|Assembly Language Tutorial|
| Please choose a tutorial page:
This section will discuss more detail about how an executable file full of hex becomes assembly, and what happens to that hex once it's loaded in memory.
Machine code is simply an encoding of assembly language. Every assembly instruction has one or more bytes of machine code instructions associated with it, and that sequence of bytes translates to exactly one assembly instruction. The relationship is 1:1, by definition.
This is different than the relationship between C and assembly. A sequence of C commands can translate to a variety of assembly instructions, and a sequence of assembly instructions can translate to C commands. There is no strong relationship.
Here is what some machine code might look like:
53 8b 54 24 08 31 db 89 d3 8d 42 07
Obviously, that's nothing that any normal human can read. However, when converted to assembly, it looks like this:
53 push ebx 8B 54 24 08 mov edx, [esp+arg_0] 31 DB xor ebx, ebx 89 D3 mov ebx, edx 8D 42 07 lea eax, [edx+7]
To show the machine code in IDA, in the settings tab find the "opcode bytes" setting and change it to 6 or 8.
Generally, if you need to find out the machine language opcodes for an instruction, either looking online or compiling/disassembling a program is the easiest way to go about it. A good reference book can be found here, which can also be ordered for free in hard copy.
Some opcodes, however, are so important that they should be committed to memory. These are listed below. Note that parameters for the jumps are signed, relative jumps. That is, "74 10", for example, would jump 0x10 bytes ahead of the current instruction, and 0xF0 would jump 0x10 bytes backwards.
|e9 xx xx xx xx||jmp|
|e8 xx xx xx xx||call|
|c2 xx xx||ret xxxx|
The section on cracking will explain why these opcodes are important.
Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.