8-bit value
16-bit value
Double word; 32-bit value
Quad word; 64-bit value
Prefix denoting hexadecimal address
Indirect address the address within the brackets
Separates source and destination
Move; copy or load data to a destination
Push; copy register's value onto stack
Pop; pop value off stack into register
Load effective address; load address pointing to data
Add
Subtract
Increment
Decrement
Integer multiplication
Integer division
AND
OR
XOR
NOT
Negate
Shift left
Shift right
Jump; jumps to label
Jump on condition; jumps to a subroutine on a condition
Compare; compare source and register with subtraction and set the rflags accordingly
Call; calls a procedure
Return; returns from procedure
Exchange; swap data between registers
Add with carry
Loop; loops to the beggining of the function and decrements rcx
Calls a predefined function provided by the OS. To set up the function and parameters, registers are set with the following information:
Define byte
Define word
Define double word
Define quad word
Data for an opcode/instruction is implied and therefore not necessary to provide
Data of a specified value
LDA #$40 #Loads 64 into A
Data of a specified register
Data of an address
LDA $1966 #Loads value at address 6502 into A
The data of a 2 address pointer (in little endian format, that is low byte is smaller address)
LDA #$40 STA $1966 #Loads 64 into address 6502 LDA #$00 STA $1967 #Loads 0 into address 6503 LDA ($1966) #Loads value of $0040 into A
Accumulator; register that is used for input and output of Arithmetic Logic Unit (ALU; the CPU component that performs operands)
Base; register that is used for indexing operations. It is
Counter; register that is used for rotating instructions and counting loops
Data; register that is used for input and output of ALU and multiplication and division of large values
Instruction pointer; register that points to the address of the next instruction being executed
Stack pointer; bit register that points to the top of the stack
Base pointer; bit register that points to the bottom of the stack
Source index; register that points to the head of a string, used for copying
Destination index; register that points to the end of a string, used for copying
Register that contains flags of the state of the CPU
Toggled when: ADC overclocks, no borrow with SBC or CMP, or manually set or cleared with SEC or CLC respectively. It also takes the form of the bit shifted out in a ASL, LSR, ROL or ROR.
Set when the result of an instruction is zero
When set, interrupts other than the NMI are prohibited.
On some machines, initiates binary-coded decimal representation for easier decimal representation.
Unknown
Is set with ADC and SBC when a value is added or subtracted in a way that changes its sign (like adding #$7F and #$01, or #$FF and #$01).
Represents the seventh bit of the variable in context (as the seventh bit states whether a signed bit is negative).
Act of pushing registers onto stack at the beggining of a function
Act of popping registers off stack at the end of a function
Before calling a function, we push the rbp onto the stack to remember the old stackframe base and then we ensure that that old stackframe has a height of a multiple of 16 or in Math, \(16k|k \in \mathbb{N}\) (so translate the rsp down until the stack grows to a multiple of 16)
Linux has an API canned syscalls that allows for linux commands to be executed in x86
A library of C functions can be called within x86
Control unit; used to mediate values from memory and ALU as well as decode and execute an instruction
Arithmetic Logic Unit; used to derive calculations from values fed by the CU, using registers for temporary storage
Central Processing Unit; the hardware in computer responsible for all arithmetic, controlling RAM and and general processing
Instruction Set Arctitecture
Instruction Cycle
Portable Executable; windows binary file seen in .exe, .dll, .sys files and so forth
Executable and Linking Format; unix binary file where an assembly file is compiled to opcodes and then it is linked by resolving variable names to addresses
Specific known values written in certain addresses of memory so that if the addresses were overwritten, a buffer overflow would be detected
Data Execution Prevention; system used to detect unauthorised memory access and terminate program
Address SPace Layout Randomisation; randomisation of the starting location of the stack, heap, base etc. to make aiming the EIP to a desired address more difficult
Last In First Out; the latest pushed object is the object that is returned on a pull, a pipeline follows this convention
First In First Out; the most recently pushed object is the object that is returned on a pull, a stack follows this convention
Partition of stack for a certain function
Overflowing with NOPs so that when you aim the EIP at your exploit in memory, it has a larger target, since if the EIP is aimed just a bit before the explot the NOP allows it to slide without executing misinterpreted instructions that could crash the system
To controll the EIP, we overflow with an array of hex characters with a pattern, observe what overflowed values are in the EIP, find at what index those characters start in the array, and now you know the amount of characters to overflow to arrive at the EIP
Characters that confuses the compiler, often because the characters are used for the file's magic number
Instruction Set Architecture
Responsible for holding frequently used memory closer to CPU for more speed
Type of cache that is fast but small in terms of storage
Type of cache
Type of cache that is slow but large in terms of storage
The order in which high and low address bytes are read
Bit with least significance is the bit that determines \(2^{0}\) (the right-most bit), while the bit with the most significance is the bit that determines \(2^{n}\) where \(n\) is the bit architecture of the system (the left-most bit)
Operating mode for comupers that have access to 1MB of RAM as 20-bit values
Act of translating a high-level language into an assembly binary file
Act of executing a program without translating the file into assembly