Learning assembly - Part 1: Bitwise Operations/Endianness

So, I am going to start a new series for learning x86/x64 assembly - better tutorials exist as this material is not new, but I want to use this series more as a crutch for myself in case I forget anything fundamental. I first want to start with assembly, then get into WinAPIs used in malware, and eventually more into unpacking or deobfuscation.

But for now, we get to learn assembly together!

First, I want to review more fundamentals like bitwise operations and little endianness (LE)/big endianness (BE).

____________________________________________________________________________

Bit-wise operators are a part of C/C++ and work at the bit level; each one has a different application use, but thankfully, only six of them exist, so it's not too hard to remember how they interact and what use case they're for.

AND or & - The result of AND is 1 only if both bits are 1.

X: 00101101

Y: 11101000

Z: 00101000

Use case: Clear certain bits by mask.

OR or | - OR is 1 if at least one bit of the two operands is 1.

X: 00101101

Y: 11101000

Z: 11101101

Use case: Set certain bits by mask

XOR or ^ - Operator is 1 if the bits of two operands are opposite.

X: 00101101

Y: 11101000

Z: 11000101

Use case: Nullify the value or encryption

NOT or ~ - Changes 1 to 0 and 0 to 1. Works on only one operand at a time.

X: NOT 00101101 = 11010010

Y: NOT 11101000 = 00010111

Use case: Change operand to the opposite.

Right Shift or >> - The bit positions that have been vacated by the operator are filled with 0.

X: >> by 3 bits - 00101101 = 00000101

Y: >> by 3 bits - 11101000 = 00011101

Use case: Shift bits to the right by a specified number of positions.

Left Shift or << - The bit positions that have been vacated by the operator are filled with 0.

X: << by 3 bits - 00101101 = 01101000

Y: << by 3 bits - 11101000 = 01000000

Use case: Shift bits to the left by a specified number of positions.

____________________________________________________________________________

Little Endian vs Big Endian

When it comes to Endian, it is just a way of storing multibyte data types. Big-endian is often seen in networking, and little-endian is seen at the operating system level like x86, ARM, etc.

Say you have a value like 0x12345678.

Little-Endian would display it like: 78 56 34 12

Big-Endian would display it like: 12 34 56 78

This is, of course, if you're looking at it in 1 bytes.

You can change hex editors to display the full 4 or 8 bytes if you would like.

____________________________________________________________________________

Thank you for reading; hopefully, you found some of this information useful! Please reach out and let me know if I got something incorrect. I am not perfect, and I just want to document my journey of learning :)

PreviousBTLO - RE - A Classic Injection - Writeup NextWhat to do after the SANS/GIAC GREM

Last updated 1 year ago

Learning assembly - Part 1: Bitwise Operations/Endianness

But for now, we get to learn assembly together!

First, I want to review more fundamentals like bitwise operations and little endianness (LE)/big endianness (BE).

____________________________________________________________________________

AND or & - The result of AND is 1 only if both bits are 1.

X: 00101101

Y: 11101000

Z: 00101000

Use case: Clear certain bits by mask.

OR or | - OR is 1 if at least one bit of the two operands is 1.

X: 00101101

Y: 11101000

Z: 11101101

Use case: Set certain bits by mask

XOR or ^ - Operator is 1 if the bits of two operands are opposite.

X: 00101101

Y: 11101000

Z: 11000101

Use case: Nullify the value or encryption

NOT or ~ - Changes 1 to 0 and 0 to 1. Works on only one operand at a time.

X: NOT 00101101 = 11010010

Y: NOT 11101000 = 00010111

Use case: Change operand to the opposite.

Right Shift or >> - The bit positions that have been vacated by the operator are filled with 0.

X: >> by 3 bits - 00101101 = 00000101

Y: >> by 3 bits - 11101000 = 00011101

Use case: Shift bits to the right by a specified number of positions.

Left Shift or << - The bit positions that have been vacated by the operator are filled with 0.

X: << by 3 bits - 00101101 = 01101000

Y: << by 3 bits - 11101000 = 01000000

Use case: Shift bits to the left by a specified number of positions.

____________________________________________________________________________

Little Endian vs Big Endian

When it comes to Endian, it is just a way of storing multibyte data types. Big-endian is often seen in networking, and little-endian is seen at the operating system level like x86, ARM, etc.

Say you have a value like 0x12345678.

Little-Endian would display it like: 78 56 34 12

Big-Endian would display it like: 12 34 56 78

This is, of course, if you're looking at it in 1 bytes.

You can change hex editors to display the full 4 or 8 bytes if you would like.

____________________________________________________________________________

PreviousBTLO - RE - A Classic Injection - Writeup NextWhat to do after the SANS/GIAC GREM

Last updated 1 year ago