Intel Assembly

Registers

• Registers in x86 Assembly

Purpose	64 bit Register
Syscall number / Return value	RAX
Callee Saved	RBX
1st arg	RDI
2nd arg	RSI
3rd arg	RDX
4th arg / loop counter	RCX
5th arg	R8
6th arg	R9
Base stack pointer	RBP
Current stack pointer	RSP
Instruction Pointer	RIP

Instructions

Jumping

Instruction	Condition
jz / je	D == 0
jnz / jne	D != 0
js	D < 0
jns	D >= 0
jg	D > S
jge	D >= S
jl	D < S
jle	D <= S

Flags

Flag	Bit	Name
CF (CY / NC)	0	Carry Flag
PF (PE / PO)	2	Parity Flag
AF (AC / NA)	4	Auxiliary Carry Flag
ZF (ZR / NZ)	6	Zero Flag, raised if zero
SF (NC / PL)	7	Sign Flag, raised if negative
TF	8	Trap Flag
IF (EL / DI)	9	Interrupt Flag
DF (DN / UP)	10	Direction Flag
OF (OV / NV)	11	Overflow Flag
IOPL	12-13	I/O Privilege Level
NT	14	Nested Task
RF	16	Resume Flag
VM	17	Virtual-x86 Mode
AC	18	Alignment Check / Access Control
VIF	19	Virtual Interrupt Flag
VIP	20	Virtual Interrupt Pending
ID	21	Identification Flag

Passing arguments

64 bit

In the C calling conversion
RDI, RSI, RDX, RCX, R8 and R9 registers and anything additional will be placed onto the stack.

Stack alignment

rsp should point to an adress that is a multiple of 16 (ends with 0)

This stack is aligned

0x00007fffffffdca0│+0x0000: 0x0000000000000000	 ← $rsp
0x00007fffffffdca8│+0x0008: 0x0000000000000000
0x00007fffffffdcb0│+0x0010: 0x0000000000000000

This stack is not aligned

0x00007fffffffdd78│+0x0000: 0x0000000000000000  ← $rsp
0x00007fffffffdd80│+0x0008: 0x0000000000000000
0x00007fffffffdd88│+0x0010: 0x0000000000000000

To align it, subtract from rsp to give it some room

sub rsp, 8
call someFunction
add rsp, 8

Assembly and Disassembly

# Assemble code
nasm -f elf64 program.s

# Link code
ld -o program program.o

# Link code with libc functions
ld -o program program.o -lc --dynamic-linker /lib64/ld-linux-x86-64.so.2

# Disassemble .text section
objdump -M intel -d program

# Disassemble .data section
objdump -sj .data program

# Show binary assembly code
objdump -M intel --no-show-raw-insn --no-addresses -d program