Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Shellcode/Appendix/Alphanumeric opcode"
From NetSec
(→32-bit printable opcodes) |
(→Alphanumeric opcode compatibility reference) |
||
| Line 593: | Line 593: | ||
|} | |} | ||
| − | == | + | == x86 Intercompatibility == |
{| class="wikitable" style="text-align:center; width:60%;" | {| class="wikitable" style="text-align:center; width:60%;" | ||
Revision as of 19:38, 28 November 2012
32-bit printable opcodes
| ASCII Value | Hex Opcode | Assembly Equivalent |
|---|---|---|
| 0 | 0x30 | xor |
| 1 | 0x31 | xor |
| 2 | 0x32 | xor |
| 3 | 0x33 | xor |
| 4 | 0x34 | xor al, 0x## [byte] |
| 5 | 0x35 | xor eax, 0x######## [DWORD] |
| 6 | 0x36 | SS Segment Override |
| 7 | 0x37 | aaa |
| 8 | 0x38 | cmp |
| 9 | 0x39 | cmp |
| : | 0x3a | cmp |
| ; | 0x3b | cmp |
| < | 0x3c | cmp al, 0x## [byte] |
| = | 0x3d | cmp eax, 0x######## [DWORD] |
| > | 0x3e | [undocced nop] |
| ? | 0x3f | aas |
| @ | 0x40 | inc eax |
| A | 0x41 | inc ecx |
| B | 0x42 | inc edx |
| C | 0x43 | inc ebx |
| D | 0x44 | inc esp |
| E | 0x45 | inc ebp |
| F | 0x46 | inc esi |
| G | 0x47 | inc edi |
| H | 0x48 | dec eax |
| I | 0x49 | dec ecx |
| J | 0x4a | dec edx |
| K | 0x4b | dec ebx |
| L | 0x4c | dec esp |
| M | 0x4d | dec ebp |
| N | 0x4e | dec esi |
| O | 0x4f | dec edi |
| P | 0x50 | push eax |
| Q | 0x51 | push ecx |
| R | 0x52 | push edx |
| S | 0x53 | push ebx |
| T | 0x54 | push esp |
| U | 0x55 | push ebp |
| V | 0x56 | push esi |
| W | 0x57 | push edi |
| X | 0x58 | pop eax |
| Y | 0x59 | pop ecx |
| Z | 0x5a | pop edx |
| [ | 0x5b | pop ebx |
| \ | 0x5c | pop esp |
| ] | 0x5d | pop ebp |
| ^ | 0x5e | pop esi |
| _ | 0x5f | pop edi |
| ` | 0x60 | pushad |
| a | 0x61 | popad |
| b | 0x62 | bound |
| c | 0x63 | arpl |
| d | 0x64 | FS Segment Override |
| e | 0x65 | GS Segment Override |
| f | 0x66 | 16 Bit Operand Size |
| g | 0x67 | 16 Bit Address Size |
| h | 0x68 | push 0x######## [dword] |
| i | 0x69 | imul reg/mem with immediate to reg/mem |
| j | 0x6a | push 0x## [byte] |
| k | 0x6b | imul immediate with reg into reg |
| l | 0x6c | insb es:[edi], [dx] |
| m | 0x6d | insl es:[edi], [dx] |
| n | 0x6e | outsb [dx], dx:[esi] |
| o | 0x6f | outsl [dx], ds:[esi] |
| p | 0x70 | jo 0x## [byte relative offset] |
| q | 0x71 | jno 0x## [byte relative offset] |
| r | 0x72 | jb 0x## [byte relative offset] |
| s | 0x73 | jae 0x## [byte relative offset] |
| t | 0x74 | je 0x## [byte relative offset] |
| u | 0x75 | jne 0x## [byte relative offset] |
| v | 0x76 | jbe 0x## [byte relative offset] |
| w | 0x77 | ja 0x## [byte relative offset] |
| x | 0x78 | js 0x## [byte relative offset] |
| y | 0x79 | jns 0x## [byte relative offset] |
| z | 0x7a | jp 0x## [byte relative offset] |
64-bit alphanumeric opcodes
| ASCII | Hex | Assembler Instruction |
|---|---|---|
| 0 | 0x30 | xor %{16bit}, (%{64bit}) |
| 1 | 0x31 | xor %{32bit}, (%{64bit}) |
| 2 | 0x32 | xor (%{64bit}), %{16bit} |
| 3 | 0x33 | xor (%{64bit}), %{32bit} |
| 4 | 0x34 | xor [byte], %al |
| 5 | 0x35 | xor [dword], %eax |
| 6 | 0x36 | %ss segment register |
| 7 | 0x37 | Bad Instruction! |
| 8 | 0x38 | cmp %{16bit}, (%{64bit}) |
| 9 | 0x39 | cmp %{32bit}, (%{64bit}) |
| ASCII | Hex | Assembler Instruction |
|---|---|---|
| A | 0x41 | 64 bit reserved prefix |
| B | 0x42 | 64 bit reserved prefix |
| C | 0x43 | 64 bit reserved prefix |
| D | 0x44 | 64 bit reserved prefix |
| E | 0x45 | 64 bit reserved prefix |
| F | 0x46 | 64 bit reserved prefix |
| G | 0x47 | 64 bit reserved prefix |
| H | 0x48 | 64 bit reserved prefix |
| I | 0x49 | 64 bit reserved prefix |
| J | 0x4a | 64 bit reserved prefix |
| K | 0x4b | 64 bit reserved prefix |
| L | 0x4c | 64 bit reserved prefix |
| M | 0x4d | 64 bit reserved prefix |
| N | 0x4e | 64 bit reserved prefix |
| O | 0x4f | 64 bit reserved prefix |
| P | 0x50 | push %rax |
| Q | 0x51 | push %rcx |
| R | 0x52 | push %rdx |
| S | 0x53 | push %rbx |
| T | 0x54 | push %rsp |
| U | 0x55 | push %rbp |
| V | 0x56 | push %rsi |
| W | 0x57 | push %rdi |
| X | 0x58 | pop %rax |
| Y | 0x59 | pop %rcx |
| Z | 0x5a | pop %rdx |
| ASCII | Hex | Assembler Instruction |
|---|---|---|
| a | 0x61 | Bad Instruction! |
| b | 0x62 | Bad Instruction! |
| c | 0x63 | movslq (%{64bit}), %{32bit} |
| d | 0x64 | %fs segment register |
| e | 0x65 | %gs segment register |
| f | 0x66 | 16 bit operand override |
| g | 0x67 | 16 bit ptr override |
| h | 0x68 | push [dword] |
| i | 0x69 | imul [dword], (%{64bit}), %{32bit} |
| j | 0x6a | push [byte] |
| k | 0x6b | imul [byte], (%{64bit}), %{32bit} |
| l | 0x6c | insb (%dx),%es:(%rdi) |
| m | 0x6d | insl (%dx),%es:(%rdi) |
| n | 0x6e | outsb %ds:(%rsi),(%dx) |
| o | 0x6f | outsl %ds:(%rsi),(%dx) |
| p | 0x70 | jo [byte] |
| q | 0x71 | jno [byte] |
| r | 0x72 | jb [byte] |
| s | 0x73 | jae [byte] |
| t | 0x74 | je [byte] |
| u | 0x75 | jne [byte] |
| v | 0x76 | jbe [byte] |
| w | 0x77 | ja [byte] |
| x | 0x78 | js [byte] |
| y | 0x79 | jns [byte] |
| z | 0x7a | jp [byte] |
x86 Intercompatibility
| Hex | ASCII | Assembler Instruction |
|---|---|---|
| 0x64, 0x65 | d,e | [fs | gs] prefix |
| 0x66, 0x67 | f,g | 16bit [operand | ptr] override |
| 0x68, 0x6a | h,j | push |
| 0x69, 0x6b | i,k | imul |
| 0x6c-0x6f | l-o | ins[bwd], outs[bwd] |
| 0x70-0x7a | p-z | Conditional Jumps |
| 0x30-0x35 | 0-5 | xor |
| 0x36 | 6 | %ss segment register |
| 0x38-0x39 | 8,9 | cmp |
| 0x50-0x57 | P-W | push *x, *i, *p |
| 0x58-0x5a | XYZ | pop [*ax, *cx, *dx] |
