akde/infosec

Information security is ultimately about managing risk

Basic x86/x64 assembly registers and commands

Reverse Engineering

Registers

General purpose registers

Register x86	Register x64	Name	Description
`EAX`	`RAX`	Accumulator	For results of calculations and return codes
`EBX`	`RBX`	Base register	General purpose
`ECX`	`RCX`	Count register	For number of iterations, often used for loops
`EDX`	`RDX`	Data register	For data of calculations or a pointer to large data
`ESI`	`RSI`	Source index	Pointer to a location to read from
`EDI`	`RDI`	Destination index	Pointer to a location to write into
`EBP`	( `RBP` )	Extended base pointer in x68 General purpose register in x64	Fixed pointer during a function call as a reference to access variables on the stack.
`ESP`	`RSP`	Stack pointer	Holds the top address of the stack

Segment registers

These are all 16 bit register.

Register	Name	Description
`CS`	Code segment register (also: Text segment register)	Pointer to the start address of the executeable code
`SS`	Stack segment register	Pointer to some offset address within the stack
`DS`	Data segment register	Pointer to an address of some data structure
`ES`	Extra segment register	Pointer to an address of some data structure
`FS`	Extra data segment register	Pointer to an address of some data structure. Windows: Pointer to the TIB Thread Information Block
`GS`	Extra data segment register	Pointer to an address of some data structure. Windows: Pointer to the TLS Thread Local Storage

Commands

Command	Description
`push %edi`	1. Writes the value from %edi on top on the stack and 2. decreases the ESP Stack Pointer
`pop %ebp`	1. Loads the value on top of the stack into the given register `$ebp` and 2. increases the ESP Stack Pointer.
`ret`	1. Sets the IP Instruction pointer to the address on top of the stack and 2. increases the ESP Stack Pointer.
`call func`	1. Stores the next address (after the call function) on top on the stack (basically the return address), 2. decreases the ESP Stack Pointer and 3. sets the IP Instruction Pointer to the address of `func`.
`mov %eax, %edi`	AT&T syntax: Copies the value of `%eax` into `%edi`.
`mov edi, eax`	Intel syntax: Copies the value of `eay` into `edi`.
`xchg %eax, %eax`	Swaps the values from both registers.

Leave a Reply Cancel reply

You must be logged in to post a comment.

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';