR6 REGISTER Am386xx Am486SXLV CPU i386xx TI486SXL Am386DXLV TI486SLC/e i486xx P5 M7 Cx486SLC IBM486SLC2 Am386SXLV TI486SXLC Am486xx Bits 0 B0 B0 B0 B0 B0 B0 B0 B0 1 B1 B1 B1 B1 B1 B1 B1 B1 2 B2 B2 B2 B2 B2 B2 B2 B2 3 B3 B3 B3 B3 B3 B3 B3 B3 4 0 1 1 1 0 0 1 0 5 0 1 1 1 0 0 1 0 6 0 1 1 1 0 0 1 0 7 0 1 1 1 0 0 1 0 8 0 1 1 1 0 0 1 0 9 0 1 1 1 0 0 1 0 10 0 1 1 1 0 0 1 0 11 0 1 1 1 0 0 1 0 12 0 1 0 0 BK SMMS 0 0 13 BD BD 0 1 BD BD 0 BD 14 BS BS BS BS BS BS BS BS 15 BT BT BT BT BT BT BT BT 16 0 1 0 0 0 0 0 0 17 0 1 0 0 0 0 0 0 18 0 1 0 0 0 0 0 0 19 0 1 0 0 0 0 0 0 20 0 1 0 0 0 0 0 0 21 0 1 0 0 0 0 0 0 22 0 1 0 0 0 0 0 0 23 0 1 0 0 0 0 0 0 24 0 1 0 0 0 0 0 0 25 0 1 0 0 0 0 0 0 26 0 1 0 0 0 0 0 0 27 0 1 0 0 0 0 0 0 28 0 1 0 0 0 0 0 0 29 0 1 0 0 0 0 0 0 30 0 1 0 0 0 0 0 0 31 0 1 0 0 0 0 0 0 ------------------------------------------------- APPENDIX J FORMAT OF DR7 REGISTER Am386xx Am486SXLV CPU i386xx TI486SXL Am386DXLV TI486SLC/e i486xx P5 M7 Cx486SLC IBM486SLC2 Am386SXLV TI486SXLC Am486XX Bits 0 L0 L0 L0 L0 L0 L0 L0 L0 1 G0 G0 G0 G0 G0 G0 G0 G0 2 L1 L1 L1 L1 L1 L1 L1 L1 3 G1 G1 G1 G1 G1 G1 G1 G1 4 L2 L2 L2 L2 L2 L2 L2 L2 5 G2 G2 G2 G2 G2 G2 G2 G2 6 L3 L3 L3 L3 L3 L3 L3 L3 7 G3 G3 G3 G3 G3 G3 G3 G3 8 LE LE LE LE LE LE LE LE 9 GE GE GE GE GE GE GE GE 10 0 1 1 0 0 0 1 0 11 0 0 0 0 GM 0 0 0 12 0 0 0 0 TP SMIE 0 0 13 GD GD GD GD GD 0 GD 0 14 0 0 0 0 TB 0 0 0 15 0 0 0 0 TT 0 0 0 16 R/W0 -----------------------------------------------------------> 17 R/W0 -----------------------------------------------------------> 18 LEN0 19 LEN0 same as column 1 20 R/W1 21 R/W1 22 LEN1 23 LEN1 24 R/W2 25 R/W2 ..... 26 LEN2 27 LEN2 28 R/W3 29 R/W3 30 LEN3 ------------------------------------------------------------> 31 LEN3 ------------------------------------------------------------> ------------------------------------------------- APPENDIX K FORMAT OF TR4 REGISTER WB-Enh. WB-Enh. AMD Enhanced IntelDX2 IntelDX4 IntelDX4 CPU when CPU i486xx M7 TI486SXC/e (WB mode) (WT mode) (WB mode) TI486SXL EXT=0 EXT=1 Bits 0 --- --- 0 VL --- VL 0 -- -- 1 --- --- 0 VH --- VH 0 -- -- 2 --- --- 0 --- --- --- VALID_BLK -- -- 3 VALID VALID VALID --- VALID --- VALID VALID VALID 4 VALID VALID VALID --- VALID --- VALID VALID VALID 5 VALID VALID VALID --- VALID --- VALID VALID VALID 6 VALID VALID VALID --- VALID --- VALID VALID VALID 7 LRU LRU LRU LRU LRU LRU LRU LRU LRU 8 LRU LRU --- LRU LRU LRU --- LRU LRU 9 LRU LRU TAG LRU LRU LRU --- LRU LRU 10 V V TAG --- V --- --- V V 11 TAG TAG TAG TAG --- --- --- 0 -- 12 TAG TAG TAG TAG TAG TAG --- TAG -- 13 TAG TAG TAG TAG TAG TAG TAG TAG -- 14 TAG TAG TAG TAG TAG TAG TAG TAG -- 15 TAG TAG TAG TAG TAG TAG TAG TAG -- 16 TAG TAG TAG TAG TAG TAG TAG TAG -- 17 TAG TAG TAG TAG TAG TAG TAG TAG -- 18 TAG TAG TAG TAG TAG TAG TAG TAG -- 19 TAG TAG TAG TAG TAG TAG TAG TAG -- 20 TAG TAG TAG TAG TAG TAG TAG TAG ST0 21 TAG TAG TAG TAG TAG TAG TAG TAG ST0 22 TAG TAG TAG TAG TAG TAG TAG TAG ST1 23 TAG TAG TAG TAG TAG TAG TAG TAG ST1 24 TAG TAG TAG TAG TAG TAG TAG TAG ST2 25 TAG TAG TAG TAG TAG TAG TAG TAG ST2 26 TAG TAG TAG TAG TAG TAG TAG TAG ST3 27 TAG TAG TAG TAG TAG TAG TAG TAG ST3 28 TAG TAG TAG TAG TAG TAG TAG TAG -- 29 TAG TAG TAG TAG TAG TAG TAG TAG STn 30 TAG TAG TAG TAG TAG TAG TAG TAG STn 31 TAG TAG TAG TAG TAG TAG TAG TAG -- ------------------------------------------------- APPENDIX L FORMAT OF TR5 REGISTER WB-Enh. WB-Enh. AMD Enhanced Am486xx IntelDX2 IntelDX4 IntelDX4 CPU when CPU i486xx M7 TI486SXC/e (WB mode) (WT mode) (WB mode) TI486SXL WT WB Bits 0 CTL CTL CTL CTL CTL CTL CTL CTL CTL 1 CTL CTL CTL CTL CTL CTL CTL CTL CTL 2 ENT ENT ENT ENT ENT ENT ENT ENT ENT 3 ENT ENT --- ENT ENT ENT ENT ENT ENT 4 SET SET SET SET SET SET SET SET SET 5 SET SET SET SET SET SET SET SET SET 6 SET SET SET SET SET SET SET SET SET 7 SET SET SET SET SET SET SET SET SET 8 SET SET SET SET SET SET SET SET SET 9 SET SET SET SET SET SET SET SET SET 10 SET SET SET SET SET SET SET SET SET 11 --- --- SET --- SET SET SET SET SET 12 --- --- --- --- --- --- WAY (SET)(SET) 13 --- --- --- SLF --- SLF --- --- --- 14 --- --- --- --- --- --- --- --- --- 15 --- --- --- --- --- --- --- --- --- 16 --- --- --- --- --- --- --- --- --- 17 --- --- --- --- --- --- --- --- ST 18 --- --- --- --- --- --- --- --- ST 19 --- --- --- --- --- --- --- --- EXT 20 --- --- --- --- --- --- --- --- --- 21 --- --- --- --- --- --- --- --- --- 22 --- --- --- --- --- --- --- --- --- 23 --- --- --- --- --- --- --- --- --- 24 --- --- --- --- --- --- --- --- --- 25 --- --- --- --- --- --- --- --- --- 26 --- --- --- --- --- --- --- --- --- 27 --- --- --- --- --- --- --- --- --- 28 --- --- --- --- --- --- --- --- --- 29 --- --- --- --- --- --- --- --- --- 30 --- --- --- --- --- --- --- --- --- 31 --- --- --- --- --- --- --- --- --- ----------------------------------------- APPENDIX L VME - Virtual Mode Extention Support by: Intel SL Enhanced 486 CPUs, Pentium. Address Generation: like in VM. Differences with VM: 1) CLI/STI never interrupt to PM, but change status of VIF, if enable. 2) INT xxh instruction, which mark in virtual interrupt table, which contained in TSS as virtual, never change CPU to PM, but processing in VM like INTs in RM. Note: See also EFLAG and CR4 registers format. Note: Check CPUID for support VME. More Info: More Info about it is Intel Secret. Contact Your Local Intel Office. ---------------------------------------------------- APPENDIX N EFLAGS register format [Pentium P5] [Pentium P54C] [IntelDX4] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- I V V A V R N IO O D I T S Z A P C 0000000000 D I I C M F 0 T PL F F F F F F 0 F 0 F 1 F P F ----------------------------------------------------- [i486 SL Enhanced SX,DX,DX2] [IntelSX2] [UMC] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- I A V R N IO O D I T S Z A P C 0000000000 D 0 0 C M F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i486 SX,DX,DX2] [OverDrive] [M5,M6,M7] [AMD Am486DX/DXL/DX2/DXL2 ] etc [IBM BL486DX/DX2] [Cx486SLC/DLC/SLC2/DLC2] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- A V R N IO O D I T S Z A P C 0000000000 0 0 0 C M F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i386 SX,DX,CX,EX] [AMD Am386 ] [C&T 38600 ] etc [IBM 486SLC2] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- V R N IO O D I T S Z A P C 0000000000 0 0 0 0 M F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i376] 3322222222 2 2 1 1 1 1 1 1 11 1 1 1098765432 1 0 9 8 7 6 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ----------------------------------------------------- R N IO O D I T S Z A P C 0000000000 0 0 0 0 0 F 0 T PL F F F F F F 0 F 0 F 1 F ----------------------------------------------------- [i286 and all clones] 1 1 11 1 1 5 4 32 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------ N IO O D I T S Z A P C 0 T PL F F F F F F 0 F 0 F 1 F ------------------------------ [NEC/Sony V20/V30] 1 1 1 1 1 1 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------- M O D I T S Z A P C D 1 1 1 F F F F F F 0 F 0 F 1 F ------------------------------- [80x186 ,EA,EB,EC,XL] [8086/88 and all clones] 1 1 1 1 1 1 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 ------------------------------- O D I T S Z A P C 1 1 1 1 F F F F F F 0 F 0 F 1 F ------------------------------- Flags Summary: ID - Identification Flag VIP - Virtual Interrupt Pending VIF - Virtual Interrupt Flag AC - Align Check VM - Virtual 8086 Mode RF - Resume Flag MD - Mode Flag NT - Nested Task flag IOPL - Input/Output Privelege Level OF - Overflow Flag DF - Direction Flag IF - Interrupt Flag TF - Trap Flag SF - Sign Flag ZF - Zero Flag AF - Auxiliary Carry Flag PF - Parity Flag CF - Carry Flag --------------------------------------------------- APPENDIX O CR0 register format [Pentium P5] [Pentium P54C] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W N T E M P G D W 0000000000 M 0 P 0000000000 E 1 S M P E --------------------------------------------- [IntelDX4] [486DX/DX2, IntelDX4 ] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W T M P G D W 0000000000 M 0 P 0000000000 * 1 S 1 P E --------------------------------------------- [Cx486SLC] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C A W T E M P G D 0 0000000000 M 0 P 0000000000 0 1 S M P E --------------------------------------------- [Cx486DLC] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W E T E M P G D W 0000000000 M 0 P 0000000000 0 T S M P E --------------------------------------------- [Intel i486SX,SX2] 3 3 2 2222222221 1 1 1 111111 1 0 9 8765432109 8 7 6 5432109876 5 4 3 2 1 0 --------------------------------------------- P C N A W T E M P G D W 0000000000 M 0 P 0000000000 * 1 S M P E --------------------------------------------- [IBM 486SLC2] 3 32222222222111 1 111111 1 09876543210987 6 54321098765 4 3 2 1 0 --------------------------------------------- P W T E M P G 00000000000000 P 0000000000 1 S M P E --------------------------------------------- [Intel i386SX] 3 322222222221111111111 1 09876543210987654321098765 4 3 2 1 0 --------------------------------------------- P T E M P G 0000000000000000000000000 1 S M P E --------------------------------------------- [Intel i386DX] 3 322222222221111111111 1 09876543210987654321098765 4 3 2 1 0 --------------------------------------------- P E T E M P G 0000000000000000000000000 T S M P E --------------------------------------------- [80286] Note: None CR0, but MSW 111111 543210987654 3 2 1 0 --------------------- T E M P 000000000000 S M P E --------------------- PE - Protection Enable MP - Monitor Processor EM - Emulation TS - Task Switch ET - Extention Type NE - Numeric Exception WP - Write protect AM - Align Mode NW - No Write CD - Cache Disable PG - Paging --------------------------------------------------- APPENDIX P CR4 register format [Pentium P5] [Pentium P54C] 3322222222221111111111 1098765432109876543210987 6 5 4 3 2 1 0 --------------------------------------- M P D T P V 0000000000000000000000000 C 0 S E S V M E E D I E ---------------------------------------- [IntelDX4] [486s SL Enhanced] 3322222222221111111111 109876543210987654321098765432 1 0 ---------------------------------- P V 000000000000000000000000000000 V M I E ---------------------------------- MCE - Machine Check Enable PSE - Page Size Extention DE - Debbuging Expection TSD - Time Stamp Disable PVI - Protected mode Virtual Interrupt VME - Virtual Mode Exception --------------------------------------------- APPENDIX LAST List of the Literature 1) "Pentium (tm) Famaly User's Manual Volume 3: Architecture and Programming Manual" // Intel Corp. 1994 ;; Order number: 241430 2) "Blue Lightning 486DX2 3 and 5 Volt Microprocessors Databook" // IBM Corp./Cyrix Corp. 1994 ;; Order Number: MPIDX2DSU-01 3) "486SLC2 (tm) Microprocessor" Data Sheet. // IBM Corp. 1993 ;; Order number VT05452 4) "Cyrix Cx486SLC (tm) Microprocessor" // Cyrix Corp. 1991 ;; Order Number 94073 5) "3-Volt System Logic for Personal Computers" // Advanced Micro Devices Inc. 1993 ;; Order number: 17028B 6) "IntelDX4 (tm) Processor Data Book" // Intel Corp. 1994 ;; Order number: 241944 7) "Intel Processor Identification with the CPUID instruction" // Intel Corp. 1993,1994 ;; Order number: 241618 8) "82489DX Advanced Programmable Interrupt Controller" Application Note: AP-485 // Intel Corp. 1993 ;; Order number: 290446 9) "Optimization for Intel's 32-bit Processors" Application Note: AP-500 // Intel Corp. 1993 ;; Order number 241799 A) "MultiProcessor Specification Version 1.1" // Intel Corp. 1993 ;; Order Number: 242016 etc..... --------------------------------------------------------- [Credits]: 1) THANX specially for/to Martin Malik and RealSoft. (malik@elf.stuba.sk) Cyrix's CPUs type data. Some Vendors strings for CPUID. P54M ID code Part of Tis Kind of Info (C) RealSoft. 2) THANX to all people from Intel, AMD, TI, Cyrix, UMC, who helped with information and CPU samples. 3) ABSOLUTELY NO THANX for all, who hide information and CPU samplers. ---------------------------------------------------------- [2 Friends]: Hi,Aad Offerman and Chiplist 10.x! ( I hope 12.xx now) (Did You already include National Semicondactors 486)? Spock (South America), Live Long and Prosper! ----------------------------------------------------------- [2 All] If Your found some errors or incorrections in this text please send info 'bout it. ----------------------------------------------------------- Thanx for Alex A. Afonasov (AFO) - author of "I'm too Young to die in this deathmuch" story, and "~PHG`DAYS" story. Yury V.Temkin (Horazon Technologies), Urri, Bug (i.e. Spider), Stas, Kernel.3 and all other numbers of Potemkin's Hackers Group. - - - - - - - - - - - - - - Special Thanks for Alex (DVM), Alexei(s) (RASTR/AWARD) ------------------------------------------------------------ Sorry, But EOF