Using assembly language to manipulate CPU instructions requires an understanding of the processor architecture, instruction set, and the assembler syntax. Below is a step-by-step guide to manipulating CPU instructions using assembly: ## <br>1. Understand the Basics of Assembly Language Assembly language is a low-level programming language that translates directly to machine code instructions executed by the CPU. Different CPUs have different assembly syntax (e.g., x86, ARM, RISC-V). Common components: - Registers: Small storage areas within the CPU (e.g., `EAX`, `EBX` in x86). - Memory Addresses: Direct memory manipulation using pointers. - Instructions: Basic CPU commands (`MOV`, `ADD`, `JMP`, etc.). --- ## <br>2. Setting Up an Assembly Development Environment You'll need: - An assembler (e.g., NASM for x86, GNU Assembler as for Linux/macOS). - A linker (e.g., ld for ELF binaries). - An emulator/debugger (e.g., gdb, radare2, or qemu). - A text editor (e.g., VS Code, Vim, Nano). Example setup for NASM: ```bash sudo apt install nasm gcc ``` ## <br>3. Writing and Compiling a Basic Assembly Program A simple x86 assembly program to print "Hello, World!" using Linux syscalls: ```bash section .data hello db "Hello, World!", 10 ; String with newline section .text global _start _start: ; Write syscall (sys_write - 1) mov eax, 1 ; syscall: sys_write mov edi, 1 ; file descriptor: stdout mov rsi, hello ; message pointer mov edx, 13 ; message length syscall ; invoke system call ; Exit syscall (sys_exit - 60) mov eax, 60 ; syscall: sys_exit xor edi, edi ; status: 0 syscall ; exit program ``` Compile and run: ```bash nasm -f elf64 hello.asm ld -o hello hello.o ./hello ``` ## <br>4. Manipulating CPU Instructions Now, let's manipulate registers and instructions directly. **a) Moving Data Between Registers** ```bash mov eax, 5 ; Load 5 into EAX mov ebx, eax ; Copy EAX into EBX ``` **b) Arithmetic Operations** ```bash mov eax, 10 add eax, 5 ; EAX = 10 + 5 sub eax, 3 ; EAX = 15 - 3 mul ebx ; EAX = EAX * EBX (multiplication) ``` **c) Conditional Jumps** ```bash mov eax, 10 cmp eax, 10 ; Compare EAX with 10 je equal_label ; Jump if equal jmp end_label equal_label: mov ebx, 1 ; Set EBX to 1 if equal end_label: ``` **d) Loops with Registers** ```bash mov ecx, 5 ; Loop counter loop_start: dec ecx ; Decrement ECX jnz loop_start ; Jump if ECX is not zero ``` **e) Modifying Instruction Execution (Self-Modifying Code)** Self-modifying code can overwrite its own instructions dynamically. ```bash section .text global _start _start: mov byte [code_to_change], 0x90 ; Overwriting an instruction (NOP) code_to_change: inc eax ; This instruction will be changed to NOP mov eax, 60 xor edi, edi syscall ``` ## <br>5. Debugging and Analyzing Instructions To inspect CPU instructions in action, use `gdb`: ```bash gdb ./hello ``` Then, inside `gdb`: ```bash disassemble _start break _start run info registers ``` ## <br>6. Writing Inline Assembly in C If you prefer using assembly within a C program: ```cpp #include <stdio.h> int main() { int a = 10, b = 5, result; asm ("addl %%ebx, %%eax" : "=a" (result) : "a" (a), "b" (b) ); printf("Result: %d\n", result); return 0; } ``` Compile with: ```bash gcc -m32 -o inline inline.c ``` 7. Reverse Engineering and Binary Patching Using tools like `objdump` or `radare2`: ```bash objdump -d hello r2 -A hello ``` You can modify binary instructions by hex-editing or injecting assembly. --- ## <br>8. Writing Shellcode Shellcode is raw assembly instructions used in exploits. Example: ```bash section .text global _start _start: xor rax, rax push rax mov rdi, 0x68732f6e69622f2f push rdi mov rdi, rsp xor rsi, rsi xor rdx, rdx mov al, 59 ; execve syscall syscall ``` Compile to raw shellcode: ```bash nasm -f bin shellcode.asm -o shellcode.bin ``` **Conclusion** - Assembly allows direct CPU instruction manipulation. - Understanding registers, memory, and syscalls is crucial. - Debugging tools like gdb and radare2 help analyze execution. - Inline assembly in C can mix high and low-level programming.