Overview of common x86 instructions
In the previous articles, readers were briefly introduced to x86 assembly. We discussed what x86 assembly is, a brief history of it, Instruction Set Architecture and types of x86 assembly syntax with examples, data representation in x86, various addressing modes and various x86 CPU registers. This background has set up a good foundation to understand some common x86 instructions.
So, in this article, we will have an overview of common x86 instructions and how to use them.
Learn Secure Coding
MOV instruction
The MOV instruction is used to copy data from the source operand to the destination operand. The following assembly program shows MOV instructions with various different operand types.
_start:
mov eax, 8
mov eax, 0xa
mov ebx, eax
mov ecx, [esp]In the preceding program, the first mov instruction copies the value 8 into register EAX. We can also move hex values into the registers. In the next instruction, we are moving 0xa into eax. We are telling the program that we are moving a hex value that's decimal 10 by prepending 0x. In the third instruction, we are moving the value stored in a register into another register. We have the value hex a (0xa) in the register EAX. We are moving that into the EBX register. There is another type of mov instruction, which will essentially copy the value which is pointed by the address of a register.
So, if we specify the instruction MOV ECX, [ESP] it will try to pick the address of ESP and it will move the value that's pointed by this ESP register into ECX.
Arithmetic instructions
Arithmetic instructions are used to perform simple arithmetic operations. ADD, SUB, INC and DEC are the most commonly used arithmetic instructions.
_start:
mov eax, 2
add eax, 8
add eax, eax
sub eax, 5
inc eax
inc eax
dec eax
dec eaxIn the preceding program, the MOV instruction copies the value 2 into EAX register. Next, ADD EAX, 8 instruction is used to add the value 8 to this value. As we can see, ADD instruction has two arguments. The value in the source is added to the destination and then stored in the destination. This example used an immediate value to be added. It is also possible to use two registers as operands with ADD instruction. This is shown using the instruction ADD EAX, EAX. When this instruction is executed, the value in EAX will be added with its own value and then it will be saved in EAX itself since the destination operand is EAX register.
So what this means is, the fist instruction moves the value 2 into EAX. The second instruction adds 8 to 2 and stores the value 10 in EAX. The third instruction after its execution stores the value 20 in the EAX register.
Now, let's see how subtraction works. We can use the instruction SUB to perform subtraction. When the instruction SUB EAX, 5 is executed, 5 is subtracted from the value stored in EAX register and the result will in turn be stored in the EAX register. In this case, the register EAX currently contains the value 20 and we are subtracting the value 5. So EAX register will contain the value 15 after the SUB instruction is executed in the preceding program.
Now let's see how INC and DEC instructions work. Currently, the register EAX contains the value 15. Let's assume that you want to increment the value by 1. We can simply use the increment instruction on EAX register. Once INC EAX instruction is executed, the EAX register will contain the value 16. The preceding program contains another INC EAX instruction, which will store the value 17 in EAX register when executed. We can use DEC instruction to decrement the value of the operand by 1. EAX in the preceding program currently holds the value 17. Executing DEC EAX twice will store the value 15 in EAX register.
Logical instructions
The x86 instruction set provides instructions to perform logical operations. These instructions include AND, OR, XOR, TEST and NOT.
Let us begin with the AND instruction.
_start:
mov AL, 7
and AL, 01HIn the preceding program, the value 7 is first moved to the sub-register AL. The next instruction AND AL, 01H can be used to check if the value stored in AL register is an even number or odd number. If it is an even number, the AND operation will result in a zero. If it is an odd number, the AND operation will result in 1. The resultant value will be stored in the destination operand, which is AL in this case. Similarly, the OR instruction can be used to set one or more bits.
Next, let us see the TEST instruction.
_start:
mov AL, 7
test AL, 01HThis is the same program that we used with AND instruction. TEST instruction is similar to AND instruction with one difference. The result will not be stored in the destination operand once the instruction is executed.
Now, let us know how we can use the XOR instruction.
_start:
mov eax, 20
xor eax, eaxIn the preceding program, the register eax will hold the value 20 after the first instruction is executed. When the second instruction is executed, each bit in the EAX register is going to go through a bitwise exclusive OR operation with each bit in itself. So essentially this is going to produce value zero and then it's going to be stored in EAX. This is usually used to clear registers.
Conditional execution
The next important set of instructions are the ones that help the programmer to achieve conditional execution. CMP and jump family of instruction are two common instructions that facilitate condition execution. Let us consider the following example.
jne valuenotequal
valuenotequal:
; do somethingThe preceding program has a CMP instruction followed by JNE instruction. Most of the times Jump instructions occur after a comparison instruction such as CMP. In this case, the CMP instruction is checking the value of the register EAX against the value 10. If the value is equal the Zero flag will be set. If the result is negative, Negative flag will be set. When the Jump instructions are executed, they usually rely on one of these flags to decide what action needs to be done. In this case, JNE instruction is used, which checks for the Zero flag. If zero flag is not set, Jump will be taken.
Similarly, other jump instructions such as JE (jump if equal), JG (jump if greater), JL (jump if less), JGE (Jump if greater than or equal), JLE (Jump if less than or equal). Clearly, all these jump instructions are relying on some condition and thus these are known as conditional jumps. The instruction JMP does not rely on any conditions and it always takes the jump. Thus JMP instruction is called an unconditional Jump instruction.
Stack instructions
PUSH and POP are the two most popular instructions when working with the stack. PUSH instruction is used to push a value onto the stack and the POP instruction is used to pop a value off the stack and store it into a register. Let us consider the following example.
_start:
mov eax, 20
push eax
push eax
pop ecx
pop ebxIn the preceding program, we are first using the mov rax, 20 instruction to copy the value 20 into EAX register. Next, we are pushing the value stored in EAX register onto the stack by using the instruction PUSH EAX. We are then pushing the value stored in the EAX register onto the stack once again by executing the PUSH EAX instruction. So, the value 20 was pushed twice onto the stack.
Now, let us try to pop this value 20 twice and store it into two different registers. First, the instruction POP ECX can be used to pop the value 20, which is on the top of the stack into the register ECX. What this instruction will do is, whatever the value that we have recently pushed onto the stack will be popped into the ECX register. Next, the instruction POP EBX is used, which is going to pop the value on the top of the stack into the register EBX.
Learn Secure Coding
Conclusion
This article has provided a quick overview of some of the commonly seen x86 instructions. It should be noted that the instruction set comes with much more instructions that are not covered in this article. We may cover some of the instructions that are not covered here in the upcoming articles as required.
Sources
- Assembly Language for x86 Processors, Kip Irvine
- Modern X86 Assembly Language Programming, Daniel Kusswurm
- Linux Assembly Language Programming, Bob Neveln
Learn Secure Coding
Get hands-on experience with common coding mistakes, how they can be exploited and possible mitigations. Learn secure coding in:- Android and iOS
- C/C++, Java, .NET and PHP
- And more
In this Series
- Overview of common x86 instructions
- Enhancing code security: Tools and techniques for safeguarding your code
- DevSecOps Tools of the trade
- Software dependencies: The silent killer behind the world's biggest attacks
- Software composition analysis and how it can protect your supply chain
- Only 20% of new developers receive secure coding training, says report
- Introduction to Secure Software Development Life Cycle
- How to control the flow of a program in x86 assembly
- Mitigating MFA bypass attacks: 5 tips for developers
- How to diagnose and locate segmentation faults in x86 assembly
- How to use the ObjDump tool with x86
- Debugging your first x86 program
- How to build a program and execute an application entirely built in x86 assembly
- x86 basics: Data representation, memory and information storage
- What is x86 assembly?
- Introduction to x86 assembly and syntax
- Introduction to variables
- How to mitigate Race Conditions vulnerabilities
- How to avoid Cryptography errors
- Cryptography errors Exploitation Case Study
- How to exploit Cryptography errors in applications
- How to exploit race conditions
- Email-based attacks with Python: Phishing, email bombing and more
- Attacking Web Applications With Python: Recommended Tools
- Attacking Web Applications With Python: Exploiting Web Forms and Requests
- Attacking Web Applications With Python: Web Scraper Python
- Python for Network Penetration Testing: Best Practices and Evasion Techniques
- Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools
- Python Language Basics: Variables, Lists, Loops, Functions and Conditionals
- How to Mitigate Poor HTTP Usage Vulnerabilities
- How to Exploit Poor HTTP Usage
- Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)
- How to Mitigate Integer Overflow and Underflow Vulnerabilities
- How to exploit integer overflow and underflow
- Introduction to Parallel Processing
- What are Race Conditions?
- How Are Credentials Used In Applications?
- How To Exploit Least Privilege Vulnerabilities
- XSS Vulnerabilities Exploitation Case Study
- What is is integer overflow and underflow?
- SQL Injection Vulnerabilities Exploitation Case Study
- How to exploit improper error handling
- Improper Error Handling Exploitation Case Study
- Why Improper Error Handling Happens
- How to exploit CSRF Vulnerabilities
- How to mitigate CSRF Vulnerabilities
- What Causes Command Injection Vulnerabilities? (How are Data and Code Handled in Execution Environments)
- Command Injection Vulnerabilities
- Command Injection Vulnerabilities Exploitation Case Study
- How to mitigate Command Injection Vulnerabilities
- How to exploit SQL Injection Vulnerabilities
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Secure coding