1
00:00:00,550 --> 00:00:01,700
Hello and welcome.

2
00:00:02,140 --> 00:00:09,850
In this video, we are going to talk about assembly, language, basics, formal analysis of nitty equals.

3
00:00:11,410 --> 00:00:12,430
What is the Steck?

4
00:00:13,260 --> 00:00:23,010
Stake stands for LIFO, last in first structure, ESTOS local variables and return addresses for functions

5
00:00:23,910 --> 00:00:33,320
is assessed to push for call and instructions and the rare memorabilia for the state as follows.

6
00:00:33,900 --> 00:00:40,680
It starts at a higher address shown in the diagram here, and small values have pushed smaller and smaller

7
00:00:40,680 --> 00:00:45,800
addresses use and the addresses I had thought on this time.

8
00:00:46,260 --> 00:00:47,580
So this whole thing is a step.

9
00:00:47,580 --> 00:00:55,590
Here is part of the memory and the EVP is this pointer is a register.

10
00:00:55,590 --> 00:00:58,650
We start the address of the bottom of the stack.

11
00:00:59,430 --> 00:01:05,480
The ESB is another pointer which starts the address of the top of the stack.

12
00:01:05,910 --> 00:01:11,030
So these are registered, which are useful for creating a stack.

13
00:01:12,060 --> 00:01:19,990
What is the heap he may use for globally storing memory or functions can access it because it is stored

14
00:01:20,010 --> 00:01:20,550
globally.

15
00:01:21,300 --> 00:01:24,180
They are typically stored in data section of a program.

16
00:01:25,270 --> 00:01:34,120
In this AP, Arkia alloca, he can be used to create, he never use, he has a storage area for anything

17
00:01:34,120 --> 00:01:43,060
he's going to use and you can look up the EMCDDA and help in the Google description of this API function.

18
00:01:43,720 --> 00:01:45,670
Next, we look at CPU registers.

19
00:01:46,480 --> 00:01:56,560
Disipio Registers consists of the following registers SCBA all the way to IP X, typically known as

20
00:01:56,560 --> 00:02:02,140
the accumulator for Arithmetic Operations SBX and based Point-to-point.

21
00:02:02,150 --> 00:02:11,740
Anita X is usually acounter for shooting with instructions and for looping Eteocles for data arithmetic

22
00:02:11,740 --> 00:02:15,670
and Kylo, yes, it is sauciness is a pointer.

23
00:02:15,670 --> 00:02:18,250
Did a source in string operations.

24
00:02:18,790 --> 00:02:26,470
It is a destination index pointer to destination in string operations EBIZ base pointer, which points

25
00:02:26,470 --> 00:02:32,820
to the base of the stack which we have seen E.S.P stick pointer his pointer a thumb on the stack and

26
00:02:32,830 --> 00:02:35,110
IP is a construction pointer.

27
00:02:35,470 --> 00:02:42,040
We start the address on the next instructions there is going to execute are also similar registers.

28
00:02:42,310 --> 00:02:49,300
SS you squinter six could point to the data pointer and so on.

29
00:02:49,720 --> 00:02:52,780
The important ones are SS six and yes.

30
00:02:53,170 --> 00:02:54,940
And these are called segment registers.

31
00:02:55,450 --> 00:02:58,810
You can assess Bosavi register for example.

32
00:02:59,320 --> 00:03:00,850
Register in.

33
00:03:00,850 --> 00:03:08,650
This example is Streeterville register consists of four bytes, which is also known as a D for the Teletubbies.

34
00:03:09,160 --> 00:03:15,670
If you only wanted SS haveli, which is actually assessing the what to base, which is sixteen, which

35
00:03:16,270 --> 00:03:19,260
you can use the symbol X, he said X.

36
00:03:20,080 --> 00:03:28,270
And if you wanted to assess the lower level Moseby, which is the image, then you can use Heigh-Ho.

37
00:03:29,350 --> 00:03:30,280
So yeah.

38
00:03:30,930 --> 00:03:34,060
Says to Lobi he says is a higher bar.

39
00:03:35,290 --> 00:03:39,190
So example, supposing the SS got this hex values.

40
00:03:39,550 --> 00:03:41,500
One, two, three, four, five, six, seven and eight.

41
00:03:41,980 --> 00:03:45,790
If you are going to assess the X, this is this is Adua.

42
00:03:45,940 --> 00:03:54,240
If you want an SS, that would then he will use X if you wanted SS the higher Y you use H and Lobi.

43
00:03:54,370 --> 00:03:54,750
Yeah.

44
00:03:54,790 --> 00:03:55,900
So this is what you would get.

45
00:03:56,200 --> 00:03:56,660
Yes.

46
00:03:56,680 --> 00:04:02,250
We give you 50 Southeast Asia, give you five, six and here we give you 78.

47
00:04:03,160 --> 00:04:05,650
The same thing applies to all the other registers.

48
00:04:06,010 --> 00:04:15,410
For example, if you are assessing if you will use for good and for the bottom will be the higher highlight

49
00:04:15,430 --> 00:04:17,100
will be B and so on.

50
00:04:17,890 --> 00:04:19,570
We also have the flex register.

51
00:04:20,050 --> 00:04:24,000
This is the register of each flat containing a one or a zero.

52
00:04:24,460 --> 00:04:25,990
The important one size follows.

53
00:04:26,620 --> 00:04:32,550
The siefker is a Karif like it is set when the result of an operation is too large for the destination.

54
00:04:32,710 --> 00:04:34,800
Run the zero flag.

55
00:04:35,260 --> 00:04:38,380
It is the result of an operation equals to zero.

56
00:04:39,010 --> 00:04:46,600
The same flag is set if the result of an operation is negative and deafly also is a trap like a set.

57
00:04:47,020 --> 00:04:51,790
If you are doing step by step debugging and malware can detect this.

58
00:04:51,910 --> 00:04:56,830
Sometimes you get buggy functionality, assembly like instructions.

59
00:04:57,280 --> 00:05:03,640
Three main categories dataflow, for example, the movie instruction controller, for example, push,

60
00:05:03,640 --> 00:05:06,070
call and jump automatic in logic.

61
00:05:06,070 --> 00:05:14,000
For example, I saw on Anmol and examples of data transfer instructions move.

62
00:05:14,390 --> 00:05:22,480
The focus is to move, for example, move source to destination and example, remove the very start

63
00:05:22,480 --> 00:05:22,910
you need.

64
00:05:22,960 --> 00:05:28,500
S address to the register moves, which means moves.

65
00:05:28,510 --> 00:05:32,470
You're extended, for example, moves the source to destination.

66
00:05:32,770 --> 00:05:38,470
So this will move to hexadecimal one, two, three into weeks and pattern higher order.

67
00:05:38,470 --> 00:05:42,610
This is zero allier non-effective address.

68
00:05:42,610 --> 00:05:44,620
For example, LASU destination.

69
00:05:45,280 --> 00:05:53,770
This will address after you minus four zero in hex from MBP and start the resulting address he needs.

70
00:05:54,650 --> 00:05:59,620
Xchange is a swap values between two registers, for example.

71
00:05:59,620 --> 00:06:05,320
S.G. Source and destination with somewhat everything source in the destination and whatever in this

72
00:06:05,320 --> 00:06:10,030
nation into source examples of contraflow instructions jumps.

73
00:06:10,960 --> 00:06:17,080
So this is an unconditional unjam way he would jump no matter what the condition is.

74
00:06:17,110 --> 00:06:21,630
Prior to the example we jump to the value.

75
00:06:21,630 --> 00:06:24,400
We start in this address JDA.

76
00:06:25,010 --> 00:06:34,220
Jump, he jumps only if to zero, flight one, for example, address jump, not zero zero will jump

77
00:06:34,400 --> 00:06:40,940
if the zero zero E journey is preceded by the test or compare instruction.

78
00:06:41,480 --> 00:06:46,580
However, jump is a condition and jump and not preceded by any test.

79
00:06:48,950 --> 00:06:50,690
Here is an example of a jump.

80
00:06:51,470 --> 00:06:52,240
So jump.

81
00:06:52,250 --> 00:07:01,480
You could only take place if the comparison here is is equal to zero, for example, minus Essi zero,

82
00:07:01,710 --> 00:07:04,970
then this region, this JBI is just below.

83
00:07:05,270 --> 00:07:15,790
So this jump will only happen if the U.S., minus the values on its policy, is less than zero then

84
00:07:15,800 --> 00:07:16,400
it time.

85
00:07:18,260 --> 00:07:23,270
And over here, gemological generally could only happen if the.

86
00:07:24,170 --> 00:07:28,790
Yes, minus ESR is not equal to zero then only William.

87
00:07:30,040 --> 00:07:39,850
Examples of aromatic instructions at some, I think so examples would be source to destination, which

88
00:07:39,850 --> 00:07:45,080
means that you take whatever is in sight at the destination and start the resulting destination.

89
00:07:46,300 --> 00:07:47,110
Does the same thing.

90
00:07:47,120 --> 00:07:52,720
But this minus Ilma is where you multiply source by the value.

91
00:07:53,170 --> 00:07:59,780
And in Stoddard's the Indonesian increment I see means increment whatever is in the register by one.

92
00:08:00,010 --> 00:08:01,540
And these are examples here.

93
00:08:02,230 --> 00:08:03,910
Examples of logic, instructions.

94
00:08:04,330 --> 00:08:08,800
Zschau performance being are for example, some sole source of destination.

95
00:08:09,940 --> 00:08:17,260
And then here shelf-life means you see all the bits by left, by, by the number of bits to indicate

96
00:08:17,270 --> 00:08:19,930
any source, for example, which is one.

97
00:08:20,290 --> 00:08:25,660
Then you shift every bit here to the left by one and perform the device in.

98
00:08:25,930 --> 00:08:29,860
So here you perform in an operation with a source and a destination.

99
00:08:31,760 --> 00:08:40,850
Doesn't compare instructions that is very poor from a B, right, and on to parents in a zero zero set

100
00:08:41,270 --> 00:08:48,590
of unusual conditions in camps where you compare the first operation with the second operation by subtraction.

101
00:08:49,010 --> 00:08:51,360
So this is example here today.

102
00:08:51,380 --> 00:08:58,650
You take AGYEMAN one minus arguin to jam instructions always come immediately after a test or compare,

103
00:08:58,940 --> 00:09:02,270
as I just demonstrated, and return values.

104
00:09:02,630 --> 00:09:06,260
Yes, register used to hold the return value of a function call.

105
00:09:06,740 --> 00:09:13,630
The return value could be an integer of zero or even negative one, which is denoted in hex by all.

106
00:09:13,650 --> 00:09:22,880
Yes, you can also be addressed, for example, this hexadecimal address, for example, this output

107
00:09:22,880 --> 00:09:28,910
from the excessive IBG over here you will see push seven.

108
00:09:28,910 --> 00:09:36,050
So push and push seven to the stack down here and then call Hotei cause this function will return.

109
00:09:36,050 --> 00:09:37,880
The result, the call in X.

110
00:09:39,850 --> 00:09:43,580
That's all for this primer on assembly language.

111
00:09:43,870 --> 00:09:44,860
Thank you for watching.