Instructions
x86-64XOR
Bitwise exclusive-OR; the xor reg,reg idiom is the canonical way to zero a register and is shorter and faster than mov reg,0.
XOR computes the bitwise exclusive-OR of two operands and stores the result
in the destination. It sets ZF, SF, PF and always clears CF and OF. AF is
undefined.
Syntax
xor eax, eax ; eax = 0 (and zero-extends rax to 0)
xor rax, rbx ; rax ^= rbx
xor al, 0xFF ; flip all bits of AL (bitwise NOT of low byte)
xor [rdi], rax ; XOR memory operandThe zeroing idiom
xor eax, eax ; 2 bytes: 31 C0
; vs.
mov eax, 0 ; 5 bytes: B8 00 00 00 00
; vs.
mov rax, 0 ; 7 bytes: 48 C7 C0 00 00 00 00xor eax, eax is shorter (2 bytes), avoids a false dependency on the old
register value on some microarchitectures, and sets ZF — so it is universally
preferred by compilers for zero-initialization.
Other uses
| Pattern | Meaning |
|---|---|
xor rax, key | XOR cipher / obfuscation decryption loop |
xor al, 0x20 | Flip bit 5 — toggles ASCII case (A↔a) |
xor a, b; xor b, a; xor a, b | Classic three-XOR register swap (no temp) |
Reverse-engineering notes
- The very first instruction of many optimised functions is
xor eax, eaxorxor edi, edi— this just zeroes the register before use, not an encryption operation. - A loop that XORs every byte of a buffer with a single-byte constant is a
trivial XOR cipher; look for
xor byte [rdi + rcx], keyorxor al, keypatterns. - After
xor reg, regyou can safely read ZF=1, SF=0, CF=0, OF=0 — useful for understanding flag state in hand-rolled logic. xor rax, rax(64-bit form) wastes a REX prefix byte compared toxor eax, eax; seeing it in compiled code usually means the assembler or compiler was not optimising size.