Lecture

4
Data Movement Instructions

Introduction
This chapter concentrates on the data
movement instructions: MOV, MOVSX, MOVZX,
PUSH, POP, BSWAP, XCHG, XLAT, IN, OUT,
LEA, LDS, LFS, LGS, LSS. LAHF, AND SAHF,
and the string instructions: MOVS, LODS,
STOS, INS, and OUTS.
The data movement instructions are presented
first because they are more commonly used
and easier to understand.
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 2

1 Dr. Nidal Al-Dmour

 Machine Language
Machine language is the native binary code that
the microprocessor understands and uses as its
instructions to control its operation. Machine
language instructions for the 8086 through the
Pentium 4 vary in length from one to as many
as thirteen bytes. There are well over 100,000
variations of machine language instructions,
which means that there is no complete list of
these variations.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 3

Instructions for the 8086 through the 80286 are

16 bit mode instructions that take the form
found in this figure:

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 4

2 Dr. Nidal Al-Dmour

 The 16 bit mode instructions are compatible
with the 80386 and above if they are
programmed to operate in the 16-bit instruction
mode, but they may be prefixed.
The 80386 and above assume that all
instructions are 16-bit mode instructions when
the machine is operated in the real mode.
In protected mode, the upper byte of the
descriptor contains the D-bit that selects either
the 16- or 32- bit instruction mode.
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 5

The first two bytes of the 32-bit instruction mode

format are called override prefixes because
they are not always present. The first modifies
the size of the operand address used by the
instruction and the second modifies the register
size. If the 80386 through the Pentium II
operate as 16-bit instruction mode machines
(real or protected mode) and a 32-bit register is
used, the register size prefix (66) is appended
to the front of the instruction. If operated in the
32-bit instruction mode (protected mode only)
and a 32-bit register is used, the register size
prefix is absent. nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 6

3 Dr. Nidal Al-Dmour

 If a 16-bit register appears in an instruction in
the 32-bit instruction mode, the register size
prefix is present to select a 16-bit register.

The address size prefix (67) is used in similar

fashion, it toggles the size of register and
operand address from 16-bit to 32-bit or from
32-bit to 16-bit for the prefixed instruction.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 7

The Opcode
The opcode selects the operation (addition,
subtraction, move, and so on) that is performed
by the microprocessor. The opcode is either one
or two bytes long for most machine language
instructions. The first six bits of the first byte are
the binary opcode. The direction (D) for the data
flow.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 8

4 Dr. Nidal Al-Dmour

 The Opcode

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 9

If the direction bit (D)=1, data flow to the

register REG field from the R/M field located in
the second byte of an instruction . If the D-bit
=0, data flow to the R/M field from the REG
field.

The W bit in the first byte of the opcode either

specifies a word (16-bit mode) or a doubleword
(32-bit mode). W = 0 byte and W = 1
word/doubleword

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 10

5 Dr. Nidal Al-Dmour

 • The MOD field in the second byte specifies how R/M is used and wether
a displacement exists.

R/M
• MOD = 00 memory no displacement
• MOD = 01 memory 8-bit displacement
• MOD = 10 memory 16/32-bit displacement
• MOD = 11 register

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 11

All 8-bit displacement are sign extended into

16-bit displacement when the microprocessor
executes the instruction. If the 8-bit
displacement is 00h-7FH (positive) it is sign
extended to 0000H-007FH before adding to the
offset address. If the 8-bit displacement is 80H-
FFH (negative) it is sign extended to FF80H-
FFFFH. To sign extend a number, its sign bit is
copied to the next higher order byte, hich
generates either a 00h or an FFH in the next
higher order byte.
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 12

6 Dr. Nidal Al-Dmour

 For 80386 through the Pentium 4
microprocessor, if the instruction mode s 32
bits, the MOD field is interpreted as selected by
the address size prefix or the operating of the
microprocessor. When the MOD field is a 10,
this causes the 16-bit displacement to become
a 32-bit displacement to allow any protected
mode memory location (4 G bytes) to be
accessed. The 80386 and above only allow an
8-bit or 32-bit displacement when operated in
the 32 bit instruction mode, unless the address
size override prefix appears. Note that if an 8 bit
displacement is selected, it is sign extended
into 32 bit displacement by the microprocessor.
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 13

Register Assignments
The table is for REG field and R/M field
(MOD=11).
Code W=0(byte) W=1(Word W=1(Double
) Word)
000 AL AX EAX
001 CL CX ECX
010 DL DX EDX
011 BL BX EBX
100 AH SP ESP
101 CH BP EBP
110 DH SI ESI
111 BH DI
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour
EDI 14

7 Dr. Nidal Al-Dmour

 IF the MOD field contains 00, 01, or 10, the
R/M field are:

R/M Addressing Mode

000 DS:[BX+SI]
001 DS:[BX+DI]
010 SS:[BP+SI]
011 SS:[BP+DI]
100 DS:[SI]
101 DS:[DI]
110 SS:[BP]*
111 DS:[BX]
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 15

32-bit Addressing Modes

The 32-bit addressing modes found in the
80386 and above are obtained by either running
these machines in the 32-bit instruction mode or
in the 16 bit instruction mode by using the
address size prefix 67H.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 16

8 Dr. Nidal Al-Dmour

 32-bit addressing modes selected by
R/M
R/M Addressing Mode
000 DS:[EAX]
001 DS:[ECX]
010 DS:[EDX]
011 DS:[EBX]
100 Use scaled index byte
101 SS:[EBP]*
110 DS[ESI]
111 DS:[EDI]
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 17

The scaled index byte indicates the additional

forms of scale index addressing that do not
appear in the table. The scaled index byte is
mainly used when two registers are added to
specify the memory address in an instruction.
Because the scaled index byte is added to the
instruction, there are seven bits in the opcode
and eight bits in the scaled index byte to define.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 18

9 Dr. Nidal Al-Dmour

 An immediate Instruction
Suppose that the: MOV WORD PTR
[BX+1000H],1234 .This instruction is chosen as
an example of a 16-bit instruction using
immediate addressing. This instruction moves a
1234 into the word sized memory location
addressed by the sum of 1000, BX, and
DSX10H.
OPCODE=110001
D=1, W=1, MOD=10, REG=000, R/M=111
Disp low=00000000, Disp Hi=00010000
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 19

Data Low=00110100, Data Hi=00010010

Segment MOV Instruction

If the contents of a segment register are moved
by the MOV, PUSH, or POP instructions, a
special set of register bits (REG field) selects
the segment register.
Code Segment Register
000 ES
001 CS*
010 SS
011 DS
100 FS
101 GS
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 20

10 Dr. Nidal Al-Dmour

 Note:
MOV CS, R/M (16) and POP CS are not
allowed by the microprocessor. The FS and GS
are only available to the 80386-Pentium 4
microprocessors.
For example:
MOV BX, CS
Opcode=100010, D=0, W=1
Mod=11, R/M=011, REG=001

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 21

Segments register an be moved between any

16-bit register or 16-bit memory location. An
immediate segment register MOV is not
available in the instruction set. To load a
segment register with immediate data, first load
another register with the data and then move it
to a segment register.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 22

11 Dr. Nidal Al-Dmour

 PUSH and POP

• PUSH and POP transfer data to and from the stack.

The stack is an area of memory that is reused and
grows in size with each PUSH and shrinks in size
with each POP.
• PUSH and POP function with either 16- or 32-bit
data.
• PUSHF (PUSHFD) and POPF (POPFD) save and
restore the flags (EFLAGS)
• PUSHA (PUSHAD) and POPA (POPAD) save and
restore all the registers
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 23

PUSH/POP
The PUSH and POP instructions are important
instructions that store and retrieve from the
LIFO (last in, first out) stack memory. The
microprocessor has six forms of the PUSH and
POP instructions. The PUSH and POP
immediate and the PUSHA and POPA (all
registers) forms are not available in the earlier
8086/8088 microprocessors, but are available
to the 80286 through the Pentium 4.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 24

12 Dr. Nidal Al-Dmour

 Register addressing allows the contents of any
16-bit register to be transferred to or from the
stack. In the 80386 and above, the 32-bit
extended registers and flags (EFLAGS) can
also be pushed or popped from the stack.
Memory addressing PUSH and POP
instructions store the contents of a 16 bit
memory location or (32-bit memory location in
80386 and above) on the stack or stack data
into a memory location.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 25

Immediate addressing allows immediate data to

be pushed onto the stack, but not popped off
the stack.
Segment register addressing allows the
contents of any segment register to be pushed
into the stack or removed from the stack (CS
may be pushed but data from the stack may
never be popped into CS).
The flags may be pushed or popped from the
stack, and contents of all registers may be
pushed or popped.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 26

13 Dr. Nidal Al-Dmour

 POP
The POP instruction performs the inverse
operation of a PUSH instruction. The POP
instruction remove data from the stack and
places it into the target 16-bit register, segment
register, or a 16-bit memory location. In the
80386 and above, a POP can also remove 32-
bit data from the stack and use a 32-bit
address.
The POP is not available as an immediate POP.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 27

Load Segment and Index

• LDS, LES, LSS, LFS, and LGS allow a segment registers and a pointer to
both be loaded from memory.

LDS BX,BOB

;loads DS and BX with the offset and segment address stored in a 32-
bit memory location called BOB.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 28

14 Dr. Nidal Al-Dmour

 LEA

• The LEA instruction loads the effective address of a

memory location into a pointer or index register.
• At times we do the same operation with a MOV and
the keyword OFFSET

MOV BX,OFFSET FRED

LEA BX,FRED

Both instruction accomplish the same task.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 29

LEA BX, [DI]

Loads the offset address specified by [DI]
contents of DI into the BX register
MOV BX, [DI]
Loads the data stored at the memory location
addressed by [DI] into register BX.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 30

15 Dr. Nidal Al-Dmour

 String Data Transfers
There are five string data transfers: LODS,
STOS, MOVS, INS, and OUTS. Each single
instruction allows data transfer that are either a
single byte, word, or double word.
Direction Flag
The direction flag (D) (located in the flag
register) selects the auto increment (D=0) or the
auto decrement (D=1) operation for the DI and
SI registers during the string operations. The
CLD instruction clears the D flag and the STD
instruction set the D flag.
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 31

LODS
The LODS instruction loads AL, AX, or EAX with
data at the data segment offset address
indexed by the SI register.
LODSB AL=DS:[SI]; SI=SI+1 or SI=Si-1
LDSW AX=DS:[SI]; SI=SI+2 or SI=Si-2
LODSD EAX=DS:[SI]; SI=SI+4 or SI=Si-4
LODS LIST AL=DS:[SI]; SI=SI+1orSI=Si-1(IF list is a BYTE)
LODS DATA1 AX=DS:[SI]; SI=SI+2orSI=Si-2(IF DATA1 is a word)
LODS PROG EAX=DS:[SI]; SI=SI+4orSI=Si-4(IF PROG is double
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 32

word)

16 Dr. Nidal Al-Dmour

 STOS
STOS instruction stores AL, AX, or EAX at the
extra segment location addressed by the DI
register.
STOSB ES:[DI]=AL; DI=DI+1 or DI=Si-1

STOSW ES:[DI]=AX; DI=DI+2 or DI=Di-2

STOSD ES:[DI]=EAX; DI=DI+4 or DI=Di-4

STOS LIST ES:[DI]=AL; DI=DI+1orDI=Di-1(IF list is a BYTE)

STOS DATA1 ES:[DI]=AX; DI=DI+2orDI=Di-2(IF DATA1 is a

word)

STOS PROG ES:[DI]=EAX; DI=DI+4orDI=DI-4(IF PROG is

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 33

double WORD

MOVS
One of the more useful string data transfer
instructions which transfers data from one
memory location to another. This is the only
memory to memory transfer allowed. The
MOVS instruction transfers a byte, word, or
double word from the data segment location
addressed by SI to the extra segment location
addressed by DI.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 34

17 Dr. Nidal Al-Dmour

 MOVSB ES:[DI]=DS:[SI]
MOVSW ES:[DI]=DS:[SI]
MOVSD ES:[DI]=DS:[SI]
MOVS BYTE1, BYTE2 ES:[DI]=DS:[SI]
MOVS WORD1, WORD2 ES:[DI]=DS:[SI]
MOVS DWORD1,DWORD2 ES:[DI]=DS:[SI]

In all the above instruction the values of SI and

DI will be either incremented or decremented by
1, 2, or 4. nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 35

Miscellaneous Data Transfer Instructions

The data transfer instructions detailed are:
XCHG, LAHF, SAHF, XLAT, IN,OUT, BSWAP,
MOVSX, MOVZX, and CMOV. They are called
miscellaneous instructions are not used as
often as MOV instruction, they have been
grouped .

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 36

18 Dr. Nidal Al-Dmour

 XCHG
The XCHG (exchange) instruction exchanges
the contents of any other register or memory
location. The XCHG instruction cannot
segment register or memory to memory data.
Exchanges are byte, word, or double word
sized (80386 and above)
XCHG AL, CL
XCHG CX, BP
XCHG EDX, ESI
XCHG AL, [1234] nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 37

LAHF and SAHF

The LAHF and SAHF instructions are seldom
used because they were designed as bridge
instructions. The LAHF instruction transfers the
rightmost eight bits of the flag register into the
AH register. SAHF instruction transfers the AH
register into the rightmost eight bits of the flag
register.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 38

19 Dr. Nidal Al-Dmour

 XLAT
The XLAT (translate) the instruction converts
the contents of the AL register into a number
stored in a memory table. The instruction
performs the direct table lookup techniques
often used to convert one code to another. An
XLAT instruction first adds the contents of AL to
BX to form a memory address within the data
segment. It then copies the contents of this
address into AL. This is the only instruction that
adds an 8-bit number to a 16-bit number.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 39

IN and OUT

• The two I/O instructions transfer data between an I/O device and the
accumulator (AL, AX, and EAX). An IN instruction transfers data from
an external I/O device to AL, AX, EAX; an OUT transfers data from AL,
AX, EAX to an external I/O device.
• 16-bit I/O address means there are up to 64K I/O devices possible in
a system.

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 40

20 Dr. Nidal Al-Dmour

 MOVSX and MOVZX
The MOVSX (move and sign extend) and
MOVZX (move and zero extend) instructions
are found in the 80386 through Pentium 4
instruction sets. These instructions move data,
and at the same time either signed or zero
extend it.
When a number is zero extended the most
significant part fills with zeros.
A number is sign extended when its sign bit is
copied into the most significant part.
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 41

BSWAP
The BSWAP (byte swap) instruction is available
only in the 80486 and above . This instruction
takes the content of any 32 bit register and
swaps the first byte with the fourth and the
second byte with the third.
EAX=00112233
BSWAP EAX
EAX=33221100

nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 42

21 Dr. Nidal Al-Dmour

 Segment Override Prefix
The segment override prefix, which may be
added to almost any instruction in any memory
addressing, allows the programmer to deviate
from the default segment.

MOV AX, DS:[BP]

MOV AX, SS:[DI]
MOV BL, GS:[ECX]
MOV AX, CS:[1234]
nidal@mutah.edu.jo, Dr. Nidal Al-Dmour 43

22 Dr. Nidal Al-Dmour