Scribd
Upload
75 views15 pages

Malware Analysis-3

The document discusses registers in assembly language. It notes that registers come in different sizes like rax (64-bit), eax (32-bit), ax (16-bit), and al/ah (8-bit). Though registers can hold values of different sizes, writing to a larger register allows reading component pieces from smaller registers. It then provides a short assembly program to print "Hello World" as an example. The program uses system calls and registers to output the string and exit the program.

Uploaded by

zohaib javaid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views15 pages

Malware Analysis-3

The document discusses registers in assembly language. It notes that registers come in different sizes like rax (64-bit), eax (32-bit), ax (16-bit), and al/ah (8-bit). Though registers can hold values of different sizes, writing to a larger register allows reading component pieces from smaller registers. It then provides a short assembly program to print "Hello World" as an example. The program uses system calls and registers to output the string and exit the program.

Uploaded by

zohaib javaid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Malware Analysis-3

Assembly Language Introduction


Registers in Assembly Language
Like C++ variables, registers are actually available in several sizes:

● rax is the 64-bit, "long" size register. It was added in 2003 during the transition to 64-bit processors.
● eax is the 32-bit, "int" size register. It was added in 1985 during the transition to 32-bit processors with the 80386
CPU. I'm in the habit of using this register size, since they also work in 32 bit mode, although I'm trying to use the
longer rax registers for everything.
● ax is the 16-bit, "short" size register. It was added in 1979 with the 8086 CPU, but is used in DOS or BIOS code to
this day.
● al and ah are the 8-bit, "char" size registers. al is the low 8 bits, ah is the high 8 bits. They're pretty similar to the old
8-bit registers of the 8008 back in 1972.

https://onecompiler.com/assembly
Register Sizes
Curiously, you can write a 64-bit value into rax, then read off the low 32 bits from
eax, or the low 16 bitx from ax, or the low 8 bits from al--it's just one register, but
they keep on extending it!
Write a program to
Printing Hello World
section .data
hello db 'Hello, World!',0 ; null-terminated string

section .text
global _start

_start:
; write the string to stdout
mov eax, 4 ; system call number for sys_write
mov ebx, 1 ; file descriptor 1 is stdout
mov ecx, hello ; pointer to the string
mov edx, 13 ; length of the string
int 0x80 ; call kernel

; exit the program


mov eax, 1 ; system call number for sys_exit
xor ebx, ebx ; exit code 0
int 0x80 ; call kernel
Explanation:

● The .data section is used to define data elements. In this case, we define a null-terminated string
'Hello, World!'.
● The .text section is where the actual code resides.
● The _start label is the entry point for the program.
● The mov instructions move values into registers. For example, mov eax, 4 sets the value 4 into the
eax register, which represents the system call for sys_write.
● The int 0x80 instruction is a software interrupt that invokes the kernel to perform a system call.
● After printing the string, the program uses another system call to exit (mov eax, 1 for sys_exit).
Reading Material
To get more understanding:

https://www.cs.cmu.edu/~guna/15-123S11/Lectures/Lecture27.pdf

https://www.tutorialspoint.com/compile_asm_online.php

https://www.tutorialspoint.com/assembly_programming/assembly_registers.htm

You might also like