Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Shellcode/Appendix/Alphanumeric opcode"

From NetSec
Jump to: navigation, search
(Created page with " == 32-bit printable opcodes == {| class="wikitable" style="text-align: center" |+ ASCII Shellcode Table |- ! scope="col" | ASCII Value ! scope="col" | Hex Opcode ! scope="col" |...")
 
(No difference)

Revision as of 18:25, 28 November 2012

32-bit printable opcodes

ASCII Shellcode Table
ASCII Value Hex Opcode Assembly Equivalent
0 \x30 xor
1 \x31 xor
2 \x32 xor
3 \x33 xor
4 \x34 xor al, 0x## [byte]
5 \x35 xor eax, 0x######## [DWORD]
6 \x36 SS Segment Override
7 \x37 aaa
8 \x38 cmp
9 \x39 cmp
 : \x3a cmp
 ; \x3b cmp
< \x3c cmp al, 0x## [byte]
= \x3d cmp eax, 0x######## [DWORD]
> \x3e [undocced nop]
 ? \x3f aas
@ \x40 inc eax
A \x41 inc ecx
B \x42 inc edx
C \x43 inc ebx
D \x44 inc esp
E \x45 inc ebp
F \x46 inc esi
G \x47 inc edi
H \x48 dec eax
I \x49 dec ecx
J \x4a dec edx
K \x4b dec ebx
L \x4c dec esp
M \x4d dec ebp
N \x4e dec esi
O \x4f dec edi
P \x50 push eax
Q \x51 push ecx
R \x52 push edx
S \x53 push ebx
T \x54 push esp
U \x55 push ebp
V \x56 push esi
W \x57 push edi
X \x58 pop eax
Y \x59 pop ecx
Z \x5a pop edx
[ \x5b pop ebx
\ \x5c pop esp
] \x5d pop ebp
^ \x5e pop esi
_ \x5f pop edi
` \x60 pushad
a \x61 popad
b \x62 bound
c \x63 arpl
d \x64 FS Segment Override
e \x65 GS Segment Override
f \x66 16 Bit Operand Size
g \x67 16 Bit Address Size
h \x68 push 0x######## [dword]
i \x69 imul reg/mem with immediate to reg/mem
j \x6a push 0x## [byte]
k \x6b imul immediate with reg into reg
l \x6c insb es:[edi], [dx]
m \x6d insl es:[edi], [dx]
n \x6e outsb [dx], dx:[esi]
o \x6f outsl [dx], ds:[esi]
p \x70 jo 0x## [byte relative offset]
q \x71 jno 0x## [byte relative offset]
r \x72 jb 0x## [byte relative offset]
s \x73 jae 0x## [byte relative offset]
t \x74 je 0x## [byte relative offset]
u \x75 jne 0x## [byte relative offset]
v \x76 jbe 0x## [byte relative offset]
w \x77 ja 0x## [byte relative offset]
x \x78 js 0x## [byte relative offset]
y \x79 jns 0x## [byte relative offset]
z \x7a jp 0x## [byte relative offset]

64-bit alphanumeric opcodes

Numeric
ASCII Hex Assembler Instruction
0 0x30 xor %{16bit}, (%{64bit})
1 0x31 xor %{32bit}, (%{64bit})
2 0x32 xor (%{64bit}), %{16bit}
3 0x33 xor (%{64bit}), %{32bit}
4 0x34 xor [byte], %al
5 0x35 xor [dword], %eax
6 0x36  %ss segment register
7 0x37 Bad Instruction!
8 0x38 cmp %{16bit}, (%{64bit})
9 0x39 cmp %{32bit}, (%{64bit})
Uppercase
ASCII Hex Assembler Instruction
A 0x41 64 bit reserved prefix
B 0x42 64 bit reserved prefix
C 0x43 64 bit reserved prefix
D 0x44 64 bit reserved prefix
E 0x45 64 bit reserved prefix
F 0x46 64 bit reserved prefix
G 0x47 64 bit reserved prefix
H 0x48 64 bit reserved prefix
I 0x49 64 bit reserved prefix
J 0x4a 64 bit reserved prefix
K 0x4b 64 bit reserved prefix
L 0x4c 64 bit reserved prefix
M 0x4d 64 bit reserved prefix
N 0x4e 64 bit reserved prefix
O 0x4f 64 bit reserved prefix
P 0x50 push %rax
Q 0x51 push %rcx
R 0x52 push %rdx
S 0x53 push %rbx
T 0x54 push %rsp
U 0x55 push %rbp
V 0x56 push %rsi
W 0x57 push %rdi
X 0x58 pop %rax
Y 0x59 pop %rcx
Z 0x5a pop %rdx


Lowercase
ASCII Hex Assembler Instruction
a 0x61 Bad Instruction!
b 0x62 Bad Instruction!
c 0x63 movslq (%{64bit}), %{32bit}
d 0x64 %fs segment register
e 0x65  %gs segment register
f 0x66 16 bit operand override
g 0x67 16 bit ptr override
h 0x68 push [dword]
i 0x69 imul [dword], (%{64bit}), %{32bit}
j 0x6a push [byte]
k 0x6b imul [byte], (%{64bit}), %{32bit}
l 0x6c insb (%dx),%es:(%rdi)
m 0x6d insl (%dx),%es:(%rdi)
n 0x6e outsb %ds:(%rsi),(%dx)
o 0x6f outsl %ds:(%rsi),(%dx)
p 0x70 jo [byte]
q 0x71 jno [byte]
r 0x72 jb [byte]
s 0x73 jae [byte]
t 0x74 je [byte]
u 0x75 jne [byte]
v 0x76 jbe [byte]
w 0x77 ja [byte]
x 0x78 js [byte]
y 0x79 jns [byte]
z 0x7a jp [byte]

Alphanumeric opcode compatibility reference

Intercompatible x86* Alphanumeric Opcodes
Hex ASCII Assembler Instruction
0x64, 0x65 d,e [fs | gs] prefix
0x66, 0x67 f,g 16bit [operand | ptr] override
0x68, 0x6a h,j push
0x69, 0x6b i,k imul
0x6c-0x6f l-o ins[bwd], outs[bwd]
0x70-0x7a p-z Conditional Jumps
0x30-0x35 0-5 xor
0x36 6  %ss segment register
0x38-0x39 8,9 cmp
0x50-0x57 P-W push *x, *i, *p
0x58-0x5a XYZ pop [*ax, *cx, *dx]