By Wolfgang Keller
Originally written 2018-05-08
Last modified 2018-05-09
A really interesting change just happened in the Intel documentation: At https://software.intel.com/en-us/articles/intel-sdm [visited 2018-05-08T22:38:31Z] there was an update to “Combined Volume Set of Intel® 64 and IA-32 Architectures Software Developer’s Manuals”:
“At present, downloadable PDFs of all volumes are at version 067.”,
while before the revision number was 066. This is so far not interesting, since Intel updates this documentation about every two months. Interesting is the fact that now the 0xF1 opcode is documented for the first time. The instruction has now been given the name INT1. This all can be checked by reading the “Intel® 64 and IA-32 architectures software developer's manual documentation changes” PDF, which is linked at this website (direct link: https://software.intel.com/sites/default/files/managed/3d/49/252046-sdm-change-document.pdf [visited 2018-05-08T22:40:54Z]). Since with Intel's next revision of the “Intel® 64 and IA-32 architectures software developer's manual documentation changes” document, the description of these changes will disappear, I mirrored this document (local copy).
Just one additional information to enable you to categorize all this information better: At slide 8 of Christopher Domas' Blackhat 2017 talk “Breaking the x86 ISA” (https://www.blackhat.com/docs/us-17/thursday/us-17-Domas-Breaking-The-x86-ISA.pdf [visited 2018-05-08T22:30:53Z]), this instruction is explicitly mentioned as undocumented and referred to as ICEBP.
For your convenience concerning the “Breaking the x86 ISA” talk: under https://www.blackhat.com/docs/us-17/thursday/us-17-Domas-Breaking-The-x86-Instruction-Set-wp.pdf [visited 2018-05-08T22:31:24Z], you can find the corresponding paper.
I was asked what this INT1/ICEBP instruction does: It simply triggers an interrupt 1. This interrupt is used by In Circuit Emulators (ICEs). Here are some links about this topic [all visited 2018-05-09T09:12:36Z]:
According to the first link this opcode already existed in the 80386, which according to Wikipedia [visited 2018-05-09T09:18:09Z] came out in October 1985. So this opcode has been undocumented for more than 30 years. So what could the reason for Intel's sudden openness concerning this opcode be?