Wiki: Assembly Summary

WARNING: Wiki content is an archive, no promise about quality!

Please choose a tutorial page:


This pretty much concludes the tutorial of assembly language. The commands and important information to do reverse engineering lies behind, the rest of the sections are more advanced topics that aren't necessarily required. This makes a good spot to stop and reflect on what has been explained.

If there is anything here that is confusing, going back to the section and re-read it, look at the examples (which should, more or less, cover everything taught), and if you still don't understand then post a question at the bottom of one of the pages, and I will attempt to clarify. I have attempted not to make assumptions on knowledge, but because I've done so much of this I may take some things for granted, so feel free to question anything that's unclear!

Fundamentals

To understand assembly well, you must have a firm understanding of the C language, especially the datatypes and pointers. Memory management is also very important!

Tools

The following sections will use:

  • IDA
  • WinDbg
  • TSearch
  • Visual Studio .net

Additionally, for some examples (mostly hacking stuff, because hacking is more interesting/easier to demonstrate on Linux) I will use these Linux programs:

  • gcc
  • gdb

You don't necessarily need all of those, but they will make it easiest to follow.

Registers

By now, you should hopefully be comfortable with registers. Remember that any general purpose register can be used for anything (with the exception of esp), but they each have common uses.

Simple Instructions

The instructions from this section are extremely important. They are by far the most common instructions, so knowing them without a reference is vital. For details on all instructions, you can download Intel's free manuals here by searching for 'Architectures Software Developer Manuals'.

The Stack

Remember that the stack is used for storing temporary data, and is always growing and shrinking. All data below the stack pointer is assumed to be "free", even though it may contain data. The data below the stack is liable to be overwritten and destroyed, though.

Functions

The main calling conventions are __cdecl, __stdcall, __fastcall, and __thiscall. Often all four are seen in any program.

An addition convention, __declspec(naked), is used while writing hacks to tell the compiler to allow the programmer to write raw code.