What is tmm register in disassembly

Metek · January 31, 2023, 1:13pm

Hi all!

WinDbg (Version 10.0.22000.194 AMD64) displays in disassembly of the crash dump:

xxx!SaveCR0:
fffff807`55f5d6d8 0f22c1          mov     tmm,rcx
fffff807`55f5d6db c3              ret
fffff807`55f5d6dc 66666690        xchg    ax,ax
xxx!ReadCR2:
fffff807`55f5d6e0 0f20d0          mov     rax,tmm
fffff807`55f5d6e3 c3              ret
fffff807`55f5d6e4 66666690        xchg    ax,ax
xxx!SaveCR2:
fffff807`55f5d6e8 0f22d1          mov     tmm,rcx
fffff807`55f5d6eb c3              ret

According to my knowledge, the “0F 22 C1” should be disassembled as “mov cr0, ecx”; “0F 20 D0” as “mov eax, cr2” and “0F 22 D1” as “mov cr2,ecx”

Is it bug in WinDbg or something else?

Thank you

Tim_Roberts · January 31, 2023, 6:49pm

That’s an interesting bug. The TMM registers are part of the “Advanced Matrix Extensions”, or “AMX”. It is a two-dimensional block of registers that can be used for fast matrix multiplies. There’s a CR0 bit involved, but your assessment is correct.

Metek · January 31, 2023, 8:01pm

Hi Tim,

You are correct. The AMX was the first thing that come to my mind. But AMX registers are numbered (tmm0 - tmm7). For this reason I started to disassemble opcodes manually and found that WinDbg apparently have bug in disassembling module. Since we all rely heavily on proper disassembling, it made sense to ask. Maybe someone else has encountered something like this.

Best regards,

Al