Malware Handbook
  • Preface
  • Author
  • Prerequisites for Malware
  • Prerequisites for Lab Set-Up
  • Setting Up Labs
  • Download Sample Malware Exercises
  • Intro to Assembly Language
  • Assembly Language Basics
  • Commonly Used Instructions
  • Win32 Assembly Programming
  • PE Format
    • PE32
    • PE32+
  • Malware
    • Types of Malware
    • Malware Classification by Windows Defender
    • Sourcing Malware
  • Malware Development
  • Malware Analysis
    • Malware Analysis Methodologies
      • Static Analysis
        • Static Analysis Tools/Methods
        • Static Analysis of Sample Files
      • Dynamic Analysis
        • Dynamic Analysis Tools/Methods
        • Analyzing Files with Regshot, Process Monitor, and Wireshark
        • Analyzing calc.exe and Network Activity
      • Manual Code Reversing
        • Reverse Engineering Simple Windows Executable Files
        • Reverse Engineering re_lotsastuff.exe
        • Reverse Engineering re_lotsastuff.exe Using Ghidra
      • Analyzing PowerShell Scripts
      • Analyzing JavaScript Samples
        • Analyzing JavaScript in HTML
      • Analyzing Macro Code in Office Documents
      • Setting Up REMnux Environment
        • Setting Up and Configuring FakeNet in REMnux
      • Analyzing an ELF File
      • Analyzing ASPX Webshells
      • Analyzing JAR Files
    • SAMPLE NOTES (of Notes.txt)
Powered by GitBook
On this page

Commonly Used Instructions

1. MOVE Instruction

  • Purpose: Moves or copies data.

    • Immediate: MOV EAX, 0xABCD1234 (moves the immediate value 0xABCD1234 into EAX).

    • Register to Register: MOV EAX, EBX (copies the value in EBX to EAX).

    • Memory: MOV EAX, DWORD PTR [EBP-0xC] (moves a value from memory at [EBP-0xC] into EAX).

2. ADD and SUB Instructions

  • ADD: Performs addition.

    • Example: ADD EAX, EBX (adds the value in EBX to EAX).

  • SUB: Performs subtraction.

    • Example: SUB EAX, 0x10 (subtracts 0x10 from EAX).

3. INC and DEC Instructions

  • INC: Increments an operand by one.

    • Example: INC EAX (increases the value in EAX by one).

  • DEC: Decrements an operand by one.

    • Example: DEC EAX (decreases the value in EAX by one).

4. XOR Instruction

  • Purpose: Performs bit-wise XOR operation.

    • Example: XOR EAX, EBX (XORs the value in EAX with EBX).

5. NOP Instruction

  • Purpose: No Operation; does nothing.

    • Usage: Used for timing purposes or memory alignment.

6. Unconditional Jump

  • Purpose: Transfers control to another code unconditionally.

    • Example: JMP LABEL (jumps to the instruction at LABEL).

7. Conditional Jump

  • Purpose: Transfers control if a specified condition is met.

    • JE/JZ: Jump if Equal/Jump if Zero (checks if the Zero Flag is set).

      • Example: JE LABEL (jumps to LABEL if ZF is set).

    • JNE/JNZ: Jump if Not Equal/Jump if Not Zero (checks if the Zero Flag is not set).

      • Example: JNE LABEL (jumps to LABEL if ZF is not set).

8. CMP Instruction

  • Purpose: Compares two operands.

    • Example: CMP EAX, EBX (compares EAX with EBX).

9. LOOP Instruction

  • Purpose: Transfers control to a label and decrements the ECX register.

    • Usage: Continues looping until ECX reaches zero.

    • Example: LOOP LABEL (jumps to LABEL and decrements ECX until ECX is zero).

PreviousAssembly Language BasicsNextWin32 Assembly Programming

Last updated 9 months ago