• CPU Memory I/O all talk to each other via a system bus.
• One of the main purposes for the assembly language is to provide mnemonic instructions for machine code.
• ⚠️ It is to my understanding CPU's operate using a base-2 numerical system, whereas physical memory RAM operates using a base-16 numerical system.

• CPU - consists of 4 components
  • Control Unit - Retrieve / Decode instructions and Retrieve / Store data in memory.
  • Execution Unit - Actual execution of instruction happens here.
  • Registers - Internal memory locations used as variables
  • Flags - Used to indicate various events when execution is happening.

CPU requires some sort of internal memory location in order to perform calculations.

• CPU - Registers there are 4 types
  1. general purpose registers
  • CPU consists of 8 general purpose registers
    • EAX, EBX, ECX, EDX, ESI, EDI, EBP, and ESP
      • ECX - dictates how many times a loop is run.
  2. segment registers
  3. instruction pointer register
  4. control register

Having a solid understanding of how the EIP operates is essential

• ESP - always points to the top of the stack.

Fun fact 11 - register names start with %

Every process is unaware of other processes running on the system, ie, runs in isolation.

• analoc - refers to pointer in the virtual memory space located in the heap.

• /proc - directory that holds various run-time information about the system.
• cat /proc/PID/maps - shows the memory map of the program.

⚠️ Linux kernel > 2.6 virtual memory space is randomized to thwart various attacks that rely on hard coded memory address space.

• Stack - a LIFO Last in First Out data structure used for short-term storage and addresses memory from high to low.
• PUSH - pushes a value onto the stack.
• POP - removes the top most value from the stack.

• heap - is a managed memory region that allows for the dynamic allocation of variable-sized blocks of memory at run-time.

• .text - contains the actual program code.

/usr/include/asm/unistd.h

This is does not apply to macOS ☹️

/usr/include/unistd.h

• exit()
• read()
• write()

System calls are invoked by processes using a software interrupt - INT 0x80

• EAX - System Call number
• EBX - first argument
• ECX - second argument
• EDX - third argument
• ESI - fourth argument
• EDI - fifth argument

• .byte - 1 byte
• .ascii - string
• .asciz - Null terminated string
• .int - 32 bit integer
• .short - 16 bit integer
• .float - Single precision floating point number
• .double - Double precision floating point number

• .comm - declares common memory area
• .lcomm - declares local common memory area

movl %eax, %ebx

The above example moves a 32 bit value from register %eax to register %ebx

Security Tube - Assembly Primer For Hackers