x86/x64 Assembly

Low-Level

Understanding x86/x64 assembly is crucial for reverse engineering. This guide covers common instructions, patterns, and how to recognize high-level constructs in assembly.

Common Instructions

x86-instructions.asm

asm

; Data Movement
mov rax, rbx        ; Copy rbx to rax
lea rax, [rbx+8]    ; Load effective address
push rax            ; Push to stack
pop rbx             ; Pop from stack

; Arithmetic
add rax, 10         ; rax = rax + 10
sub rbx, rax        ; rbx = rbx - rax
imul rax, rbx       ; rax = rax * rbx (signed)
xor rax, rax        ; rax = 0 (common pattern)
inc rcx             ; rcx++
dec rcx             ; rcx--

; Comparison & Jumps
cmp rax, rbx        ; Compare (sets flags)
test rax, rax       ; Test if zero
je  label           ; Jump if equal (ZF=1)
jne label           ; Jump if not equal
jg  label           ; Jump if greater (signed)
ja  label           ; Jump if above (unsigned)
jmp label           ; Unconditional jump

; Function calls
call function       ; Push return addr, jump
ret                 ; Pop return addr, jump

; Common patterns
; if (a == b)
cmp rax, rbx
jne else_branch
; ... then code ...
jmp end_if
else_branch:
; ... else code ...
end_if:

; for (i = 0; i < 10; i++)
xor ecx, ecx        ; i = 0
loop_start:
cmp ecx, 10         ; i < 10?
jge loop_end
; ... loop body ...
inc ecx             ; i++
jmp loop_start
loop_end:

x86/x64 Assembly

Common Instructions

Related Topics

RE Fundamentals

Decompilation