-
LEA instruction
The lea instruction places the address specified by its second operand into the register specified by its first operand. Note, the contents ofthe memory location are not loaded, only the effective address is computed and placed into the register. This is useful for obtaining a pointer into a memory region. source: http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
-
negate instruction NEG
GDB shows “neg” instruction or $0xffffffffffffffff,%eax jmp 0x7f94f7fce0d0 mov 0x296e5f(%rip),%rax # 0x7f94f8264f98 neg %edx mov %edx,%fs:(%rax) or $0xffffffffffffffff,%eax jmp 0x7f94f7fce10f End of assembler dump. (gdb) 0x00007f94f7fce139 : neg %edx Process Involved software : gnome-panel. The launcher and docking facility for GNOME Explanation The neg (negate) instruction takes the two’s complement of a byte or word.…
-
software interrupt –
WinDbg shows “int” Instruction ntdll!DbgBreakPoint: 7c901230 cc int 3 7c901231 c3 ret 7c901232 8bff mov edi,edi ntdll!DbgUserBreakPoint: 7c901234 90 nop 7c901235 90 nop 7c901236 90 nop 7c901237 90 nop ntdll!DbgBreakPointWithStatus: 7c901238 90 nop ntdll!DbgUserBreakPoint: 7c901239 cc int 3 7c90123a c3 ret 7c90123b 90 nop 7c90123c 8bff mov edi,edi 7c901230 cc int 3 Process Involved WinRAR…
-
LEAVE Instruction ++
WinDbg shows “leave” instruction 7c901227 c9 leave 7c901228 c20400 ret 4 7c90122b 90 nop 7c90122c 90 nop 7c90122d 90 nop 7c90122e 90 nop 7c90122f 90 nop ntdll!DbgBreakPoint: 7c901230 cc int 3 7c901227 c9 leave Process Involved Program : “notepad” on Windows. Explanation LEAVE — High Level Procedure Exit LEAVE reverses the actions of the ENTER…
-
test instruction +
| GDB shows TEST instruction | Dump of assembler code for function *__GI___poll: 0x00007f73ec2120b0 : sub $0x28,%rsp 0x00007f73ec2120b4 : mov 0x29c52e(%rip),%eax # 0x7f73ec4ae5e8 0x00007f73ec2120ba : test %eax,%eax 0x00007f73ec2120bc : jne 0x7f73ec2120d5 0x00007f73ec2120be : movslq %edx,%rdx 0x00007f73ec2120c1 : mov $0x7,%eax 0x00007f73ec2120c6 : syscall 0x00007f73ec2120c8 : cmp $0xfffffffffffff000,%rax 0x00007f73ec2120ce : ja 0x7f73ec212121 0x00007f73ec2120d0 : add $0x28,%rsp 0x00007f73ec2120d4…
-
Jump if Equal :)
je instruction (gdb) disass Dump of assembler code for function fputs_unlocked: 0xb7788c30 : push %ebp 0xb7788c31 : mov %esp,%ebp 0xb7788c33 : sub $0x1c,%esp 0xb7788c36 : mov %ebx,-0xc(%ebp) 0xb7788c39 : call 0xb773daaf 0xb7788c3e : add $0xe13b6,%ebx 0xb7788c44 : mov %edi,-0x4(%ebp) => 0xb7788c47 : mov 0x8(%ebp),%edi 0xb7788c4a : mov %esi,-0x8(%ebp) 0xb7788c4d : mov 0xc(%ebp),%esi 0xb7788c50 : mov…
-
jmp instruction .
JMP instruction (gdb) disass Dump of assembler code for function __kernel_vsyscall: 0xb77bd414 : push %ecx 0xb77bd415 : push %edx 0xb77bd416 : push %ebp 0xb77bd417 : mov %esp,%ebp 0xb77bd419 : sysenter 0xb77bd41b : nop 0xb77bd41c : nop 0xb77bd41d : nop 0xb77bd41e : nop 0xb77bd41f : nop 0xb77bd420 : nop 0xb77bd421 : nop 0xb77bd422 : jmp 0xb77bd417…
-
SUB – Subtract
| SUB instruction | (gdb) disass Dump of assembler code for function *__GI___poll: 0x00007fc50ab670b0 : sub $0x28,%rsp 0x00007fc50ab670b4 : mov 0x29c52e(%rip),%eax # 0x7fc50ae035e8 0x00007fc50ab670ba : test %eax,%eax 0x00007fc50ab670bc : jne 0x7fc50ab670d5 0x00007fc50ab670be : movslq %edx,%rdx 0x00007fc50ab670c1 : mov $0x7,%eax 0x00007fc50ab670c6 : syscall => 0x00007fc50ab670c8 : cmp $0xfffffffffffff000,%rax 0x00007fc50ab670ce : ja 0x7fc50ab67121 0x00007fc50ab670d0 : add $0x28,%rsp…
-
NOP machine instruction
| NOP instruction | source : | Windows Debugger | In computer science NOP or NOOP (short for No Operation or No Operation Performed) is an assembly language instruction, sequence of programming language statements, or computer protocol command that effectively does nothing at all. source : http://en.wikipedia.org/wiki/NOP
-
push instruction.. push %rbx
| push instruction | (gdb) disass Dump of assembler code for function _IO_default_uflow: 0x00007f7c1e9964d0 : mov 0xd8(%rdi),%rax => 0x00007f7c1e9964d7 : push %rbx 0x00007f7c1e9964d8 : mov %rdi,%rbx 0x00007f7c1e9964db : callq *0x20(%rax) 0x00007f7c1e9964de : cmp $0xffffffffffffffff,%eax 0x00007f7c1e9964e1 : je 0x7f7c1e9964f2 0x00007f7c1e9964e3 : mov 0x8(%rbx),%rdx 0x00007f7c1e9964e7 : movzbl (%rdx),%eax 0x00007f7c1e9964ea : add $0x1,%rdx 0x00007f7c1e9964ee : mov %rdx,0x8(%rbx) 0x00007f7c1e9964f2…
-
Follow
Following
Already have a WordPress.com account? Log in now.
valavil.in 