Used mainly to perform jumps to certain memory locations, it stores the address to jump to. Some are simple arithmetic operations and some are complex calculations. The NOP instruction, short for “no operation”, simply does nothing. If being used as a pointer, registers can be dereferenced, retrieving the value stored at the address being pointed to. Since registers simply store values, they may or may not be used as pointers, depending on on the information stored. This section covers some of the most common assembly instructions, their purpose in a program and some example uses: Instruction Type They are used in buffer overflow attacks to redirect the execution flow to malicious code through a pointer that points at a JMP instruction. The value of the memory address can be obtained by “dereferencing” the pointer. whether it overflowed the register or whether the operands were equal.Ī pointer is, a variable that stores a memory address as its value, which will correspond to a certain instruction the program will have to perform. Stores meta-information about the results of previous operations i.e. Stores a pointer to the address of the instruction that the program is currently executing.Īfter each instruction, a value equal to the its size is added to EIP, meaning it points at the machine code for the next instruction. Has two uses depending on compile settings, it is either the frame pointer or a general purpose register for storing of data used in calculations.Ī special register that stores a pointer to the top of the stack (virtually under the end of the stack). Points to the destination of instructions that require a source and destination. Used as a pointer, points to the source of instructions that require a source and destination. Occasionally used as a function parameter, also used for storing short-term variables in a function. Occasionally used as a function parameter and often used as a loop counter. No specific uses, often set to a commonly used value in a function to speed up calculations. Different compilers may have different uses for the registers, the ones listed below are used in Microsoft’s compiler: Register Intel assembly has 8 general purpose and 2 special purpose 32-bit register. Registers can hold pointers which point to memory addresses containing certain instructions for the program to perform, this can be exploited by using a jump instruction to move to a different memory location containing malicious code. Registers are CPU variables that sore single records, there are a fixed number of registers that are used for different purposes and they all have a specific location in the CPU. The ESP CPU register points to the lowest part of the stack and anything below it is free memory that can be overwritten, which is why it is often exploited by injecting malicious code into it. The stack always grows downwards towards lower values as new information is added to it. The stack is a section of memory that stores temporary data, that is executed when a function is called. This will come useful when redirecting the application execution as the JMP ESP instruction address will have to be stored in reverse in the exploit. 0x0BADF00D will be stored as “0DF0AD0B”.0x032CFBE8 will be stored as “E8FB2C03”.In little endian, the bytes are stored in reverse order. Whenever an executable is run, its code is loaded into memory so that it can perform all the tasks that is has been programmed to do, because all of the instructions are loaded onto the program’s memory, this can be changed thus making the application perform unintended actions.Īll variables in memory are stored using either little endian (for intel x86 processors) or big endian (for PowerPC) format. Normally, a process is allocated a certain amount of memory which contains all of the necessary information it requires to run, such as the code itself and any DLLs, which isn’t shared with other processes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |