Intel assembly language programming (Sixth Edition)

572 Chapter 14 • 16-Bit MS-DOS Programming INT 21h Function 40h Description Write an array of bytes to a file or device Receives AH  40h BX  file or device handle (console  1) CX  number of bytes to write DS:DX  address of array Returns AX  number of bytes written Sample call .data message \"Hello, world\" .code mov ah,40h mov bx,1 mov cx,LENGTHOF message mov dx,OFFSET message int 21h 14.2.2 Hello World Program Example The following is a simple program that displays a string on the screen using an MS-DOS function call: TITLE Hello World Program (Hello.asm) .MODEL small .STACK 100h .386 .data message BYTE \"Hello, world!\",0dh,0ah .code main PROC mov ax,@data ; initialize DS mov ds,ax mov ah,40h ; write to file/device mov bx,1 ; output handle mov cx,SIZEOF message ; number of bytes mov dx,OFFSET message ; addr of buffer int 21h .EXIT main ENDP END main Alternate Version Another way to write Hello.asm is to use the predefined .STARTUP direc- tive (which initializes the DS register). Doing so requires the removal of the label next to the

14.2 MS-DOS Function Calls (INT 21h) 573 END directive: TITLE Hello World Program (Hello2.asm) .MODEL small .STACK 100h .386 .data message BYTE \"Hello, world!\",0dh,0ah .code main PROC .STARTUP mov ah,40h ; write to file/device mov bx,1 ; output handle mov cx,SIZEOF message ; number of bytes mov dx,OFFSET message ; addr of buffer int 21h .EXIT main ENDP END 14.2.3 Selected Input Functions In this section, we describe a few of the most commonly used MS-DOS functions that read from standard input. For a more complete list, see Appendix D. As shown in the following table, INT 21h Function 1 reads a single character from standard input: INT 21h Function 1 Description Read a single character from standard input Receives AH  1 Returns AL  character (ASCII code) Sample call mov ah,1 int 21h mov char,al Notes If no character is present in the input buffer, the program waits. This function echoes the character to standard output. INT 21h Function 6 reads a character from standard input if the character is waiting in the input buffer. If the buffer is empty, the function returns with the Zero flag set and no other action is taken: INT 21h Function 6 Description Read a character from standard input without waiting Receives AH  6 DL  FFh

574 Chapter 14 • 16-Bit MS-DOS Programming INT 21h Function 6 Returns If ZF  0, AL contains the character’s ASCII code. Sample call mov ah,6 mov dl,0FFh int 21h jz skip mov char,AL skip: Notes The interrupt only returns a character if one is already waiting in the input buffer. Does not echo the character to standard output and does not filter control characters. INT 21h Function 0Ah reads a buffered string from standard input, terminated by the Enter key. When calling this function, pass a pointer to an input structure having the following format (count can be between 0 and 128): count = 80 KEYBOARD STRUCT maxInput BYTE count ; max chars to input inputCount BYTE ? ; actual input count buffer BYTE count DUP(?) ; holds input chars KEYBOARD ENDS The maxInput field specifies the maximum number of characters the user can input, including the Enter key. The backspace key can be used to erase characters and back up the cursor. The user terminates the input either by pressing the Enter key or by pressing Ctrl-Break. All non- ASCII keys, such as PageUp and F1, are filtered out and are not stored in the buffer. After the function returns, the inputCount field indicates how many characters were input, not counting the Enter key. The following table describes Function 0Ah: INT 21h Function 0Ah Description Read an array of buffered characters from standard input Receives AH  0Ah DS:DX  address of keyboard input structure Returns The structure is initialized with the input characters. Sample call .data kybdData KEYBOARD <> .code mov ah,0Ah mov dx,OFFSET kybdData int 21h

14.2 MS-DOS Function Calls (INT 21h) 575 INT 21h Function 0Bh gets the status of the standard input buffer: INT 21h Function 0Bh Description Get the status of the standard input buffer Receives AH  0Bh Returns If a character is waiting, AL  0FFh; otherwise, AL  0. Sample Call mov ah,0Bh int 21h cmp al,0 je skip ; (input the character) skip: Notes Does not remove the character. Example: String Encryption Program INT 21h Function 6 has the unique ability to read characters from standard input without paus- ing the program or filtering control characters. This can be put to good use if we run a program from the command prompt and redirect the input. That is, the input will come from a text file rather than the keyboard. The following program (Encrypt.asm) reads each character from standard input, uses the XOR instruction to alter the character, and writes the altered character to standard output: TITLE Encryption Program (Encrypt.asm) ; This program uses MS-DOS function calls to ; read and encrypt a file. Run it from the ; command prompt, using redirection: ; Encrypt < infile.txt > outfile.txt ; Function 6 is also used for output, to avoid ; filtering ASCII control characters. INCLUDE Irvine16.inc XORVAL = 239 ; any value between 0-255 .code main PROC mov ax,@data mov ds,ax L1: mov ah,6 ; direct console input mov dl,0FFh ; don't wait for character int 21h ; AL = character jz L2 ; quit if ZF = 1 (EOF) xor al,XORVAL mov ah,6 ; write to output

576 Chapter 14 • 16-Bit MS-DOS Programming mov dl,al int 21h jmp L1 ; repeat the loop L2: exit main ENDP END main The choice of 239 as the encryption value is completely arbitrary. You can use any value between 0 and 255 in this context, although using 0 will not cause any encryption to occur. The encryption is weak, of course, but it might be enough to discourage the average user from trying to defeat the encryption. When you run the program at the command prompt, indicate the name of the input file (and output file, if any). The following are two examples: encrypt < infile.txt Input from file (infile.txt), output to console encrypt < infile.txt > outfile.txt Input from file (infile.txt), output to file (outfile.txt) Int 21h Function 3Fh INT 21h Function 3Fh, as shown in the following table, reads an array of bytes from a file or device. It can be used for keyboard input when the device handle in BX is equal to zero: INT 21h Function 3Fh Description Read an array of bytes from a file or device Receives AH  3Fh BX  file/device handle (0  keyboard) CX  maximum bytes to read DS:DX  address of input buffer Returns AX  number of bytes actually read Sample Call .data inputBuffer BYTE 127 dup(0) bytesRead WORD ? .code mov ah,3Fh mov bx,0 mov cx,127 mov dx,OFFSET inputBuffer int 21h mov bytesRead,ax Notes If reading from the keyboard, input terminates when the Enter key is pressed, and the 0Dh, 0Ah, characters are appended to the input buffer.

14.2 MS-DOS Function Calls (INT 21h) 577 If the user enters more characters than were requested by the function call, excess characters remain in the MS-DOS input buffer. If the function is called anytime later in the program, execu- tion may not pause and wait for user input because the buffer already contains data (including the 0Dh, 0Ah, marking the end of the line). This can even occur between separate instances of program execution. To be absolutely sure your program works as intended, you need to flush the input buffer, one character at a time, after calling Function 3Fh. The following code does this (see the Keybd.asm program for a complete demonstration): ;------------------------------------------ FlushBuffer PROC ; Flush the standard input buffer. ; Receives: nothing. Returns: nothing ;----------------------------------------- .data oneByte BYTE ? .code pusha L1: mov ah,3Fh ; read file/device mov bx,0 ; keyboard handle mov cx,1 ; one byte mov dx,OFFSET oneByte ; save it here int 21h ; call MS-DOS cmp oneByte,0Ah ; end of line yet? jne L1 ; no: read another popa ret FlushBuffer ENDP 14.2.4 Date/Time Functions Many popular software applications display the current date and time. Others retrieve the date and time and use it in their internal logic. A scheduling program, for example, can use the cur- rent date to verify that a user is not accidentally scheduling an appointment in the past. As shown in the next series of tables, INT 21h Function 2Ah gets the system date, and INT 21h Function 2Bh sets the system date. INT 21h Function 2Ch gets the system time, and INT 21h Function 2Dh sets the system time. INT 21h Function 2Ah Description Get the system date Receives AH  2Ah Returns CX  year DH, DL  month, day AL  day of week (Sunday  0, Monday  1, etc.)

578 Chapter 14 • 16-Bit MS-DOS Programming INT 21h Function 2Ah Sample Call mov ah,2Ah int 21h mov year,cx mov month,dh mov day,dl mov dayOfWeek,al INT 21h Function 2Bh Description Set the system date Receives AH  2Bh CX  year DH  month DL  day Returns If the change was successful, AL  0; otherwise, AL  FFh. Sample Call mov ah,2Bh mov cx,year mov dh,month mov dl,day int 21h cmp al,0 jne failed Notes Probably will not work if you are running Windows NT, 2000, or XP with a restricted user profile. INT 21h Function 2Ch Description Get the system time Receives AH  2Ch Returns CH  hours (0 – 23) CL  minutes (0 – 59) DH  seconds (0 – 59) DL  hundredths of seconds (usually not accurate) Sample Call mov ah,2Ch int 21h mov hours,ch mov minutes,cl mov seconds,dh

14.2 MS-DOS Function Calls (INT 21h) 579 INT 21h Function 2Dh Description Set the system time Receives AH  2Dh CH  hours (0 – 23) CL  minutes (0 – 59) DH  seconds (0 – 59) Returns If the change was successful, AL  0; otherwise, AL  FFh. Sample Call mov ah,2Dh mov ch,hours mov cl,minutes mov dh,seconds int 21h cmp al,0 jne failed Notes Does not work if you are running Windows with a restricted user profile. Example: Displaying the Time and Date The following program (DateTime.asm) displays the system date and time. The code is a little longer than one would expect because the program inserts leading zeros before the hours, min- utes, and seconds: TITLE Display the Date and Time (DateTime.asm) Include Irvine16.inc Write PROTO char:BYTE .data str1 BYTE \"Date: \",0 str2 BYTE \", Time: \",0 .code main PROC mov ax,@data mov ds,ax ; Display the date: mov dx,OFFSET str1 call WriteString mov ah,2Ah ; get system date int 21h movzx eax,dh ; month call WriteDec INVOKE Write,'-' movzx eax,dl ; day call WriteDec

580 Chapter 14 • 16-Bit MS-DOS Programming INVOKE Write,'-' movzx eax,cx ; year call WriteDec ; Display the time: mov dx,OFFSET str2 call WriteString mov ah,2Ch ; get system time int 21h movzx eax,ch ; hours call WritePaddedDec INVOKE Write,':' movzx eax,cl ; minutes call WritePaddedDec INVOKE Write,':' movzx eax,dh ; seconds call WritePaddedDec call Crlf exit main ENDP ;--------------------------------------------- Write PROC char:BYTE ; Display a single character. ;--------------------------------------------- push eax push edx mov ah,2 ; character output function mov dl,char int 21h pop edx pop eax ret Write ENDP ;--------------------------------------------- WritePaddedDec PROC ; Display unsigned integer in EAX, padding ; to two digit positions with a leading zero. ;--------------------------------------------- .IF eax < 10 push eax push edx mov ah,2 ; display leading zero mov dl,'0' int 21h pop edx pop eax .ENDIF

14.3 Standard MS-DOS File I/O Services 581 call WriteDec ; write unsigned decimal ret ; using value in EAX WritePaddedDec ENDP END main Sample output: Date: 12-8-2006, Time: 23:01:23 14.2.5 Section Review 1. Which register holds the function number when calling INT 21h? 2. Which INT 21h function terminates a program? 3. Which INT 21h function writes a single character to standard output? 4. Which INT 21h function writes a string terminated by a $ character to standard output? 5. Which INT 21h function writes a block of data to a file or device? 6. Which INT 21h function reads a single character from standard input? 7. Which INT 21h function reads a block of data from the standard input device? 8. If you want to get the system date, display it, and then change it, which INT 21h functions are required? 9. Which INT 21h functions shown in this chapter probably will not work under Windows NT, 2000, or XP with a restricted user profile? 10. Which INT 21h function would you use to check the standard input buffer to see if a charac- ter is waiting to be processed? 14.3 Standard MS-DOS File I/O Services INT 21h provides more file and directory I/O services that we can possibly show here. Table 14-3 shows a few of the functions you are likely to use. Table 14-3 File- and Directory-Related INT 21h Functions. Function Description 716Ch Create or open a file 3Eh Close file handle 42h Move file pointer 5706h Get file creation date and time File/Device Handles MS-DOS and MS-Windows use 16-bit integers called handles to identify files and I/O devices. There are five predefined device handles. Each, except handle 2 (error output), supports redirection at the command prompt. The following handles are

582 Chapter 14 • 16-Bit MS-DOS Programming available all the time: 0 Keyboard (standard input) 1 Console (standard output) 2 Error output 3 Auxiliary device (asynchronous) 4 Printer Each I/O function has a common characteristic: If it fails, the Carry flag is set, and an error code is returned in AX. You can use this error code to display an appropriate message. Table 14-4 con- tains a list of the error codes and their descriptions. Microsoft provides extensive documentation on MS-DOS function calls. Search the Platform SDK docu- mentation for your version of Windows. Table 14-4 MS-DOS Extended Error Codes. Error Code Description 01 Invalid function number 02 File not found 03 Path not found 04 Too many open files (no handles left) 05 Access denied 06 Invalid handle 07 Memory control blocks destroyed 08 Insufficient memory 09 Invalid memory block address 0A Invalid environment 0B Invalid format 0C Invalid access code 0D Invalid data 0E Reserved 0F Invalid drive was specified 10 Attempt to remove the current directory 11 Not same device 12 No more files 13 Diskette write-protected 14 Unknown unit 15 Drive not ready 16 Unknown command 17 Data error (CRC) 18 Bad request structure length 19 Seek error 1A Unknown media type 1B Sector not found 1C Printer out of paper 1D Write fault 1E Read fault 1F General failure

14.3 Standard MS-DOS File I/O Services 583 14.3.1 Create or Open File (716Ch) INT 21h Function 716Ch can either create a new file or open an existing file. It permits the use of extended filenames and file sharing. As shown in the following table, the filename may optionally include a directory path. INT 21h Function 716Ch Description Create new file or open existing file Receives AX  716Ch BX  access mode (0  read, 1  write, 2  read/write) CX  attributes (0  normal, 1  read only, 2  hidden, 3  system, 8  volume ID, 20h  archive) DX  action (1  open, 2  truncate, 10h  create) DS:SI  segment/offset of filename DI  alias hint (optional) Returns If the create/open was successful, CF  0, AX  file handle, and CX  action taken. If create/open failed, CF  1. Sample Call mov ax,716Ch ; extended open/create mov bx,0 ; read-only mov cx,0 ; normal attribute mov dx,1 ; open existing file mov si,OFFSET Filename int 21h jc failed mov handle,ax ; file handle mov actionTaken,cx ; action taken Notes The access mode in BX can optionally be combined with one of the following sharing mode values: OPEN_SHARE_COMPATIBLE, OPEN_SHARE_DENYREADWRITE, OPEN_SHARE_DENYWRITE, OPEN_SHARE_DENYREAD, OPEN_SHARE_ DENYNONE. The action taken returned in CX can be one of the following values: ACTION_OPENED, ACTION_CREATED_OPENED, ACTION_REPLACED_ OPENED. All are defined in Irvine16.inc. Additional Examples The following code either creates a new file or truncates an existing file having the same name: mov ax,716Ch ; extended open/create mov bx,2 ; read-write mov cx,0 ; normal attribute mov dx,10h + 02h ; action: create + truncate mov si,OFFSET Filename int 21h jc failed mov handle,ax ; file handle mov actionTaken,cx ; action taken to open file

584 Chapter 14 • 16-Bit MS-DOS Programming The following code attempts to create a new file. It fails (with the Carry flag set) if the file already exists: mov ax,716Ch ; extended open/create mov bx,2 ; read-write mov cx,0 ; normal attribute mov dx,10h ; action: create mov si,OFFSET Filename int 21h jc failed mov handle,ax ; file handle mov actionTaken,cx ; action taken to open file 14.3.2 Close File Handle (3Eh) INT 21h Function 3Eh closes a file handle. This function flushes the file’s write buffer by copy- ing any remaining data to disk, as shown in the following table: INT 21h Function 3Eh Description Close file handle Receives AH  3Eh BX  file handle Returns If the file was closed successfully, CF  0; otherwise, CF  1. Sample Call .data filehandle WORD ? .code mov ah,3Eh mov bx,filehandle int 21h jc failed Notes If the file has been modified, its time stamp and date stamp are updated. 14.3.3 Move File Pointer (42h) INT 21h Function 42h, as can be seen in the following table, moves the position pointer of an open file to a new location. When calling this function, the method code in AL identifies how the pointer will be set: 0 Offset from the beginning of the file 1 Offset from the current location 2 Offset from the end of the file INT 21h Function 42h Description Move file pointer Receives AH  42h AL  method code BX  file handle CX:DX  32-bit offset value Returns If the file pointer was moved successfully, CF  0 and DX:AX returns the new file pointer offset; otherwise, CF  1.

14.3 Standard MS-DOS File I/O Services 585 INT 21h Function 42h Sample Call mov ah,42h mov al,0 ; method: offset from beginning mov bx,handle mov cx,offsetHi mov dx,offsetLo int 21h Notes The returned file pointer offset in DX:AX is always relative to the beginning of the file. 14.3.4 Get File Creation Date and Time INT 21h Function 5706h, shown in the following table, obtains the date and time when a file was created. This is not necessarily the same date and time when the file was last modified or even accessed. To learn about MS-DOS packed date and time formats, see Section 15.3.7. To see an example of extracting date/time fields, see Section 7.3.4. INT 21h Function 5706h Description Get file creation date and time Receives AX  5706h BX  file handle Returns If the function call was successful, CF  0, DX  date (in MS-DOS packed format), CX  time, and SI  milliseconds. If the function failed, CF  1. Sample Call mov ax,5706h ; Get creation date/time mov bx,handle int 21h jc error ; quit if failed mov date,dx mov time,cx mov milliseconds,si Notes The file must already be open. The milliseconds value indicates the number of 10-millisecond intervals to add to the MS-DOS time. Range is 0 to 199, indicating that the field can add as many as 2 seconds to the overall time. 14.3.5 Selected Library Procedures Two procedures from the Irvine16 link library are shown here: ReadString and WriteString. ReadString is the trickiest of the two, since it must read one character at a time until it encoun- ters the end of line character (0Dh). It reads the character, but does not copy it to the buffer. ReadString The ReadString procedure reads a string from standard input and places the characters in an input buffer as a null-terminated string. It terminates when the user presses the Enter key.: ;-------------------------------------------------------- ReadString PROC ; Receives: DS:DX points to the input buffer,

586 Chapter 14 • 16-Bit MS-DOS Programming ; CX = maximum input size ; Returns: AX = size of the input string ; Comments: Stops when the Enter key (0Dh) is pressed. ;-------------------------------------------------------- push cx ; save registers push si push cx ; save digit count again mov si,dx ; point to input buffer L1: mov ah,1 ; function: keyboard input int 21h ; returns character in AL cmp al,0Dh ; end of line? je L2 ; yes: exit mov [si],al ; no: store the character inc si ; increment buffer pointer loop L1 ; loop until CX=0 L2: mov byte ptr [si],0 ; end with a null byte pop ax ; original digit count sub ax,cx ; AX = size of input string pop si ; restore registers pop cx ret ReadString ENDP WriteString The WriteString procedure writes a null-terminated string to standard output. It calls a helper pro- cedure named Str_length that returns the number of bytes in a string: ;-------------------------------------------------------- WriteString PROC ; Writes a null-terminated string to standard output ; Receives: DS:DX = address of string ; Returns: nothing ;-------------------------------------------------------- pusha push ds ; set ES to DS pop es mov di,dx ; ES:DI = string ptr call Str_length ; AX = string length mov cx,ax ; CX = number of bytes mov ah,40h ; write to file or device mov bx,1 ; standard output handle int 21h ; call MS-DOS popa ret WriteString ENDP 14.3.6 Example: Read and Copy a Text File We presented INT 21h Function 3Fh earlier in this chapter, in the context of reading from standard input. This function can also be used to read a file if the handle in BX identifies a file that has been opened for input. When Function 3Fh returns, AX indicates the number of bytes

14.3 Standard MS-DOS File I/O Services 587 actually read from the file. When the end of the file is reached, the value returned in AX is less than the number of bytes requested (in CX). We also presented INT 21h Function 40h earlier in this chapter in the context of writing to standard output (device handle 1). Instead, the handle in BX can refer to an open file. The func- tion automatically updates the file’s position pointer, so the next call to Function 40h begins writing where the previous call left off. The Readfile.asm program we’re about to present demonstrates several INT 21h functions presented in this section: • Function 716Ch: Create new file or open existing file • Function 3Fh: Read from file or device • Function 40h: Write to file or device • Function 3Eh: Close file handle The following program opens a text file for input, reads no more than 5,000 bytes from the file, displays it on the console, creates a new file, and copies the data to a new file: TITLE Read a text file (Readfile.asm) ; Read, display, and copy a text file. INCLUDE Irvine16.inc .data BufSize = 5000 infile BYTE \"my_text_file.txt\",0 outfile BYTE \"my_output_file.txt\",0 inHandle WORD ? outHandle WORD ? buffer BYTE BufSize DUP(?) bytesRead WORD ? .code main PROC mov ax,@data mov ds,ax ; Open the input file mov ax,716Ch ; extended create or open mov bx,0 ; mode = read-only mov cx,0 ; normal attribute mov dx,1 ; action: open mov si,OFFSET infile int 21h ; call MS-DOS jc quit ; quit if error mov inHandle,ax ; Read the input file mov ah,3Fh ; read file or device mov bx,inHandle ; file handle mov cx,BufSize ; max bytes to read mov dx,OFFSET buffer ; buffer pointer int 21h

588 Chapter 14 • 16-Bit MS-DOS Programming jc quit ; quit if error mov bytesRead,ax ; Display the buffer mov ah,40h ; write file or device mov bx,1 ; console output handle mov cx,bytesRead ; number of bytes mov dx,OFFSET buffer ; buffer pointer int 21h jc quit ; quit if error ; Close the file mov ah,3Eh ; function: close file mov bx,inHandle ; input file handle int 21h ; call MS-DOS jc quit ; quit if error ; Create the output file mov ax,716Ch ; extended create or open mov bx,1 ; mode = write-only mov cx,0 ; normal attribute mov dx,12h ; action: create/truncate mov si,OFFSET outfile int 21h ; call MS-DOS jc quit ; quit if error mov outHandle,ax ; save handle ; Write buffer to new file mov ah,40h ; write file or device mov bx,outHandle ; output file handle mov cx,bytesRead ; number of bytes mov dx,OFFSET buffer ; buffer pointer int 21h jc quit ; quit if error ; Close the file mov ah,3Eh ; function: close file mov bx,outHandle ; output file handle int 21h ; call MS-DOS quit: call Crlf exit main ENDP END main 14.3.7 Reading the MS-DOS Command Tail In the programs that follow, we will often pass information to programs on the command line. Suppose we needed to pass the name file1.doc to a program named attr.exe. The MS-DOS com- mand line would be attr file1.doc When a program starts up, any additional text on its command line is automatically stored in the 128-byte MS-DOS Command Tail located in memory at offset 80h from the beginning of the

14.3 Standard MS-DOS File I/O Services 589 segment address specified by the ES register. The memory area is named the program segment prefix (PSP). The program segment prefix is discussed in Section 17.3.1. Also see Section 2.3.1 for a discussion of how segmented addressing works in real-address mode. The first byte contains the length of the command line. If its value is greater than zero, the second byte contains a space character. The remaining bytes contain the text typed on the com- mand line. Using the example command line for the attr.exe program, the hexadecimal contents of the command tail would be the following: Offset: 80 81 82 83 84 85 86 87 88 89 8A 8B Contents: 0A 20 46 49 4C 45 31 2E 44 4F 43 0D FILE1 .DOC You can see the command tail bytes using the Microsoft CodeView debugger if you load the pro- gram and set the command-line arguments before running the program. To set command-line parameters in CodeView, choose Set Runtime Arguments... from the Run menu. Press F10 to execute the first program instruction, open a memory window, select Memory from the Options menu, and enter ES:0x80 into the Address Expression field. There is one exception to the rule that MS-DOS stores all characters after the command or pro- gram name: It doesn’t keep the file and device names used when redirecting input-output. For example, MS-DOS does not save any text in the command tail when the following command is typed because both infile.txt and PRN are used for redirection: prog1 < infile.txt > prn GetCommandTail Procedure The GetCommandTail procedure from the Irvine16 library returns a copy of the running program’s command tail under MS-DOS. When calling this proce- dure, set DX to the offset of the buffer where the command tail will be copied. Real-address mode programs often deal directly with segment registers so they can access data in different memory segments. For example, GetCommandTail saves the current value of ES on the stack, obtains the PSP segment using INT 21h Function 62h and copies it to ES: push es . . mov ah,62h ; get PSP segment address int 21h ; returned in BX mov es,bx ; copied to ES Next, it locates a byte inside the PSP. Because ES does not point to the program’s default data seg- ment, we must use a segment override (es:) to address data inside the program segment prefix: mov cl,es:[di-1] ; get length byte GetCommandTail skips over leading spaces with SCASB and sets the Carry flag if the com- mand tail is empty. This makes it easy for the calling program to execute a JC (jump carry)

590 Chapter 14 • 16-Bit MS-DOS Programming instruction if nothing is typed on the command line: cld ; scan in forward direction mov al,20h ; space character repz scasb ; scan for non space jz L2 ; all spaces found . . L2: stc ; CF=1 means no command tail SCASB automatically scans memory pointed to by the ES segment registers, so we had no choice but to set ES to the PSP segment at the beginning of GetCommandTail. Here’s a complete listing: GetCommandTail PROC ; ; Gets a copy of the MS-DOS command tail at PSP:80h. ; Receives: DX contains the offset of the buffer ; that receives a copy of the command tail. ; Returns: CF=1 if the buffer is empty; otherwise, ; CF=0. ;-------------------------------------------------- SPACE = 20h push es pusha ; save general registers mov ah,62h ; get PSP segment address int 21h ; returned in BX mov es,bx ; copied to ES mov si,dx ; point to buffer mov di,81h ; PSP offset of command tail mov cx,0 ; byte count mov cl,es:[di-1] ; get length byte cmp cx,0 ; is the tail empty? je L2 ; yes: exit cld ; scan in forward direction mov al,SPACE ; space character repz scasb ; scan for non space jz L2 ; all spaces found dec di ; non space found inc cx By default, the assembler assumes that DI is an offset from the segment address in DS. The segment override ( es:[di] ) tells the CPU to use the segment address in ES instead. L1: mov al,es:[di] ; copy tail to buffer mov [si],al ; pointed to by DS:SI inc si inc di loop L1 clc ; CF=0 means tail found jmp L3

14.3 Standard MS-DOS File I/O Services 591 L2: stc ; CF=1 means no command tail L3: mov byte ptr [si],0 ; store null byte popa ; restore registers pop es ret GetCommandTail ENDP 14.3.8 Example: Creating a Binary File A binary file is given its name because the data stored in the file is simply a binary image of pro- gram data. Suppose, for example, that your program created and filled an array of doublewords: myArray DWORD 50 DUP(?) If you wanted to write this array to a text file, you would have to convert each integer to a string and write it separately. A more efficient way to store this data would be to just write a binary image of myArray to a file. An array of 50 doublewords uses 200 bytes of memory, and that is exactly the amount of disk space the file would use. The following Binfile.asm program fills an array with random integers, displays the integers on the screen, writes the integers to a binary file, and closes the file. It reopens the file, reads the integers, and displays them on the screen: TITLE Binary File Program (Binfile.asm) ; This program creates a binary file containing ; an array of doublewords. It then reads the file ; back in and displays the values. INCLUDE Irvine16.inc .data myArray DWORD 50 DUP(?) fileName BYTE \"binary array file.bin\",0 fileHandle WORD ? commaStr BYTE \", \",0 ; Set CreateFile to zero if you just want to ; read and display the existing binary file. CreateFile = 1 .code main PROC mov ax,@data mov ds,ax .IF CreateFile EQ 1 call FillTheArray call DisplayTheArray call CreateTheFile call WaitMsg call Crlf .ENDIF

592 Chapter 14 • 16-Bit MS-DOS Programming call ReadTheFile call DisplayTheArray quit: call Crlf exit main ENDP ;------------------------------------------------------ ReadTheFile PROC ; ; Open and read the binary file. ; Receives: nothing. ; Returns: nothing ;------------------------------------------------------ mov ax,716Ch ; extended file open mov bx,0 ; mode: read-only mov cx,0 ; attribute: normal mov dx,1 ; open existing file mov si,OFFSET fileName ; filename int 21h ; call MS-DOS jc quit ; quit if error mov fileHandle,ax ; save handle ; Read the input file, then close the file. mov ah,3Fh ; read file or device mov bx,fileHandle ; file handle mov cx,SIZEOF myArray ; max bytes to read mov dx,OFFSET myArray ; buffer pointer int 21h jc quit ; quit if error mov ah,3Eh ; function: close file mov bx,fileHandle ; output file handle int 21h ; call MS-DOS quit: ret ReadTheFile ENDP ;------------------------------------------------------ DisplayTheArray PROC ; ; Display the doubleword array. ; Receives: nothing. ; Returns: nothing ;------------------------------------------------------ mov CX,LENGTHOF myArray mov si,0 L1: mov eax,myArray[si] ; get a number call WriteHex ; display the number mov edx,OFFSET commaStr ; display a comma call WriteString

14.3 Standard MS-DOS File I/O Services 593 add si,TYPE myArray ; next array position loop L1 ret DisplayTheArray ENDP ;------------------------------------------------------ FillTheArray PROC ; ; Fill the array with random integers. ; Receives: nothing. ; Returns: nothing ;------------------------------------------------------ mov CX,LENGTHOF myArray mov si,0 L1: mov eax,1000 ; generate random integers call RandomRange ; between 0 - 999 in EAX mov myArray[si],eax ; store in the array add si,TYPE myArray ; next array position loop L1 ret FillTheArray ENDP ;------------------------------------------------------ CreateTheFile PROC ; ; Create a file containing binary data. ; Receives: nothing. ; Returns: nothing ;------------------------------------------------------ mov ax,716Ch ; create file mov bx,1 ; mode: write only mov cx,0 ; normal file mov dx,12h ; action: create/truncate mov si,OFFSET fileName ; filename int 21h ; call MS-DOS jc quit ; quit if error mov fileHandle,ax ; save handle ; Write the integer array to the file. mov ah,40h ; write file or device mov bx,fileHandle ; output file handle mov cx,SIZEOF myArray ; number of bytes mov dx,OFFSET myArray ; buffer pointer int 21h jc quit ; quit if error ; Close the file. mov ah,3Eh ; function: close file mov bx,fileHandle ; output file handle int 21h ; call MS-DOS quit:

594 Chapter 14 • 16-Bit MS-DOS Programming ret CreateTheFile ENDP END main It is worth noting that writing the entire array is done with a single call to INT 21h Function 40h. There is no need for a loop: mov ah,40h ; write file or device mov bx,fileHandle ; output file handle mov cx,SIZEOF myArray ; number of bytes mov dx,OFFSET myArray ; buffer pointer int 21h The same is true when reading the file back into the array. A single call to INT 21h Function 3Fh does the job: mov ah,3Fh ; read file or device mov bx,fileHandle ; file handle mov cx,SIZEOF myArray ; max bytes to read mov dx,OFFSET myArray ; buffer pointer int 21h 14.3.9 Section Review 1. Name the five standard MS-DOS device handles. 2. After calling an MS-DOS I/O function, which flag indicates that an error has occurred? 3. When you call Function 716Ch to create a file, what arguments are required? 4. Show an example of opening an existing file for input. 5. When you call Function 716Ch to read a binary array from a file that is already open, what argument values are required? 6. How do you check for end of file when reading an input file using INT 21h Function 3Fh? 7. When calling Function 3Fh, how is reading from a file different from reading from the keyboard? 8. If you wanted to read a random-access file, which INT 21h function would permit you to jump directly to a particular record in the middle of the file? 9. Write a short code segment that positions the file pointer 50 bytes from the beginning of a file. Assume that the file is already open, and BX contains the file handle. 14.4 Chapter Summary In this chapter, you learned the basic memory organization of MS-DOS, how to activate MS-DOS function calls, and how to perform basic input-output operations at the operating system level. The standard input device and the standard output device are collectively called the console, which involves the keyboard for input and the video display for output. A software interrupt is a call to an operating system procedure. Most of these procedures, called interrupt handlers, provide input-output capability to application programs. The INT (call to interrupt procedure) instruction pushes the CPU flags and 32-bit return address (CS and IP) on the stack, disables other interrupts, and calls an interrupt handler. The CPU

14.4 Chapter Summary 595 processes the INT instruction using the interrupt vector table, a table containing 32-bit segment- offset addresses of interrupt handlers. Programs designed for MS-DOS must be 16-bit applications running in real-address mode. Real-address mode applications use 16-bit segments and use segmented addressing. The .MODEL directive specifies which memory model your program will use. The .STACK directive allocates a small amount of local stack space for your program. In real-address mode, stack entries are 16 bits by default. Enable the use of 32-bit registers using the .386 directive. A 16-bit application containing variables must set DS to the location of the data segment before accessing the variables. Every program must include a statement that ends the program and returns to the operating system. One way to do this is by using the .EXIT directive. Another way is by calling INT 21h Function 4Ch. Any real-address mode program can access hardware ports, interrupt vectors, and system memory when running under MS-DOS, Windows 95, 98, and Millenium. On the other hand, this type of access is only granted to kernel mode and device driver programs in more recent versions of Windows. When a program runs, any additional text on its command line is automatically stored in the 128- byte MS-DOS command tail area, at offset 80h in special memory segment named the program segment prefix (PSP). The GetCommandTail procedure from the Irvine16 library returns a copy of the command tail. The program segment prefix is discussed in Section 17.3.1. Some frequently used BIOS interrupts are listed here: • INT 10h Video Services: Procedures that display routines that control the cursor position, write text in color, scroll the screen, and display video graphics. • INT 16h Keyboard Services: Procedures that read the keyboard and check its status. • INT 17h Printer Services: Procedures that initialize, print, and return the printer status. • INT 1Ah Time of Day: A procedure that gets the number of clock ticks since the machine was turned on or sets the counter to a new value. • INT 1Ch User Timer Interrupt: An empty procedure that is executed 18.2 times per second. A number of important MS-DOS (INT 21h) functions are listed here: • INT 21h MS-DOS Services: Procedures that provide input-output, file handling, and memory management. Also known as MS-DOS function calls. • About 200 different functions are supported by INT 21h, identified by a function number placed in the AH register. • INT 21h Function 4Ch terminates the current program (called a process). • INT 21h Functions 2 and 6 write a single character to standard output. • INT 21h Function 5 writes a single character to the printer. • INT 21h Function 9 writes a string to standard output. • INT 21h Function 40h writes an array of bytes to a file or device. • INT 21h Function 1 reads a single character from standard input. • INT 21h Function 6 reads a character from standard input without waiting. • INT 21h Function 0Ah reads a buffered string from standard input.

596 Chapter 14 • 16-Bit MS-DOS Programming • INT 21h Function 0Bh gets the status of the standard input buffer. • INT 21h Function 3Fh reads an array of bytes from a file or device. • INT 21h Function 2Ah gets the system date. • INT 21h Function 2Bh sets the system date. • INT 21h Function 2Ch gets the system time. • INT 21h Function 2Dh sets the system time. • INT 21h Function 716Ch either creates a file or opens an existing file. • INT 21h Function 3Eh closes a file handle. • INT 21h Function 42h moves a file’s position pointer. • INT 21h Function 5706h obtains a file’s creation date and time. • INT 21h Function 62h returns the segment portion of the program segment prefix address. The following sample programs showed how to apply MS-DOS functions: • The DateTime.asm program displays the system date and time. • The Readfile.asm program opens a text file for input, reads the file, displays it on the console, creates a new file, and copies the data to a new file. • The Binfile.asm program fills an array with random integers, displays the integers on the screen, writes the integers to a binary file, and closes the file. It reopens the file, reads the integers, and displays them on the screen. A binary file is given its name because the data stored in the file is a binary image of program data. 14.5 Programming Exercises The following exercises must be done in real-address mode. Do not use any functions from the Irvine16 library. Use INT 21h function calls for all input-output, unless an exercise specifically says to do otherwise. ★★ 1. Read a Text File Open a file for input, read the file, and display its contents on the screen in hexadecimal. Make the input buffer small—about 256 bytes—so the program uses a loop to repeat the call to Func- tion 3Fh as many times as necessary until the entire file has been processed. ★★ 2. Copy a Text File Modify the Readfile program in Section 14.3.6 so that it can read a file of any size. Assuming that the buffer is smaller than the input file, use a loop to read all data. Use a buffer size of 256 bytes. Display appropriate error messages if the Carry flag is set after any INT 21h function calls. ★ 3. Setting the Date Write a program that displays the current date and prompts the user for a new date. If a nonblank date is entered, use it to update the system date. ★ 4. Uppercase Conversion Write a program that uses INT 21h to input lowercase letters from the keyboard and convert them to uppercase. Display only the uppercase letters.

14.5 Programming Exercises 597 ★ 5. File Creation Date Write a procedure that displays the date when a file was created, along with its filename. Pass a pointer to the filename in the DX register. Write a test program that demonstrates the procedure with several different filenames, including extended filenames. If a file cannot be found, display an appropriate error message. ★★★ 6. Text Matching Program Write a program that opens a text file containing up to 60K bytes and performs a case-insensitive search for a string. The string and the filename can be input by the user. Display each line from the file on which the string appears and prefix each line with a line number. Review the Str_find pro- cedure from the programming exercises in Section 9.7. Your program must run in real-address mode. (A VideoNote for this exercise is posted on the Web site.) ★★ 7. File Encryption Using XOR Enhance the file encryption program from Section 6.3.4 as follows: • Prompt the user for the name of a plaintext file and a ciphertext file. • Open the plaintext file for input, and open the cipher text file for output. • Let the user enter a single integer encryption code (1 to 255). • Read the plaintext file into a buffer, and exclusive-OR each byte with the encryption code. • Write the buffer to the ciphertext file. The only procedure you may call from the book’s link library is ReadInt. All other input/output must be performed using INT 21h. The same code you write could also be used to decrypt the ciphertext file, producing the original plaintext file. ★★★ 8. CountWords Procedure Write a program that counts the words in a text file. Prompt the user for a file name, and display the word count on the screen. The only procedure you may call from the book’s link library is WriteDec. All other input/output must be performed using INT 21h. (A VideoNote for this exer- cise is posted on the Web site.)

A MASM Reference A.1 Introduction A.5 MASM Directives A.2 MASM Reserved Words A.6 Symbols A.3 Register Names A.7 Operators A.4 Microsoft Assembler (ML) A.8 Runtime Operators A.1 Introduction The Microsoft MASM 6.11 manuals were last printed in 1992, and consisted of three volumes: • Programmers Guide • Reference • Environment and Tools Unfortunately, the printed manuals have not been available for many years, but Microsoft sup- plies electronic copies of the manuals (MS-Word files) in its Platform SDK package. The printed manuals are definitely collectors’ items. The information in this chapter was excerpted from Chapters 1 to 3 of the Reference manual, with updates from the MASM 6.14 readme.txt file. The Microsoft license agreement supplied with this book entitles the reader to a single copy of the software and accompanying documenta- tion, which we have, in part, printed here. Syntax Notation Throughout this appendix, a consistent syntax notation is used. Words in all capital letters indicate a MASM reserved word that may appear in your program in either upper- case or lowercase letters. In the following example, DATA is a reserved word: .DATA 598

A.3 Register Names 599 Words in italics indicate a defined term or category. In the following example, number refers to an integer constant: ALIGN [[ number ]] When double brackets [[ .. ]] surround an item, the item is optional. In the following example, text is optional: [[ text ]] When a vertical separator | appears between items in a list of two or more items, you must select one of the items. The following example indicates a choice between NEAR and FAR: NEAR | FAR An ellipsis (. . . ) indicates repetition of the last item in a list. In the next example, the comma followed by an initializer may repeat multiple times: [[ name ]] BYTE initializer [[ , initializer ]] . . . A.2 MASM Reserved Words $ PARITY? ? PASCAL @B QWORD @F REAL4 ADDR REAL8 BASIC REAL10 BYTE SBYTE C SDWORD CARRY? SIGN? DWORD STDCALL FAR SWORD FAR16 SYSCALL FORTRAN TBYTE FWORD VARARG NEAR WORD NEAR16 ZERO? OVERFLOW? A.3 Register Names AH CR0 DR1 EBX SI AL CR2 DR2 ECX SP AX CR3 DR3 EDI SS BH CS DR6 EDX ST BL CX DR7 ES TR3

600 Appendix A • MASM Reference BP DH DS ESI TR4 BX DI DX ESP TR5 CH DL EAX FS TR6 CL DR0 EBP GS TR7 A.4 Microsoft Assembler (ML) The ML program (ML.EXE) assembles and links one or more assembly language source files. The syntax is ML [[ options ]] filename [[ [[ options ]] filename ]] . . . [[ /link linkoptions ]] The only required parameter is at least one filename, the name of a source file written in assem- bly language. The following command, for example, assembles the source file AddSub.asm and produces the object file AddSub.obj: ML -c AddSub.asm The options parameter consists of zero or more command-line options, each starting with a slash (/) or dash (–). Multiple options must be separated by at least one space. Table A-1 lists the com- plete set of command-line options. The command-line options are case sensitive. Table A-1 ML Command-Line Options. Option Action /AT Enables tiny-memory-model support. Enables error messages for code constructs that violate the requirements for .COM format files. Note that this is not equivalent to the .MODEL TINY directive. /Blfilename Selects an alternate linker. /c Assembles only. Does not link. /coff Generates an object file in Microsoft Common Object File Format. /Cp Preserves case of all user identifiers. /Cu Maps all identifiers to uppercase. /Cx Preserves case in public and external symbols (default). /Dsymbol [ [=value]] Defines a text macro with the given name. If value is missing, it is blank. Multiple tokens separated by spaces must be enclosed in quotation marks. /EP Generates a preprocessed source listing (sent to STDOUT). See /Sf. /Fhexnum Sets stack size to hexnum bytes (this is the same as /link /STACK:number). The value must be expressed in hexadecimal notation. There must be a space between /F and hexnum. /Fefilename Names the executable file. /Fl[[ filename]] Generates an assembled code listing. See /Sf. /Fm[[filename]] Creates a linker .MAP file. /Fofilename Names an object file.

A.4 Microsoft Assembler (ML) 601 Table A-1 (Continued) Option Action /FPi Generates emulator fixups for floating-point arithmetic (mixed-language only). /Fr[[filename]] Generates a Source Browser .SBR file. /FR[[filename]] Generates an extended form of a Source Browser .SBR file. /Gc Specifies use of FORTRAN- or Pascal-style function calling and naming conventions. /Gd Specifies use of C-style function calling and naming conventions. /Gz Use STDCALL calling connections. /H number Restricts external names to number significant characters. The default is 31 characters. /help Calls QuickHelp for help on ML. /I pathname Sets path for include file. A maximum of 10 /I options is allowed. /link Linker options and libraries. /nologo Suppresses messages for successful assembly. /omf Generate an OMF (Microsoft Object Module Format) file. This format is required by the older 16-bit Microsoft Linker (LINK16.EXE). /Sa Turns on listing of all available information. /Sc Adds instruction timings to listing file. /Sf Adds first-pass listing to listing file. /Sg Causes MASM-generated assembly code to appear in the source listing file. Use this, for example, if you want to see how .IF and .ELSE directives work. /Sl width Sets the line width of source listing in characters per line. Range is 60 to 255 or 0. Default is 0. Same as PAGE width. /Sn Turns off symbol table when producing a listing. /Sp length Sets the page length of source listing in lines per page. Range is 10 to 255 or 0. Default is 0. Same as PAGE length. /Ss text Specifies text for source listing. Same as SUBTITLE text. /St text Specifies title for source listing. Same as TITLE text. /Sx Turns on false conditionals in listing. /Ta filename Assembles source file whose name does not end with the .ASM extension. /w Same as /W0. /Wlevel Sets the warning level, where level = 0, 1, 2, or 3. /WX Returns an error code if warnings are generated. /X Ignore INCLUDE Environment path. /Zd Generates line-number information in object file. /Zf Makes all symbols public.

602 Appendix A • MASM Reference Table A-1 (Continued) Option Action /Zi Generates CodeView information in object file. /Zm Enables M510 option for maximum compatibility with MASM 5.1. /Zp[[alignment]] Packs structures on the specified byte boundary. The alignment may be 1, 2, or 4. /Zs Performs a syntax check only. /? Displays a summary of ML command-line syntax. /error Report Report internal assembler errors to Microsoft. A.5 MASM Directives name  expression Assigns the numeric value of expression to name. The symbol may be redefined later. .186 Enables assembly of instructions for the 80186 processor; disables assembly of instructions introduced with later processors. Also enables 8087 instructions. .286 Enables assembly of nonprivileged instructions for the 80286 processor; disables assembly of instructions introduced with later processors. Also enables 80287 instructions. .286P Enables assembly of all instructions (including privileged) for the 80286 processor; disables assembly of instructions introduced with later processors. Also enables 80287 instructions. .287 Enables assembly of instructions for the 80287 coprocessor; disables assembly of instruc- tions introduced with later coprocessors. .386 Enables assembly of nonprivileged instructions for the 80386 processor; disables assembly of instructions introduced with later processors. Also enables 80387 instructions. .386P Enables assembly of all instructions (including privileged) for the 80386 processor; disables assembly of instructions introduced with later processors. Also enables 80387 instructions. .387 Enables assembly of instructions for the 80387 coprocessor. .486 Enables assembly of nonprivileged instructions for the 80486 processor. .486P Enables assembly of all instructions (including privileged) for the 80486 processor. .586 Enables assembly of nonprivileged instructions for the Pentium processor.

A.5 MASM Directives 603 .586P Enables assembly of all instructions (including privileged) for the Pentium processor. .686 Enables assembly of nonprivileged instructions for the Pentium Pro processor. .686P Enables assembly of all instructions (including privileged) for the Pentium Pro processor. .8086 Enables assembly of 8086 instructions (and the identical 8088 instructions); disables assem- bly of instructions introduced with later processors. Also enables 8087 instructions. This is the default mode for processors. .8087 Enables assembly of 8087 instructions; disables assembly of instructions introduced with later coprocessors. This is the default mode for coprocessors. ALIAS <alias>  <actual-name> Maps an old function name to a new name. Alias is the alternate or alias name, and actual- name is the actual name of the function or procedure. The angle brackets are required. The ALIAS directive can be used for creating libraries that allow the linker (LINK) to map an old function to a new function. ALIGN [[ number ]] Aligns the next variable or instruction on a byte that is a multiple of number. .ALPHA Orders segments alphabetically. ASSUME segregister:name [[ , segregister:name ]]. . . ASSUME dataregister:type [[ , dataregister:type ]]. . . ASSUME register:ERROR [[ , register:ERROR ]]. . . ASSUME [[ register: ]] NOTHING [[ , register:NOTHING ]]. . . Enables error-checking for register values. After an ASSUME is put into effect, the assem- bler watches for changes to the values of the given registers. ERROR generates an error if the register is used. NOTHING removes register error-checking. You can combine different kinds of assumptions in one statement. .BREAK [[ .IF condition ]] Generates code to terminate a .WHILE or .REPEAT block if condition is true. [[ name ]] BYTE initializer [[ , initializer ]] . . . Allocates and optionally initializes a byte of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. name CATSTR [[ textitem1 [[ , textitem2 ]] . . . ]] Concatenates text items. Each text item can be a literal string, a constant preceded by a %, or the string returned by a macro function. .CODE [[ name ]] When used with .MODEL, indicates the start of a code segment called name (the default segment name is _TEXT for tiny, small, compact, and flat models, or module_TEXT for other models).

604 Appendix A • MASM Reference COMM definition [[ , definition ]] . . . Creates a communal variable with the attributes specified in definition. Each definition has the following form: [[ langtype ]] [[ NEAR | FAR ]] label:type[[ :count ]] The label is the name of the variable. The type can be any type specifier (BYTE, WORD, and so on) or an integer specifying the number of bytes. The count specifies the number of data objects (one is the default). COMMENT delimiter [[ text ]] [[ text ]] [[ text ]] delimiter [[ text ]] Treats all text between or on the same line as the delimiters as a comment. .CONST When used with .MODEL, starts a constant data segment (with segment name CONST). This segment has the read-only attribute. .CONTINUE [[ .IF condition ]] Generates code to jump to the top of a .WHILE or .REPEAT block if condition is true. .CREF Enables listing of symbols in the symbol portion of the symbol table and browser file. .DATA When used with .MODEL, starts a near data segment for initialized data (segment name _DATA). .DATA? When used with .MODEL, starts a near data segment for uninitialized data (segment name _BSS). .DOSSEG Orders the segments according to the MS-DOS segment convention: CODE first, then segments not in DGROUP, and then segments in DGROUP. The segments in DGROUP follow this order: segments not in BSS or STACK, then BSS segments, and finally STACK segments. Primarily used for ensuring CodeView support in MASM stand-alone programs. Same as DOSSEG. DOSSEG Identical to .DOSSEG, which is the preferred form. DB Can be used to define data like BYTE. DD Can be used to define data like DWORD. DF Can be used to define data like FWORD. DQ Can be used to define data like QWORD.

A.5 MASM Directives 605 DT Can be used to define data like TBYTE. DW Can be used to define data like WORD. [[ name ]] DWORD initializer [[ , initializer ]]. . . Allocates and optionally initializes a doubleword (4 bytes) of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. ECHO message Displays message to the standard output device (by default, the screen). Same as %OUT. .ELSE See .IF. ELSE Marks the beginning of an alternate block within a conditional block. See IF. ELSEIF Combines ELSE and IF into one statement. See IF. ELSEIF2 ELSEIF block evaluated on every assembly pass if OPTION:SETIF2 is TRUE. END [[ address ]] Marks the end of a module and, optionally, sets the program entry point to address. .ENDIF See .IF. ENDIF See IF. ENDM Terminates a macro or repeat block. See MACRO, FOR, FORC, REPEAT, or WHILE. name ENDP Marks the end of procedure name previously begun with PROC. See PROC. name ENDS Marks the end of segment, structure, or union name previously begun with SEGMENT, STRUCT, UNION, or a simplified segment directive. .ENDW See .WHILE. name EQU expression Assigns numeric value of expression to name. The name cannot be redefined later. name EQU <text> Assigns specified text to name. The name can be assigned a different text later. See TEXTEQU. .ERR [[ message ]] Generates an error.

606 Appendix A • MASM Reference .ERR2 [[ message ]] .ERR block evaluated on every assembly pass if OPTION:SETIF2 is TRUE. .ERRB <textitem> [[ , message ]] Generates an error if textitem is blank. .ERRDEF name [[ , message ]] Generates an error if name is a previously defined label, variable, or symbol. .ERRDIF[[ I ]] <textitem1>, <textitem2> [[ , message ]] Generates an error if the text items are different. If I is given, the comparison is case insensitive. .ERRE expression [[ , message ]] Generates an error if expression is false (0). .ERRIDN[[ I ]] <textitem1>, <textitem2> [[ , message ]] Generates an error if the text items are identical. If I is given, the comparison is case insensitive. .ERRNB <textitem> [[ , message ]] Generates an error if textitem is not blank. .ERRNDEF name [[ , message ]] Generates an error if name has not been defined. .ERRNZ expression [[ , message ]] Generates an error if expression is true (nonzero). EVEN Aligns the next variable or instruction on an even byte. .EXIT [[ expression ]] Generates termination code. Returns optional expression to shell. EXITM [[ textitem ]] Terminates expansion of the current repeat or macro block and begins assembly of the next statement outside the block. In a macro function, textitem is the value returned. EXTERN [[ langtype ]] name [[ (altid) ]] :type [[ , [[ langtype ]] name [[ (altid) ]] :type ]]. . . Defines one or more external variables, labels, or symbols called name whose type is type. The type can be ABS, which imports name as a constant. Same as EXTRN. EXTERNDEF [[ langtype ]] name:type [[ , [[ langtype ]] name:type ]]. . . Defines one or more external variables, labels, or symbols called name whose type is type. If name is defined in the module, it is treated as PUBLIC. If name is referenced in the module, it is treated as EXTERN. If name is not referenced, it is ignored. The type can be ABS, which imports name as a constant. Normally used in include files. EXTRN See EXTERN. .FARDATA [[ name ]] When used with .MODEL, starts a far data segment for initialized data (segment name FAR_DATA or name).

A.5 MASM Directives 607 .FARDATA? [[ name ]] When used with .MODEL, starts a far data segment for uninitialized data (segment name FAR_BSS or name). FOR parameter [[ :REQ | :=default ]] , <argument [[ , argument ]]. . . > statements ENDM Marks a block that will be repeated once for each argument, with the current argument replacing parameter on each repetition. Same as IRP. FORC parameter, <string> statements ENDM Marks a block that will be repeated once for each character in string, with the current char- acter replacing parameter on each repetition. Same as IRPC. [[ name ]] FWORD initializer [[ , initializer ]]. . . Allocates and optionally initializes 6 bytes of storage for each initializer. Also can be used as a type specifier anywhere a type is legal. GOTO macrolabel Transfers assembly to the line marked :macrolabel. GOTO is permitted only inside MACRO, FOR, FORC, REPEAT, and WHILE blocks. The label must be the only directive on the line and must be preceded by a leading colon. name GROUP segment [[ , segment ]]. . . Add the specified segments to the group called name. This directive has no effect when used in 32- bit flat-model programming, and will result in error when used with the /coff command-line option. .IF condition1 statements [[ .ELSEIF condition2 statements ]] [[ .ELSE statements ]] .ENDIF Generates code that tests condition1 (for example, AX > 7) and executes the statements if that condition is true. If an .ELSE follows, its statements are executed if the original con- dition was false. Note that the conditions are evaluated at runtime. IF expression1 ifstatements [[ ELSEIF expression2 elseifstatements ]] [[ ELSE elsestatements ]] ENDIF Grants assembly of ifstatements if expression1 is true (nonzero) or elseifstatements if expression1 is false (0) and expression2 is true. The following directives may be substituted for ELSEIF:

608 Appendix A • MASM Reference ELSEIFB, ELSEIFDEF, ELSEIFDIF, ELSEIFDIFI, ELSEIFE, ELSEIFIDN, ELSE- IFIDNI, ELSEIFNB, and ELSEIFNDEF. Optionally, assembles elsestatements if the previous expression is false. Note that the expressions are evaluated at assembly time. IF2 expression IF block is evaluated on every assembly pass if OPTION:SETIF2 is TRUE. See IF for complete syntax. IFB textitem Grants assembly if textitem is blank. See IF for complete syntax. IFDEF name Grants assembly if name is a previously defined label, variable, or symbol. See IF for com- plete syntax. IFDIF[[ I ]] textitem1, textitem2 Grants assembly if the text items are different. If I is given, the comparison is case insensi- tive. See IF for complete syntax. IFE expression Grants assembly if expression is false (0). See IF for complete syntax. IFIDN[[ I ]] textitem1, textitem2 Grants assembly if the text items are identical. If I is given, the comparison is case insensi- tive. See IF for complete syntax. IFNB textitem Grants assembly if textitem is not blank. See IF for complete syntax. IFNDEF name Grants assembly if name has not been defined. See IF for complete syntax. INCLUDE filename Inserts source code from the source file given by filename into the current source file during assembly. The filename must be enclosed in angle brackets if it includes a backslash, semico- lon, greater-than symbol, less-than symbol, single quotation mark, or double quotation mark. INCLUDELIB libraryname Informs the linker that the current module should be linked with libraryname. The libraryname must be enclosed in angle brackets if it includes a backslash, semicolon, greater- than symbol, less-than symbol, single quotation mark, or double quotation mark. name INSTR [[ position, ]] textitem1, textitem2 Finds the first occurrence of textitem2 in textitem1. The starting position is optional. Each text item can be a literal string, a constant preceded by a %, or the string returned by a macro function. INVOKE expression [[ , arguments ]] Calls the procedure at the address given by expression, passing the arguments on the stack or in registers according to the standard calling conventions of the language type. Each argu- ment passed to the procedure may be an expression, a register pair, or an address expression (an expression preceded by ADDR).

A.5 MASM Directives 609 IRP See FOR. IRPC See FORC. name LABEL type Creates a new label by assigning the current location-counter value and the given type to name. name LABEL [[ NEAR | FAR | PROC ]] PTR [[ type ]] Creates a new label by assigning the current location-counter value and the given type to name. .K3D Enables assembly of K3D instructions. .LALL See .LISTMACROALL. .LFCOND See .LISTIF. .LIST Starts listing of statements. This is the default. .LISTALL Starts listing of all statements. Equivalent to the combination of .LIST, .LISTIF, and .LIST- MACROALL. .LISTIF Starts listing of statements in false conditional blocks. Same as .LFCOND. .LISTMACRO Starts listing of macro expansion statements that generate code or data. This is the default. Same as .XALL. .LISTMACROALL Starts listing of all statements in macros. Same as .LALL. LOCAL localname [[ , localname ]]. . . Within a macro, LOCAL defines labels that are unique to each instance of the macro. LOCAL label [[ [count ] ]] [[ :type ]] [[ , label [[ [count] ]] [[ type ]] ]]. . . Within a procedure definition (PROC), LOCAL creates stack-based variables that exist for the duration of the procedure. The label may be a simple variable or an array containing count elements. name MACRO [[ parameter [[ :REQ | :=default | :VARARG ]] ]]. . . statements ENDM [[ value ]] Marks a macro block called name and establishes parameter placeholders for arguments passed when the macro is called. A macro function returns value to the calling statement. .MMX Enables assembly of MMX instructions.

610 Appendix A • MASM Reference .MODEL memorymodel [[ , langtype ]] [[ , stackoption ]] Initializes the program memory model. The memorymodel can be TINY, SMALL, COMPACT, MEDIUM, LARGE, HUGE, or FLAT. The langtype can be C, BASIC, FORTRAN, PASCAL, SYSCALL, or STDCALL. The stackoption can be NEARSTACK or FARSTACK. NAME modulename Ignored. .NO87 Disallows assembly of all floating-point instructions. .NOCREF [[ name[[ , name ]]. . . ]] Suppresses listing of symbols in the symbol table and browser file. If names are specified, only the given names are suppressed. Same as .XCREF. .NOLIST Suppresses program listing. Same as .XLIST. .NOLISTIF Suppresses listing of conditional blocks whose condition evaluates to false (0). This is the default. Same as .SFCOND. .NOLISTMACRO Suppresses listing of macro expansions. Same as .SALL. OPTION optionlist Enables and disables features of the assembler. Available options include CASEMAP, DOTNAME, NODOTNAME, EMULATOR, NOEMULATOR, EPILOGUE, EXPR16, EXPR32, LAN- GUAGE, LJMP, NOLJMP, M510, NOM510, NOKEYWORD, NOSIGNEXTEND, OFFSET, OLDMACROS, NOOLDMACROS, OLDSTRUCTS, NOOLDSTRUCTS, PROC, PRO- LOGUE, READONLY, NOREADONLY, SCOPED, NOSCOPED, SEGMENT, and SETIF2. ORG expression Sets the location counter to expression. %OUT See ECHO. [[ name ]] OWORD initializer [[ , initializer ]]. . . Allocates and optionally initializes an octalword (16 bytes) of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. This data type is used primarily by Streaming SIMD instructions; it holds an array of four 4-byte reals. PAGE [[ [[ length ]], width ]] Sets line length and character width of the program listing. If no arguments are given, gener- ates a page break. PAGE + Increments the section number and resets the page number to 1. POPCONTEXT context Restores part or all of the current context (saved by the PUSHCONTEXT directive). The context can be ASSUMES, RADIX, LISTING, CPU, or ALL.

A.5 MASM Directives 611 label PROC [[ distance ]] [[ langtype ]] [[ visibility ]] [[ <prologuearg> ]] [[ USES reglist ]] [[ , parameter [[ :tag ]] ]]. . . statements label ENDP Marks start and end of a procedure block called label. The statements in the block can be called with the CALL instruction or INVOKE directive. label PROTO [[ distance ]] [[ langtype ]] [[ , [[ parameter ]]:tag ]]. . . Prototypes a function. PUBLIC [[ langtype ]] name [[ , [[ langtype ]] name ]]. . . Makes each variable, label, or absolute symbol specified as name available to all other mod- ules in the program. PURGE macroname [[ , macroname ]]. . . Deletes the specified macros from memory. PUSHCONTEXT context Saves part or all of the current context: segment register assumes, radix value, listing and cref flags, or processor/coprocessor values. The context can be ASSUMES, RADIX, LISTING, CPU, or ALL. [[ name ]] QWORD initializer [[ , initializer ]]. . . Allocates and optionally initializes 8 bytes of storage for each initializer. Also can be used as a type specifier anywhere a type is legal. .RADIX expression Sets the default radix, in the range 2 to 16, to the value of expression. name REAL4 initializer [[ , initializer ]]. . . Allocates and optionally initializes a single-precision (4-byte) floating-point number for each initializer. name REAL8 initializer [[ , initializer ]]. . . Allocates and optionally initializes a double-precision (8-byte) floating-point number for each initializer. name REAL10 initializer [[ , initializer ]]. . . Allocates and optionally initializes a 10-byte floating-point number for each initializer. recordname RECORD fieldname:width [[ = expression ]] [[ , fieldname:width [[ = expression ]] ]]. . . Declares a record type consisting of the specified fields. The fieldname names the field, width specifies the number of bits, and expression gives its initial value. .REPEAT statements .UNTIL condition Generates code that repeats execution of the block of statements until condition becomes true. .UNTILCXZ, which becomes true when CX is zero, may be substituted for .UNTIL. The condition is optional with .UNTILCXZ.

612 Appendix A • MASM Reference REPEAT expression statements ENDM Marks a block that is to be repeated expression times. Same as REPT. REPT See REPEAT. .SALL See .NOLISTMACRO. name SBYTE initializer [[ , initializer ]]. . . Allocates and optionally initializes a signed byte of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. name SDWORD initializer [[ , initializer ]]. . . Allocates and optionally initializes a signed doubleword (4 bytes) of storage for each initial- izer. Also can be used as a type specifier anywhere a type is legal. name SEGMENT [[ READONLY ]] [[ align ]] [[ combine ]] [[ use ]] [[ ‘class’ ]] statements name ENDS Defines a program segment called name having segment attributes align (BYTE, WORD, DWORD, PARA, PAGE), combine (PUBLIC, STACK, COMMON, MEMORY, AT address, PRIVATE), use (USE16, USE32, FLAT), and class. .SEQ Orders segments sequentially (the default order). .SFCOND See .NOLISTIF. name SIZESTR textitem Finds the size of a text item. .STACK [[ size ]] When used with .MODEL, defines a stack segment (with segment name STACK). The optional size specifies the number of bytes for the stack (default 1024). The .STACK direc- tive automatically closes the stack statement. .STARTUP Generates program startup code. STRUC See STRUCT. name STRUCT [[ alignment ]] [[ , NONUNIQUE ]] fielddeclarations name ENDS Declares a structure type having the specified fielddeclarations. Each field must be a valid data definition. Same as STRUC. name SUBSTR textitem, position [[ , length ]] Returns a substring of textitem, starting at position. The textitem can be a literal string, a con- stant preceded by a %, or the string returned by a macro function.

A.5 MASM Directives 613 SUBTITLE text Defines the listing subtitle. Same as SUBTTL. SUBTTL See SUBTITLE. name SWORD initializer [[ , initializer ]]. . . Allocates and optionally initializes a signed word (2 bytes) of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. [[ name ]] TBYTE initializer [[ , initializer ]]. . . Allocates and optionally initializes 10 bytes of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. name TEXTEQU [[ textitem ]] Assigns textitem to name. The textitem can be a literal string, a constant preceded by a %, or the string returned by a macro function. .TFCOND Toggles listing of false conditional blocks. TITLE text Defines the program listing title. name TYPEDEF type Defines a new type called name, which is equivalent to type. name UNION [[ alignment ]] [[ , NONUNIQUE ]] fielddeclarations [[ name ]] ENDS Declares a union of one or more data types. The fielddeclarations must be valid data defini- tions. Omit the ENDS name label on nested UNION definitions. .UNTIL See .REPEAT. .UNTILCXZ See .REPEAT. .WHILE condition statements .ENDW Generates code that executes the block of statements while condition remains true. WHILE expression statements ENDM Repeats assembly of block statements as long as expression remains true. [[ name ]] WORD initializer [[ , initializer ]]. . . Allocates and optionally initializes a word (2 bytes) of storage for each initializer. Can also be used as a type specifier anywhere a type is legal. .XALL See .LISTMACRO.

614 Appendix A • MASM Reference .XCREF See .NOCREF. .XLIST See .NOLIST. .XMM Enables assembly of Internet Streaming SIMD Extension instructions. A.6 Symbols $ The current value of the location counter. ? In data declarations, a value that the assembler allocates but does not initialize. @@: Defines a code label recognizable only between label1 and label2, where label1 is either start of code or the previous @@: label, and label2 is either end of code or the next @@: label. See @B and @F. @B The location of the previous @@: label. @CatStr( string1 [[, string2. . . ]] ) Macro function that concatenates one or more strings. Returns a string. @code The name of the code segment (text macro). @CodeSize 0 for TINY, SMALL, COMPACT, and FLAT models, and 1 for MEDIUM, LARGE, and HUGE models (numeric equate). @Cpu A bit mask specifying the processor mode (numeric equate). @CurSeg The name of the current segment (text macro). @data The name of the default data group. Evaluates to DGROUP for all models except FLAT. Evaluates to FLAT under the FLAT memory model (text macro). @DataSize 0 for TINY, SMALL, MEDIUM, and FLAT models, 1 for COMPACT and LARGE mod- els, and 2 for HUGE model (numeric equate). @Date The system date in the format mm/dd/yy (text macro). @Environ( envvar ) Value of environment variable envvar (macro function).

A.7 Operators 615 @F The location of the next @@: label. @fardata The name of the segment defined by the .FARDATA directive (text macro). @fardata? The name of the segment defined by the .FARDATA? directive (text macro). @FileCur The name of the current file (text macro). @FileName The base name of the main file being assembled (text macro). @InStr( [[ position ]], string1, string2 ) Macro function that finds the first occurrence of string2 in string1, beginning at position within string1. If position does not appear, search begins at start of string1. Returns a position integer or 0 if string2 is not found. @Interface Information about the language parameters (numeric equate). @Line The source line number in the current file (numeric equate). @Model 1 for TINY model, 2 for SMALL model, 3 for COMPACT model, 4 for MEDIUM model, 5 for LARGE model, 6 for HUGE model, and 7 for FLAT model (numeric equate). @SizeStr( string ) Macro function that returns the length of the given string. Returns an integer. @stack DGROUP for near stacks or STACK for far stacks (text macro). @SubStr( string, position [[, length ]] ) Macro function that returns a substring starting at position. @Time The system time in 24-hour hh:mm:ss format (text macro). @Version 610 in MASM 6.1 (text macro). @WordSize Two for a 16-bit segment or 4 for a 32-bit segment (numeric equate). A.7 Operators expression1  expression2 Returns expression1 plus expression2. expression1  expression2 Returns expression1 minus expression2.

616 Appendix A • MASM Reference expression1 expression2 * Returns expression1 times expression2. expression1 / expression2 Returns expression1 divided by expression2. –expression Reverses the sign of expression. expression1 [expression2] Returns expression1 plus [expression2]. segment: expression Overrides the default segment of expression with segment. The segment can be a segment reg- ister, group name, segment name, or segment expression. The expression must be a constant. expression. field [[ . field ]] . . . Returns expression plus the offset of field within its structure or union. [register]. field [[ . field ]] . . . Returns value at the location pointed to by register plus the offset of field within its structure or union. <text> Treats text as a single literal element. “text” Treats “text” as a string. ‘text’ Treats ‘text’ as a string. !character Treats character as a literal character rather than as an operator or symbol. ;text Treats text as a comment. ;;text Treats text as a comment in a macro that appears only in the macro definition. The listing does not show text where the macro is expanded. %expression Treats the value of expression in a macro argument as text. &parameter& Replaces parameter with its corresponding argument value. ABS See the EXTERNDEF directive. ADDR See the INVOKE directive. expression1 AND expression2 Returns the result of a bitwise AND operation for expression1 and expression2.

A.7 Operators 617 count DUP (initialvalue [[ , initialvalue ]] . . . ) Specifies count number of declarations of initialvalue. expression1 EQ expression2 Returns true (1) if expression1 equals expression2 and returns false (0) if it does not. expression1 GE expression2 Returns true (1) if expression1 is greater than or equal to expression2 and returns false (0) if it is not. expression1 GT expression2 Returns true (1) if expression1 is greater than expression2 and returns false (0) if it is not. HIGH expression Returns the high byte of expression. HIGHWORD expression Returns the high word of expression. expression1 LE expression2 Returns true (1) if expression1 is less than or equal to expression2 and returns false (0) if it is not. LENGTH variable Returns the number of data items in variable created by the first initializer. LENGTHOF variable Returns the number of data objects in variable. LOW expression Returns the low byte of expression. LOWWORD expression Returns the low word of expression. LROFFSET expression Returns the offset of expression. Same as OFFSET, but it generates a loader resolved offset, which allows Windows to relocate code segments. expression1 LT expression2 Returns true (1) if expression1 is less than expression2 and returns false (0) if it is not. MASK { recordfieldname | record } Returns a bit mask in which the bits in recordfieldname or record are set and all other bits are cleared. expression1 MOD expression2 Returns the integer value of the remainder (modulo) when dividing expression1 by expression2. expression1 NE expression2 Returns true (1) if expression1 does not equal expression2 and returns false (0) if it does. NOT expression Returns expression with all bits reversed.

618 Appendix A • MASM Reference OFFSET expression Returns the offset of expression. OPATTR expression Returns a word defining the mode and scope of expression. The low byte is identical to the byte returned by .TYPE. The high byte contains additional information. expression1 OR expression2 Returns the result of a bitwise OR operation for expression1 and expression2. type PTR expression Forces the expression to be treated as having the specified type. [[ distance ]] PTR type Specifies a pointer to type. SEG expression Returns the segment of expression. expression SHL count Returns the result of shifting the bits of expression left count number of bits. SHORT label Sets the type of label to short. All jumps to label must be short (within the range –128 to +127 bytes from the jump instruction to label). expression SHR count Returns the result of shifting the bits of expression right count number of bits. SIZE variable Returns the number of bytes in variable allocated by the first initializer. SIZEOF {variable | type} Returns the number of bytes in variable or type. THIS type Returns an operand of specified type whose offset and segment values are equal to the current location-counter value. .TYPE expression See OPATTR. TYPE expression Returns the type of expression. WIDTH {recordfieldname | record} Returns the width in bits of the current recordfieldname or record. expression1 XOR expression2 Returns the result of a bitwise XOR operation for expression1 and expression2. A.8 Runtime Operators The following operators are used only within .IF, .WHILE, or .REPEAT blocks and are evalu- ated at runtime, not at assembly time: expression1  expression2 Is equal to.

A.8 Runtime Operators 619 expression1 ! expression2 Is not equal to. expression1  expression2 Is greater than. expression1  expression2 Is greater than or equal to. expression1  expression2 Is less than. expression1  expression2 Is less than or equal to. expression1 || expression2 Logical OR. expression1 && expression2 Logical AND. expression1 & expression2 Bitwise AND. !expression Logical negation. CARRY? Status of Carry flag. OVERFLOW? Status of Overflow flag. PARITY? Status of Parity flag. SIGN? Status of Sign flag. ZERO? Status of Zero flag.

B The x86 Instruction Set B.1 Introduction B.1.1 Flags B.1.2 Instruction Descriptions and Formats B.2 Instruction Set Details (Non Floating-Point) B.3 Floating-Point Instructions B.1 Introduction This appendix is a quick guide to the most commonly used x86 instructions. It does not cover sys- tem-mode instructions or instructions typically used only in operating system kernel code or protected-mode device drivers. B.1.1 Flags (EFlags) Each instruction description contains a series of boxes that describe how the instruction will affect the CPU status flags. Each flag is identified by a single letter: O Overflow S Sign P Parity D Direction Z Zero C Carry I Interrupt A Auxiliary Carry Inside the boxes, the following notation shows how each instruction will affect the flags: 1 Sets the flag. 0 Clears the flag. ? May change the flag to an undetermined value. (blank) The flag is not changed. * Changes the flag according to specific rules associated with the flag. 620

B.1 Introduction 621 For example, the following diagram of the CPU flags is taken from one of the instruction descriptions: OD I S Z AP C ? ? ? * ? * From the diagram, we see that the Overflow, Sign, Zero, and Parity flags will be changed to unknown values. The Auxiliary Carry and Carry flags will be modified according to rules associ- ated with the flags. The Direction and Interrupt flags will not be changed. B.1.2 Instruction Descriptions and Formats When a reference to source and destination operands is made, we use the natural order of oper- ands in all x86 instructions, in which the first operand is the destination and the second is the source. In the MOV instruction, for example, the destination will be assigned a copy of the data in the source operand: MOV destination, source There may be several formats available for a single instruction. Table B-1 contains a list of symbols used in instruction formats. In the descriptions of individual instructions, we use the notation “x86” to indicate that an instruction or one of its variants is only available on processors in the 32-bit x86 family (Intel386 onward). Similarly, the notation “(80286)” indicates that at least an Intel 80286 processor must be used. Register notations such as (E)CX, (E)SI, (E)DI, (E)SP, (E)BP, and (E)IP differentiate between x86 processors that use the 32-bit registers and all earlier processors that used 16-bit registers. Table B-1 Symbols Used in Instruction Formats. Symbol Description reg An 8-, 16-, or 32-bit general register from the following list: AH, AL, BH, BL, CH, CL, DH, DL, AX, BX, CX, DX, SI, DI, BP, SP, EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP. reg8, reg16, reg32 A general register, identified by its number of bits. segreg A 16-bit segment register (CS, DS, ES, SS, FS, GS). accum AL, AX, or EAX. mem A memory operand, using any of the standard memory-addressing modes. mem8, mem16, mem32 A memory operand, identified by its number of bits. shortlabel A location in the code segment within 128 to 127 bytes of the current location. nearlabel A location in the current code segment, identified by a label. farlabel A location in an external code segment, identified by a label.