Understanding The assembly language part 1
BYTE : 8 bit unsigned integer. B stand for BYTE.
SBYTE : This is also 8 bit integer . But S mean signed. So s stand for signed. WORD : Word is 16 bit unsigned integer.
SWORD: S stand for signed. SWORD is 16 bit signed integer.
DWORD: DWORD mean Double word. Mean word+word=DWORD.
SDWORD: Hope you can understand that it is Double word but signed.
variable1 BYTE ‘Z’ ;This is 8 bits and unsigned value ‘Z’
variable2 BYTE ‘-2’ ; This is 8 bits and signed value ‘-2’
variable3 WORD ‘TEST’ ; This is 16 bits unsigned which is defined as ‘WORD’
variable4 WORD -23255 ; This is singed WORD
variable5 DWORD 11133314h ; This Double word unsigned example.
variable6 SDWORD -35964939 ; Signed Double word.
ASSEMBLY LANGUAGE REGISTERS:
EAX (It is called Extended Accumulator Registers): EAX used by Multiplication and Division instruction.
ECX (It is called Extended Count) : CPU atomically uses ECX as loop counting .
EBX (Extended Base Register): It can be used for storing data.
EDX (Extended Data Register): EDX allows for complex calculation.
EBP ( Extended Base/Frame Pointer Register): Used for Local variable on the stack.
ESI and EDI (Extended Source index Register and Extended Destination Register ): This two registers used by high speed memory transfer instruction.
ESP (Extended Stack Pointer): Address data on the stack.
SS (Stack Segment): Pointer to the stack.
CS(Code Segment): Pointer To the code.
DS(Data segment): Pointer to the data.
ES(Extra Segment): Pointer to the Extra data.
FS(F Segment): Pointer to the more extra data.
GS(G Segment): Pointer to the more and more data.
EIP(Instruction Pointer): It will hold an address for next instruction to execute.
DATA MOVEMENT AND INSTRUCTIONS:
MOV instruction Copy data from source to destination. The format is :
mov dest, src
load src data into dest. So clearly the src is moving to to destination(dest).
MOV can do :
mov register, register
mov registers, memory
mov memory, register
mov memory, immediate
This instruction (zero Extend) will Copy the content from source to destination and zero extend the values to 16 or 32 bits.
Movsx instruction move the signed data. The ‘S’ is stand for signed.
The LAHF instruction:
LAHF mean “Load Status Flags into AH “
Instruction SAHF( Store AH into Status Flags ):
XCHG(Exchange data) :
xchg eax, ebx
Add instruction add source to destination (1+1=2) .
This instruction will subtract source data from destination.
Same as ADD instruction just it is subtracting 11111111h from 11111111h (eax=0).
INC instruction increment/add 1 from a single register or memory.
First i moved the the variables data in eax then it incremented 1(eax=11111112). It can be directly incremented also (inc myvariable).
Same as INC instruction but it decrement 1
So what happened ? Simple , it just decremented 1 from the memory(became myvariable=10000000)
JMP Instruction: jmp=jump instruction will jump to destination . For example:
LOOP instruction: Hey, How about Python looping ? Don’t remember ?
I think the same is here also . But it is more easy to understand. Example:
POP instruction: First POP instruction copies the data from Stack pointed by ESP then it Increment ESP.
POPFD Instruction: popfd pops the stacks into eflags.
PUSH INSTRUCTION: push instruction decrement extended stack pointer(esp) then copy the source into stack. example:
CALL instruction: This instruction just will call the new memory location. For example:
So first it storing “data” into ebx register and the next instruction is calling the esp(lol shellcode?).