Assembly Language

Programming
ASSEMBLY CODE SECURITY COURSE
Cybersecurity dept.
By Bakeel Azman
2025

ALshmowkh Assembly Code Security

 Module A: Foundations of Assembly Language(Month 1)

1. Introduction to Assembly & Computer Architecture Course

2.

3.
Arithmetic & Logic Operations
Control flow and loops
outline
4. Procedures & call
5. Linking High-Level Languages with Assembly
Module B: Reverse Engineering & Exploit Development (Month 2)
6. Reverse Engineering
7. Memory Management and Buffer Overflows
8. Exploitation Techniques
Module C: Advanced Topics, Defenses & Practical Applications (Month 3)
9. Secure Assembly Coding Practices
10. Shellcoding & Obfuscation
11. Malware Analysis
12. Defensive Mechanisms & Mitigations

ALshmowkh Assembly Code Security

 Launch Emu8086

ALshmowkh Assembly Code Security

 8086 CPU ARCHITECTURE
16 –bit processor
• The microprocessors functions as the CPU in the
stored program model of the digital computer.
• Its job is to generate all system timing signals and
synchronize the transfer of data between memory, I/O,
and itself
• The microprocessor also has a S/W function.
• It must recognize, decode, and execute program
instructions fetched from the memory unit.
• This requires an Arithmetic-Logic Unit (ALU) within the
CPU to perform arithmetic and logical (AND, OR, NOT,
compare, etc.) functions .

ALshmowkh Assembly Code Security

 Register Structure
The 8086 processor contains fourteen 16-bit registers, including the flags register

ALshmowkh Assembly Code Security

ALshmowkh Assembly Code Security
 ASSEMBLY

ALshmowkh Assembly Code Security

 Assembly language attributes
¤ The most fluent language for computer is machine language.

¤ The next is assembly language, which replace 0’s 1’s with alphabet

¤ Assembly program needs Assembler to map machine language.

¤ Assembly language is not a single language, but a group of

languages.

¤ Assembly program lifecycle:

writing > assembling > linking > loading > executing
ALshmowkh Assembly Code Security
 Assembly Instruction format

Instruction syntax

LABEL OPCODE OPERAND COMMENTS

E.g.

anyName: ADD AL,07H ; add 07h to al register

ALshmowkh Assembly Code Security

 ‫ﻣﺮاﺟﻊ ﻋﺮﺑﻲ – ﻟﻐﺔ أﺳﻤﺒﻠﻲ‬

‫اﻟﺸﺎﻣﻞ ﻓﻰ ﻟﻐﺔ اﻻﺳﻤﺒﻠﻰ ‪ -‬ﻣﺤﻤﺪ اﺳﻤﺎﻋﯿﻞ ‪Noor-Book.com‬‬

‫‪ALshmowkh‬‬ ‫‪Assembly Code Security‬‬
 Learning resource
Practice #01 •8086 tutorial

Input & output and Movement Instructions

Develop an assembly
Code assembly programs to
program to input the below
print on the screen the
requests from the user, then
below:
print:
1. Character 1. Character
2.String 2.String
3.A character in a string
4.An array
ALshmowkh Assembly Code Security
 Practice #02
Program assembly codes for solving:
2+3
x+4
x+y
8-3
3-8
x-y
2*4
x*y
18/3
7*5
912/150
ALshmowkh Assembly Code Security
 Practice #03
→Create assembly programs for equivalent high-level below codes:
→goto mylabel;
→If(x>y) int main(){
→If(x>=y) int x,y;
std::cin>>x;
→If(x>y) else if #include<iostream>
std::cin>>y;
→Nested if int main(){
if(x>y){
mylabel:
std::cout<<"X > Y";}
std::cout<<"Welcome!";
else if(x<y){
goto mylabel;
std::cout<<"X < Y";}
return 0;}
else{
std::cout<<"X = Y";}
}

ALshmowkh Assembly Code Security

 Practice #04

1.Check whether an input number is odd or

even?
By 2.Evaluate the score of a student whether it is
fail, pass, good, excellent.
assembly 3.Print result of 85-142, which equals 57
4.Absolute Value
code: 5.Branch If a Number Is Between Two Bounds
6.Conditional Swap (if AX > BX, swap AX and
BX)

ALshmowkh Assembly Code Security

 Practice #05

Create assembly programs to Develop, using assembly

count below loops: language, the below programs:

0 to 9 Display all the alphabet

characters, a….z
9 to 0
0 to 99
Input long integer
99 to 0 only even values, 452,8623,…

ALshmowkh Assembly Code Security

 Practice #06
By logic instructions:
• Bit Check Without Altering
• Check If a Number is Even or Odd without division instruction
• Check If a Register is Zero
• Check If a Specific Bit is Set
• Check If a Number is Negative (Sign Bit = 1)
• Zero a Register Using Logical Side Effect (Trick)
• Set Specific Bit(s) in a byte or a word
• Toggle a Bit
• Set bit 2 of AL only if it’s not already set
• Check if AX is negative without using CMP
• Create a one-byte mask to extract upper nibble
• Clear the sign bit in AX manually

ALshmowkh Assembly Code Security

 Programmatic Trick
MOV DX,0
MOV CX, 78fh
TEST CX, 8000h
JZ CHECK_BX → Check If Two Numbers Have the Same Sign MOV CX, 78fh
MOV dl,1 →Goal: If AX and BX are both positive or both XOR CX, 59ah
CHECK_BX: negative, set CX=1. Else, CX = 0. TEST CX, 8000h
MOV BX,53ah JZ same_sign
TEST BX,8000h MOV CX, 0
JZ CHECK_SIGN JMP done
mov dh,1 same_sign:
CHECK_SIGN: The two scripts function the same task MOV CX, 1
CMP dh,dl done:
JZ same_sign
MOV CX, 0
JMP done
same_sign:
MOV CX, 1
done:

ALshmowkh Assembly Code Security

 Addressing modes The different ways in which a processor can access data are
called addressing modes
1. Register mode
MOV AX, BX ; 16-bit data transfer
MOV AL, BL ; 8-bit data transfer
5. Memory mode:
2. Immediate mode A. Direct memory addressing : by value
MOV AL, 45H MOV AX, [0125h] ; DS offset 0125h
MOV BX, 5062H B. Indirect memory addressing : by [BX, BP, SI, DI]
3. Port mode MOV AX, [BX] ; DS offset BX
C. Based addressing: by [BX, BP]
Direct (e.g. IN AL, 02H) MOV AX, 4[BX] ; DS offset value + BX
Indirect (e.g. IN AL, [DX]) D. Indexed addressing: by [SI, DI]
4. Relative mode MOV AX, 8[SI] ; DS offset value+ SI
E. Based Indexed addressing: by [BX, BP][SI, DI]
JMP 08H MOV AX, 4[BX][SI] ; sum of value + base + index
5. memory modes

ALshmowkh Assembly Code Security

 Procedures
Procedure is a subprogram called a procedure.
Procedure is a part of code that can be called from your program in
order to make some specific task, through call instruction.
Procedure returns to the same point from where it was called using
ret instruction
Procedures or subroutines are very important in assembly language
because they help in modular programming of code.
Procedures make program more structural and easier to understand.
Procedures are designed for a large set of instructions to execute a
specific task. While a macro is employed for a small batch of
instructions.

procedure syntax:
procName proc
;… code
procName endp

ALshmowkh Assembly Code Security

 Stack: Push & Pop
• The stack is a block of memory used for temporarily storing the
contents of registers inside CPU.
• The stack is required when CALL instruction is used. Take an example
• Stack is accessed by using SP and SS.
• Stack is a Top Down Data Structure whose elements are accessed by
using a pointer (SP,SS)
• The stack grows in the reverse direction, i.e., toward the lower
memory address.
• Stack is organized on a Last-In-First-Out basis. Thus the item which
was put last on the stack is the first to be withdrawn
• Store 16 bit value in the stack. Algorithm: SP = SP - 2
• PUSH: Push to Stack: This instruction pushes the contents of the
specified register/memory location on to the stack.
• The Stack pointer SP keeps track of the position of the last item
placed on the stack (i.e. the Top of Stack).
• The two instructions which modify the stack are the PUSH (which
places items on the stack) and the POP (which retrieves items from
the stack).

ALshmowkh Assembly Code Security

 Real mode vs protected mode
→Real mode and protected mode are two different operating modes of the x86 processor
architecture.
→Real Mode vs Protected Mode, which are key concepts in x86 architecture. They're crucial
for understanding how the CPU operates and accesses memory.
→8086 microprocessors work in real mode, which is prohibited in the contemporary OS

→Real mode is a simpler, 16-bit mode that the CPU starts in, while protected mode is a more
advanced, 32-bit (or 64-bit) mode that offers features like memory protection and
multitasking.
→Modern operating systems run in protected mode, while real mode is primarily used during
the initial boot process.
→A 'real mode' program uses BIOS subroutines along with OS subroutines whereas a
'protected mode' program uses only OS subroutines.

ALshmowkh Assembly Code Security

 64-bit Architecture
→Instruction Set Enhancements 64-bit mode adds New registers (R8-R15) New instructions
and prefixes
→Here are the major differences and considerations when migrating assembly code from 16-
bit (real mode) to 64-bit (x86-64) architecture:

Feature 16-bit Real Mode 64-bit Long Mode

Registers AX, BX, CX, DX (16-bit) RAX, RBX, RCX, RDX + R8-R15 (64-bit)
Memory Model Segmented (segment:offset) Flat 64-bit linear addressing
Stack Pointer 16-bit SP 64-bit RSP
Calling Convention Stack-based, interrupts for OS Registers for args, OS API calls
System Calls Software interrupts (int 21h) Syscalls or API functions
Assembler/Linker TASM/MASM, .com/.exe NASM/MASM, PE/ELF format
Operating System DOS, old Windows Modern Windows/Linux/macOS

ALshmowkh Assembly Code Security

 Practice #06
Print the Print the
max value min value
Display
Search for a
summatio
value
n

Display the array’s

elements Display
• From left to right
multiplication
• From right to left

By assembly code,
Fill in from user-
inputs define an integer Sort
array, then:

ALshmowkh Assembly Code Security

Thanks
Does anyone have any questions?
[email protected]

Next lab