Operands in x86 assembly
Introduction
This article defines an operand as it is used in x86 assembly instructions. It goes on to explain in detail, using simulations, three modes by which the operand of an instruction is specified.
This article is designed for self-starters, students and professionals who want to gain a detailed understanding of operands and how they’re used. It will help to give you the fine details and a better understanding of x86 operands and how they are used in addressing modes.
Intro to x86 Disassembly
Operands in x86
An operand is a subsection of an x86 instruction that specifies data that is being operated on or being manipulated. An x86 instruction can have from zero to three operands in its statement. An operand has a type that can either be a register, a memory location, an immediate value or an address. (Source)
Addressing modes in x86
An x86 addressing mode briefly explains the types of operands and the way they are accessed from various locations within the microprocessor architecture. The term addressing modes refers to the way in which the operand of an instruction is specified. Information contained in the instruction code is the value of the operand or the address of the result/operand. (Source)
Register addressing mode
In this addressing mode, operands are specified using either 8-bit, 16-bit or 32-bit registers.
Register operands in two of the 8-bit general purpose registers
Let’s assume BL=0x2 and BH=0x0.
- MOV BH, BL: This instruction copies the content of register BL to BH. The new value of BH is 0x2. The source operand is BL and the destination operand is BH
Figure 1: Register BL preset with initial value of 0x2 before instruction 1 is executed
Figure 2: Contents shown for 8-bit registers BL and BH after instruction 1 is executed.
Register operands in two of the 16-bit general purpose registers
Let’s assume BX=0x2 and AX=0x0.
- MOV AX, BX: This instruction copies the content of register BX to AX. The new value of AX is 0x2. The source operand is BX and the destination operand is AX
Figure 3: Register BX preset with initial value of 0x2 before instruction 2 is executed
Figure 4: Contents shown for 16-bit registers BX and AX after instruction 2 is executed
Immediate addressing mode
In this mode, the operand represents data that are constant values or results from expressions to be computed. Operands used in this mode are called immediate operands.
Examples of immediate operands in instructions
- ADD AL, 0x2: This instruction adds the hexadecimal value 2 to the value in register AL and then stores the sum in AL. In this instruction, AL is the destination operand. Immediate data is never permitted in the destination operand. We also assumed the initial value of AL is 0x0
Figure 5: Contents of register AL after instruction 3 is executed
- ADD BX, 7*7: This instruction evaluates the expressions involving constants and then the resulting value is subtracted from the value in register BX. Let’s assume register BX is preloaded with the value 0x0
Figure 6: Contents of the BX register after instruction 4 is executed
- SUB AX, 0x63: This subtracts the hexadecimal value 63 from the value stored in the accumulator. We assumed that the accumulator register AX is pre-loaded with the hexadecimal value 99
Figure 7: Register AX preset with initial value of 0x99 before instruction 5 is executed
Figure 8: Contents of the AX register after instruction 5 is executed
Before we move on to the next type of addressing mode, let’s discuss physical address calculation. The physical address of a memory location is calculated as follows:
- Physical address = Starting address of Segment + Offset
The starting point of the segment is obtained by appending 0H to the content
Table 1: How segment registers pair with offset registers
Assume the following preset register values:
- CS = 1147 H
- SS = 7726 H
- IP = 1762 H
- SP = 1188 H
- DI = 1120 H
The base address of the code segment is 1147 H * 10H = 11470 H. This is required to shift the address from 16 bits to 20 bits — the width of a memory address in x86.
The effective address of memory is given by the sum of starting address of shifted segment and offset.
CS + IP = 11470 H + 1762H = 12BD2 H. It can also be written as 1147:1762.
Direct memory addressing mode/register indirect addressing mode
Direct memory addressing is a mode in which the address of the operand is directly specified in the instruction. This is known as register indirect addressing mode. It is particularly executed on instruction line 12, where the content of register CX is copied into the memory location with the address specified in register BX.
Instructions set 6 to 13:
- ORG 177h: This is a compiler directive which instructs the compiler that instructions will be loaded at the offset
- MOV AX, 0B800h: This instruction sets register AX to hexadecimal value of B800h
- MOV DS, AX: This instruction copies value of AX to DS
- MOV CL, 'C': Here we set CL to ASCII code of 'C', it is 43h
- MOV CH, 1101_1101b: And then set CH to binary value (This is DD in hexadecimal)
- MOV BX, 17Eh: Also, set BX to 17Eh
- MOV [BX], CX: Now copy contents of CX to memory at B800:017E (This will be verified after execution of the above code)
- RET: Return control of program to operating system
Figure 9: Copy of instructions 6 to 13 loaded into the Emu8086 simulator
Figure 10: Contents of registers AX, DS, CL, CH, BX before instructions set 6 to 13 is executed
Figure 11: Contents of registers AX, DS, CL, CH and BX after instructions set 6 to 13 is executed
Figure 12: Verifying the contents of the memory location B800:017E
Conclusion
This article has explained how the operand of an instruction is specified, using three addressing modes: Register Addressing Mode, Immediate Addressing Mode (which is sometimes known as Register Indirect Addressing Mode) and Direct Addressing Mode. These addressing modes form assembly language statements and show the contents of registers before and after instructions are executed.
Intro to x86 Disassembly
Sources
- Addressing Modes, cs.iit.edu
- x86Sim: A Simulation Tool for the Intel x86 Architecture, Jeffrey D. Heid
Learn x86 Disassembly
Explore the foundations of x86 assembly, one of the most common assembly architectures in the world. What you'll learn:- Computer architecture
- Building and debugging x86
- x86 assembly instructions
- Assembly language overview
- And more
In this Series
- Operands in x86 assembly
- Enhancing code security: Tools and techniques for safeguarding your code
- DevSecOps Tools of the trade
- Software dependencies: The silent killer behind the world's biggest attacks
- Software composition analysis and how it can protect your supply chain
- Only 20% of new developers receive secure coding training, says report
- Introduction to Secure Software Development Life Cycle
- How to control the flow of a program in x86 assembly
- Mitigating MFA bypass attacks: 5 tips for developers
- How to diagnose and locate segmentation faults in x86 assembly
- How to use the ObjDump tool with x86
- Debugging your first x86 program
- How to build a program and execute an application entirely built in x86 assembly
- Overview of common x86 instructions
- x86 basics: Data representation, memory and information storage
- What is x86 assembly?
- Introduction to x86 assembly and syntax
- Introduction to variables
- How to mitigate Race Conditions vulnerabilities
- How to avoid Cryptography errors
- Cryptography errors Exploitation Case Study
- How to exploit Cryptography errors in applications
- How to exploit race conditions
- Email-based attacks with Python: Phishing, email bombing and more
- Attacking Web Applications With Python: Recommended Tools
- Attacking Web Applications With Python: Exploiting Web Forms and Requests
- Attacking Web Applications With Python: Web Scraper Python
- Python for Network Penetration Testing: Best Practices and Evasion Techniques
- Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools
- Python Language Basics: Variables, Lists, Loops, Functions and Conditionals
- How to Mitigate Poor HTTP Usage Vulnerabilities
- How to Exploit Poor HTTP Usage
- Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)
- How to Mitigate Integer Overflow and Underflow Vulnerabilities
- How to exploit integer overflow and underflow
- Introduction to Parallel Processing
- What are Race Conditions?
- How Are Credentials Used In Applications?
- How To Exploit Least Privilege Vulnerabilities
- XSS Vulnerabilities Exploitation Case Study
- What is is integer overflow and underflow?
- SQL Injection Vulnerabilities Exploitation Case Study
- How to exploit improper error handling
- Improper Error Handling Exploitation Case Study
- Why Improper Error Handling Happens
- How to exploit CSRF Vulnerabilities
- How to mitigate CSRF Vulnerabilities
- What Causes Command Injection Vulnerabilities? (How are Data and Code Handled in Execution Environments)
- Command Injection Vulnerabilities
- Command Injection Vulnerabilities Exploitation Case Study
- How to mitigate Command Injection Vulnerabilities
Get certified and advance your career!
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
Secure coding