Learning Assembler language
-
typical instructions
- mov
- jmp
- sub
- push
- pop
- test
-
typical registers
- eax - accumulator
- edx - data
- ebx - base
- esp - stack pointer
- ebp - base pointer
- eip - instruction pointer
disassembly flow
- cutter
- dbg functions - debug information
- find strings, use X to show xref to data
- rdata - read only data
- program doesn’t really start at main, first the c runtime is loaded, in turn calling the main function with arguments
- mov ebp, esp - set up “stack frame”
mov dword[esp], str.Hello__World- move string to the place esp is pointing to- leave - alias for mov esp, pop ebp
- ret - return from subroutine
Typical function call setup
push ebp (Save basepointer)
mov ebp,esp (set up stack frame)
and esp,0xfffffff0 (stack alignment Ensure multiple of 8)
sub esp,0x10 ("make room" Subtract 16)