I'm trying to figure out why the instruction changes from add [eax], al to add [rax], al when changing the decoding mode from x86 to x64.
The instruction bytes are 00 00
I think it might be because its being used to specify a memory location but I couldn't find anything to prove it
This is because the default address size is 64 bits in 64-bit mode and 32 bits in 32-bit modes.
You can apply a 67 address-size override prefix to select an address size of 32 bits in 64-bit mods, however 64-bit address size is not available outside of 64-bit mode.