search

Common x86/x64 assembly

hashtag
Basics

  1. add 

add arg1, arg2 ; arg1 = arg + arg2

  1. sub 

sub arg1, arg2 ; arg1 = arg1 - arg2

  1. push/pop

3.1 Push

push arg ; place the operand (arg) onto the top of the stack in memory

  • Decrements ESP by 4 (stack grows from high to low addresses)

  • Place the operand into the content of the 32-bit (4 bytes) location at address [ESP]

Simply decrease the stack pointer and append a new value

3.2 Pop

pop arg ; removes the data element from the top of the stack into the specified operand

  • Moves the 32-bit (4 bytes) data element from the top of the stack into the specified operand

  • Increments stack pointer (SP) by 4

Simply remove a value from stack and increase the stack pointer

  1. lea (load effective address)

Note, the contents of the memory location are not loaded, only the effective address is computed and placed into the register. This is useful for obtaining a pointer into a memory region.

  1. cmp

  • Performs operations to update the EFLAGS register

Logox86 (32-bit) | Penetration testing & ethical hacking conceptsjarrettgxz-sec.gitbook.iochevron-right

  • Used in conjunction with jump instructions

  1. jump instructions

  • Used in conjunction with cmp

5.1 Jump

  • Transfers program control flow to the instruction at the memory location indicated by the operand

5.2 Conditional jump

  1. call, ret

  • call

a. First, push the current code location on the stack in memory (push)

b. Next, performs an unconditional jump to the code location indicated by the label operand (jmp)

Unlike the simple jump instructions, the call instruction saves the location to return to when the subroutine completes.

  • ret

Implements a subroutine return mechanism

a. First, pops a code location off the stack (pop)

b. Next, performs an unconditional jump to the retrieved code location (jmp)

  1. leave

LEAVE — High Level Procedure Exitwww.felixcloutier.comchevron-right
PreviousAssemblyNextx64 assembly (64-bit)

Last updated