Malware Flashcards
In IA-32 registers, which are generic registers that can be used for any integer, Boolean, logical, or memory operation?
EAX, EBX, and EDX
In IA-32 registers, what is sometimes used as a counter by repetitive instructions that require counting, but is still a generic register?
ECX
In IA-32 registers, what are frequently used as a source and destination pointers in instructions that copy memory?
ESI & EDI (SI for Source Index, and DI for Destination Index)
In IA-32 registers, what points to the stack position right after the return address for the current function?
EBP (extended base pointer)
what stores the current position in the stack?
ESP (Extended Stack Pointer)
In IA-32 registers, what holds the address of the next line of code to be executed by the program? (so it is always pointing to the next thing to do)
EIP (Extended Instruction Pointer)
In IA-32, what are status registers, commonly used to influence jumps in assembly, as they all reflect the current state of the CPU, holds a value representing current state of processor?
EFLAGS
What state is the flag (EFLAGS) set to during an execution?
Set(1) or Cleared(0), based on result of the last operation.
What are instructions in assembly based around?
Operation code (opcode)
What is the size range of an opcode?
1-8 bytes
What are examples of opcodes?
MOV, CMP, AND, OR, XOR, etc
What comes after the opcode in assembly commands and is where data is stored?
Destination
What comes after the opcode and where data is stored and reflects where data is coming from?
Source
What is an example of a full assembly command?
MOV EAX, 0, which will move the value of 0 to the destination of EAX
What is the code for an unconditional jump and what does it do?
JMP, jumps to destination address no matter what
