R&D's R&D
Socials
  • General
    • About Me
    • Some information about the content of this blog
  • MMO
    • So, I'm doing an MMO
    • Weekly updates
      • Weekly update #1
      • Week 2 through 5 updates
      • Weekly update #6
      • Weekly update #7
      • Weekly update #8
      • Weekly update #?
  • Reverse engineering
    • Beginner's guide to reverse engineering
      • Intro to the subject
      • An introduction to x86 assembly
    • HackTheBox Cyber Apocalypse 2024
      • BoxCutter analysis write-up
  • Malware Analysis
    • Intro to the subject
    • Sample Triage Checklist
    • Process of analysis
      • Sample Triage
  • Malware development
    • Beginner's guide to malware development
      • Intro to the subject
    • What I'm learning
      • Bypassing conditional statements.
Powered by GitBook
On this page
  • Registers
  • Stack
  • CPU instructions

Was this helpful?

  1. Reverse engineering
  2. Beginner's guide to reverse engineering

An introduction to x86 assembly

Let's begin with the important basics for x86 assembly.

Registers

Registers are small internal memory storage units that live on your processor chip. There are different types of registers, such as

  • General-purpose registers ( GPRs )

  • Stack and frame pointers

  • Instruction pointer/program counter

There are different interpretations of whether or not a register should be called a general-purpose register, so we'll make it simple and state that there are 8 different GPRs.

4 bytes
2 bytes
1 byte

eax

ax

al, ah

ecx

cx

cl, ch

edx

dx

dl, dh

ebx

bx

bl, bh

esp

sp

spl*

ebp

bp

bpl*

esi

si

sil*

edi

di

dil*

Registers in x86 architecture. Registers marked with an asterisk represent registers that can only be accessed in x64

Stack

In its simplest form, the stack is a data structure that holds data in memory. When an element is pushed to it, that element will be the first one to leave the stack. This concept is known as Last In First Out (LIFO). The stack has multiple purposes, such as passing arguments to functions and storing local variables. We can represent the stack as a pile of plates. The top of the stack, or the pile of plates, is where the next element would go. If you were to add or remove a plate, it would be on the top. Next plate ------------------- Third plate ------------------- Second plate ------------------- First plate That top of the stack is pointed to by the stack pointer ( ESP ). An important thing to keep in mind is that the stack grows downwards when it comes to memory addresses. As content is pushed on top of the stack, the stack will grow downwards towards a lower memory address. In the example of our pile of plates, the first plate would have the highest memory address of the pile, the second plate would have a lower memory address, and so on.

CPU instructions

When you compile a program, the compiler translates the higher level language to machine code. Instructions are that machine code, and it is what the CPUs can understand and execute. Reading those instructions would be very difficult, so we created disassemblers. There are around 3 types of instructions

  • Arithmetic instructions, including bitwise operations

  • Data movement instructions

  • Control flow instructions

PreviousIntro to the subjectNextHackTheBox Cyber Apocalypse 2024

Last updated 1 year ago

Was this helpful?