Sunday, 8 November 2009

Secret Opcodes of the 8 Bit Processors

secret opcodes
Undocumented instructions were common on early processors. A few would crash the computer (HCF - halt and catch fire) while others had strange but occasionally useful behaviour. Any self-respecting programmer would make use of these to squeeze out the last few cycles of performance.

The effect of undocumented opcodes would vary between different versions of some processors, no doubt leading to the classic excuse “it worked on my machine”. Here are a few examples I've found useful.

Secrets of the Z80


Zilog's Z80 was used in a number of popular 8 bit computers including the Sinclair Spectrum, Amstrad CPC, TRS-80 and MSX. There are a number of undocumented opcodes with the CB, DD, ED and FD prefix.
  • CB30-CB37 - SLL reg shifts a register left, setting bit 0.
  • DD - when used as a prefix to instructions which use H or L, either the high or low 8 bits of IX are used.
  • FD - as DD, but the high or low 8 bits of IY will be used.
  • ED70 - IN (C) reads from i/o port C, setting the flags and discarding the result.
  • ED71 - OUT (C),0 outputs a zero to port C.

Secrets of the 8086/8088


Intel's 8088 was used in the original IBM PC and has spawned an entire family of processors.
  • D6 - SALC sets the AL register to either 00 or FF depending on the carry flag. SALC was finally documented with the introduction of the Pentium Pro 27 years later.
  • 0F - POP CS pops the CS register from the stack. Only works on 8086 processors.
  • 0F05 - LOADALL loads all registers from memory location 0800. Only works on 80286 processors.
Which processors have you programmed and did you find any undocumented opcodes useful?

1 comment:

  1. That reminds me of the 2010 CCC (Chaos Communication Congress), 27C3, presentation "Reverse engineering the MOS 6502 CPU" by Michael Steil. (Later than this blog post.)

    51 min 56 secs. https://www.youtube.com/watch?v=uP1gWg5ezyY https://events.ccc.de/congress/2010/Fahrplan/events/4159.en.html


    19 min 50 secs: Undocumented op codes

    31 min 45 secs: Simulator in JavaScript!

    44 min 45 secs: Illegal op codes

    49 min 50 secs: Z80


    ReplyDelete

Note: only a member of this blog may post a comment.