Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Shellcode/Appendix/Alphanumeric opcode"

From NetSec
Jump to: navigation, search
Line 694: Line 694:
 
| \x41\x57
 
| \x41\x57
 
| AW
 
| AW
 +
|}
 +
 +
=== Push: x86_64 16 bit Registers ===
 +
 +
{|border="1" cellpadding="5" cellspacing="0" align="center"
 +
|+'''Push: X86_64 16 bit Registers'''
 +
|-
 +
! scope="col" | Assembly
 +
! scope="col" | Hexadecimal
 +
! scope="col" | Alphanumeric ASCII
 +
|-
 +
| push %ax
 +
| \x66\x50
 +
| fP
 +
|-
 +
| push %cx
 +
| \x66\x51
 +
| fQ
 +
|-
 +
| push %dx
 +
| \x66\x52
 +
| fR
 +
|-
 +
| push %bx
 +
| \x66\x53
 +
| fS
 +
|-
 +
| push %sp
 +
| \x66\x54
 +
| fT
 +
|-
 +
| push %bp
 +
| \x66\x55
 +
| fU
 +
|-
 +
| push %si
 +
| \x66\x56
 +
| fV
 +
|-
 +
| push %di
 +
| \x66\x57
 +
| fW
 
|}
 
|}
  

Revision as of 20:03, 30 November 2012

32-bit printable opcodes

ASCII Shellcode Table
ASCII Value Hex Opcode Assembly Equivalent
0 0x30 xor
1 0x31 xor
2 0x32 xor
3 0x33 xor
4 0x34 xor al, 0x## [byte]
5 0x35 xor eax, 0x######## [DWORD]
6 0x36 SS Segment Override
7 0x37 aaa
8 0x38 cmp
9 0x39 cmp
 : 0x3a cmp
 ; 0x3b cmp
< 0x3c cmp al, 0x## [byte]
= 0x3d cmp eax, 0x######## [DWORD]
> 0x3e [undocced nop]
 ? 0x3f aas
@ 0x40 inc eax
A 0x41 inc ecx
B 0x42 inc edx
C 0x43 inc ebx
D 0x44 inc esp
E 0x45 inc ebp
F 0x46 inc esi
G 0x47 inc edi
H 0x48 dec eax
I 0x49 dec ecx
J 0x4a dec edx
K 0x4b dec ebx
L 0x4c dec esp
M 0x4d dec ebp
N 0x4e dec esi
O 0x4f dec edi
P 0x50 push eax
Q 0x51 push ecx
R 0x52 push edx
S 0x53 push ebx
T 0x54 push esp
U 0x55 push ebp
V 0x56 push esi
W 0x57 push edi
X 0x58 pop eax
Y 0x59 pop ecx
Z 0x5a pop edx
[ 0x5b pop ebx
\ 0x5c pop esp
] 0x5d pop ebp
^ 0x5e pop esi
_ 0x5f pop edi
` 0x60 pushad
a 0x61 popad
b 0x62 bound
c 0x63 arpl
d 0x64 FS Segment Override
e 0x65 GS Segment Override
f 0x66 16 Bit Operand Size
g 0x67 16 Bit Address Size
h 0x68 push 0x######## [dword]
i 0x69 imul reg/mem with immediate to reg/mem
j 0x6a push 0x## [byte]
k 0x6b imul immediate with reg into reg
l 0x6c insb es:[edi], [dx]
m 0x6d insl es:[edi], [dx]
n 0x6e outsb [dx], dx:[esi]
o 0x6f outsl [dx], ds:[esi]
p 0x70 jo 0x## [byte relative offset]
q 0x71 jno 0x## [byte relative offset]
r 0x72 jb 0x## [byte relative offset]
s 0x73 jae 0x## [byte relative offset]
t 0x74 je 0x## [byte relative offset]
u 0x75 jne 0x## [byte relative offset]
v 0x76 jbe 0x## [byte relative offset]
w 0x77 ja 0x## [byte relative offset]
x 0x78 js 0x## [byte relative offset]
y 0x79 jns 0x## [byte relative offset]
z 0x7a jp 0x## [byte relative offset]

64-bit alphanumeric opcodes

Numeric
ASCII Hex Assembler Instruction
0 0x30 xor %{16bit}, (%{64bit})
1 0x31 xor %{32bit}, (%{64bit})
2 0x32 xor (%{64bit}), %{16bit}
3 0x33 xor (%{64bit}), %{32bit}
4 0x34 xor [byte], %al
5 0x35 xor [dword], %eax
6 0x36  %ss segment register
7 0x37 Bad Instruction!
8 0x38 cmp %{16bit}, (%{64bit})
9 0x39 cmp %{32bit}, (%{64bit})
Uppercase
ASCII Hex Assembler Instruction
A 0x41 64 bit reserved prefix
B 0x42 64 bit reserved prefix
C 0x43 64 bit reserved prefix
D 0x44 64 bit reserved prefix
E 0x45 64 bit reserved prefix
F 0x46 64 bit reserved prefix
G 0x47 64 bit reserved prefix
H 0x48 64 bit reserved prefix
I 0x49 64 bit reserved prefix
J 0x4a 64 bit reserved prefix
K 0x4b 64 bit reserved prefix
L 0x4c 64 bit reserved prefix
M 0x4d 64 bit reserved prefix
N 0x4e 64 bit reserved prefix
O 0x4f 64 bit reserved prefix
P 0x50 push %rax
Q 0x51 push %rcx
R 0x52 push %rdx
S 0x53 push %rbx
T 0x54 push %rsp
U 0x55 push %rbp
V 0x56 push %rsi
W 0x57 push %rdi
X 0x58 pop %rax
Y 0x59 pop %rcx
Z 0x5a pop %rdx


Lowercase
ASCII Hex Assembler Instruction
a 0x61 Bad Instruction!
b 0x62 Bad Instruction!
c 0x63 movslq (%{64bit}), %{32bit}
d 0x64 %fs segment register
e 0x65  %gs segment register
f 0x66 16 bit operand override
g 0x67 16 bit ptr override
h 0x68 push [dword]
i 0x69 imul [dword], (%{64bit}), %{32bit}
j 0x6a push [byte]
k 0x6b imul [byte], (%{64bit}), %{32bit}
l 0x6c insb (%dx),%es:(%rdi)
m 0x6d insl (%dx),%es:(%rdi)
n 0x6e outsb %ds:(%rsi),(%dx)
o 0x6f outsl %ds:(%rsi),(%dx)
p 0x70 jo [byte]
q 0x71 jno [byte]
r 0x72 jb [byte]
s 0x73 jae [byte]
t 0x74 je [byte]
u 0x75 jne [byte]
v 0x76 jbe [byte]
w 0x77 ja [byte]
x 0x78 js [byte]
y 0x79 jns [byte]
z 0x7a jp [byte]

Push: Alphanumeric x86_64 data

One-byte, two-byte, and four-byte quantities
Assembly Hexadecimal Alphanumeric ASCII
pushw [word] \x66\x68\x##\x## fh??
pushq [byte] \x6a\x## j?
pushq [dword] \x68\x##\x##\x##\x## h????

Push: x86_64 Extended Registers

Push: X86_64 Extended Registers
Assembly Hexadecimal Alphanumeric ASCII
push %rax \x50 P
push %rcx \x51 Q
push %rdx \x52 R
push %rbx \x53 S
push %rsp \x54 T
push %rbp \x55 U
push %rsi \x56 V
push %rdi \x57 W

Push: x86_64 General Registers

Push: X86_64 General Registers
Assembly Hexadecimal Alphanumeric ASCII
push %r8 \x41\x50 AP
push %r9 \x41\x51 AQ
push %r10 \x41\x52 AR
push %r11 \x41\x53 AS
push %r12 \x41\x54 AT
push %r13 \x41\x55 AU
push %r14 \x41\x56 AV
push %r15 \x41\x57 AW

Push: x86_64 16 bit Registers

Push: X86_64 16 bit Registers
Assembly Hexadecimal Alphanumeric ASCII
push %ax \x66\x50 fP
push %cx \x66\x51 fQ
push %dx \x66\x52 fR
push %bx \x66\x53 fS
push %sp \x66\x54 fT
push %bp \x66\x55 fU
push %si \x66\x56 fV
push %di \x66\x57 fW

x86 Intercompatibility

Intercompatible x86* Alphanumeric Opcodes
Hex ASCII Assembler Instruction
0x64, 0x65 d,e [fs | gs] prefix
0x66, 0x67 f,g 16bit [operand | ptr] override
0x68, 0x6a h,j push
0x69, 0x6b i,k imul
0x6c-0x6f l-o ins[bwd], outs[bwd]
0x70-0x7a p-z Conditional Jumps
0x30-0x35 0-5 xor
0x36 6  %ss segment register
0x38-0x39 8,9 cmp
0x50-0x57 P-W push *x, *i, *p
0x58-0x5a XYZ pop [*ax, *cx, *dx]