Operations and Logic

Table of Contents

1. Operations and Logic
2. Overview
3. Subcategory Description
4. Instruction List
   1. Arithmetic Related
   2. Logical Related
   3. Shift Instructions (Logical/Arithmetic Structure Processing)
   4. Other Operation Types

Operations and Logic

Overview

This category includes all basic instructions that directly modify the data itself, including arithmetic operations, logical processing, and increment/decrement operations related to loops. These instructions usually directly affect the flag registers (ZF, CF, OF, SF, etc.) and appear most frequently in reverse engineering analysis, encryption/decryption logic, length calculation, and state machine branching.

This category is intended to help you quickly locate “how data is being processed.”

Subcategory Description

Arithmetic operations: perform addition, subtraction, multiplication, division, counting, and offset-related calculations on numeric values
Logical operations: transform bit structures (AND, OR, NOT, XOR)
Increment/decrement operations: common components of loop structures

Instruction List

Arithmetic Related

• ADD
  Performs addition, modifying the carry flag (CF), overflow flag (OF), and others; it is the most common way to accumulate numeric values.
• SUB
  Performs subtraction while also updating the flags; often similar in effect to cmp but actually changes the operand.
• IMUL-MUL
  Performs signed (imul) and unsigned (mul) multiplication. The result may span high and low registers (such as RDX:RAX), and OF and CF are updated based on the result.
• IDIV-DIV
  Performs signed (idiv) and unsigned (div) division, typically requiring the dividend to be placed in RDX:RAX (or EDX:EAX). If the result overflows or the divisor is 0, an exception is triggered.
• INC
  Increments the operand by one without affecting CF (Carry Flag); commonly used for loop counters and address offsets.
• DEC
  Decrements the operand by one, also without affecting CF; commonly seen in countdown loops and structure traversal.

Logical Related

• XOR
  Bitwise XOR, commonly used to clear a register (such as xor eax, eax), and also used in encryption and obfuscation.
• AND
  Bitwise AND, used to mask specific bits, extract flag bits, or construct conditional checks.
• OR
  Bitwise OR, used to set certain bits or combine logical conditions.
• NOT
  Bitwise NOT, inverting all bits; commonly used in bitwise construction and fast two’s complement processing.

Shift Instructions (Logical/Arithmetic Structure Processing)

• SHL
  Logical left shift, filling zeros on the right; used for multiplying by 2ⁿ and constructing bit-field layouts.

• SHR
  Logical right shift, filling zeros on the left; commonly used for dividing by 2ⁿ or extracting high-order structures.

Other Operation Types

• NOP
  No-operation instruction that does not change register or memory contents; used for structure alignment, padding, debugging, and ROP filling.