Difference between revisions of "Assembler"
(→See also) |
(→Opcodes) |
||
| Line 56: | Line 56: | ||
Most commonly used opcodes: | Most commonly used opcodes: | ||
| − | + | ; MOV ''destination'', ''source'' | |
| + | : Sets a register or address to a specified value. | ||
| − | + | ; INC ''destination'' | |
| + | : Increases a register or address with 1. | ||
| − | DEC : Decreases a register or address with 1 | + | ; DEC ''destination'' |
| + | : Decreases a register or address with 1. | ||
| − | + | ; ADD ''destination'', ''source'' | |
| + | : Adds the ''source'' to the ''destination''. | ||
| − | SUB : | + | ; SUB ''destination'', ''source'' |
| + | : Subtracts the ''source'' from the ''destination''. | ||
| − | + | ; NOP | |
| + | : No Operation. | ||
| + | : Usually used when removing original code. | ||
| − | + | ; OR ''destination'', ''source'' | |
| + | : The OR instruction is used for supporting logical expression by performing bitwise OR operation. | ||
| + | : The bitwise OR operator returns 1, if the matching bits from either or both operands are one. | ||
| + | : It returns 0, if both the bits are zero. | ||
| + | :Example: | ||
| + | destination: 0101 | ||
| + | source: 0011 | ||
| + | ---------------------------- | ||
| + | After OR -> destination: 0111 | ||
| − | XOR : | + | ; XOR ''destination'', ''source'' |
| + | : The XOR instruction implements the bitwise XOR operation. | ||
| + | : The XOR operation sets the resultant bit to 1, if and only if the bits from the operands are different. | ||
| + | : If the bits from the operands are same (both 0 or both 1), the resultant bit is cleared to 0. | ||
| + | :Example: | ||
| + | destination: 0101 | ||
| + | source: 0011 | ||
| + | ---------------------------- | ||
| + | After XOR -> destination: 0110 | ||
| − | .... | + | ; AND |
| + | : The AND instruction is used for supporting logical expressions by performing bitwise AND operation. | ||
| + | : The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0. | ||
| + | :Example: | ||
| + | destination: 0101 | ||
| + | source: 0011 | ||
| + | ---------------------------- | ||
| + | After AND -> destination: 0001 | ||
| + | |||
| + | ; TEST ''destination'', ''source'' | ||
| + | : The TEST instruction works same as the AND operation, but unlike AND instruction, it does not change the first operand. | ||
| + | |||
| + | ; NOT ''operand'' | ||
| + | : The NOT instruction implements the bitwise NOT operation. | ||
| + | : NOT operation reverses the bits in an operand. | ||
| + | : The operand could be either in a register or in the memory. | ||
| + | :Example: | ||
| + | operand: 0101 0011 | ||
| + | After NOT -> operand: 1010 1100 | ||
== See also == | == See also == | ||
Revision as of 11:52, 12 March 2017
| This entry needs a lot of work. Please contribute if you can. Check this page to see if there are some suggestions for adding to Assembler. |
To describe:
- Flags
- Segments
- CPL/DPL
- IDT/GDT(/LDT)
Segments
Segment registers: cs,es,ds,ss,fs,gs
Bits 0,1 describe the RPL , request privilege level
Bit 2 describes if the LDT is used or not
Bits 3 to 15 contain the offset into the GDT or LDT table (when shifted left by 3)
example:
CS of 8 = 1000b = 1 0 00 : RPL=0, LDT=0, so GDT is used, offset in GDT table is (1 << 3) = 8
CS of 0x23 = 100011b = 100 0 11 : RPL=3, LDT=0 (GDT), offset in GDT table is 100b=4, (4 << 3) = 32
Note that even though 64-bit mode is used, bits 3 to 15 still only need to be shifted by 3 to point to the proper offset
GDT
The gdt is a table of descriptors that describe what should happen when entering a specific segment and setting it's rights. (What access rights, the limits, if it's data or code, etc...)
IDT
The IDT is a table of descriptors that describe what should happen when an interrupt occurs. It contains the used code segment, and the EIP/RIP address to call, but also information like the DPL of the interrupt and if it's a callgate, taskgate or interrupt gate
Useful interrupts in regards of game hacking: Interrupt 1(Single step), 3(breakpoint),13(General protection fault) and 14 (Page fault)
Flags
There are 32 bits available for the 17 EFlags. Missing bits in this list are not a mistake, some flags temporarily use their neighbours.
ID, VIP, VIF, AC, VM, RF, NT, IOPL, OF, DF, IF, TF, SF, ZF, AF, PF, CF
Bit: Flag - description
00: CF Carry Flag – becomes one if an addition, multiplication, AND, OR, etc results in a value larger than the register meant for the result.
02: PF Parity Flag – becomes 1 if the lower 8-bits of an operation contains an even number of 1 bits.
04: AF Auxiliary Flag – Set on a carry or borrow to the value of the lower order 4 bits.
06: ZF Zero Flag – becomes 1 if an operation results in a 0 writeback, or 0 register.
07: SF Sign Flag – is 1 if the value saved is negative, 0 for positive.
08: TF Trap Flag – allows for the stopping of code within a segment (allows for single stepping/debugging in programming).
09: IF Interrupt Flag – when this flag is set, the processor begins 'listening' for external interrupts.
10: DF Direction Flag – determines the direction to move through the code (specific to repeat instructions).
11: OF Overflow Flag – becomes 1 if the operation is larger than available space to write (eg: addition which results in a number >32-bits).
12-13: IOPL I/O Privilege Level – 2-bit register specifying which privilege level is required to access the IO ports
14: NT Nested Task – becomes 1 when calls within a program are made.
16: RF Resume Flag – stays 1 upon a break, and stays that way until a given 'release' or resume operation/command occurs.
17: VM Virtual Machine 8086 – becomes a 1 if the processor is to simulate the 8086 processor (16-bit).
18: AC Alignment Check – checks that a file or command is not breaking its privilege level.
19: VIF Virtual Interrupt Flag – almost always set in protected mode, listening for internal and assembling interrupts.
20: VIP Virtual Interrupt Pending – 1 if a virtual interrupt is yet to occur.
21: ID ID Flag – is set if a CPU identification check is pending (used in some cases to ensure valid hardware).
Opcodes
Most commonly used opcodes:
- MOV destination, source
- Sets a register or address to a specified value.
- INC destination
- Increases a register or address with 1.
- DEC destination
- Decreases a register or address with 1.
- ADD destination, source
- Adds the source to the destination.
- SUB destination, source
- Subtracts the source from the destination.
- NOP
- No Operation.
- Usually used when removing original code.
- OR destination, source
- The OR instruction is used for supporting logical expression by performing bitwise OR operation.
- The bitwise OR operator returns 1, if the matching bits from either or both operands are one.
- It returns 0, if both the bits are zero.
- Example:
destination: 0101
source: 0011
----------------------------
After OR -> destination: 0111
- XOR destination, source
- The XOR instruction implements the bitwise XOR operation.
- The XOR operation sets the resultant bit to 1, if and only if the bits from the operands are different.
- If the bits from the operands are same (both 0 or both 1), the resultant bit is cleared to 0.
- Example:
destination: 0101
source: 0011
----------------------------
After XOR -> destination: 0110
- AND
- The AND instruction is used for supporting logical expressions by performing bitwise AND operation.
- The bitwise AND operation returns 1, if the matching bits from both the operands are 1, otherwise it returns 0.
- Example:
destination: 0101
source: 0011
----------------------------
After AND -> destination: 0001
- TEST destination, source
- The TEST instruction works same as the AND operation, but unlike AND instruction, it does not change the first operand.
- NOT operand
- The NOT instruction implements the bitwise NOT operation.
- NOT operation reverses the bits in an operand.
- The operand could be either in a register or in the memory.
- Example:
operand: 0101 0011 After NOT -> operand: 1010 1100
