Instructions
x86-64String Operations (MOVS / STOS / LODS / SCAS / REP)
x86 string instructions operate on data pointed to by RSI/RDI and are typically combined with REP prefixes to implement bulk memory copy, fill, and scan.
x86-64 string instructions implicitly use RSI (source), RDI (destination),
and RCX (count). After each operation they auto-increment or auto-decrement
RSI/RDI by the operand size, depending on the direction flag (DF):
DF=0 → increment (normal); DF=1 → decrement (reverse).
Instruction table
| Mnemonic | Operation | Uses |
|---|---|---|
MOVSB/W/D/Q | [RDI] ← [RSI]; advance both | memcpy |
STOSB/W/D/Q | [RDI] ← AL/AX/EAX/RAX; advance RDI | memset |
LODSB/W/D/Q | AL/AX/EAX/RAX ← [RSI]; advance RSI | Read loop |
SCASB/W/D/Q | flags ← AL/… − [RDI]; advance RDI | memchr / strlen |
CMPSB/W/D/Q | flags ← [RSI] − [RDI]; advance both | memcmp |
REP prefix variants
| Prefix | Repeat until |
|---|---|
REP | RCX == 0 |
REPE / REPZ | RCX == 0 or ZF == 0 |
REPNE / REPNZ | RCX == 0 or ZF == 1 |
; memset(rdi, 0, rcx) equivalent
xor eax, eax
rep stosb ; store AL (0) into [RDI] RCX times
; memcpy(rdi, rsi, rcx) equivalent
rep movsb ; copy RCX bytes from [RSI] to [RDI]
; strlen idiom
xor eax, eax
mov rcx, -1
repne scasb ; scan [RDI] for AL (0) while RCX != 0 and ZF==0
not rcx
dec rcx ; rcx = lengthReverse-engineering notes
rep movsb/rep stosd/rep stosqin compiled code are the direct output of inlinedmemcpy/memset— decompilers usually reconstruct the intrinsic call.- The direction flag (DF) is normally 0 (cleared by
CLD). If you see aSTDinstruction setting DF=1 before a string op, data is being processed backwards — rare in normal code but used in overlapping-buffer memmove. repne scasbwithrax = 0is the canonical compiledstrlen; count recovery needs thenot rcx; dec rcxepilogue.- Some optimised libc
memcpyimplementations avoidrep movsband use SSE/AVX moves instead;rep movsbre-emerged as competitive on modern CPUs with the Enhanced REP MOVSB (ERMS) feature.