Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/idouble/x86-assembly-reverse-engineering
🛠 Knowledge about the topic of x86 assembly & disassembly 🛠
https://github.com/idouble/x86-assembly-reverse-engineering
assembly bytes collection dword eax eflags intel knowledge modern pointer register research reverse-engineering templates topic x86 x86-32 x86-64 x86-x64
Last synced: 1 day ago
JSON representation
🛠 Knowledge about the topic of x86 assembly & disassembly 🛠
- Host: GitHub
- URL: https://github.com/idouble/x86-assembly-reverse-engineering
- Owner: IDouble
- License: mit
- Created: 2018-09-11T07:01:57.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-03-01T20:10:00.000Z (10 months ago)
- Last Synced: 2024-12-13T06:06:01.106Z (9 days ago)
- Topics: assembly, bytes, collection, dword, eax, eflags, intel, knowledge, modern, pointer, register, research, reverse-engineering, templates, topic, x86, x86-32, x86-64, x86-x64
- Language: Assembly
- Homepage:
- Size: 1.78 MB
- Stars: 133
- Watchers: 4
- Forks: 30
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# 🛠 x86 Assembly Reverse Engineering 🛠
This is a structured README for **x86 assembly**, it is written in the easiest language possible with real world examples. 📓
## ⚙️ Basics ⚙️
| Intel Type | Bits | Name |
| ------------- | ------------- | ------------- |
| - | 8 Bit | **BYTE** |
| 8086 | 16 Bit | **WORD** |
| i386 | 32 Bit | **DWORD** |
| x86 | 64 Bit | **QWORD** |
### Meanings:
dword = **DWORD** = (double-word)
qword = **QWORD** = (quad-word)
### NOTE: 📝
On 32 Bit ARM CPUs a WORD is 32 Bit.
## 🔧 x86 Registers 🔧
*(Older Text from the University of Virginia Computer Science (2006), one of the best Guides for x86 Assembly)*
Modern (i.e 3**86** and beyond) x**86** processors have eight 32-bit general purpose registers, as depicted in Figure 1. **The register names are mostly historical**. For example, **EAX** used to be called the accumulator since it was used by a number of arithmetic operations, and **ECX** was known as the counter since it was used to hold a loop index. Whereas most of the registers have lost their special purposes in the modern instruction set, by convention, two are reserved for special purposes — **the stack pointer (ESP)** and the **base pointer (EBP).**
For the **EAX**, **EBX**, **ECX**, and **EDX** registers, subsections may be used. For example, the least significant 2 bytes of **EAX** can be treated as a 16-bit register called **AX**. The least significant byte of **AX** can be used as a single 8-bit register called **AL**, while the most significant byte of **AX** can be used as a single 8-bit register called **AH**. These names refer to the same physical register. When a two-byte quantity is placed into **DX**, the update affects the value of **DH**, **DL**, and **EDX**. These sub-registers are mainly hold-overs from older, 16-bit versions of the instruction set. However, they are sometimes convenient when dealing with data that are smaller than **32-bits (e.g. 1-byte ASCII characters)**.
When referring to registers in assembly language, **the names are not case-sensitive**. For example, the names **EAX** and **eax** refer to the **same register**.
In **x86 registers** have an '**e**' in front of their name.
Example: **e**ax, **e**bx, **e**cx, **e**dx, **e**bp
*Additional Info:
In **x64** you have a '**r**' instead.
Example: **r**ax, **r**bx, **r**cx, **r**dx, **r**bp
You also have **double-precision floating point going from xmm0 to xmm15**.*
### 🚩 EFLAGS 🚩
### [📝 Cheatsheet x86 Assembly 📝](Docs/x86_Assembly.pdf)
[Full Cheatsheet x86 Assembly, 20 Pages.](Docs/x86_Assembly.pdf)
