For Prof Tuck’s CS3650, fall 2018.
- Assembly Instruction Cheat Sheet
- Arm Assembly Cheat Sheet
- Assembly Instructions Cheat Sheet Printable
- X64 Assembly Cheat Sheet
This uses AT&T syntax (per norms for the GNU C compiler).
Registers
In AMD64, we have 16 registers that can each hold 64-bits (8 bytes):
NASM Intel x86 Assembly Language Cheat Sheet Instruction Effect Examples Copying Data mov dest,src Copy src to dest mov eax,10 mov eax,2000 Arithmetic add dest,src dest = dest + src add esi,10 sub dest,src dest = dest – src sub eax, ebx mul reg edx:eax = eax. reg mul esi div reg edx = edx:eax mod reg eax = edx:eax reg div edi. This ARM assembly basics cheatsheet covers registers, instructions, branching, and conditional execution. You can use it as a guideline if you’re starting out with ARM assembly and need a little refresher of the basics. Version 1.2 (January 2017, fixed. This guide describes the basics of 32-bit x86 assembly language programming, covering a small but useful subset of the available instructions and assembler directives. There are several different assembly languages for generating x86 machine code. The one we will use in CS421 is the GNU Assembler (gas) assembler. Marie Instruction Set Cheat Sheet Each instruction is 16 bits with the first 4 bits being the opcode (i.e. The operation code selects which instruction to execute). For example the instruction 31F0 is 3-1f0 so it’s the Add X instruction and X is the address 1F0. The instruction 10ff is the load instruction Load X so the contents of address. We will uses the standard AT&T syntax for writing x86 assembly code. The full x86 instruction set is large and complex (Intel's x86 instruction set manuals comprise over 2900 pages), and we do not cover it all in this guide. For example, there is a 16-bit subset of the x86 instruction set. Using the 16-bit programming model can be quite complex.
Group 1:
- %rax - accumulator: arithmetic source & destination
- %rcx - counter: loop index
- %rdx - data: arithmetic source
- %rbx - base: historically used for segmented addressing
Group 2:
- %rsi - source index
- %rdi - destination index
- %rsp - stack pointer
- %rbp - base pointer
Group 3:
- %r8, %r9, …, %r15
Groups 1 and 2 are the extended form of the old 16 bit registers fromthe Intel 8086, while Group 3 was added specifically for AMD64.
Shorter parts of these registers are also accessible by the hisorical names:
| 64-bit register | Low 32-bits | Low 16 bits | Low 8 bits | Byte 7* |
|---|---|---|---|---|
| %rax | %eax | %ax | %al | %ah |
| %rsi | %esi | %si | %sil | n/a |
| %r8 | %r8d | %r8w | %r8b | n/a |
The names for the other registers follow the pattern within the same group.
For the Group 1 registers, the high and low bytes of the low 16-bits be accessedby dedicated names (%ah, %al, %ch, %cl, etc).
There are a couple of other registers worth remembering:
- %rip - Instruction pointer. Points to next instruction to execute. Not readable.
- %flags - (%eflags, %rflags) - Each bit means something specific. Not writable.
Instructions
Arithmetic Instructions
| Instruction | Description |
|---|---|
| mov %rxx, %ryy | Copy data from register %rxx to %ryy |
| inc %rxx | Add one to %rxx |
| dec %rxx | Subtract one from rxx |
| neg %rxx | Negate %rxx |
| not %rxx | Bitwise NOT %rxx |
| add %rxx, %ryy | %ryy += %rxx |
| sub %rxx, %ryy | %ryy -= %rxx |
| or %rxx, %ryy | %ryy = %rxx OR %ryy (bitwise) |
| and %rxx, %ryy | %ryy = %rxx AND %ryy (bitwise) |
| imul %rxx | %rdx:%rax = %rax * %rxx |
| imul %rxx, %ryy | %ryy = %ryy * %rxx (truncated to 64-bits) |
| idiv %rxx | %rax = %rdx:%rax / %rxx; %rdx = quot |
Flow Control and Logic
Note: The argument order for “cmp” is backwards here.
| Instruction | Description |
|---|---|
| cmp %rxx, %ryy | Compares the two registers, updating the flags register |
| je label | Jump if equal (if previous cmp set equal flag; %rxx %ryy) |
| jne label | Jump if not equal (%rxx != %ryy) |
| jl label | Jump if less than (%rxx < %ryy) |
| jle label | <= |
| jg label | > |
| jge label | >= |
| sete %rzz | Set %rzz if %rxx %ryy in the previous cmp, else clear it. |
| setg %rzz | Set %rzz if %rxx > %ryy |
| setl %rzz | Set %rzz if %rxx < %ryy |
Function Call and Stack
| Instruction | Description |
|---|---|
| push %rxx | Copy %rxx to stack @ %rsp, move down %rsp |
| pop %rxx | Copy from stack @ %rsp to %rxx, move up %rsp |
| enter $NN, $0 | Allocate a stack frame with NN bytes of space |
| leave | Deallocate a stack frame |
| call label | Push $rip and jump to the address of the “label” function |
Assembly Instruction Cheat Sheet
Memory and Immediate Arguments
In addition to operating on registers, many instructions can accept alternatemodes that operate on data in memory or on constant values.
| Example Instruction | Description |
|---|---|
| add (%rcx), %rdx | %rdx = %rdx + (value at address in %rcx) |
| add $10, %rdx | %rdx = %rdx + 10 |
| addq $10, 2(%e10, %e11, 2) | (the value at %e10+2*%e11) += 10 |
| add -16($rsp), %rax | %rax += the value 16 bytes below where %rsp points |
There’s a special instruction, lea, that calcuates an address as if it weregoing to access an argument in memory but gives you the address as its output.
| Example Instruction | Description |
|---|---|
| lea -16($rsp), %rax | %rax = %rsp - 16 |
Instruction suffixes: Instructions can have a single letter suffix added toindicate hte size of the value operated on: b, w, l, q for 1, 2, 4, 8 bytes.
| Example Instruction | Description |
|---|---|
| movw $10, (%rdx) | Move a 16-bit (2 byte, short) int to the address in %rdx |
| movq %10, (%rdx) | Move a 64-bit (8 byte, long) int to the address in %rdx |
Calling a Function
To call a function with the “call” instruction, you must first:
- Put arguments in the appropriate registers / stack.
- %rdi, %rsi, %rdx, %rcx, %r8, %r9, then the stack
- Think about “callee save” registers.
- That’s all the data registers except %rbx and %r12-%r15.
- Assume calling any function corrupts them.
- You can push these before the call and pop after, but a differentallocation with stack / caller-save might work better.
- Make sure %rsp points to an address divisible by 16 bytes.
- This is not true when you enter a function, because call pushes areturn address.
- Pushing %ebp (e.g. with “enter $0,…”) corrects this.
- Make sure you do an even number of pushes / reserve stack space inmultiples of 16 bytes.
Once the function returns, your result will be in %rax. An optional secondresult is returned in %rdx.
Writing a Function
These registers are callee-saved. If you want to use them, save them to thestack in your prologue and restore them in your epilogue:
- %rbx, %r12-%r15
The stack registers (%rsp, %rbp) are technically callee save, but this ishandled by the standard use of “enter” and “leave” calls.
Register Allocation
- Function arguments: %rdi, %rsi, %rdx, %rcx, %r8, %r9
- Temporary registers: %r10, %r11, (argument registers)
- Safe registers: %r12, %r13, %r14, %r15, %rbx
How to map variables / values to locations:
- Local variables that get their address taken should go on the stack.
- Local variables that get used before and after a function call shouldgo in a safe (callee-saved) register.
- Local variables that don’t need to survive a function call can goin temporary registers.
- Temporary values should go in temporary registers.
The caller-save strategy, where temporary registers are pushed/popped arounda function call to preserve them can be used but tends to be more annoyingthan using safe registers.
Compiling ASM with GCC
Arm Assembly Cheat Sheet
- By default, program starts at _start
- If you declare “.global main”, program will start at main.
- The “-no-pie” flag is needed for Ubuntu 18.04. This disablesASLR for the binary, which hurts security.
Compiling ASM without libc
Using GDB with ASM
Assembly Instructions Cheat Sheet Printable
- Compile with -g
- Use
breakto set breakpoints on labels or line numbers. - Print registers with
p $raxorp/x $rax. - Print all registers with
info reg
X64 Assembly Cheat Sheet
- Brown CS0330: Great x86-64 assembly cheat sheet.