
A Crash Course in X86 Assembly for Reverse Engineers (2013) [pdf] - ingve
https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf
======
jonathanfoster
If you're interested in learning assembly language, I recommend checking out
"Programming from the Ground Up" by Jonathan Bartlett [0]. It's a great
introduction to ASM and how computers work at the low level. It's also used in
universities such as Princeton to teach introductory CS classes [1].
Definitely worth checking out.

[0]
[http://savannah.spinellicreations.com//pgubook/ProgrammingGr...](http://savannah.spinellicreations.com//pgubook/ProgrammingGroundUp-1-0-booksize.pdf)
[1]
[https://discuss.fogcreek.com/joelonsoftware5/default.asp?cmd...](https://discuss.fogcreek.com/joelonsoftware5/default.asp?cmd=show&ixPost=163350&ixReplies=17)

~~~
bogomipz
This is great! Thanks for sharing. I have not seen this before.

------
partycoder
Learning x86 directly can be a bit hard. There are easier assemblies to begin
with (e.g: 8085). There's an educational program called gnusim8085, which I
found excellent to get started with assembly, because while it's similar to
x86, it has fewer instructions and registers. It comes with a debugger, a
tutorial and some example programs.
[https://gnusim8085.github.io/screenshots](https://gnusim8085.github.io/screenshots)

To learn reverse engineering look for "crackme" programs. These are programs
that contain challenges for you to crack, and come with graded levels of
difficulty.
[https://en.wikipedia.org/wiki/Crackme](https://en.wikipedia.org/wiki/Crackme).

Now, one of the techniques that I've found more useful is the NOP sled.
[https://en.wikipedia.org/wiki/NOP_slide](https://en.wikipedia.org/wiki/NOP_slide).
Easy to implement as well, just replace bytes with the opcode 90 (NOP, or no
operation).

The editor I use is a clone of Hiew called ht:
[http://hte.sourceforge.net/screenshots.html](http://hte.sourceforge.net/screenshots.html),
which is free and multiplatform (just make sure to switch to disassemble mode
with F6) This other tool is free and can be a good alternative to IDA Pro on
Windows: [http://x64dbg.com/](http://x64dbg.com/)

In this way you can get started for free.

~~~
partycoder
Having said that, I don't know of many people that use ht editor. Make sure
you change to the disasm mode (F6) and you can edit bytes using (F4). Save
with F2.

You can also follow functions around rather quickly. Supports PE (Windows),
ELF (*nix) and many other formats.

------
ungamed
I wish for this in x86_64, I know the difference but we need to move on from
32 bit.

~~~
gens
While amd64 is better in that it gives more registers for compilers to use, we
rarely need to "move on". In fact many programs will work better (more
efficient, faster) with 32bit pointers (as many programs would with 16bit
integers instead of 32bit ones, where possible ofc). Realistically nobody
codes for performance anymore so x86 or amd64 is not much difference (for math
stuff, sse(1-4)/avx(1/2) don't care about amd64 vs x86).

Anyway, learning amd64 when knowing x86 is easy as they are mostly the same.

~~~
ant6n
I've been wondering whether it would be possible to write programs that have
most of their memory in 32 bits, so most pointers would be 32 bits.

Also, such program would have int as a 32 bit value unless specifically
declared to be larger - we could write programs that use less memory, but
still use more registers, and use 64bit pointers and values as necessary

~~~
psi-squared
One of the less-well-known features of Linux is that you can do this! Theres's
a thing called the "x32 ABI" (use the option -mx32 with gcc or clang; you'll
need all your libraries compiled with it too) where:

* As far as the processor itself is concerned, the code runs in 64-bit mode, so you get the extra (and wider) registers from that.

* But pointers are still 32 bits, so you get the memory savings of 32-bit mode.

In principle, as long as you're using <4GiB of memory, it should be at least
as fast as the best of 32-bit or 64-bit mode for any particular program. But I
haven't heard of it being used much.

[https://en.wikipedia.org/wiki/X32_ABI](https://en.wikipedia.org/wiki/X32_ABI)

~~~
tomcam
Like GP, I thought I had cleverly thought of this idea up myself. So glad that
smarter people than I have did this up right!

~~~
ant6n
The only thing missing, I guess, is 64bit 'himem' pointers.

------
z3t4
If you want to learn the low level today, where do you start ? Will x86 still
be relevant in a few years ? Thinking about ARM, or is it about the same ?
What does computer architecture optimize for today, besides more cycles per
second ?

------
jimmyfw
"Note that the bytes are saved in reverse order in the memory as Intel uses
Little Endian representation. That means the most significant bit of every
byte is the most left bit."

Haven't they got this backwards? Little Endian means the least significant bit
is stored first [0].

[0]
[https://www.cs.umd.edu/class/sum2003/cmsc311/Notes/Data/endi...](https://www.cs.umd.edu/class/sum2003/cmsc311/Notes/Data/endian.html)

~~~
groovy2shoes
Little endian means that the least significant _byte_ is stored first. The
bits _within_ each byte are stored with the most significant first.

------
to3m
Who is this for? If you're a regular reverse engineer, won't you just pick up
the Intel reference manual and flick through it? (It has a sorted instruction
reference, which you'll probably find much more useful than anything
categorised.) And if you're not, I'd have thought knowing an assembly language
already a rather important prerequisite - seems like a very strange line of
work to pick otherwise - and in that case you'd presumably do the same thing.

~~~
dabockster
>won't you just pick up the Intel reference manual and flick through it?

The Intel reference manual is incredibly bloated and dry reading. Yeah, it has
literally everything you would want to know. But good luck trying to
understand all of it in a reasonable amount of time.

I learned x86 while studying buffer overflows in college. We used Hacking: The
Art of Exploitation which walked us through most of the core concepts really
well.

[https://www.amazon.com/Hacking-Art-Exploitation-Jon-
Erickson...](https://www.amazon.com/Hacking-Art-Exploitation-Jon-
Erickson/dp/1593271441)

------
bla2
Does anyone know something similar for arm?

~~~
rhexs
The ARM System Developer's Guide is one of the best ARM books I've ever read.
Has nothing to do with reverse engineering, but a great ARM reference.

If you can reverse engineering in X86, a reference for ARM ASM is all you'll
need. (could get by with the official docs but this book really is something
special)

You'll weep tears of joy going from X86's nightmarish instruction set to the
beauty of RISC ARM!

~~~
rockdiesel
This one? - [https://www.amazon.com/ARM-System-Developers-Guide-
Architect...](https://www.amazon.com/ARM-System-Developers-Guide-
Architecture/dp/1558608745)

~~~
rhexs
Yep.

~~~
rockdiesel
Great. Thank you.

