homecrypto

x86-64 Assembly

In this page we'll dive into the basics of x86-64 assembly language.

Basic Structure

Just like sentences in human language follow a grammatical structure with subjects, objects, and predicates, assembly language also has its own structured format. When we read a sentence, we identify the meaning of each word based on grammar, allowing us to understand the sentence as a whole. The same principle applies to x86-64 Assembly language, but with a much simpler structure.

In x86-64 Assembly, each instruction follows a basic format:

  • Instruction (Opcode) → The action to be performed (similar to a verb in human language).

  • Operand(s) → The data or registers affected by the instruction (similar to the object in a sentence).

Example:

mov rax, 10   ; Move the value 10 into register RAX

  • mov → Instruction (verb) (tells the CPU to move data)

  • rax, 10 → Operands (object) (specifies what is being moved and where)

This simple structure makes Assembly efficient and direct, allowing the CPU to execute instructions as fast as possible.

Opcode

Intel's x64 has a very large number of instructions. We'll go over 21 key instructions, categorized as follows:

Instruction code

Data Transfer

mov, lea

Arithmetic

inc, dec, add, sub

Logical

and, or, xor, not

Comparison

cmp, test

Branch

jmp, je, jg

Stack

push, pop

Procedure

call, ret, leave

System call

syscall

Operands

Operands can be of three types:

  • Immediate value

  • Register

  • Memory

Memory operands are denoted by square brackets [], with a size directive TYPE PTR before them. The types include BYTE, WORD, DWORD, QWORD, corresponding to 1-byte, 2-byte, 4-byte, and 8-byte sizes, respectively.

Examples of memory operands

Memory Operands

Meaning

QWORD PTR [0x8048000]

Referencing 8 bytes of data at 0x8048000

DWORD PTR [0x8048000]

Referencing 4 bytes of data at 0x8048000

WORD PTR [rax]

Referencing 2 bytes of two bytes of data at the address pointed to by RAX

Why is WORD only 2 bytes long?

In the early days, Intel designed the IA-16 architecture, where a WORD was defined as 16 bits because that was the natural size for the CPU at the time.

Later, when Intel introduced IA-32 (32-bit CPUs) and x86-64 (64-bit CPUs), one might expect the WORD size to also increase to match the CPU’s new capabilities. However, Intel kept WORD at 16 bits to avoid breaking compatibility with older programs.

Instead of changing the meaning of WORD, Intel introduced new terms:

  • DWORD (Double WORD) → 32 bits

  • QWORD (Quad WORD) → 64 bits

This way, older programs continued to work, and new architectures could support larger data sizes without issues.

I will leave the Assembly cheat sheet below in a page to avoid clutter on this one

x86-64 Assembly Cheatsheet

Previousx86-64 ArchitectureNextx86-64 Assembly Cheatsheet

Last updated