Instructions
x86-64ADD / SUB
ADD computes the sum and SUB the difference of two operands, storing the result and updating all arithmetic flags.
ADD and SUB are the fundamental arithmetic instructions. Both modify
ZF, CF, SF, OF, PF, and AF.
Syntax
add rax, rbx ; rax += rbx
add rax, 8 ; rax += 8 (immediate)
add [rsp+0x10], 1 ; increment memory operand directly
sub rsp, 0x30 ; allocate 48 bytes on the stack (prologue pattern)
sub rax, rcx ; rax -= rcxFlags set (both instructions)
| Flag | Set when |
|---|---|
| ZF | Result is zero |
| CF | Unsigned overflow (carry out / borrow) |
| SF | Result is negative (MSB=1) |
| OF | Signed overflow |
| PF | Parity of low byte |
Common compiler patterns
| Pattern | Interpretation |
|---|---|
sub rsp, N | Stack frame allocation in function prologue |
add rsp, N | Stack frame teardown or callee-cleans-up |
add rax, 1 | Increment (also seen as inc rax) |
sub rax, 1 | Decrement (also seen as dec rax) |
add rdi, rdx | Pointer arithmetic: advance by rdx bytes |
Reverse-engineering notes
sub rsp, 0x?8in a prologue allocates a local variable area (and often ensures 16-byte alignment before the nextcall).- Compilers sometimes emit
add rsp, Nmid-function to clean up temporary stack allocations made for variadic calls. add/subwith immediate −1 on anrdxloop counter will set ZF when the counter reaches zero, enabling ajnz loop_topwithout a separatecmp.- ADC (add-with-carry) and SBB (subtract-with-borrow) extend addition/subtraction across multiple words — common in big-integer and cryptographic code.
Try it — Virtual CPU
open full playground →- 1 mov eax, 10
- 2 add eax, 5
- 3 sub eax, 20
- 4 add eax, 5
- 5 cmp eax, 0
- 6
step 0
▸ Loading emulator…