I'm trying to figure out why the instruction changes from add [eax], al to add [rax], al when changing the decoding mode from x86 to x64.
The instruction bytes are 00 00
I think it might be because its being used to specify a memory location but I couldn't find anything to prove it
Peter Cordes
378k50 gold badges748 silver badges1k bronze badges
1 Answer 1
This is because the default address size is 64 bits in 64-bit mode and 32 bits in 32-bit modes.
You can apply a 67 address-size override prefix to select an address size of 32 bits in 64-bit mods, however 64-bit address size is not available outside of 64-bit mode.
answered Jul 20, 2024 at 20:41
fuz
94.9k27 gold badges217 silver badges392 bronze badges
Sign up to request clarification or add additional context in comments.
2 Comments
Chris Dodd
A
67 prefix in 32-bit mode gives you 16-bit addressing -- making 67 00 00 into add [bx+si], al. I think you meant to say it gives you an address size of 32 bits in 64-bit mode.fuz
@ChrisDodd Sorry, brain fart. It's fixed now.
Explore related questions
See similar questions with these tags.
REXprefixes are repurposedINC/DECopcodes. It's just convenience that most opcodes mean the same thing. For each one, the instruction set reference gives the meaning depending on the mode. But yes, in 64 bit mode the default address size is 64 bits. You can force 32 bit with an address size override prefix so67 00 00would beadd [eax], al.