One of the problems is that most high-level conditional statements are just
too lengthy for low-level languages such as assembly language, so they are
broken down into sequences of operations. The key to understanding these
sequences, the correlation between them, and the high-level statements from
which they originated, is to understand the low-level control flow constructs
and how they can be used for representing high-level control flow statements.
The details of these low-level constructs are platform- and language-specific;
we will be discussing control flow statements in IA-32 assembly language in
the following section on assembly language.Assembly Language 101
In order to understand low-level software, one must understand assembly lan-
guage. For most purposes, assembly language is thelanguage of reversing, and
mastering it is an essential step in becoming a real reverser, because with most
programs assembly language is the only available link to the original source
code. Unfortunately, there is quite a distance between the source code of most
programs and the compiler-generated assembly language code we must work
with while reverse engineering. But fear not, this book contains a variety of
techniques for squeezing every possible bit of information from assembly lan-
guage programs!
The following sections provide a quick introduction to the world of assem-
bly language, while focusing on the IA-32 (Intel’s 32-bit architecture), which is
the basis for all of Intel’s x86 CPUs from the historical 80386 to the modern-day
implementations. I’ve chosen to focus on the Intel IA-32 assembly language
because it is used in every PC in the world and is by far the most popular
processor architecture out there. Intel-compatible CPUs, such as those made
by Advanced Micro Devices (AMD), Transmeta, and so on are mostly identical
for reversing purposes because they are object-code-compatible with Intel’s
processors.Registers
Before starting to look at even the most basic assembly language code, you
must become familiar with IA-32 registers, because you’ll be seeing them ref-
erenced in almost every assembly language instruction you’ll ever encounter.
For most purposes, the IA-32 has eight generic registers: EAX, EBX, ECX, EDX,44 Chapter 2