Assembly Instructions
Table of Contents
Assembly Instruction Overview
Before You Begin
This note serves as the entry point to the entire assembly instruction system, helping build the reader’s overall perspective. There are many assembly language instructions, and without a reasonable structure, they can feel fragmented and difficult to understand.
To address this, this note organizes all instructions in a layered way:
Level 1 (this document): explains the classification logic, global framework, and learning strategy.
Level 2: divides instruction categories by function.
Level 3: each instruction has its own dedicated note, including semantics, behavior, affected registers, common pitfalls, and PWN-related considerations.
All details of specific instructions belong to Level 3 and are not expanded on in this note.
Explanation of the Classification Logic
Although the x86_64 instruction set is large, the parts that are truly common in reverse engineering and PWN can naturally be divided into several functional modules.
These modules are not rigid knowledge categories, but are divided from the perspective of “program behavior logic”:
Arithmetic operations — modify data
Data transfer — move data between registers and memory
Stack and calls — function call chains and stack frame changes
Control flow — how program execution changes direction
Logic and bit operations — structural processing of data
System interface — related to system calls (optional)
These modules form a complete closed loop of program behavior:
Where data comes from, how it is processed, how it is pushed onto the stack, how execution jumps, and how it returns.
The Level 2 notes will be organized around these categories.
Level 2 Category Description (for downstream branch structure)
Below is the recommended functional classification, which will become your Obsidian Level 2 branches:
Operations and Logic
Processes data content, including arithmetic and logical operations.
Common scenarios: decryption, length calculation, and loop counter operation.
Data Transfer Class
Moves data between registers / memory / stack.
This is the foundational path for understanding any assembly.
Stack and Call Class
The setup and teardown of the function call stack, one of the most sensitive groups of instructions in PWN.
Involves push, pop, call, leave, ret, etc.
控制流与分支类
The decision points that determine the flow of program logic, including unconditional jumps and conditional jumps.
In particular, this includes the broad jcc category.
位操作与移位类
Handles bit-level structures, such as encryption, hash, checksums, pointer arithmetic, etc.
String and block operations (optional) Such as rep, movs, stos, etc. They do not appear frequently in reverse engineering, but understanding them is highly valuable.
System call related (optional)
Such as syscall, int80. Directly relevant to PWN.
These will each become the main category nodes of the Level 2 notes.
Overview Table (without backlinks)
The following is the overall structure of your entire instruction library. It does not include links and is only intended to help readers form a complete picture:
Arithmetic and logic
-
add
-
sub
-
inc
-
dec
-
xor
-
not
-
and
-
or
Data transfer
-
mov
-
lea
-
push
-
pop
Stack and calls
-
call
-
ret
-
leave
Control flow
-
jmp
-
jcc series (je, jne, ja, jb, jge, jle, etc.)
Shift and bit operations
-
shl
-
shr
-
rol
-
ror
Other
-
nop
-
special instructions (such as syscall, etc.)
Usage Guide
To make this knowledge base more like an ever-expanding “reverse engineering dictionary,” the following usage method is recommended:
Encounter assembly → quickly locate by category → look up the corresponding Level 3 instruction
At the same time, by tracing back through the categories, you can understand “why this instruction appears here” and “what its relationship is.”
The role of this note is to provide guidance and structure, rather than to collect details.
All your instruction notes have already been written, so you only need to create empty documents or directories at the Level 2 branches according to this structure.