Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Shellcode/Appendix/Alphanumeric opcode"
From NetSec
(→Alphanumeric opcode compatibility reference) |
|||
Line 591: | Line 591: | ||
| jp [byte] | | jp [byte] | ||
|- | |- | ||
+ | |} | ||
+ | |||
+ | === Push: alphanumeric x86_64 registers === | ||
+ | {|border="1" cellpadding="5" cellspacing="0" align="center" | ||
+ | |+'''One-byte, two-byte, and four-byte quantities''' | ||
+ | |- | ||
+ | ! scope="col" | Assembly | ||
+ | ! scope="col" | Hexadecimal | ||
+ | ! scope="col" | Alphanumeric ASCII | ||
+ | |- | ||
+ | | pushw [word] | ||
+ | | \x66\x68\x##\x## | ||
+ | | fh?? | ||
+ | |- | ||
+ | | pushq [byte] | ||
+ | | \x6a\x## | ||
+ | | j? | ||
+ | |- | ||
+ | | pushq [dword] | ||
+ | | \x68\x##\x##\x##\x## | ||
+ | | h???? | ||
|} | |} | ||
Revision as of 19:34, 30 November 2012
Contents
32-bit printable opcodes
ASCII Value | Hex Opcode | Assembly Equivalent |
---|---|---|
0 | 0x30 | xor |
1 | 0x31 | xor |
2 | 0x32 | xor |
3 | 0x33 | xor |
4 | 0x34 | xor al, 0x## [byte] |
5 | 0x35 | xor eax, 0x######## [DWORD] |
6 | 0x36 | SS Segment Override |
7 | 0x37 | aaa |
8 | 0x38 | cmp |
9 | 0x39 | cmp |
: | 0x3a | cmp |
; | 0x3b | cmp |
< | 0x3c | cmp al, 0x## [byte] |
= | 0x3d | cmp eax, 0x######## [DWORD] |
> | 0x3e | [undocced nop] |
? | 0x3f | aas |
@ | 0x40 | inc eax |
A | 0x41 | inc ecx |
B | 0x42 | inc edx |
C | 0x43 | inc ebx |
D | 0x44 | inc esp |
E | 0x45 | inc ebp |
F | 0x46 | inc esi |
G | 0x47 | inc edi |
H | 0x48 | dec eax |
I | 0x49 | dec ecx |
J | 0x4a | dec edx |
K | 0x4b | dec ebx |
L | 0x4c | dec esp |
M | 0x4d | dec ebp |
N | 0x4e | dec esi |
O | 0x4f | dec edi |
P | 0x50 | push eax |
Q | 0x51 | push ecx |
R | 0x52 | push edx |
S | 0x53 | push ebx |
T | 0x54 | push esp |
U | 0x55 | push ebp |
V | 0x56 | push esi |
W | 0x57 | push edi |
X | 0x58 | pop eax |
Y | 0x59 | pop ecx |
Z | 0x5a | pop edx |
[ | 0x5b | pop ebx |
\ | 0x5c | pop esp |
] | 0x5d | pop ebp |
^ | 0x5e | pop esi |
_ | 0x5f | pop edi |
` | 0x60 | pushad |
a | 0x61 | popad |
b | 0x62 | bound |
c | 0x63 | arpl |
d | 0x64 | FS Segment Override |
e | 0x65 | GS Segment Override |
f | 0x66 | 16 Bit Operand Size |
g | 0x67 | 16 Bit Address Size |
h | 0x68 | push 0x######## [dword] |
i | 0x69 | imul reg/mem with immediate to reg/mem |
j | 0x6a | push 0x## [byte] |
k | 0x6b | imul immediate with reg into reg |
l | 0x6c | insb es:[edi], [dx] |
m | 0x6d | insl es:[edi], [dx] |
n | 0x6e | outsb [dx], dx:[esi] |
o | 0x6f | outsl [dx], ds:[esi] |
p | 0x70 | jo 0x## [byte relative offset] |
q | 0x71 | jno 0x## [byte relative offset] |
r | 0x72 | jb 0x## [byte relative offset] |
s | 0x73 | jae 0x## [byte relative offset] |
t | 0x74 | je 0x## [byte relative offset] |
u | 0x75 | jne 0x## [byte relative offset] |
v | 0x76 | jbe 0x## [byte relative offset] |
w | 0x77 | ja 0x## [byte relative offset] |
x | 0x78 | js 0x## [byte relative offset] |
y | 0x79 | jns 0x## [byte relative offset] |
z | 0x7a | jp 0x## [byte relative offset] |
64-bit alphanumeric opcodes
ASCII | Hex | Assembler Instruction |
---|---|---|
0 | 0x30 | xor %{16bit}, (%{64bit}) |
1 | 0x31 | xor %{32bit}, (%{64bit}) |
2 | 0x32 | xor (%{64bit}), %{16bit} |
3 | 0x33 | xor (%{64bit}), %{32bit} |
4 | 0x34 | xor [byte], %al |
5 | 0x35 | xor [dword], %eax |
6 | 0x36 | %ss segment register |
7 | 0x37 | Bad Instruction! |
8 | 0x38 | cmp %{16bit}, (%{64bit}) |
9 | 0x39 | cmp %{32bit}, (%{64bit}) |
ASCII | Hex | Assembler Instruction |
---|---|---|
A | 0x41 | 64 bit reserved prefix |
B | 0x42 | 64 bit reserved prefix |
C | 0x43 | 64 bit reserved prefix |
D | 0x44 | 64 bit reserved prefix |
E | 0x45 | 64 bit reserved prefix |
F | 0x46 | 64 bit reserved prefix |
G | 0x47 | 64 bit reserved prefix |
H | 0x48 | 64 bit reserved prefix |
I | 0x49 | 64 bit reserved prefix |
J | 0x4a | 64 bit reserved prefix |
K | 0x4b | 64 bit reserved prefix |
L | 0x4c | 64 bit reserved prefix |
M | 0x4d | 64 bit reserved prefix |
N | 0x4e | 64 bit reserved prefix |
O | 0x4f | 64 bit reserved prefix |
P | 0x50 | push %rax |
Q | 0x51 | push %rcx |
R | 0x52 | push %rdx |
S | 0x53 | push %rbx |
T | 0x54 | push %rsp |
U | 0x55 | push %rbp |
V | 0x56 | push %rsi |
W | 0x57 | push %rdi |
X | 0x58 | pop %rax |
Y | 0x59 | pop %rcx |
Z | 0x5a | pop %rdx |
ASCII | Hex | Assembler Instruction |
---|---|---|
a | 0x61 | Bad Instruction! |
b | 0x62 | Bad Instruction! |
c | 0x63 | movslq (%{64bit}), %{32bit} |
d | 0x64 | %fs segment register |
e | 0x65 | %gs segment register |
f | 0x66 | 16 bit operand override |
g | 0x67 | 16 bit ptr override |
h | 0x68 | push [dword] |
i | 0x69 | imul [dword], (%{64bit}), %{32bit} |
j | 0x6a | push [byte] |
k | 0x6b | imul [byte], (%{64bit}), %{32bit} |
l | 0x6c | insb (%dx),%es:(%rdi) |
m | 0x6d | insl (%dx),%es:(%rdi) |
n | 0x6e | outsb %ds:(%rsi),(%dx) |
o | 0x6f | outsl %ds:(%rsi),(%dx) |
p | 0x70 | jo [byte] |
q | 0x71 | jno [byte] |
r | 0x72 | jb [byte] |
s | 0x73 | jae [byte] |
t | 0x74 | je [byte] |
u | 0x75 | jne [byte] |
v | 0x76 | jbe [byte] |
w | 0x77 | ja [byte] |
x | 0x78 | js [byte] |
y | 0x79 | jns [byte] |
z | 0x7a | jp [byte] |
Push: alphanumeric x86_64 registers
Assembly | Hexadecimal | Alphanumeric ASCII |
---|---|---|
pushw [word] | \x66\x68\x##\x## | fh?? |
pushq [byte] | \x6a\x## | j? |
pushq [dword] | \x68\x##\x##\x##\x## | h???? |
x86 Intercompatibility
Hex | ASCII | Assembler Instruction |
---|---|---|
0x64, 0x65 | d,e | [fs | gs] prefix |
0x66, 0x67 | f,g | 16bit [operand | ptr] override |
0x68, 0x6a | h,j | push |
0x69, 0x6b | i,k | imul |
0x6c-0x6f | l-o | ins[bwd], outs[bwd] |
0x70-0x7a | p-z | Conditional Jumps |
0x30-0x35 | 0-5 | xor |
0x36 | 6 | %ss segment register |
0x38-0x39 | 8,9 | cmp |
0x50-0x57 | P-W | push *x, *i, *p |
0x58-0x5a | XYZ | pop [*ax, *cx, *dx] |