PrefaceSummer time
Establishing a daily learning and note-sharing chapter, here I mainly share some notes I wrote during my learning process. Then I share it with everyone to help with learning. The content of this chapter is not limited to evasion, malicious development, reverse engineering, etc. At the same time, please do not use the knowledge learned for illegal testing. Any adverse consequences arising from this are not related to the author of the article.
PART.01
Two Basic Questions of Data Processing
A computer is a machine for data processing and computation, so there are two basic questions:
- Where is the data being processed?
- How long is the data to be processed?
These two questions must be explicitly or implicitly stated in the machine instructions. We define descriptive symbols: reg and sreg for the sake of brevity in description, we use the symbol reg to represent a register and sreg to represent a segment register.
The set of two symbols:
- reg: ax bx cx dx ah al bh bl ch cl dh dl sp bp si di
- sreg: ds ss cs es
PART.02BX SI DI BP
We have used the first three registers, let’s summarize:
- In 8086, only these four registers can be used to address memory units in [….]
Correct:
mov ax,[bx]
mov ax,[bx+si]
mov ax,[bx+di]
mov ax,[bp]
mov ax,[bp+si]
mov ax,[bp+di]
Incorrect:
mov ax,[cx]
mov ax,[ax]
mov ax,[dx]
mov ax,[ds]- The four registers can appear individually or in four combinations: bx and si, bx and di, bp and si, bp and di
Correct:
mov ax,[bx]
mov ax,[si]
mov ax,[di]
mov ax,[bp]
mov ax,[bx+si]
mov ax,[bx+di]
mov ax,[bp+di]
mov ax,[bx+si+idata]
mov ax,[bx+di+idata]
mov ax,[bp+si+idata]
mov ax,[bp+di+idata]
Incorrect:
mov ax,[bp]
mov ax,[bp+idata]
mov ax,[bp+si]
mov ax,[bp+si+idata]PART.03
Where is the data processed by machine instructions?
The vast majority of machine instructions are data processing instructions, roughly divided into three categories: read, write, and compute. Machine instructions only care about the location of the data during processing, which can be in three places: inside the CPU, in memory, or in ports.
|
Machine Code |
Assembly Instruction |
Data Location Before Execution |
|
8E1E0000 |
mov bx,[0] |
Memory, ds:0 unit |
|
89C3 |
mov bx,ax |
Inside CPU, ax register |
|
BB0100 |
mov bx,1 |
Inside CPU, instruction buffer |
PART.04Expression of Data Location in Assembly Language
Immediate Value (idata)
Data that is directly included in the machine instruction (in the CPU’s instruction buffer before execution) is called immediate value idata in assembly, given directly in assembly.
mov ax,1
add bx,2000h
or bx,0000000b
mov al,'a'Registers
The data to be processed by the instruction is in the register, specified by the corresponding register name in the assembly instruction.
mov ax,bx
mov ds,ax
push bx
mov ds:[0],bx
push ds
mov ss,ax
mov sp,axSegment Address (SA) and Effective Address (EA)
The data to be processed by the instruction is in memory, specified in the assembly instruction using the format [x]. EA and SA are stored in a segment register, which can be the default, for example:
The following instructions have the segment address register as ds
mov ax,[0]
mov ax,[di]
mov ax,[bx+8]
mov ax,[bx+si]
mov ax,[bx+si+8]The following instructions have the segment address register as ss
mov ax,[bp]
mov ax,[bp+8]
mov ax,[bp+si]
mov ax,[bp+si+8]The segment address register can also be explicitly specified
mov ax,ds:[bp]
mov ax,es:[bx]PART.05Addressing Modes
PART.06How Long is the Data to be Processed by the Instruction?
8086 can process two sizes of data, byte and word. The size to be used is handled in assembly as follows:
Specify the size of the data to be processed through the register name
For example, in the following instructions, the register specifies that the instruction is performing a sub-operation
mov ax,1
mov bx,ds:[0]
mov ds,ax
mov ds:[0],ax
inc ax
add ax,1000Below are byte operations
mov al,1
mov al,bl
mov al,ds:[0]
mov ds:[0],al
inc al
add al,100When there is no register name, use the operator X ptr to specify the length of the memory unit, where X can be byte or word in the assembly instruction
For example, in the following instruction, word ptr specifies that the accessed memory unit is a word unit
mov word ptr ds:[0],1
inc word ptr [bx]
inc word ptr ds:[0]
add word ptr [bx],2In the following instruction, byte ptr specifies that the accessed memory unit is a byte unit
mov byte ptr ds:[0],1
inc byte ptr [bx]
inc byte ptr ds:[0]
add byte ptr [bx],2In instructions accessing memory units without registers, it is very necessary to explicitly specify the length of the memory unit to be accessed using word ptr or byte ptr; otherwise, the CPU does not know whether to access a word unit or a byte unit. Suppose we can use debug to check the memory situation as follows:2000:1000 FF FF FF FF FF FF…
Then the following instruction will change the memory content to2000:1000 01 FF FF FF FF FF …
mov ax,2000H
mov ds,ax
mov byte ptr [1000H],1While the following instruction will change the content to2000:1000 01 00 FF FF FF FF …
mov ax,2000h
mov ds,ax
mov word ptr [1000H],1Other Methods
Some instructions default to whether the access is a word unit or a byte unit, for example, push [1000H] does not require the instruction access type because the push instruction only performs word operations.
PART.07Previous Notes
Assembly Language Day 06
Assembly Language Day 05
Assembly Language Day 04
Assembly Language Day 03
Assembly Language Day 02
Assembly Language Day 01
Basic Knowledge of Assembly Language
ENDSummer time
Share
Collect
Looking
Like
Scan to Follow UsBe an excellent network security guard