By Motasem Hamdan — 18 Aug 2024

FREE Assembly Short Mini Course | Learn Assembly in an hour.

In this short mini Assembly programming language course, we first go over the CPU architecture explaining different parts of the CPU and…

In this short mini Assembly programming language course, we first go over the CPU architecture explaining different parts of the CPU and how it interacts with the RAM & and the input/output devices. We then pivot into discussing the different types of registers such as general purpose registers and the intruction pointer. Moving along, we cover the different sections of the memory including the data and code segment, in addition to the heap and the stack as well as the key differences between them. After briefly going over the x86 architecture, we explain the opcodes, operands, assembly insutrctions such as mov, push, pop, shift, and others. Lastly, we simulate an Assembly code execution flow while examining how the stack, registers and the memory change during every step. The simulation part is part of TryHackMe x86 Architecture Overview & x86 Assembly Crash Course rooms respecetively

Please watch the video at the bottom for full detailed explanation of the walkthrough.

Course Contents

Understanding CPU Architecture
Understanding Registers
Understanding Memory (RAM)
Stack vs Heap in Assembly
Operands & Opcodes
Assembly Instructions
Practical Code Simulation

Overview of Assembly Programming Language

When learning malware reverse engineering, knowing the basics of assembly language is essential. This is because when we get a malware sample to analyze, it is most likely a compiled binary. We cannot view this binary’s C/C++ or other language code because that is not available to us. What we can do, however, is to decompile the code using a de-compiler or a disassembler. The problem with decompiling is that a lot of information in the written code is removed while it is compiled into a binary; hence we won’t see variable names, function names, etc., as we do while writing code. So the most reliable code we have for a compiled binary is its assembly code.

CPU Components
CPU consists of the following:

Arithmetic Logic Unit (ALU): The arithmetic logic unit executes the instruction fetched from the Memory. The results of the executed instruction are then stored in either the Registers or the Memory.
The Control Unit: The Control Unit gets instructions from the main memory (RAM). The address to the next instruction to execute is stored in a register called the Instruction Pointer or IP. In 32-bit systems, this register is called EIP, and in 64-bit systems, it is called RIP.
The Registers: The Registers are the CPU’s storage. Registers are generally much smaller than the Main Memory, which is outside the CPU, and help save time in executing instructions by placing important data in direct access to the CPU.

Memory (RAM)
The Memory, also called Main Memory or Random Access Memory (RAM), contains all the code and data for a program to run. When a user executes a program, its code and data are loaded into the Memory, from where the CPU accesses it one instruction at a time.