| 64-bit register | Lower 32 bits | Lower 16 bits | Lower 8 bits |
|---|---|---|---|
| rax | eax | ax | al |
| rbx | ebx | bx | bl |
| rcx | ecx | cx | cl |
| rdx | edx | dx | dl |
| rsi | esi | si | sil |
| rdi | edi | di | dil |
| rbp | ebp | bp | bpl |
| rsp | esp | sp | spl |
| r8 | r8d | r8w | r8b |
| r9 | r9d | r9w | r9b |
| r10 | r10d | r10w | r10b |
| r11 | r11d | r11w | r11b |
| r12 | r12d | r12w | r12b |
| r13 | r13d | r13w | r13b |
| r14 | r14d | r14w | r14b |
| r15 | r15d | r15w | r15b |
[[1]][11]
[[2]][12]
movd eax, xmm0
Add
Adiciona 1 no valor 0(soma bits), ex:
add 0,1
EAX = 01234567
AX = 4567
AH = 45
AL = 67
Mesma coisa para EBX, etc
AX, BX, CX, DI, SI, etc. are 16 BIT registers. EAX , EBX, ECX, EDI, ESI etc. are 32 BIT register. In 32 Bit it adds to all 16 Bit Regirsters the 'E' Letter. The 'E' letter means Extended.
mov EAX, [FFFFFF]
mov [DDDDDD], EAX
st(0)fld qword ptr [FF]
PI no st(0)fldpi
st(0)fld1
jX condição Descrição
jmp 1 Unconditional
je ZF Equal / Zero
jne ~ZF Not Equal / Not Zero
js SF Negative
jns ~SF Nonnegative
jg ~(SF^OF)&~ZF Greater (Signed)
jge ~(SF^OF) Greater or Equal (Signed)
jl (SF^OF) Less (Signed)
jle (SF^OF)|ZF Less or Equal (Signed)
ja ~CF&~ZF Above (unsigned)
jb CF Below (unsigned)
objdump -T *.so
Declara uma variavel e initializa
A call basicamente chama uma funcao que depois retorna.
call x
x:
...
ret
O principal ponto da call eh que ela mexe na stack e muda o valor de alguns registrados (ainda nao olhei com calma)
Basicamente o push poe o valor da variavel passada na stack (RAM) e o pop recura o valor da stack na variavel passada seguindo a ordem de uma LIFO
cheat engine commands, assembly commands
[9]: http://cs.lmu.edu/~ray/notes/x86assembly/ - Explica mais sobre as ferramentas de assembly na prática [10]: http://bookmarks.mageddo.com/bookmark/668/Assembly-Memory-and-Addressing-Modes [11]: https://www.cheatengine.org/forum/viewtopic.php?t=587424&sid=70e42364aea9461253caed444fc6dfb8 [12]: https://stackoverflow.com/questions/39552813/how-to-move-up-to-16-single-bytes-into-an-xmm-register