[ajenner]

I have written code for a cycle-exact 8088 emulator https://github.com/reenigne/reenigne/blob/master/8088/xtce/x... which handles all the invalid opcodes the same way that real hardware does. There is more potentially-useful way of observing TMP and IND that doesn't involve jumping to code that you might not control: use the LDS or LES opcodes with mod=11.

[kiwidrew]

Hmm... I thought that would be the case, but when I tested it [on an AMD 80C88], LDS/LES with mod=11 just skipped the EA calculation subroutine and then proceeds as normal, loading a doubleword from whichever memory address happens to have been left in the IND register.

But I'll probably go back and re-test LDS/LES more thoroughly at some point just to make sure I haven't missed something [or more likely, that I'm not misinterpreting my scattered notes].

By the way, I really appreciated your detailed bus sniffer logs of the 8088 executing various instructions. It was enlightening to read through the traces and helped me understand what was going on "under the hood" of the CPU.

[ajenner]

It might be different on an Intel 8088. What I saw was two bytes loaded from the bus (at the address that was left in the IND register) placed in ES or DS, and the offset part was loaded from a second hidden register that contained the previous word read from or written to the bus (excluding instruction fetches).

Glad the sniffer logs were useful! I have been using them pretty regularly for debugging and profiling things.