Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Shellcode/Appendix/Alphanumeric opcode"

From NetSec
Jump to: navigation, search
(32-bit printable opcodes)
(32-bit printable opcodes)
Line 15: Line 15:
 
|-
 
|-
 
| 1
 
| 1
| \x31
+
| 0x31
 
| xor
 
| xor
 
|-
 
|-
Line 51: Line 51:
 
|-
 
|-
 
| :
 
| :
| \x3a
+
| 0x3a
 
| cmp
 
| cmp
 
|-
 
|-
 
| ;
 
| ;
| \x3b
+
| 0x3b
 
| cmp
 
| cmp
 
|-
 
|-
 
| <
 
| <
| \x3c
+
| 0x3c
 
| cmp al, 0x## [byte]
 
| cmp al, 0x## [byte]
 
|-
 
|-
 
| =
 
| =
| \x3d
+
| 0x3d
 
| cmp eax, 0x######## [DWORD]
 
| cmp eax, 0x######## [DWORD]
 
|-
 
|-
 
| >
 
| >
| \x3e
+
| 0x3e
 
| [undocced nop]
 
| [undocced nop]
 
|-
 
|-
 
| ?
 
| ?
| \x3f
+
| 0x3f
 
| aas
 
| aas
 
|-
 
|-
 
| @
 
| @
| \x40
+
| 0x40
 
| inc eax
 
| inc eax
 
|-
 
|-
 
| A
 
| A
| \x41
+
| 0x41
 
| inc ecx
 
| inc ecx
 
|-
 
|-
 
| B
 
| B
| \x42
+
| 0x42
 
| inc edx
 
| inc edx
 
|-
 
|-
 
| C
 
| C
| \x43
+
| 0x43
 
| inc ebx
 
| inc ebx
 
|-
 
|-
 
| D
 
| D
| \x44
+
| 0x44
 
| inc esp
 
| inc esp
 
|-
 
|-
 
| E
 
| E
| \x45
+
| 0x45
 
| inc ebp
 
| inc ebp
 
|-
 
|-
 
| F
 
| F
| \x46
+
| 0x46
 
| inc esi
 
| inc esi
 
|-
 
|-
 
| G
 
| G
| \x47
+
| 0x47
 
| inc edi
 
| inc edi
 
|-
 
|-
 
| H
 
| H
| \x48
+
| 0x48
 
| dec eax
 
| dec eax
 
|-
 
|-
 
| I
 
| I
| \x49
+
| 0x49
 
| dec ecx
 
| dec ecx
 
|-
 
|-
 
| J
 
| J
| \x4a
+
| 0x4a
 
| dec edx
 
| dec edx
 
|-
 
|-
 
| K
 
| K
| \x4b
+
| 0x4b
 
| dec ebx
 
| dec ebx
 
|-
 
|-
 
| L
 
| L
| \x4c
+
| 0x4c
 
| dec esp
 
| dec esp
 
|-
 
|-
 
| M
 
| M
| \x4d
+
| 0x4d
 
| dec ebp
 
| dec ebp
 
|-
 
|-
 
| N
 
| N
| \x4e
+
| 0x4e
 
| dec esi
 
| dec esi
 
|-
 
|-
 
| O
 
| O
| \x4f
+
| 0x4f
 
| dec edi
 
| dec edi
 
|-
 
|-
 
| P
 
| P
| \x50
+
| 0x50
 
| push eax
 
| push eax
 
|-
 
|-
 
| Q
 
| Q
| \x51
+
| 0x51
 
| push ecx
 
| push ecx
 
|-
 
|-
 
| R
 
| R
| \x52
+
| 0x52
 
| push edx
 
| push edx
 
|-
 
|-
 
| S
 
| S
| \x53
+
| 0x53
 
| push ebx
 
| push ebx
 
|-
 
|-
 
| T
 
| T
| \x54
+
| 0x54
 
| push esp
 
| push esp
 
|-
 
|-
 
| U
 
| U
| \x55
+
| 0x55
 
| push ebp
 
| push ebp
 
|-
 
|-
 
| V
 
| V
| \x56
+
| 0x56
 
| push esi
 
| push esi
 
|-
 
|-
 
| W
 
| W
| \x57
+
| 0x57
 
| push edi
 
| push edi
 
|-
 
|-
 
| X
 
| X
| \x58
+
| 0x58
 
| pop eax
 
| pop eax
 
|-
 
|-
 
| Y
 
| Y
| \x59
+
| 0x59
 
| pop ecx
 
| pop ecx
 
|-
 
|-
 
| Z
 
| Z
| \x5a
+
| 0x5a
 
| pop edx
 
| pop edx
 
|-
 
|-
 
| [
 
| [
| \x5b
+
| 0x5b
 
| pop ebx
 
| pop ebx
 
|-
 
|-
 
| \
 
| \
| \x5c
+
| 0x5c
 
| pop esp
 
| pop esp
 
|-
 
|-
 
| ]
 
| ]
| \x5d
+
| 0x5d
 
| pop ebp
 
| pop ebp
 
|-
 
|-
 
| ^
 
| ^
| \x5e
+
| 0x5e
 
| pop esi
 
| pop esi
 
|-
 
|-

Revision as of 18:54, 28 November 2012

32-bit printable opcodes

ASCII Shellcode Table
ASCII Value Hex Opcode Assembly Equivalent
0 0x30 xor
1 0x31 xor
2 0x32 xor
3 0x33 xor
4 0x34 xor al, 0x## [byte]
5 0x35 xor eax, 0x######## [DWORD]
6 0x36 SS Segment Override
7 0x37 aaa
8 0x38 cmp
9 0x39 cmp
 : 0x3a cmp
 ; 0x3b cmp
< 0x3c cmp al, 0x## [byte]
= 0x3d cmp eax, 0x######## [DWORD]
> 0x3e [undocced nop]
 ? 0x3f aas
@ 0x40 inc eax
A 0x41 inc ecx
B 0x42 inc edx
C 0x43 inc ebx
D 0x44 inc esp
E 0x45 inc ebp
F 0x46 inc esi
G 0x47 inc edi
H 0x48 dec eax
I 0x49 dec ecx
J 0x4a dec edx
K 0x4b dec ebx
L 0x4c dec esp
M 0x4d dec ebp
N 0x4e dec esi
O 0x4f dec edi
P 0x50 push eax
Q 0x51 push ecx
R 0x52 push edx
S 0x53 push ebx
T 0x54 push esp
U 0x55 push ebp
V 0x56 push esi
W 0x57 push edi
X 0x58 pop eax
Y 0x59 pop ecx
Z 0x5a pop edx
[ 0x5b pop ebx
\ 0x5c pop esp
] 0x5d pop ebp
^ 0x5e pop esi
_ \x5f pop edi
` \x60 pushad
a \x61 popad
b \x62 bound
c \x63 arpl
d \x64 FS Segment Override
e \x65 GS Segment Override
f \x66 16 Bit Operand Size
g \x67 16 Bit Address Size
h \x68 push 0x######## [dword]
i \x69 imul reg/mem with immediate to reg/mem
j \x6a push 0x## [byte]
k \x6b imul immediate with reg into reg
l \x6c insb es:[edi], [dx]
m \x6d insl es:[edi], [dx]
n \x6e outsb [dx], dx:[esi]
o \x6f outsl [dx], ds:[esi]
p \x70 jo 0x## [byte relative offset]
q \x71 jno 0x## [byte relative offset]
r \x72 jb 0x## [byte relative offset]
s \x73 jae 0x## [byte relative offset]
t \x74 je 0x## [byte relative offset]
u \x75 jne 0x## [byte relative offset]
v \x76 jbe 0x## [byte relative offset]
w \x77 ja 0x## [byte relative offset]
x \x78 js 0x## [byte relative offset]
y \x79 jns 0x## [byte relative offset]
z \x7a jp 0x## [byte relative offset]

64-bit alphanumeric opcodes

Numeric
ASCII Hex Assembler Instruction
0 0x30 xor %{16bit}, (%{64bit})
1 0x31 xor %{32bit}, (%{64bit})
2 0x32 xor (%{64bit}), %{16bit}
3 0x33 xor (%{64bit}), %{32bit}
4 0x34 xor [byte], %al
5 0x35 xor [dword], %eax
6 0x36  %ss segment register
7 0x37 Bad Instruction!
8 0x38 cmp %{16bit}, (%{64bit})
9 0x39 cmp %{32bit}, (%{64bit})
Uppercase
ASCII Hex Assembler Instruction
A 0x41 64 bit reserved prefix
B 0x42 64 bit reserved prefix
C 0x43 64 bit reserved prefix
D 0x44 64 bit reserved prefix
E 0x45 64 bit reserved prefix
F 0x46 64 bit reserved prefix
G 0x47 64 bit reserved prefix
H 0x48 64 bit reserved prefix
I 0x49 64 bit reserved prefix
J 0x4a 64 bit reserved prefix
K 0x4b 64 bit reserved prefix
L 0x4c 64 bit reserved prefix
M 0x4d 64 bit reserved prefix
N 0x4e 64 bit reserved prefix
O 0x4f 64 bit reserved prefix
P 0x50 push %rax
Q 0x51 push %rcx
R 0x52 push %rdx
S 0x53 push %rbx
T 0x54 push %rsp
U 0x55 push %rbp
V 0x56 push %rsi
W 0x57 push %rdi
X 0x58 pop %rax
Y 0x59 pop %rcx
Z 0x5a pop %rdx


Lowercase
ASCII Hex Assembler Instruction
a 0x61 Bad Instruction!
b 0x62 Bad Instruction!
c 0x63 movslq (%{64bit}), %{32bit}
d 0x64 %fs segment register
e 0x65  %gs segment register
f 0x66 16 bit operand override
g 0x67 16 bit ptr override
h 0x68 push [dword]
i 0x69 imul [dword], (%{64bit}), %{32bit}
j 0x6a push [byte]
k 0x6b imul [byte], (%{64bit}), %{32bit}
l 0x6c insb (%dx),%es:(%rdi)
m 0x6d insl (%dx),%es:(%rdi)
n 0x6e outsb %ds:(%rsi),(%dx)
o 0x6f outsl %ds:(%rsi),(%dx)
p 0x70 jo [byte]
q 0x71 jno [byte]
r 0x72 jb [byte]
s 0x73 jae [byte]
t 0x74 je [byte]
u 0x75 jne [byte]
v 0x76 jbe [byte]
w 0x77 ja [byte]
x 0x78 js [byte]
y 0x79 jns [byte]
z 0x7a jp [byte]

Alphanumeric opcode compatibility reference

Intercompatible x86* Alphanumeric Opcodes
Hex ASCII Assembler Instruction
0x64, 0x65 d,e [fs | gs] prefix
0x66, 0x67 f,g 16bit [operand | ptr] override
0x68, 0x6a h,j push
0x69, 0x6b i,k imul
0x6c-0x6f l-o ins[bwd], outs[bwd]
0x70-0x7a p-z Conditional Jumps
0x30-0x35 0-5 xor
0x36 6  %ss segment register
0x38-0x39 8,9 cmp
0x50-0x57 P-W push *x, *i, *p
0x58-0x5a XYZ pop [*ax, *cx, *dx]