{"id":553,"date":"2023-12-21T19:23:20","date_gmt":"2023-12-21T19:23:20","guid":{"rendered":"https:\/\/maboc.nl\/?p=553"},"modified":"2023-12-21T19:23:20","modified_gmt":"2023-12-21T19:23:20","slug":"assembly-and-opcodes","status":"publish","type":"post","link":"https:\/\/maboc.nl\/?p=553","title":{"rendered":"Assembly and opcodes"},"content":{"rendered":"

Intro<\/h2>\n

When a program is compiled (and linked) it will no longer contains readable lines of code. Instead it will consist of opcodes (operation codes). I would like to see whether I can find out what dome opcodes mean. You might say “just look at the intel or AMD manual and there you go”…but where is the fun in that.<\/p>\n

Take care…I’m not an assembly professional!!! I’m an enthusiastic hobbyist. If you see errors\/omissions\/…. do not hestiate to point that out. (but please be nice ( \ud83d\ude42 )<\/p>\n

Approach<\/h2>\n
    \n
  1. \u00a0Make a very small assembly program (you will see in a second)<\/li>\n
  2. Assemble it<\/li>\n
  3. link it<\/li>\n
  4. Make a hexdump (to make it a more easy read)<\/li>\n
  5. Change one instruction in the program<\/li>\n
  6. Assemble<\/li>\n
  7. Link<\/li>\n
  8. Make hexdump<\/li>\n
  9. Search for differences in the two hexdumps<\/li>\n
  10. See if you can learn something about opcodes<\/li>\n<\/ol>\n

     <\/p>\n

    Do the work<\/h2>\n

    1. Make a very small assembly program (you will see in a second)<\/h3>\n

    I created the following small program<\/p>\n

    [martijn@fedora asm]$ cat mov_al_1.asm\r\nsection .data    ;I have no data\r\n\r\nsection .text    ;Here we start the coding\r\n\r\nglobal _start    ;Define our entry point\r\n\r\n_start:          ;Start\r\nmov al, 1        ;Our instruction of interest\r\n\r\nmov rax, 60      ;Syscall for exiting the program\r\nmov rdi, 0       ;Return code is zero\r\nsyscall          ;Make the call\r\n\r\n[martijn@fedora asm]$<\/pre>\n
    As you might see. The program does nothing of interest. Only thing it does is moving the value 1 into the register al (1 byte width). The idea is only changing this mov instruction. If everything else stays the same…we should be able to see what changed and then learn something.<\/p>\n
    2. Assemble it<\/h2>\n
     [martijn@fedora asm]$ nasm -o mov_al_1.o -f elf64 mov_al_1.asm<\/pre>\n
    3. Link it<\/h3>\n
    [martijn@fedora asm]$ ld -o mov_al_1 mov_al_1.o<\/pre>\n
    \u00a04. Make a hexdump (to make it a more easy read)<\/h3>\n
    [martijn@fedora asm]$ hexdump -C mov_al_1 > hd_mov_al_1<\/pre>\n
    5. Change one instruction in the program<\/h3>\n
    [martijn@fedora asm]$ cat mov_bl_1.asm\r\nsection .data\r\n\r\nsection .text\r\n\r\nglobal _start\r\n\r\n_start:\r\nmov bl, 1\r\n\r\nmov rax, 60\r\nmov rdi, 0\r\nsyscall\r\n[martijn@fedora asm]$<\/pre>\n
    Only thing changed is “mov al, 1” to “mov bl, 1”<\/p>\n
    6. Assemble<\/h3>\n
    [martijn@fedora asm]$ nasm -o mov_bl_1.o -f elf64 mov_bl_1.asm<\/pre>\n
    7. Link<\/h3>\n
    [martijn@fedora asm]$ ld -o mov_bl_1 mov_bl_1.o<\/pre>\n
    8. Make hexdump<\/h3>\n
    [martijn@fedora asm]$ hexdump -C mov_bl_1 > hd_mov_bl_1<\/pre>\n
    9. Search for differences in the two hexdumps<\/strong><\/h3>\n
    The hexdump of the “mov al, 1” program<\/p>\n
    [martijn@fedora asm]$ cat hd_mov_al_1 \r\n00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|\r\n00000010 02 00 3e 00 01 00 00 00 00 10 40 00 00 00 00 00 |..>.......@.....|\r\n00000020 40 00 00 00 00 00 00 00 e8 10 00 00 00 00 00 00 |@...............|\r\n00000030 00 00 00 00 40 00 38 00 02 00 40 00 05 00 04 00 |....@.8...@.....|\r\n00000040 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00000050 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|\r\n00000060 b0 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 00 |................|\r\n00000070 00 10 00 00 00 00 00 00 01 00 00 00 05 00 00 00 |................|\r\n00000080 00 10 00 00 00 00 00 00 00 10 40 00 00 00 00 00 |..........@.....|\r\n00000090 00 10 40 00 00 00 00 00 0e 00 00 00 00 00 00 00 |..@.............|\r\n000000a0 0e 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 |................|\r\n000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n*\r\n00001000 b0 01 b8 3c 00 00 00 bf 00 00 00 00 0f 05 00 00 |...<............|\r\n00001010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001020 00 00 00 00 00 00 00 00 01 00 00 00 04 00 f1 ff |................|\r\n00001030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001040 13 00 00 00 10 00 01 00 00 10 40 00 00 00 00 00 |..........@.....|\r\n00001050 00 00 00 00 00 00 00 00 0e 00 00 00 10 00 01 00 |................|\r\n00001060 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |. @.............|\r\n00001070 1a 00 00 00 10 00 01 00 00 20 40 00 00 00 00 00 |......... @.....|\r\n00001080 00 00 00 00 00 00 00 00 21 00 00 00 10 00 01 00 |........!.......|\r\n00001090 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |. @.............|\r\n000010a0 00 6d 6f 76 5f 61 6c 5f 31 2e 61 73 6d 00 5f 5f |.mov_al_1.asm.__|\r\n000010b0 62 73 73 5f 73 74 61 72 74 00 5f 65 64 61 74 61 |bss_start._edata|\r\n000010c0 00 5f 65 6e 64 00 00 2e 73 79 6d 74 61 62 00 2e |._end...symtab..|\r\n000010d0 73 74 72 74 61 62 00 2e 73 68 73 74 72 74 61 62 |strtab..shstrtab|\r\n000010e0 00 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 |..text..........|\r\n000010f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n*\r\n00001120 00 00 00 00 00 00 00 00 1b 00 00 00 01 00 00 00 |................|\r\n00001130 06 00 00 00 00 00 00 00 00 10 40 00 00 00 00 00 |..........@.....|\r\n00001140 00 10 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 |................|\r\n00001150 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 |................|\r\n00001160 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 |................|\r\n00001170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001180 10 10 00 00 00 00 00 00 90 00 00 00 00 00 00 00 |................|\r\n00001190 03 00 00 00 02 00 00 00 08 00 00 00 00 00 00 00 |................|\r\n000011a0 18 00 00 00 00 00 00 00 09 00 00 00 03 00 00 00 |................|\r\n000011b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n000011c0 a0 10 00 00 00 00 00 00 26 00 00 00 00 00 00 00 |........&.......|\r\n000011d0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|\r\n000011e0 00 00 00 00 00 00 00 00 11 00 00 00 03 00 00 00 |................|\r\n000011f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001200 c6 10 00 00 00 00 00 00 21 00 00 00 00 00 00 00 |........!.......|\r\n00001210 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|\r\n00001220 00 00 00 00 00 00 00 00 |........|\r\n00001228\r\n[martijn@fedora asm]$<\/pre>\n
    And the hexdump of the “mov bl, 1” program<\/p>\n
    [martijn@fedora asm]$ cat hd_mov_bl_1 \r\n00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|\r\n00000010 02 00 3e 00 01 00 00 00 00 10 40 00 00 00 00 00 |..>.......@.....|\r\n00000020 40 00 00 00 00 00 00 00 e8 10 00 00 00 00 00 00 |@...............|\r\n00000030 00 00 00 00 40 00 38 00 02 00 40 00 05 00 04 00 |....@.8...@.....|\r\n00000040 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00000050 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|\r\n00000060 b0 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 00 |................|\r\n00000070 00 10 00 00 00 00 00 00 01 00 00 00 05 00 00 00 |................|\r\n00000080 00 10 00 00 00 00 00 00 00 10 40 00 00 00 00 00 |..........@.....|\r\n00000090 00 10 40 00 00 00 00 00 0e 00 00 00 00 00 00 00 |..@.............|\r\n000000a0 0e 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 |................|\r\n000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n*\r\n00001000 b3 01 b8 3c 00 00 00 bf 00 00 00 00 0f 05 00 00 |...<............|\r\n00001010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001020 00 00 00 00 00 00 00 00 01 00 00 00 04 00 f1 ff |................|\r\n00001030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001040 13 00 00 00 10 00 01 00 00 10 40 00 00 00 00 00 |..........@.....|\r\n00001050 00 00 00 00 00 00 00 00 0e 00 00 00 10 00 01 00 |................|\r\n00001060 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |. @.............|\r\n00001070 1a 00 00 00 10 00 01 00 00 20 40 00 00 00 00 00 |......... @.....|\r\n00001080 00 00 00 00 00 00 00 00 21 00 00 00 10 00 01 00 |........!.......|\r\n00001090 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |. @.............|\r\n000010a0 00 6d 6f 76 5f 62 6c 5f 31 2e 61 73 6d 00 5f 5f |.mov_bl_1.asm.__|\r\n000010b0 62 73 73 5f 73 74 61 72 74 00 5f 65 64 61 74 61 |bss_start._edata|\r\n000010c0 00 5f 65 6e 64 00 00 2e 73 79 6d 74 61 62 00 2e |._end...symtab..|\r\n000010d0 73 74 72 74 61 62 00 2e 73 68 73 74 72 74 61 62 |strtab..shstrtab|\r\n000010e0 00 2e 74 65 78 74 00 00 00 00 00 00 00 00 00 00 |..text..........|\r\n000010f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n*\r\n00001120 00 00 00 00 00 00 00 00 1b 00 00 00 01 00 00 00 |................|\r\n00001130 06 00 00 00 00 00 00 00 00 10 40 00 00 00 00 00 |..........@.....|\r\n00001140 00 10 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 |................|\r\n00001150 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 |................|\r\n00001160 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 |................|\r\n00001170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001180 10 10 00 00 00 00 00 00 90 00 00 00 00 00 00 00 |................|\r\n00001190 03 00 00 00 02 00 00 00 08 00 00 00 00 00 00 00 |................|\r\n000011a0 18 00 00 00 00 00 00 00 09 00 00 00 03 00 00 00 |................|\r\n000011b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n000011c0 a0 10 00 00 00 00 00 00 26 00 00 00 00 00 00 00 |........&.......|\r\n000011d0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|\r\n000011e0 00 00 00 00 00 00 00 00 11 00 00 00 03 00 00 00 |................|\r\n000011f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|\r\n00001200 c6 10 00 00 00 00 00 00 21 00 00 00 00 00 00 00 |........!.......|\r\n00001210 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|\r\n00001220 00 00 00 00 00 00 00 00 |........|\r\n00001228\r\n[martijn@fedora asm]$<\/pre>\n
    Here in wordpress I do not know how to display the two dump alongside eachother, so to see the changes I use diff:<\/p>\n
    [martijn@fedora asm]$ diff --suppress-common-lines hd_mov_al_1 hd_mov_bl_1\r\n14c14\r\n< 00001000 b0 01 b8 3c 00 00 00 bf 00 00 00 00 0f 05 00 00 |...<............|\r\n---\r\n> 00001000 b3 01 b8 3c 00 00 00 bf 00 00 00 00 0f 05 00 00 |...<............|\r\n24c24\r\n< 000010a0 00 6d 6f 76 5f 61 6c 5f 31 2e 61 73 6d 00 5f 5f |.mov_al_1.asm.__|\r\n---\r\n> 000010a0 00 6d 6f 76 5f 62 6c 5f 31 2e 61 73 6d 00 5f 5f |.mov_bl_1.asm.__|\r\n[martijn@fedora asm]$<\/pre>\n
    <\/h3>\n
    10. See if you can learn something about opcodes<\/h3>\n
    First thing I notice: There are differences on two lines (rather much apart from each other). I you look closely at the the last difference you see that the filename of the original assembly file is in the hexdump of the resulting executable (As a newbee that suprises me a bit). Since the first name (mov_al_1.asm) differs from the second (mov_bl_1.asm), it is no suprise they show up in the compare.<\/p>\n
    The first diffrence is more exciting (to me at least):<\/p>\n
    Codes I see in the first dump (mov al,1) :<\/p>\n
    b0 01<\/p>\n
    In the second snippet I see\u00a0 (mov bl,1):<\/p>\n
    b3 01<\/p>\n
    Now I cheat a little…I do have a look at the instruction manual from intel. See following snippet:<\/p>\n
    \"Snippet<\/p>\n
    B0 + something and then an immediate byte value is the combination of opcodes to add a value to a (byte) register.<\/p>\n
    I now say:<\/p>\n
    b0 + 0 = b0 : code for addeing a direct value to (byte) register al<\/p>\n
    b0 + 3 = b3 : code for adding a direct value to (byte) register bl<\/p>\n
    I also tried this for mov cl,1<\/p>\n
    There I find:<\/p>\n
    b1 01<\/p>\n
    b0 + 1 = b1 : code for adding a direct value to (byte) cl<\/p>\n
     <\/p>\n
    Conclusion<\/h2>\n
    Remeber..I’m an enthusiastic amateur. Maybe above is very wrong. Also…I do not know to much about addressing modes etc. I do not know whether (anf iyes how much) this effects the code. So…if you feel I’m in error..please point it out and bring me some knowledge.<\/p>\n
     <\/p>\n","protected":false},"excerpt":{"rendered":"
    Intro When a program is compiled (and linked) it will no longer contains readable lines of code. Instead it will consist of opcodes (operation codes). I would like to see whether I can find out what dome opcodes mean. You might say “just look at the intel or AMD manual and there you go”…but where […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[94],"class_list":["post-553","post","type-post","status-publish","format-standard","hentry","category-linux","tag-assembly"],"_links":{"self":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts\/553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=553"}],"version-history":[{"count":13,"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts\/553\/revisions"}],"predecessor-version":[{"id":568,"href":"https:\/\/maboc.nl\/index.php?rest_route=\/wp\/v2\/posts\/553\/revisions\/568"}],"wp:attachment":[{"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maboc.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}