Machine Code

From SkullSecurity
Revision as of 03:12, 16 January 2012 by Killboy (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Assembly Language Tutorial
Please choose a tutorial page:

This section will discuss more detail about how an executable file full of hex becomes assembly, and what happens to that hex once it's loaded in memory.

Machine Code

Machine code is simply an encoding of assembly language. Every assembly instruction has one or more bytes of machine code instructions associated with it, and that sequence of bytes translates to exactly one assembly instruction. The relationship is 1:1, by definition.

This is different than the relationship between C and assembly. A sequence of C commands can translate to a variety of assembly instructions, and a sequence of assembly instructions can translate to C commands. There is no strong relationship.

Here is what some machine code might look like:

53 8b 54 24 08 31 db 89 d3 8d 42 07

Obviously, that's nothing that any normal human can read. However, when converted to assembly, it looks like this:

53                push    ebx
8B 54 24 08       mov     edx, [esp+arg_0]
31 DB             xor     ebx, ebx
89 D3             mov     ebx, edx
8D 42 07          lea     eax, [edx+7]

To show the machine code in IDA, in the settings tab find the "opcode bytes" setting and change it to 6 or 8.

Generally, if you need to find out the machine language opcodes for an instruction, either looking online or compiling/disassembling a program is the easiest way to go about it. A good reference book can be found here, which can also be ordered for free in hard copy.

Some opcodes, however, are so important that they should be committed to memory. These are listed below. Note that parameters for the jumps are signed, relative jumps. That is, "74 10", for example, would jump 0x10 bytes ahead of the current instruction, and 0xF0 would jump 0x10 bytes backwards.

74 xxje
75 xxjnz
eb xxjmp
e9 xx xx xx xxjmp
e8 xx xx xx xxcall
c2 xx xxret xxxx

The section on cracking will explain why these opcodes are important.


Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.