x86 assembly (32-bit)

Basics

  1. add 

add arg1, arg2 ; arg1 = arg + arg2

  1. sub 

sub arg1, arg2 ; arg1 = arg1 - arg2

  1. push/pop

3.1 Push

push arg ; place the operand (arg) onto the top of the stack in memory

  • Decrements ESP by 4 (stack grows from high to low addresses)

  • Place the operand into the content of the 32-bit (4 bytes) location at address [ESP]

Simply decrease the stack pointer and append a new value

3.2 Pop

pop arg ; removes the data element from the top of the stack into the specified operand

  • Moves the 32-bit (4 bytes) data element from the top of the stack into the specified operand

  • Increments stack pointer (SP) by 4

Simply remove a value from stack and increase the stack pointer

  1. lea (load effective address)

lea <reg32>,<mem> ; places the address specified by second operand into the register specified by its first operand

Note, the contents of the memory location are not loaded, only the effective address is computed and placed into the register. This is useful for obtaining a pointer into a memory region.

  1. cmp 

cmp arg1, arg2 ; compares arg1 and arg2, and update the "flag" accordingly

  • Performs operations to update the EFLAGS register

Logox86 (32-bit) | Penetration testing & ethical hacking conceptsjarrettgxz-sec.gitbook.io

  • Used in conjunction with jump instructions

  1. jump instructions

  • Used in conjunction with cmp

5.1 Jump

  • Transfers program control flow to the instruction at the memory location indicated by the operand

jmp <label> ; jump to the instruction labeled <label> without checking for conditions

5.2 Conditional jump

je <label> ; jump when equal
jne <label> ; jump when not equal
jz <label> ; jump when last result was zero
jg <label> ; jump when greater than
jge <label> ; jump when greater than or equal to
jl <label> ; jump when less than
jle <label> ; jump when less than or equal to

  1. call, ret

call <label>
; same as:
push eip
jmp <label>
<label>: ...
        ...
        ret 
        

; ret command same as (TO CONFIRM):
pop <reg>
jmp <reg>

  • call

a. First, push the current code location on the stack in memory (push)

b. Next, performs an unconditional jump to the code location indicated by the label operand (jmp)

Unlike the simple jump instructions, the call instruction saves the location to return to when the subroutine completes.

  • ret

Implements a subroutine return mechanism

a. First, pops a code location off the stack (pop)

b. Next, performs an unconditional jump to the retrieved code location (jmp)

  1. leave

LEAVE — High Level Procedure Exitwww.felixcloutier.com
move esp, ebp ; releases the stack space allocated to the stack frame
pop ebp ; restore calling procedure's stack frame

PreviousExamplesNextResources

Last updated