How to decode a problematic sequence of bytes properly

notpyrc · ‎11-26-2007

Hello,
I decided to ask this question because I could not find the answer for it in the official Intel manuals. (I am sorry for placing this question probably in wrong thread/place).

My problem is that I have recently been trying to properly interpret
this sequence of code (ia32)

Code:
db 0x66, 0xF3, 0x0F, 0x10 (...)

Intel reference says that the sequence refers to either "movss Vss,
Wss" (prefix F3) or "movupd Vpd, Wpd" (prefix 66). The question arises
how this sequence should be recognized with both prefixes ? I've found
that many disassemblers give different results. In other words, how to decode these bytes properly?

which prefix should "win" and, thus, which sequence is proper:

db 0x66,
movss Vss, Wss

or

db 0xF3,
movupd Vpd, Wpd

?

I'd be grateful for help,
Regards notpyrc

mazegen · ‎11-27-2007

Hi notpyrc,

Intel manuals are poor when searching for such information (in such cases, they usually say the opcode is undefined, what is not true).

In this case, the best is real test. Because I'm using OllyDbg 1.10 now, which can't display XMM registers, I use the other opcode, 0F11.

I wrote the following (in MASM):

.686
.XMM
.MODEL FLAT, STDCALL

.DATA
movupd_result XMMWORD ?
movss_result XMMWORD ?
x66F30F10_result XMMWORD ?

.CODE
Start:
pxor xmm0, xmm0 ; set xmm0 to zero
movapd [movupd_result], xmm0 ; init all to zero
movapd [movss_result], xmm0
movapd [x66F30F10_result], xmm0

pcmpeqb xmm0, xmm0 ; set xmm0 to -1

movupd [movupd_result], xmm0
movss dword ptr [movss_result], xmm0

DB 066h, 0F3h, 00Fh, 011h, 005h
DD OFFSET x66F30F10_result

END Start

This is a proof that the opcode acts as MOVSS (66h is ignored). Try to step it in a debugger and watch the memory.

notpyrc · ‎11-27-2007

Thank you very much for the brilliant answer.