ASM commands, that is.

Format of an Instruction
Several lessons ago, we saw the instruction ADD ECX,3 and discussed what it meant. Now you should know that ECX is a register designed for storing numbers. We will represent those numbers in hex format, so ADD ECX,3 means "Add the hex number 3 to the register ECX." Of course, 3 (hex) = 3 (dec), so at that time you didn't even need to know what hex was to understand what the instruction did.

Let's talk about an instruction's basic format.

Instruction Format

Here we see ADD EAX,72A5. That instruction will add the hex number 72A5 to the register EAX.
The first part of instruction is called the mnemonic[1] and the other parts are called the operands.

ADD EAX,72A5 has the mnemonic ADD and two operands: EAX and 72A5.

Personally I don't like the terms mnemonic and operand because they aren't exactly words we use in everyday life. It would make much more sense if the first part was called the "Action" and the later parts were called the "Items". ADD is an action (it performs addition) and it does this to two items (EAX the register, and 72A5 the number). Then again, the official terminology is "mnemonic" and "operand", so if you see these terms, just remember what they mean.

Here's a big list of instructions that you'll be using:

MOV A,B = Stores the value B into A. "A" can refer to a register or a memory location. "B" refers to a register, memory location, or a number.
NOP = No operation. The simplest instruction, because it tells the computer to do nothing for a short time.
JMP C = Jump to address C in the code, then continue the code from there.

CMP A,B = Compare A and B. This instruction will set a series of "assembly flags", which are completely different from TSC flags, mind you.

These conditional jump instructions check for changes in the assembly flags. Use them directly after a CMP instruction.

JE C = Jump to address C if A and B are equal (A and B are from the previous CMP command).
JNE C = Jump to address C if A and B are not equal.
JG C = Jump to C if A is greater than B.
JGE C = Jump to C if A is greater than or equal to B.
JL C = Jump to C if A is less than B.
JLE C = Jump to C if A is less than or equal to B.

Push and pop work with the stack. I'll explain the stack later.

PUSH A = Push A onto the top of the stack. A can be a number, a memory location, or a register that holds a number.
POP A = Take the top value of the stack, remove it, then store it into A. In this case, "A" refers to a register or memory location.

Math Operations:

INC A = Increases register or memory location A by 1. Stores the result back into A.
DEC A = Decreases register or memory location A by 1. Stores the result back into A.
ADD A,B = Adds A and B together. Stores the result back into register (or memory location) A. B can be a number, register, or memory location.
SUB A,B = Subtracts B from A. Stores the result back into A.

What's this garbage about memory locations? We have learned about registers and hex numbers, but not memory. Memory shall be discussed in later lessons.

There are ways to multiply and divide numbers too, which we will see in later lessons.

I haven't given you all the instructions. There are lots of them, so if you don't know what one does, right click on it in OllyDbg and go to "Help on Command". This will tell you exactly what the instruction does, but it might not give a very clear explanation.

Previous Lesson: Data and Registers
Next Lesson: Using MOV
Table of Contents

[1]Pronunciation of mnemonic: "new - mon - ick"