Understanding The assembly language part 1

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

First of all i am not expert coder of assembly language. I don’t write assembly code. But i believe having some knowledge about assembly language is advantage for developing exploit or finding software vulnerability because any debugger will output everything in ASM code. So if we can’t read it then we are unable understand what’s going on. I have explained here basic of Assembly language. 

Note: I am not master or teacher. I want to be a good student so that i can learn always. I am always interest to learn new thing or fixing my mistake. So if you found any mistake then please comment or email me so that i can fix myself. I believe sharing knowledge is increasing knowledge. 


Data Definition:

 There are several type of data definition such as for 8 bits,16 bits,32bits,64bits etc. For each data there are specific definition:

BYTE : 8 bit unsigned integer. B stand for BYTE.
SBYTE : This is also 8 bit integer . But S mean signed. So s stand for signed. WORD : Word is 16 bit unsigned integer. 
SWORD: S stand for signed. SWORD is 16 bit signed integer.
DWORD: DWORD mean Double word. Mean word+word=DWORD.
SDWORD: Hope you can understand that it is Double word but signed.

variable1 BYTE ‘Z’                            ;This is 8 bits and unsigned value ‘Z’
variable2 BYTE ‘-2’                            ; This is 8 bits and signed value ‘-2’
variable3 WORD ‘TEST’                    ; This is 16 bits unsigned which is defined as ‘WORD’
variable4 WORD -23255                     ; This is singed WORD
variable5 DWORD 11133314h           ; This Double word unsigned example.
variable6 SDWORD -35964939          ; Signed Double word.


 Registers are used for store binary data. Of course , These all registers have specific purpose. 
There are eight 32 bit general purpose registers , Six segment registers, A processor status flag registers and an instruction pointer. By these registers program execute. 
32 bit general purpose Registers:

EAX (It is called Extended Accumulator  Registers):  EAX  used by Multiplication and Division instruction. 

ECX (It is called Extended Count) : CPU atomically uses ECX as loop counting .

EBX (Extended Base Register): It can be used for storing data.

EDX (Extended Data Register): EDX allows for complex calculation.

EBP ( Extended Base/Frame Pointer Register): Used for Local variable on the stack.

ESI and EDI (Extended Source index Register and Extended Destination Register ): This two registers used by high speed memory transfer instruction.

ESP (Extended Stack Pointer): Address data on the stack.

Segment Registers: 

SS (Stack Segment): Pointer to the stack.

CS(Code Segment): Pointer To the code.

DS(Data segment): Pointer to the data.

ES(Extra Segment): Pointer to the Extra data.

FS(F Segment): Pointer to the more extra data.

GS(G Segment): Pointer to the more and more data. 

EIP(Instruction Pointer): It will hold an address for next instruction to execute.


MOV Instruction:

MOV instruction Copy data from source to destination. The format is :

mov dest, src

load src data into dest. So clearly the src is moving to to destination(dest).

MOV can do :

mov register, register
mov registers, memory
mov memory, register
mov memory, immediate
mov immediate,memory

myexample dword ?
myexample2 dword ?
mov eax, myexample             ;Move myexample variable into eax
mov myexample2,eax            ; move eax data in myexample2

MOVZX instruction:

This instruction (zero Extend) will Copy the content from source to destination and zero extend the values to 16 or 32 bits.



val1 dword 0A9dLdkAh
mov bx,val1     ;ax=0A9dLdkAh
movzx eax,bx  ;eax=0A9dLdkAh

MOVSX instruction:
Movsx instruction move the signed data. The ‘S’ is stand for signed. 

The LAHF instruction:
LAHF mean “Load  Status Flags into AH “


 .daTa                               ;This is no problem. Because asm is not case 
saveme BYTE ?
                                       ; sensitive.

mov saveme, ah             ; All status flags are saving in a  variable

Instruction SAHF( Store AH into Status Flags ):


samevar BYTE ?
mov ah,samevar

XCHG(Exchange data) :


xchg eax, ebx  

ADD instruction:

Add instruction add source to destination (1+1=2) .


variable1 dword 5000h
variable2 dword 6000h

mov eax, variable1
add eax, variable2

What’s going on here? Simple, First we must need to move the variable1(5000h) data in eax register so that we can add second data. Then it is varable2(6000h) has added and became eax= 11000h.

SUB instruction:

This instruction will subtract source data from destination. 


myvariable dword 11111111h
myvariable2 dword 11111111h

mov eax, myvariable
sub eax, myvariable2

Same as ADD instruction just it is subtracting 11111111h from 11111111h (eax=0).

INC instruction:
INC instruction increment/add 1 from a single register or memory.


myvariable dword 11111111h
mov eax, myvariable
inc eax 

First i moved the the variables data in eax then it incremented 1(eax=11111112). It can be directly incremented also (inc myvariable).

DEC instruction:
Same as INC instruction but it decrement 1 


myvariable dword 10000001
dec myvariable 

So what happened ? Simple , it just decremented 1 from the memory(became myvariable=10000000)  

JMP Instruction: jmp=jump instruction will jump to destination . For example:

label:                                      ;label works like function.
         all code goes here.
         jmp label                        ; This will repeat endless.

LOOP instruction: Hey, How about Python looping ? Don’t remember ? 

for love in hacking:
                          print “This is the loop”

I think the same is here also . But it is more easy to understand. Example:

looper DWORD ?                              ; o_o why “?” It is space keeping data.
mov ecx,200
       mov looper,ecx
       loop label                           ;Go back to label

POP instruction: First POP instruction copies the data from Stack pointed by ESP then it Increment ESP. 


pop ebx

POPFD Instruction: popfd pops the stacks into eflags.

PUSH INSTRUCTION: push instruction decrement extended stack pointer(esp) then copy the source into stack. example:

push ebx

CALL instruction: This instruction just will call the new memory location. For example:

mov ebx,data
call esp

So first it storing “data” into ebx register and the next instruction is calling the esp(lol shellcode?).

There are many instructions … Please google search them how it works ? Frankly, Google is my first and best master. 

Anyway, Hope these discussion gave you some hint about assembly language. In part 2 i will discuss about variable, array, function etc. 

Oh , Don’t forget to mail me if you catch any mistake here…please(sec00rit3y@gmail.com).

So to be continued guys …

Leave a Reply

Your email address will not be published. Required fields are marked *