==== SWF9 opcodes ====

The open source [[http://www.mozilla.org/projects/tamarin/|Tamarin]] project includes a [[http://lxr.mozilla.org/mozilla/source/js/tamarin/core/opcodes.tbl
|reference table for the opcodes]] used in the ABC format.

See [[SWF9Tools]] for some tools that can help with the reverse engineering of the opcodes.

See [[SWF9DIS]] for the main page of this project.

See http://labs.macromedia.com/wiki/index.php/ActionScript_3 and http://livedocs.macromedia.com/labs/1/flex/langref/index.html for more information about ActionScript 3.

Will invent names of opcodes similar to those of MSIL. See ECMA-335: CLI Partition III - CIL on http://msdn.microsoft.com/netframework/ecma/ for documentation on MSIL instruction set.

03 : throw

04 : getsuper

05 : setsuper

08 XX : regreset ??

09 : nop

0C XX YY ZZ : bge - branch on greater than or equal. ZZYYXX is offset in bytes.

0D XX YY ZZ : bgt - branch on greater than. ZZYYXX is offset in bytes.

0E XX YY ZZ : ble - branch on less than or equal. ZZYYXX is offset in bytes.

0F XX YY ZZ : blt - branch on less than. ZZYYXX is offset in bytes.

10 XX YY ZZ : br - unconditional branch. ZZYYXX is offset in bytes.

11 XX YY ZZ : brtrue - branch on true. ZZYYXX is offset in bytes.

12 XX YY ZZ : brfalse - branch on false. ZZYYXX is offset in bytes. Seen with logical-or ||.

13 XX YY ZZ : beq - branch on equal. ZZYYXX is offset in bytes.

14 XX YY ZZ : bne - branch on not equal. ZZYYXX is offset in bytes.

15 XX YY ZZ : bnge - branch on not greater than or equal

16 XX YY ZZ : bngt - branch on not greater than

17 XX YY ZZ : bnle - branch on not less than or equal

18 XX YY ZZ : bnlt - branch on not less than

19 XX YY ZZ : bseq - branch on strict equal

1A XX YY ZZ : bsne - branch on strict not equal

1B : switch

1C : xmlop3

1D : popscope

1E : forin

20 : null

21 : undef

23 : foreach

24 XX : ldc.8s - load 8-bit signed integer constant XX on stack, where -128 <= XX <= 127

25 XX YY : ldc.15u - load 15-bit unsigned integer constant with value (YY << 7) + (XX & 0x7f) on stack
  I.e. XX always has the high bit set, and only delivers 7 bits of information.
  Examples:
  0x0080 -> 25 80 01   0180
  0x0081 -> 25 81 01   0181
  0x00FF -> 25 FF 01   01FF
  0x0100 -> 25 80 02   0280
  0x012c -> 25 ac 02   02ac
  0x015e -> 25 de 02   02de
  0x017f -> 25 ff 02   02ff
  0x0180 -> 25 08 03   0380
  0x0190 -> 25 90 03   0390
  0x7530 -> 25 b0 ea   eab0
  0x7fff -> 25 ff ff   ffff

26 : ldtrue - load Boolean constant true.

27 : ldfalse - load Boolean constant false.

28 : ldnan

29 : pop - remove the top element of the stack.

2A XX : dup ?

2B : catchdone ?

2C XX : ldc.string - load string constant #XX on stack.

2D : ldc.intref

2F : ldc.float

5D XX : ? 

62 XX : ?

63 XX : ?

66 XX : load type?
  "foo = NaN;" can become
  5D 03
  66 03
  6F 01

6E XX : ldloca.number(?) - load reference to Number variable #XX on stack.

6F XX : ldloca.string - load reference to String variable #XX on stack

80 02 : st - store or assign (=).
  "foo = 2;" migh be translated to 
  6F 01  (push reference to variable foo)
  24 02  (push integer constant 2)
  80 02  (store)

87 : convert - type conversion? Seen with "as" keyword

90 : neg

91 : inc - increment ++

93 : dec - decrement --

96 : not - Boolean not !

97 : bnot - binary not/bitwise complement ~

A0 : add - addition of numbers and string concatenation +

A1 : sub

A2 : mul

A3 : div - division /

A4 : mod - modulo %

A5 : shl - shift left <<

A6 : shr - signed shift right >> 

A7 : shr.u - unsigned shift right >>>

A8 : and - &

A9 : or - |

AA : xor - ^

AB : ceq - compare equal ==

AC : cseq - compare strict equal (no type coercion) === 

AD : clt - compare less than <

AE : cle - compare less than or equal <=

AF : cgt - compare greater than >

B0 : cge - compare greater than or equal >=

B3 : is ? is seen with use of "is" keyword

B4 : in

C0 : inc.i

C1 : dec.i

C5 : add.number - addition of numbers +

C6 : sub - subtract -

C7 : mul - multiply *