XeLabs/x86-Assembly-Reverse-Engineering
2
0
Fork 0
mirror of https://github.com/AYIDouble/x86-Assembly-Reverse-Engineering.git synced 2026-06-20 16:45:30 +08:00
Code Issues Projects Releases Wiki Activity
🛠 Knowledge about the topic of x86 assembly & disassembly 🛠
23 commits 1 branch 0 tags 1.9 MiB
Assembly 96.5%
Shell 3.5%
Find a file
ImgBotApp 0d0ffb343b
[ImgBot] Optimize images 
*Total -- 386.94kb -> 369.37kb (4.54%)

/Images/x86_EFLAGS_register.jpg -- 94.71kb -> 86.80kb (8.35%)
/Images/cheatography_gcc-x86-assembly-quick-reference-cheat-sheet.jpg -- 292.23kb -> 282.57kb (3.31%)
2018-10-18 08:37:22 +00:00
Assembler Intel Code 🔁 Refactoring 2018-09-13 10:33:28 +02:00
Docs ⬆️ Upload x86 Assembly PDF 2018-10-18 10:28:08 +02:00
Images [ImgBot] Optimize images 2018-10-18 08:37:22 +00:00
LICENSE Initial commit 2018-09-11 09:01:57 +02:00
README.md 🔁 Update README 2018-10-18 10:32:18 +02:00

README.md

🛠 x86 Assembly Reverse Engineering 🛠

Knowledge I have found interesting about the topic of x86 assembly.

⚙️ Basics ⚙️

Intel Type Bits Name
- 8 Bit BYTE
8086 16 Bit WORD
i386 32 Bit DWORD
x86 64 Bit QWORD

Meanings:

dword = DWORD = (double-word)
qword = QWORD = (quad-word)

NOTE: 📝

On 32 Bit ARM CPUs a WORD is 32 Bit.

🔧 x86 Registers 🔧

(Older Text from the University of Virginia Computer Science (2006), one of the best Guides for x86 Assembly)

Modern (i.e 386 and beyond) x86 processors have eight 32-bit general purpose registers, as depicted in Figure 1. The register names are mostly historical. For example, EAX used to be called the accumulator since it was used by a number of arithmetic operations, and ECX was known as the counter since it was used to hold a loop index. Whereas most of the registers have lost their special purposes in the modern instruction set, by convention, two are reserved for special purposes — the stack pointer (ESP) and the base pointer (EBP).

For the EAX, EBX, ECX, and EDX registers, subsections may be used. For example, the least significant 2 bytes of EAX can be treated as a 16-bit register called AX. The least significant byte of AX can be used as a single 8-bit register called AL, while the most significant byte of AX can be used as a single 8-bit register called AH. These names refer to the same physical register. When a two-byte quantity is placed into DX, the update affects the value of DH, DL, and EDX. These sub-registers are mainly hold-overs from older, 16-bit versions of the instruction set. However, they are sometimes convenient when dealing with data that are smaller than 32-bits (e.g. 1-byte ASCII characters).

When referring to registers in assembly language, the names are not case-sensitive. For example, the names EAX and eax refer to the same register.

x86 assembly Registers

In x86 registers have an 'e' in front of their name.
Example: eax, ebx, ecx, edx, ebp

Additional Info:
In x64 you have a 'r' instead.
Example: rax, rbx, rcx, rdx, rbp
You also have double-precision floating point going from xmm0 to xmm15.

🚩 EFLAGS 🚩

x86 assembly EFLAGS Registers

📝 Cheatsheet x86 Assembly 📝

Full Cheatsheet x86 Assembly, 20 Pages.