ASM 8086 Cheat Sheet by Mikael Peigney (Mika56) via cheatography.com/3808/cs/839/ Colors Deci mal Hexa Binary Color 0 00h 0000b Black 1 01h 0001b Blue 2 02h 0010b Green 3 03h 0011b Colbalt blue 4. ASAM Level of Care (LOC) Determination Guidelines (1 of 2) As emergency needs come first, the highest severity problem (with specific attention to Dimensions 1, 2 and 3) should guide the client’s entry point into the treatment continuum. The ASM 8085 Cheat Sheet was released by Deathtitan77 on Cheatography. Here's how they described it: ASM 8085 Cheat Sheet. Download the PDF version here.

  1. Arm64 Asm Cheat Sheet
  2. F5 Asm Cheat Sheet
  3. Asm Commands Cheat Sheet
  4. Asm Commands Cheat Sheet
  5. Asm Cheat Sheet
  6. Oracle Asm Command Cheat Sheet

Command line options

Configuration properties

They can be used in evaluations:? ${asm.tabs}

You will want to set your favourite options in ~/.radare2rc since every line there will be interpreted at the beginning of each session. Mine for reference:

There is an easier interface accessible from the Visual mode, just typing Ve

Basic Commands

Command syntax: [.][times][cmd][~grep][@[@iter]addr!size][|>pipe]; Command chaining: x 3;s+3;pi 3;s+3;pxo 4;| Pipe with shell commands: pd | less! Run shell commands: !cat /etc/passwd!! Escapes to shell, run command and pass output to radare buffer Note: The double exclamation mark tells radare to skip the plugin list to find an IO plugin handling this command to launch it directly to the shell. A single one will walk through the io plugin list.` Radare commands: wx `!ragg2 -i exec`~ grep~! grep -v~[n] grep by columns afl~[0]~:n grep by rows afl~:0

  • .cmd Interprets command output
  • .. repeats last commands (same as enter n)
  • ( Used to define and run macros
  • $ Used to define alias
  • $$: Resolves to current address
  • Offsets (@) are absolute, we can use $$ for relative ones @ $$+4
  • ? Evaluate expression
  • ?$? Help for variables used in expressions
  • $$: Here
  • $s: File size
  • $b: Block size
  • $l: Opcode length
  • $j: When $$ is at a jmp, $j is the address where we are going to jump to
  • $f: Same for jmp fail address
  • $m: Opcode memory reference (e.g. mov eax,[0x10] => 0x10)
  • ??? Help for ? command
  • ?i Takes input from stdin. Eg ?i username
  • ?? Result from previous operations
  • ?s from to [step]: Generates sequence from to every
  • ?p: Get physical address for given virtual address
  • ?P: Get virtual address for given physical one
  • ?v Show hex value of math expr
  • ?l str: Returns the length of string
  • @@: Used for iterations

Positioning

Block size

The block size is the default view size for radare. All commands will work with this constraint, but you can always temporally change the block size just giving a numeric argument to the print commands for example (px 20)

JSON Output

Most of commands such as (i)nfo and (p)rint commands accept a j to print their output in json

Analyze

Arm64 Asm Cheat Sheet

Function analysis (normal mode)

Function analysis (visual mode)

Opcode analysis:

Information

Mitigations:

Get function address in GOT table:pd 1 @ sym.imp<funct>Returns a jmp [addr] where addr is the address of function in the GOT. Similar to objdump -R | grep <func>

Write

Flags

Asm Cheat Sheet

Flags are labels for offsets. They can be grouped in namespaces as sym for symbols ...

yank & paste

Visual Mode:

V enters visual mode

F5 Asm Cheat Sheet

ROP

Search depth can be configure with following properties:

Searching

Example: Searching function preludes:

Its possible to run a command for each hit. Use the cmd.hit property:

Magic files

Oracle 12c asm cheat sheet

Search for magic numbers

Search can be controlled with following properties:

Yara

Yara can also be used for detecting file signatures to determine compiler types, shellcodes, protections and more.

Zignatures

Zignatures are useful when dealing with stripped binaries. We can take a non-stripped binary, run zignatures on it and apply it to a different binary that was compiled statically with the same libraries.

Zignatures are applied as comments:

Compare files

Graphs

Basic block graphs

Call graphs

Convert .dot in .png

Generate graph for file:

Arm asm cheat sheet

Debugger

Start r2 in debugger mode. r2 will fork and attach

To pass arguments:

To pass stdin:

Commands

To follow child processes in forks (set-follow-fork-mode in gdb)

PEDA like details: drr;pd 10@-10;pxr 40@esp

Debug in visual mode

WebGUI (Enyo)

All suite commands include a -r flag to generate instructions for r2

rax2 - Base conversion

rahash2 - Entropy, hashes and checksums

radiff2 - File diffing

Examples:

rasm2 - Assembly/Disassembly

rafind2 - Search

ragg2 - Shellcode generator, C/opcode compiler

Example:

Asm Commands Cheat Sheet

rabin2 - Executable analysis: symbols, imports, strings ...

rarun2 - Launcher to run programs with different environments, args, stdin, permissions, fds

Examples:

Registers

64 bit32 bit16 bit8 bit
A (accumulator)RAXEAXAXAL
B (base, addressing)RBXEBXBXBL
C (counter, iterations)RCXECXCXCL
D (data)RDXEDXDXDL
RDIEDIDIDIL
RSIESISISIL
Numbered (n=8..15)RnRnDRnWRnB
Stack pointerRSPESPSPSPL
Frame pointerRBPEBPBPBPL

As well as XMM0 .. XMM15 for 128 bit floating point numbers.

Calling C

Put function arguments (first to last) in the following registers (64 bitrepresentations): RDI, RSI, RDX, RCX, R8, R9, then push to stack (in reverse,has to be cleaned up by the caller!) XMM0 - XMM7 for floats

Return values are stored in RAX (int) or XMM0 (float)

RBP, RBX, R12, R13, R14, R15 will not be changed by the called function, allothers may be

Asm Commands Cheat Sheet

Align stack pointer (RSP) to 16 byte, calling pushes 8 bytes!

Keep in mind that strings (in C) are 0-terminated

Like in a normal C program, the label that is (de facto) called first ismain, with the args argc (argcount) in RDI, and the char** argv in RSI(the commandline arguments as in C's main function).

Asm Cheat Sheet

Data

Definition sizeDefinition instruction
8 bitdb
16 bitdw
32 bitdd
64 bitddq/do
floatdd
doubledq
extended precisiondt

Conditionals

cmp op1, op2 -> mimics sub op1, op2 but only changes the zero and carry flagfor comparing.

Prefixes:

  • j~ x -> jump to x if ~
  • cmov~ x, y -> conditional mov x, y if ~
  • setc~ x -> set x to 1 if ~, x is 8 bit reg

Oracle Asm Command Cheat Sheet

Asm cheat sheet

Many suffixes, including:

  • a (above, >)
  • ae (above or equal, >=)
  • b (below, <)
  • be (below or equal, <=)
  • e (equal, =)
  • ne (not equal, !=)

Program structure

  • global <entry> -> exposes entry point
  • extern <function> -> declares a function in another linked .o file (e.g. Cfunction, other asm file)
  • section <sectiontype> -> sets section, usually:
    • .text -> program code
    • .data -> data

The program entry point of a standalone program is the label _start. Whencompiled with gcc, C provides _start, which inits and then jumps to main,which should then be implemented by the program.

X86 asm cheat sheet

Syscalls

  • put syscall number in EAX (e.g. on Linux: 60 for exit, 1 for write to stdout)
  • put arguments in the registers (see above) like when calling a C function
  • execute the syscall instruction

Assemble

  • Assemble: nasm -felf64 -o <object> <filename>
  • Link with ld: ld -o <output> <object>
  • Link with gcc: gcc -o <output> <object>

Sources

  • Forked from: mpdrescher
  • Main: NASM Tutorial
  • Registers: Assembly registers
  • Conditionals: Jumps and loops (de)




⇐ ⇐ Lock
⇒ ⇒ Visual Studio Mac Format Code