# Assembly Language

## AT\&T vs. NASM

* Two main forms of assembly syntax
* Source and destination operands are reversed and different symbols are used to mark the beginning of a comment&#x20;
  * NASM format - `CMD <dest>, <source> <;comment>`
  * AT\&T format - `CMD <source>, <dest> <#comment>`
* AT\&T syntax
  * used by GNU Assembler (gas) contained in the gcc compiler suite
* Netwide Assembler (NASM)

## Operands

### mov

* Copies data from the source to the destination
* Value is not removed from the source location
* Data cannot be moved directly from memory to a segment register
* General purpose register as an intermediate step

| NASM Syntax            | NASM Example          | AT\&T Example            |
| ---------------------- | --------------------- | ------------------------ |
| mov \<dest>, \<source> | mov eax, 51h; comment | movl $51h, %eax #comment |

### add and sub

* **add** - adds the source to the destination and stores the result in the destination
* **sub -** subtracts the source from the destination and stores the result in the destination

| NASM Syntax            | NASM Example | AT\&T Example   |
| ---------------------- | ------------ | --------------- |
| add \<dest>, \<source> | add eax, 51h | addl $51h, %eax |
| sub \<dest>, \<source> | sub eax, 51h | subl $51h, %eax |

### push and pop

* Push and pop items from the stack

| NASM Syntax   | NASM Example | AT\&T Example |
| ------------- | ------------ | ------------- |
| push \<value> | push eax     | pushl %eax    |
| pop \<dest>   | pop eax      | popl %eax     |

### xor

* conducts a bitwise logical "exclusive or" (XOR)&#x20;
* One option is to use **XOR value, value** to zero out or clear a register or memory location
* **AND** to determine whether a specific bit within a register or memory location is set or unset, or to determine if a **call** to a function such as **malloc** return back the pointer to a chunk as opposed to a null.&#x20;

```nasm
call malloc(100)
test eax, eax
jnz loc_6362cc012
```

| NASM Syntax            | NASM Example | AT\&T Example  |
| ---------------------- | ------------ | -------------- |
| xor \<dest>, \<source> | xor eax, eax | xor %eax, %eax |

### jne, je, jz, jnz, and jmp

* Branch the flow of the program to another location based on the value of the **eflag** "zero flag"
* **jne/jnz** jumps if the zero flag equals 0
* **je/jz** jumps if the zero flag equals 1
* **jmp** always jumps

| NASM Syntax               | NASM Example | AT\&T Example |
| ------------------------- | ------------ | ------------- |
| jnz \<dest> / jne \<dest> | jne start    | jne start     |
| jz \<dest> / je \<dest>   | jz loop      | jz loop       |
| jmp \<dest>               | jmp end      | jmp end       |

### call and ret

* **call** instruction redirects execution to another function
  * virtual memory after the call instruction is first pushed onto the stack, serving as the return pointer
  * then redirection of execution to the called function is performed
* **ret** used at the end of a procedure to return the flow to the command after the call

| NASM Syntax  | NASM Example      | AT\&T Example    |
| ------------ | ----------------- | ---------------- |
| call \<dest> | call subroutine 1 | call subroutine1 |
| ret          | ret               | ret              |

### inc and dec

* Increment and decrement the destination

| NASM Syntax | NASM Example | AT\&T Example |
| ----------- | ------------ | ------------- |
| inc \<dest> | inc eax      | incl %eax     |
| dec \<dest> | dec eax      | decl %eax     |

### lea

* Loads the effective address of the source into the destination
* can often be seen when passing the destination argument to a string-copying function writing the destination buffer address to the top of the stack as an argument to the **gets** function

{% code overflow="wrap" lineNumbers="true" %}

```nasm
lea -0x20 (%ebp), %eax
mov %eax, (%esp)
call 0x8048608 <gets@plt>
```

{% endcode %}

| NASM Syntax            | NASM Example       | AT\&T Example      |
| ---------------------- | ------------------ | ------------------ |
| lea \<dest>, \<source> | lea eax, \[dsi +4] | leal 4(%dsi), %eax |

### System Calls: int, sysenter, and syscall

* System calls are a mechanism for a process to request a privileged operation to be performed where the context and execution of code are switched from user mode to kernel mode

## Addressing Modes

| Addressing Mode        | Description                                                                                            | NASM Examples                         |
| ---------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------------------- |
| Register               | Registers hold the data to be manipulated. No memory interaction. Both register must be the same size. | <p>mov rbx, rdx <br>add al, ch</p>    |
| Immediate              | The source operand is a numerical value. Decimal is assumed; use h for hex.                            | <p>mov eax, 1234h<br>mov dx, 301</p>  |
| Direct                 | The first operand is the address of memory to manipulate. It's marked with brackets.                   | <p>mov bh, 100<br>mov\[4321h], bh</p> |
| Register Indirect      | The first operand is a register in brackets that holds the address to be manipulated.                  | mov \[di], ecx                        |
| Based Relative         | The effective address to be manipulated is calculated by using ebx or ebp plus an offset value         | mov edx, 20\[ebx]                     |
| Indexed Relative       | Same as Based Relative, but edi and esi are used to hold the offset.                                   | mov ecx, 20\[esi]                     |
| Based Indexed Relative | The effective address is found by combining Based Relative and Indexed Relative modes                  | mov ax, \[bx]\[si]+1                  |