Shellcode 293The next few instructions, like the mov instruction, have two operands.
They all do simple arithmetic and bitwise logical operations between the two
operands, storing the result in the first operand.
One method is to move an arbitrary 32-bit number into the register and
then subtract that value from the register using the mov and sub instructions:
B8 44 33 22 11 mov eax,0x11223344
2D 44 33 22 11 sub eax,0x11223344
While this technique works, it takes 10 bytes to zero out a single register,
making the assembled shellcode larger than necessary. Can you think of a way
to optimize this technique? The DWORD value specified in each instruction
Instruction Description
inc <target> Increment the target operand by adding 1 to it.
dec <target> Decrement the target operand by subtracting 1 from it.Instruction Description
add <dest>, <source> Add the source operand to the destination operand, storing the result
in the destination.
sub <dest>, <source> Subtract the source operand from the destination operand, storing the
result in the destination.
or <dest>, <source> Perform a bitwise or logic operation, comparing each bit of one
operand with the corresponding bit of the other operand.
1 or 0 = 1
1 or 1 = 1
0 or 1 = 1
0 or 0 = 0
If the source bit or the destination bit is on, or if both of them are on, the
result bit is on; otherwise, the result is off. The final result is stored in
the destination operand.
and <dest>, <source> Perform a bitwise and logic operation, comparing each bit of one
operand with the corresponding bit of the other operand.
1 or 0 = 0
1 or 1 = 1
0 or 1 = 0
0 or 0 = 0
The result bit is on only if both the source bit and the destination bit
are on. The final result is stored in the destination operand.
xor <dest>, <source> Perform a bitwise exclusive or (xor) logical operation, comparing each
bit of one operand with the corresponding bit of the other operand.
1 or 0 = 1
1 or 1 = 0
0 or 1 = 1
0 or 0 = 0
If the bits differ, the result bit is on; if the bits are the same, the result
bit is off. The final result is stored in the destination operand.