The Reversers.org Vault : OpcodesDef

HomePage :: Categories :: PageIndex :: Files :: RecentChanges :: RecentlyCommented :: Login/Register

Definition of assembly Opcodes


Required Knowledge
A knowledge registers and flags will be useful in this tutorial.
Assembly opcodes.
Opcodes are hexadecimal numbers which are used by the CPU to signify specific instructions for the CPU to carry out.
Each opcode has a name given to it, for instance the hex value of 90 is called a NOP (No operation, does nothing :P). When programming in assembly (for instance, using the MASM assembler) you will write your operations using their symbolic names, not the opcodes.
However, in some cases it is necessary to have a string of hex values (for example when writing the contents of a buffer for WriteProcessMemory, which can be used to overwrite sections of code in a program).

Different architectures have different opcodes, however taking the x86 architecture as our standard again I will attempt to show how these instructions can be written in an assembler.

Firstly, it is important to know some subtle differences in the way assembly can be written. Take the following instruction as an example:
mov eax,5

This operation should be interpretted correctly in NASM (The Netwide Assembler), however when using the GNU C Compiler's inline assembly, it will not function correctly (or as the case may be, not compile).
This is because NASM uses the Intel syntax, wheras the GNU C Compiler uses AT&T syntax.
To allow the above line to be assembled correctly it must be written as follows:
movl $5,%eax

The above two syntaxes will assemble to the same code, the differences are purely cosmetic, however there are many more differences which you must be aware of if you are to change from one syntax to the other.
For more information on the differences between these syntaxes please visit AssemblySyntaxDef.

However, as I use MASM32 (which uses Intel syntax), I will continue the article using Intel syntax.

Here are a few example instructions which we may write in MASM32:

mov eax,5
add eax,13
lea eax,[eax * 4]
push eax
call OurFunc
mov retVal, eax

As you can see, the Intel syntax is used. Taking the first mov instruction and an example, it is displayed as mov destination, source. Moving a 5 into the destination register, eax.

Stub BLAHBLAH.

Related links
{{files}} for attachments, if necessary (reference uploads at /pagename/filename).
Categories
CategoryDefinitions

There are no comments on this page. [Add comment]

Page History :: 2005-07-21 19:04:04 XML :: Owner: AdminStew :: Backlinks :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.0
Page was generated in 0.2664 seconds