drginfo/ia32-64
1
0
Fork 0
forked from NRZCode/ia32-64
Code Pull requests Activity
ia32-64/x86/incsspd.incsspq.html
NRZ Code 92622c37d6 Initial commit
2025-07-08 02:23:29 -03:00

127 lines
4.7 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:svg="http://www.w3.org/2000/svg" xmlns:x86="http://www.felixcloutier.com/x86"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="style.css"></link><title>INCSSPD/INCSSPQ
— Increment Shadow Stack Pointer</title></head><body><header><nav><ul><li><a href='index.html'>Index</a></li><li>December 2023</li></ul></nav></header><h1>INCSSPD/INCSSPQ
— Increment Shadow Stack Pointer</h1>
<table>
<tr>
<th>Opcode/Instruction</th>
<th>Op / En</th>
<th>64/32 bit Mode Support</th>
<th>CPUID Feature Flag</th>
<th>Description</th></tr>
<tr>
<td>F3 0F AE /05 INCSSPD r32</td>
<td>R</td>
<td>V/V</td>
<td>CET_SS</td>
<td>Increment SSP by 4 * r32[7:0].</td></tr>
<tr>
<td>F3 REX.W 0F AE /05 INCSSPQ r64</td>
<td>R</td>
<td>V/N.E.</td>
<td>CET_SS</td>
<td>Increment SSP by 8 * r64[7:0].</td></tr></table>
<h2 id="instruction-operand-encoding">Instruction Operand Encoding<a class="anchor" href="#instruction-operand-encoding">
</a></h2>
<table>
<tr>
<th>Op/En</th>
<th>Tuple Type</th>
<th>Operand 1</th>
<th>Operand 2</th>
<th>Operand 3</th>
<th>Operand 4</th></tr>
<tr>
<td>R</td>
<td>N/A</td>
<td>ModRM:r/m (r)</td>
<td>N/A</td>
<td>N/A</td>
<td>N/A</td></tr></table>
<h2 id="description">Description<a class="anchor" href="#description">
</a></h2>
<p>This instruction can be used to increment the current shadow stack pointer by the operand size of the instruction times the unsigned 8-bit value specified by bits 7:0 in the source operand. The instruction performs a pop and discard of the first and last element on the shadow stack in the range specified by the unsigned 8-bit value in bits 7:0 of the source operand.</p>
<h2 id="operation">Operation<a class="anchor" href="#operation">
</a></h2>
<pre>IF CPL = 3
IF (CR4.CET &amp; IA32_U_CET.SH_STK_EN) = 0
THEN #UD; FI;
ELSE
IF (CR4.CET &amp; IA32_S_CET.SH_STK_EN) = 0
THEN #UD; FI;
FI;
IF (operand size is 64-bit)
THEN
Range := R64[7:0];
shadow_stack_load 8 bytes from SSP;
IF Range &gt; 0
THEN shadow_stack_load 8 bytes from SSP + 8 * (Range - 1);
FI;
SSP := SSP + Range * 8;
ELSE
Range := R32[7:0];
shadow_stack_load 4 bytes from SSP;
IF Range &gt; 0
THEN shadow_stack_load 4 bytes from SSP + 4 * (Range - 1);
FI;
SSP := SSP + Range * 4;
FI;
</pre>
<h2 id="flags-affected">Flags Affected<a class="anchor" href="#flags-affected">
</a></h2>
<p>None.</p>
<h2 id="intel-c-c++-compiler-intrinsic-equivalent">Intel C/C++ Compiler Intrinsic Equivalent<a class="anchor" href="#intel-c-c++-compiler-intrinsic-equivalent">
</a></h2>
<pre>INCSSPD void _incsspd(int);
</pre>
<pre>INCSSPQ void _incsspq(int);
</pre>
<h2 class="exceptions" id="protected-mode-exceptions">Protected Mode Exceptions<a class="anchor" href="#protected-mode-exceptions">
</a></h2>
<table>
<tr>
<td rowspan="4">#UD</td>
<td>If the LOCK prefix is used.</td></tr>
<tr>
<td>If CR4.CET = 0.</td></tr>
<tr>
<td>IF CPL = 3 and IA32_U_CET.SH_STK_EN = 0.</td></tr>
<tr>
<td>IF CPL &lt; 3 and IA32_S_CET.SH_STK_EN = 0.</td></tr>
<tr>
<td>#PF(fault-code)</td>
<td>If a page fault occurs.</td></tr></table>
<h2 class="exceptions" id="real-address-mode-exceptions">Real-Address Mode Exceptions<a class="anchor" href="#real-address-mode-exceptions">
</a></h2>
<table>
<tr>
<td>#UD</td>
<td>The INCSSP instruction is not recognized in real-address mode.</td></tr></table>
<h2 class="exceptions" id="virtual-8086-mode-exceptions">Virtual-8086 Mode Exceptions<a class="anchor" href="#virtual-8086-mode-exceptions">
</a></h2>
<table>
<tr>
<td>#UD</td>
<td>The INCSSP instruction is not recognized in virtual-8086 mode.</td></tr></table>
<h2 class="exceptions" id="compatibility-mode-exceptions">Compatibility Mode Exceptions<a class="anchor" href="#compatibility-mode-exceptions">
</a></h2>
<p>Same exceptions as in protected mode.</p>
<h2 class="exceptions" id="64-bit-mode-exceptions">64-Bit Mode Exceptions<a class="anchor" href="#64-bit-mode-exceptions">
</a></h2>
<p>Same exceptions as in protected mode.</p><footer><p>
This UNOFFICIAL, mechanically-separated, non-verified reference is provided for convenience, but it may be
inc<span style="opacity: 0.2">omp</span>lete or b<sub>r</sub>oke<sub>n</sub> in various obvious or non-obvious
ways. Refer to <a href="https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4">Intel® 64 and IA-32 Architectures Software Developers Manual</a> for anything serious.
</p></footer></body></html>
View git blame Copy permalink